PCaSO – Prostate Cancer Support Organisation
COLLECTION OF PERSONAL DATA: PCaSO will only collect and hold Personal Data about you that is reasonably necessary to undertake our normal activities and functions, or as otherwise permitted by law.
Why we collect Personal Data:
We may collect your Personal Data for one or more of the reasons outlined below. We will use Legitimate Interest as the legal basis for so doing, excepting where under the Data Protection Act we are required to seek your express Consent.
- Providing our Membership services to you including Newsletters, and information about events and fundraising.
- Providing PSA blood test services and communicating the test results to those men tested.
- To assist with your queries.
- Facilitating our internal operations including the fulfilment of any legal or regulatory requirements.
- Analysing our services and member needs with a view to developing new and/or improved services.
- For PCaSO volunteers, contractors and suppliers as is reasonably and/or legally necessary.
How we collect your Personal Data
What kinds of Personal Data we collect
You are under no legal obligation to provide your Personal Data. The types of Personal Data that we collect may include your name, address, email address, date of birth, social media address or other contact details and such other information that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the law.
We do not generally collect sensitive information from you. However if you provide such information to us including certain medical information in advance of a PSA blood test, we will only collect that information with your express consent and only where such information is reasonably required in order for us to provide our products or services to you (such as special access or assistance requirement due to a health condition). We shall not disclose sensitive data to any other party beyond necessary third party contractors or agents without your consent. We will hold your Personal Data as current for up to four years after its last active use, or to legally required timescales (whichever is the longer), after which your Personal Data will be archived and not used or maintained, unless you contact us further. GFCT Ltd may retain PSA results data longer than 4 years to enable tracking of changes in men’s PSA levels, in subsequent blood tests. This data is used solely to help assess the Red/ Amber/ Green (RAG) status of the most recent blood test outcome.
If you access our website or any mobile applications (“apps”), we may collect additional Personal Data about you including:
Server address/ IP address; date and time of visit; pages visited; documents downloaded; the site you visited prior to visiting our website; the browser that you are using to access our website; if you have visited our website before; tracking user preferences; location data.
Failure to provide Personal Data
If the Personal Data you provide to us is incomplete and/or inaccurate, or you chose not to provide us with the Personal Data that we have requested, it may affect our ability to provide you with our products and services.
DEALING WITH PERSONAL DATA
Use and Disclosure
In order to provide products and services to you we may disclose your Personal Data to:
- Service providers, contractors, agents or other appropriate partners who assist us in providing our products and services to you. This includes GFCT Ltd (reg. charity no. 1109385) and its contractors or agents directly involved in PSA blood test results processing, and National Health Service hospital pathology departments.
- Other service providers, who provide the various services that you have requested and we have arranged.
- Our professional advisors, where reasonably deemed necessary by PCaSO.
- An entity to whom we are required to disclose such information under law.
- Other parties with your consent and direction.
We will only provide such Personal Data to those third parties as required to provide our products or services, unless otherwise authorised by you or required under law. Your Personal Data will not be used for automated decision-making (excepting algorithms designed specifically to assist the assessment of PSA blood test results risk (RAG) status), profiling or screening.
Transfer of your Personal Data overseas
Marketing and Fundraising
When you provide us with information about yourself, you will usually be given the option to let us know that you do not want that information to be used for relevant marketing or fundraising purposes. You can change your mind about your preferences in respect of direct marketing and fundraising channels at any time by following the Unsubscribe instructions included in the relevant communication or by contacting the Data Protection Officer (see Contacting PCaSO, below). Our social media pages provide instructions as to how you can unsubscribe from the relevant social media website or page.
INTEGRITY OF PERSONAL DATA
The security of your Personal Data is important to us. We may store your Personal Data in different ways, including in paper form, electronic form, telephone recordings and utilising secure document retention services (including those located offsite or by ‘cloud’). We take all reasonable measures to ensure that your Personal Data is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic (firewalls and access controls) and physical security measures.
Links to other websites
Our website or apps may contain links to other relevant websites. We are not responsible for the security or privacy of any information collected by third party websites or other services. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use.
Where links exist to specifically appointed contractors or agents e.g. GFCT Ltd, PCaSO takes reasonable steps per the Data Protection Act to ensure the suitability of such contractors or agents.
ACCESS AND CORRECTION
Correction and Erasure
Data Protection contact details:
Lance Allen, Data Protection Officer Email: email@example.com Tel: 07842 486689
As amended 29 February 2020