Privacy information notice

Our privacy information notice.

Introduction 

Target Ovarian Cancer has always sought to respect people’s personal data. We regularly evaluate our processes and protocols to make sure we are following both the spirit and the letter of the General Data Protection Regulation (GDPR) and other legislation relating to personal data. We highly value our relationships with people affected by ovarian cancer, health professionals, and all other beneficiaries, fundraisers and supporters. Maintaining these relationships will continue to be a top priority for us. 

Target Ovarian Cancer (“we”) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.  We will comply with the six principles of good practice. These provide that your personal information must be: 

  • processed lawfully, fairly and in a transparent manner, 
  • processed for specified, explicit and legitimate purposes, 
  • adequate, relevant and limited to what is necessary, 
  • accurate and kept up-to-date, 
  • kept for no longer than is necessary, and 
  • processed in a manner than ensures appropriate security.  

This Privacy Notice sets out the data processing practices carried out by Target Ovarian Cancer in relation to personal data about supporters, event attendees, grant applicants, volunteers and newsletter subscribers. For the purposes of this Notice, the data controller is Target Ovarian Cancer. For the purpose of this Notice we will use the group term ‘supporters’ to describe any one of these groups. 

If you have any queries or requests concerning your personal data or would like to contact us about your preferences please contact us at Target Ovarian Cancer, 30 Angel Gate, London EC1V 2PT or at info@targetovariancancer.org.uk, or call us on 020 7923 5470. 

Our communications include our services and events, ovarian cancer news, and opportunities to support us. If you are not already receiving these communications, but would like to, please contact us on info@targetovariancancer.org.uk or 020 7923 5470. 

We store your data on our database, which is hosted in the UK. We keep this database updated with your contact preferences. 

Why your personal information is important 

Developing a better understanding of our beneficiaries and supporters through your personal data allows us to make better decisions about our work, fundraise more efficiently and, ultimately, helps us to improve early diagnosis, fund life-saving research and provide much-needed support to people with ovarian cancer.  

Support for people affected by ovarian cancer 

We run services to provide support to anyone affected by ovarian cancer and collect personal data in order to provide those services. This includes our face-to-face events, our guides and information, our Support Line and our private Facebook group. 

If you use our charitable support services, we may record personal information that you choose to give us and that is needed to keep you safe and is necessary to deliver our services. An example of this is information about your health status, dietary preferences, or emergency contact details for an event. We will only use this information for the purposes of providing our charitable services.

We may also collect and retain your information if you send feedback about our services or if you make a complaint.  

Target Ovarian Cancer support line

If you contact our Nurse Advisers or supportive services team through our support line, you may choose to provide details of a personal nature in particular about your health or someone else’s health. This may include information about symptoms and diagnosis; stage, grade and type of ovarian cancer; treatment and clinical trials; and other health-related information.  Only the Nurse Advisers and supportive services team will use this personal information and only for the purposes of responding to your enquiry. They will not pass the personal information on to anyone else without your express permission, except in exceptional circumstances to comply with the nurses’ NMC code of professional conduct or the law.

Notes of your conversation with our support team may be kept for to help us respond to your enquiry, and for quality and monitoring purposes. Notes are stored on a secure database where access is only granted to the Supportive Services staff and our IT provider. This record will be retained for two years, after which it will be deleted. Your details will not be used for marketing or any other purposes. If for any reason you want your details removed from these records, please contact the support line on 020 7923 5475.

We will use your personal information:  

  • to deal with your enquiries and requests 
  • to provide you with information and updates about products or services that you have requested 
  • to invite you to participate in projects or activities 
  • for administration purposes 
  • to further our charitable aims including through fundraising 
  • for training, quality monitoring or evaluating the services we provide 
  • to analyse and improve the operation of our website and to analyse your engagement with our website 

Target Ovarian Cancer does not share sensitive personal information you provide to us with anyone, except in exceptional circumstances to comply with the nurses’ code of professional conduct or where legally required. For more information please ask us about our Safeguarding Policy. 

Supporters 

If you support us, for example if you make a donation, volunteer, register to fundraise or sign up for an event, we will usually collect: 

  • Your name 
  • Your contact details 
  • Your date of birth 
  • Your bank or credit card details.  

