PCaSO – Prostate Cancer Support Organisation
PRIVACY POLICY 29 Feb 2020
We recognise that your privacy is important and we are committed to protecting the Personal Data that we collect from you. Prostate Cancer Support Organisation (PCaSO) is a registered charity no. 1170536, PO Box 66, Emsworth, Hampshire PO10 7ZP. Personal Data is managed in accordance with the UK Data Protection Act 2018, the General Data Protection Regulations (GDPR) and the Privacy and Electronic Communications Regulations (PECR). This Privacy Policy outlines the types of Personal Data that we may collect, how that Personal Data will be used, disclosed, transferred and stored, and sets out the measures that we take to comply with the above Act and Regulations.
COLLECTION OF PERSONAL DATA: PCaSO will only collect and hold Personal Data about you that is reasonably necessary to undertake our normal activities and functions, or as otherwise permitted by law.
Why we collect Personal Data:
We may collect your Personal Data for one or more of the reasons outlined below. We will use Legitimate Interest as the legal basis for so doing, excepting where under the Data Protection Act we are required to seek your express Consent.
- Providing our Membership services to you including Newsletters, and information about events and fundraising.
- Providing PSA blood test services and communicating the test results to those men tested.
- To assist with your queries.
- Facilitating our internal operations including the fulfilment of any legal or regulatory requirements.
- Analysing our services and member needs with a view to developing new and/or improved services.
- For PCaSO volunteers, contractors and suppliers as is reasonably and/or legally necessary.
How we collect your Personal Data
We generally collect Personal Data directly from you, through the use of any of our standard forms, over the internet particularly online booking for PSA blood tests, via email or through a telephone conversation with you. We may also collect Personal Data from third party contractors or agents who provide our products and services on our behalf, including NHS Pathology Departments and GFCT Ltd (formerly the Graham Fulford Charitable Trust) in respect of PSA blood tests. To view GFCT Ltd’s privacy policy online please go to the GFCT Website.
What kinds of Personal Data we collect
You are under no legal obligation to provide your Personal Data. The types of Personal Data that we collect may include your name, address, email address, date of birth, social media address or other contact details and such other information that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the law.
We do not generally collect sensitive information from you. However if you provide such information to us including certain medical information in advance of a PSA blood test, we will only collect that information with your express consent and only where such information is reasonably required in order for us to provide our products or services to you (such as special access or assistance requirement due to a health condition). We shall not disclose sensitive data to any other party beyond necessary third party contractors or agents without your consent. We will hold your Personal Data as current for up to four years after its last active use, or to legally required timescales (whichever is the longer), after which your Personal Data will be archived and not used or maintained, unless you contact us further. GFCT Ltd may retain PSA results data longer than 4 years to enable tracking of changes in men’s PSA levels, in subsequent blood tests. This data is used solely to help assess the Red/ Amber/ Green (RAG) status of the most recent blood test outcome.
Internet users
If you access our website or any mobile applications (“apps”), we may collect additional Personal Data about you including:
Server address/ IP address; date and time of visit; pages visited; documents downloaded; the site you visited prior to visiting our website; the browser that you are using to access our website; if you have visited our website before; tracking user preferences; location data.
In addition, our website and apps may use cookies. The main purpose of cookies is to monitor usage of our websites and apps to prepare customised web pages from time to time so that we may serve you more effectively. You may wish to configure your browser so that it does not accept cookies, however you may not be able to access some functions on our websites or apps if they are disabled.
Failure to provide Personal Data
If the Personal Data you provide to us is incomplete and/or inaccurate, or you chose not to provide us with the Personal Data that we have requested, it may affect our ability to provide you with our products and services.
DEALING WITH PERSONAL DATA
Use and Disclosure
In order to provide products and services to you we may disclose your Personal Data to:
- Service providers, contractors, agents or other appropriate partners who assist us in providing our products and services to you. This includes GFCT Ltd (reg. charity no. 1109385) and its contractors or agents directly involved in PSA blood test results processing, and National Health Service hospital pathology departments.
- Other service providers, who provide the various services that you have requested and we have arranged.
- Our professional advisors, where reasonably deemed necessary by PCaSO.
- An entity to whom we are required to disclose such information under law.
- Other parties with your consent and direction.
