The British Lung Foundation is the only charity looking after the nation’s lungs. With your support, we’ll make sure that one day everyone breathes clean air with healthy lungs.
We are committed to protecting your personal information. We’re also committed to being transparent about what information we hold, and for what purpose.
This policy explains:
- How we collect personal information
- What information we collect
- Debit and credit card information
- How we use your information
- Who we share your information with
- How we protect your information
- How long we keep your information
- Your rights
- The data protection regulator
The terms of this policy may change, so please check it from time to time. We updated it in April 2018.
If you have any queries about this policy please contact: The data protection officer, British Lung Foundation, 73-75 Goswell Road, London EC1V 7ER or email firstname.lastname@example.org
This policy is written in accordance with the General Data Protection Regulation (GDPR). We are registered with the Information Commissioner’s Office (ICO) as a data controller under number Z6901318.
Personal information is information that can be used to identify you.
You give us this when you ask about our activities; register with us for an event, campaign or in a professional capacity; send or receive an email; make a donation; apply for a job; order products or services, such as publications; ask a question about our services; use our services, or provide information in other ways.
We may also get personal information about you from family members, friends or organisations who contact us on your behalf.
The information we collect may include your name, date of birth, email address, IP address (internet protocol address), postal address or telephone number.
We may also collect personal information recognised by data protection law as sensitive, such as information about your health. We’ll only do this where there is a clear reason to do so and we’ll always make these reasons clear to you.
We gather information about our websites, such as which pages users visit most often, and which services, events or facilities are most popular. We may also track which pages users visit when they click on links in our emails. Please see our full cookies policy.
If you use your credit or debit card to donate to us, register for an event or buy something, online or over the phone, we will make sure this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). The payment will be processed by a third party and we will not store your card details.
Find out more about PCI DSS.
We use your personal information to give you the information, services, or products you ask for. This could be to:
- process a donation
- take part in a fundraising event
- process your order
- communicate with you
- give information and advice
- handle a complaint
- provide a service
- carry out an obligation or contract
- process a grant application
- process a job application
For more detail, please see how we might use your information if you are:
- someone who supports our activities
- someone who uses our services
- a health care or research professional
- someone who’s applying for a job with us
We will not sell your details to any third parties. But we may sometimes share your information with:
- our trusted service providers who are authorised to work on our behalf
- our subsidiary trading companies
- associated organisations with whom we jointly provide services
- organisations who help us deliver our services or fundraising activities
All of them act either under a joint agreement or under our instruction and subject to contractual obligations. Both contain clear data protection clauses.
From time to time we may also exchange your personal information with other organisations to reduce fraud and credit risk. We may also share information with our financial and legal advisers to obtain advice and protect our legal rights.
When we collect your personal information, we use strict procedures and security features to prevent unauthorised access. We also take appropriate measures to make sure the information disclosed to us is:
- kept secure, accurate and up-to-date and
- kept only for as long as it’s needed for the purposes for which it was intended
But while we aim to protect your personal information, we cannot guarantee the security of any information you post, email or transmit by other means to us. You do so at your own risk.
Processing your information outside the EU
Sometimes, for financial or technical reasons, we may use a supplier outside the European Economic Area (EEA). This means your personal information is transferred, processed and stored outside the EEA. Legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.
But we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier. For example, using the European Commission’s standard contractual clauses.
We regularly review how long we hold personal information. We must are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as needed by the relevant activity. If you asked us not to contact you again we would hold a record of that indefinitely. Where your information is no longer required we will dispose of it in a secure manner.
You have the following rights in relation to your personal information:
- to ask for a copy of the personal information we hold about you and for us to correct any inaccuracies
- to request us to erase your personal information; to restrict our processing of your personal information, or to object to our processing of your personal information
If you want to exercise these rights, please email email@example.com with copies of 2 separate identification documents such as a passport, driving licence, or utility bill. The first should give photo identification and the second confirm your address. Please also give information about the nature of your contact with us, to help us locate your records. Alternatively, you can send the documents by post to: The data protection officer, British Lung Foundation, 73-75 Goswell Road, London EC1V 7ER
We will respond within 30 days, once we receive your written request and copies of your identification documents.
We reserve the right to charge an administration fee for excessive or manifestly unfounded requests.
You can get more information and advice about data protection or reporting a concern about data protection from:
Information Commissioner’s Office
Helpline: 0303 123 1113
From outside the UK: +44 1625 545 745