Where it is appropriate we may also ask for: 

  • Information relating to your health (for example if you are taking part in a high risk event)  
  • Why you have decided to donate to us (for example we ask if you’ve had a diagnosis of ovarian cancer, or are a family member or friend, or a health professional). We will never make this question mandatory, and only want to know the answer if you are comfortable telling us. 

We will use your data to: 

  • Provide you with the services, products or information you asked for 
  • Administer your donation or support your fundraising, including processing gift aid 
  • Keep a record of your relationship with us 
  • Ensure we know how you prefer to be contacted 
  • Understand how we can improve our services, products or information. 

Direct marketing 

We will contact you in accordance with your preferences and the law to let you know about the progress we are making, to ask for donations or other support, and / or to tell you more about the services we offer.  You have the right to change these at any time, for example by clicking unsubscribe on email communications. We make it easy for you to tell us how you want us to communicate, and we include information on how to opt out of different types of contact when we send you marketing communications. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us on info@targetovariancancer.org.uk or 020 7923 5470 to update us. 

Occasionally, we may include information from third party organisations working with us in our communications – for example an organisation running an event or selling a product to raise money for Target Ovarian Cancer. We do not give your data to these organisations. 

We do not sell, rent or share personal details to third parties, including other charities, for their marketing purposes. But, if we run an event in partnership with another named organisation your details may need to be shared, for example on the guest list for an event at an external venue. We will be clear what will happen to your data when you register. 

Our legal basis for processing your information 

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances: 

  • you have given us consent, 
  • where it is necessary for our or a third party’s legitimate interests, which are to further our charitable objectives, and your interests and rights do not override those interests,  
  • or where we need to comply with a legal or regulatory obligation. 

We will only use sensitive personal data: 

  • provided we have your explicit consent to use it, 
  • where we believe that we need to use that data to protect your vital interests where you are not able to provide us with your explicit consent, 
  • where it is necessary for reasons of substantial public interest, 
  • where you have previously made that data public knowledge, or 
  • if we need to use that data to establish, exercise or defence legal claims. 

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

Keeping your information secure 

We use a specialist marketing platform, Mailchimp, to manage our email communications. They normally only store data within the European Economic Area (EEA). If they need to transfer it outside of the EEA then they will take steps to make sure adequate levels of privacy protection, in line with UK legislation, are in place.  

We use a specialist fundraising platform, the Big Give, to manage one of our fundraising campaigns.  The Big Give are based in the United States (US), and any data they collect or process will be done so in the US.  

In addition, we will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards: 

  • PCI DSS standards. We comply with the Payment Card Industry Data Security Standards in relation to debit/credit card payments made on our website. 
  • Building entry controls. We are based on a secure gated estate with CCTV and maintain your data in a restricted access locked area. 
  • Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind. 
  • Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality. 
  • Firewalls and encryption. We use industry-standard and up-to-date firewall and encryption technology. 
  • Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards. 

Brexit and transferring your data to countries in the European Economic Area (EEA) 

Organisations in the UK processing the personal data of EU citizens will need to comply with both the UK data protection law (namely the Data Protection Act 2018, UK GDPR and the Privacy and Electronic Communications Regulations 2003) and the EU GDPR. 

EU GDPR 

Target Ovarian Cancer has considered the territorial scope of the EU GDPR and considers that this legislation does not apply to it. This is because the charity is not offering goods or services, or monitoring the behaviour of, EU data subjects. Target Ovarian Cancer will not appoint a EU representative because only a small percentage of our income comes from supporters living in the EU and the charity does not actively cultivate European donors or supporters. 

Target Ovarian Cancer relies on a number of Third Parties to process income on our behalf such as Just Giving and Facebook.  These Third Parties may make restricted transfers of data to Target Ovarian Cancer if any of their operations are based outside of the UK and in such instances, it is the third party’s responsibility to ensure that the personal data is protected.  Upon receipt of the data, Target Ovarian Cancer will ensure that any EU data subjects’ personal data is protected and treat personal data with care and due diligence.   