We will only provide such Personal Data to those third parties as required to provide our products or services, unless otherwise authorised by you or required under law. Your Personal Data will not be used for automated decision-making (excepting algorithms designed specifically to assist the assessment of PSA blood test results risk (RAG) status), profiling or screening.
Transfer of your Personal Data overseas
By engaging us to provide products and services to you and/or providing us with your Personal Data, you consent to the disclosure of your Personal Data outside the United Kingdom (UK), where reasonably necessary for PCaSO to provide its products and services, e.g. a ‘Cloud’ file or database may be hosted by a provider outside of the UK), in line with common web-based practice, and you acknowledge that we are not required to ensure that overseas recipients handle your Personal Data in compliance with UK Privacy law. We will however, where practicable in the circumstances, take reasonable steps to ensure that overseas recipients use and disclose such Personal Data in a manner consistent with this Privacy Policy. The third parties referenced above, to whom we may provide your Personal Data, may be located within countries including EU member states, and also in the USA under “Privacy Shield” arrangements.
Marketing and Fundraising
When you provide us with information about yourself, you will usually be given the option to let us know that you do not want that information to be used for relevant marketing or fundraising purposes. You can change your mind about your preferences in respect of direct marketing and fundraising channels at any time by following the Unsubscribe instructions included in the relevant communication or by contacting the Data Protection Officer (see Contacting PCaSO, below). Our social media pages provide instructions as to how you can unsubscribe from the relevant social media website or page.
INTEGRITY OF PERSONAL DATA
Security
The security of your Personal Data is important to us. We may store your Personal Data in different ways, including in paper form, electronic form, telephone recordings and utilising secure document retention services (including those located offsite or by ‘cloud’). We take all reasonable measures to ensure that your Personal Data is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic (firewalls and access controls) and physical security measures.
Links to other websites
Our website or apps may contain links to other relevant websites. We are not responsible for the security or privacy of any information collected by third party websites or other services. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use.
Where links exist to specifically appointed contractors or agents e.g. GFCT Ltd, PCaSO takes reasonable steps per the Data Protection Act to ensure the suitability of such contractors or agents.
ACCESS AND CORRECTION
Access
You may request access (a Subject Access Request) to the Personal Data that we hold about you at any time by contacting our Data Protection Officer using the details set out in this Privacy Policy. We will respond to any such request for access to Personal Data within a reasonable timeframe and will provide you access to the Personal Data that we hold that belongs to you, unless we are authorised not to do so by law. Should we decline you access to your Personal Data we will provide you with a written explanation setting out the legal reasons for doing so.
Correction and Erasure
If, upon receiving access to your Personal Data, or at any other time, you believe the Personal Data that we hold about you is inaccurate, incomplete, out of date or should be erased, please notify our Data Protection Officer using the details set out in this Privacy Policy. Where you notify us that your Personal Data is inaccurate or incomplete, out of date, should be erased, should be transferred to a third party at your request (Data Portability), or you withdraw your Consent, we will take reasonable steps to correct or process the data unless we are authorised not to do so by law. Should we decline your request to correct your Personal Data we will provide you with a written explanation setting out the legal reasons for doing so.
CONTACTING PCaSO
Data Protection contact details:
Lance Allen, Data Protection Officer Email: dpo@pcaso.org Tel: 07842 486689
Feedback
If you have any comments, queries or concerns about our Privacy Policy or the way in which we handle your Personal Data, please contact our Data Protection Officer using the details set out in this Privacy Policy.
Complaints
Should you believe that we have not fulfilled our obligations under the Data Protection Act, GDPR or the PECR (as applicable), have not complied with the terms of our Privacy Policy, or you would like to appeal a decision made by us relating to your Personal Data, you can make a complaint in writing to our Data Protection Officer using the details set out in this Privacy Policy. We will respond to you within a reasonable period of time to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint. If you are unhappy with a response that you have received from PCaSO, you have the right to direct your complaint to the Information Commissioner’s Office, at ico.org.uk or tel. 0303 123 1113 (local rate) or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
AMENDMENTS TO THIS PRIVACY POLICY
We may amend this Privacy Policy at any time. Amendments to this Privacy Policy will be posted on our website(s) and will be effective when posted. We encourage you to check our website regularly for any updates to this Privacy Policy
As amended 29 February 2020