UK GDPR 

Occasionally, Target Ovarian Cancer will need to upload data of UK data subjects to a Third Party’s site, and any transfer of data will be done securely and in accordance with the UK GDPR. In particular, this means that whenever Target Ovarian Cancer transfers data outside of the UK, or the protection of the UK GDPR, it will ensure the rights of individuals are protected in the recipient country for example, through the use of standard contractual clauses.  

Sharing your story 

Some people choose to tell us about their experiences to help further our work. They may take on a role as an ambassador or spokesperson, tell their story at an event, sit on an advisory panel or contribute to our guides and publications. This may include them sharing sensitive information related to their health and family life in addition to their biographical and contact information.  

We use some of the information provided, including gender, ethnicity or the type of cancer people have experience with, to identify opportunities for you to get involved. If we have the explicit consent of the individuals, or their parent or guardian if they are below the legal age under UK law, this information may be made public by us at events, in materials promoting our work, or in documents such as our annual report.  

If you are a speaker at one of our events, we will publicly promote your involvement via social media and emails to our supporters. This data may continue to be processed by those platform providers after the event has ended. 

Children’s data 

Where appropriate we will seek consent from a parent or guardian before collecting information about children. Our events have specific rules about whether children can participate, and we make sure advertising for those events is age appropriate. 

We collect and manage information from children and aim to manage it in a way which is appropriate to the age of the child. Information is usually collected when children attend our events or fundraise for us. We will collect name, date of birth and address in the same way as adults to record the levels of support we have been given. 

How we gather information 

The type and quantity of information we gather and how we use it depends on why you are providing it. We gather information in the following ways: 

When you give it to us directly 

You may give us your information in order to sign up for one of our support events (e.g. Being Together), contact the Support Line, to fundraise for us (e.g. The Ovarian Cancer Walk), tell us your story, make a donation, sign up to receive our newsletters or communicate with us directly.   

When you give it to us indirectly 

Your information may be shared with us by independent event organisers, for example the London Marathon or fundraising sites like JustGiving or Virgin Money Giving. These independent third parties will only do so when you have indicated that you wish to support Target Ovarian Cancer and with your consent. You should check their Privacy Policy when you provide your information to understand fully how they will process your data. 

When you have given other organisations permission to share it 

You may have provided your details to other organisations that work with us, for example when buying a product or services. 

When we collect it as you use our website or apps 

The type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us. 

In addition, we use Google Analytics (GA) to help analyse how users interact with our website.  The GA code uses ‘cookies’, which are text files placed on your computer (or phone or other device), which make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. The code collects standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for Target Ovarian Cancer. 
 
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other personal data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website. 
 
You may choose to accept or decline cookies. If you reject cookies then be aware that this may disable some of the functionality on our website. You can also prevent Google Analytics by using a tracking-blocker, such as Privacy Badger, clearing your cookies after every browsing session, or installing the Google Analytics opt-out extension 

Facebook 

You may find Target Ovarian Cancer on Facebook yourself, or you may receive an ad from us. We target ads at audiences that appear to have an interest in ovarian cancer. We do this to inform, educate and engage potential new supporters or tell people about the services we offer.   

Facebook is a valuable tool for us and for our community, which is why we use the platform. However, Facebook is a commercial company. We want to remind our users that information shared on timelines, on our page or in private messages may be used or sold by Facebook for commercial purposes.  

Our website – targetovariancancer.org.uk may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or how they use personal data. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

We work with social media platforms, including Facebook, to bring you targeted advertising about our work and improve your online experience with us. This may be via Social Plugins (e.g. Like and Share buttons) or through the use of ‘Custom Audience Lists’.

To use Custom Audience Lists we provide the social media platform with a list of email addresses, and they use that list to target or exclude those individuals from seeing our advertisements. The social media platform will also use this list to find likeminded individuals based on the similarities found in people’s profiles. We will only include supporters in these lists if they have opted into receiving our marketing. We only work with social media platforms that provide a facility for secure and encrypted upload of data, and immediately delete any records not matching with their own user base.

For more information, or to manage your social media ad preferences, please see:

Facebook Custom Audiences guides

Facebook Data Policy (also applies to Instagram)

When we engage with Facebook to identify you on their platform and provide you with our adverts, we are joint controllers of your personal information with Facebook. Our agreement with Facebook sets out our responsibilities to you – for example, we are responsible for informing you about this activity. Both we and Facebook are responsible for keeping your information secure. You can exercise your privacy rights against each of us individually.

Additionally, Target Ovarian Cancer may pass on your personal data to online advertising tools, including Google Adwords Match and Google Analytics to carry out ‘remarketing activities’. This means that if you’ve already visited our website we can direct you back to it through ads shown on sites across the internet by third-party vendors, including Google and Facebook. These third-party vendors may use cookies to serve these ads based on your past visits to our website.

We believe we have a legitimate interest in customising our social media communications in this way. If you do not wish us to do so, you can always tell us not to share your information with Facebook, or any other platform by contacting us at 020 7923 5470 or by emailing info@targetovariancancer.org.uk

Employees, volunteers and job applicants 

If you apply to work or volunteer at Target Ovarian Cancer, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the charity - for example, if we need a reference, or need to get a disclosure from the Criminal Records Bureau - we will make sure we tell you beforehand, unless we are required to disclose this information by law.  

If you are unsuccessful in your job application, we will hold your personal information for six months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes, but this does not contain any information that could be used to identify individual job applicants. 

When you start working for us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.  

Once you stop working for us, we will keep this file according to our document retention policy. You can contact us to find out more about this. 

How we keep your data safe and who has access 

We ensure that there are appropriate technical controls in place to protect your personal details. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors. 

We allow Mailchimp to use personal data on our behalf to send out our mailings. We ensure all data transferred is protected by using a secure data transfer site. 

Some of our suppliers run their operations outside the European Economic Area (EEA), for example those we work with on our overseas treks, or suppliers who have headquarters in other countries. Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK legislation. By submitting your personal information to us you agree to this transfer, storing or usage at a location outside the EEA. 

We may need to disclose your details if required to the police, regulatory bodies or legal advisers or in exceptional circumstances as outlined in our Safeguarding policy. Regulatory bodies include HMRC, the Charity Commission or Office of the Scottish Charity Regulator, the Information Commissioners Office and the Fundraising Regulator.  

We will only ever share your data in other circumstances if we have your explicit and informed consent. 

Keeping your information up to date 

We really appreciate it if you let us know if your contact details change so that we can continue to stay in touch with you.  

Your rights 

You have various legal rights in relation to the information you give us, or which we collect about you, as follows: 

  • You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information. 
  • You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete. 
  • You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not. 
  • You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person. 
  • You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not. 
  • Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms. 
  • Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time. 
  • You have the right to object to us using/storing your information for direct marketing purposes. 

If you want to access your information, please send a description of the information you want to see and proof of your identity by post for the attention of the Data Manager, Target Ovarian Cancer, 30 Angel Gate, London, EC1V 2PT. We do not accept these requests by email in order to ensure that we only provide personal data to the right person. 

If you have any questions please send these to us at the address above or info@targetovariancancer.org.uk and for further information see the Information Commissioner’s guidance. 

If we have not been able to deal satisfactorily with any concerns you may have over how we have processed your personal information, you have a right to make a complaint to the Information Commissioner’s office on 0303 123 1113 or ico.org.uk/global/contact-us.

How long we keep your information for 

The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows: 

Legal basis 

Length of time 

Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject 

We will use/store your data for as long as it is necessary for us to comply with our legal obligations 

Where we use/store your data because it is necessary for our legitimate business interests 

We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data until we no longer have a legitimate interest in using/storing your data 

Where we use/store your data because you have given us your consent 

We will use/store your data until you ask us to stop 

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Please ask us if you would like more information about how long we retain your information for.  

Changes to this Notice 

We may change this Privacy Notice from time to time. If we make any significant changes to this notice and the way we hold personal data, we will make this clear on the Target Ovarian Cancer website or by contacting you directly. 

If you have any questions, comments or suggestions, please let us know by contacting us at Target Ovarian Cancer, 30 Angel Gate, London, EC1V 2PT or email us on info@targetovariancancer.org.uk.  

This Privacy Notice was updated in June 2022 in compliance with the General Data Protection Regulation (GDPR).