Privacy Policy

Prostate Cancer Research (“PCR”, “we”, “us”, or “our”) is committed to protecting your personal information. This policy outlines how and why we collect, use, and protect your personal data, in accordance with the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulations (PECR), and other relevant laws

Prostate Cancer Research is a registered charity (1156027). Our registered office is at 23-24 Great James Street, London WC1N 3ES.

For any queries about this policy or how we handle your data, you can contact our Data Protection Lead at:

[email protected]
or
0203 735 5444

To allow us to deliver the service in line with our charity’s cause, we may collect and process certain types of personal data, the types of personal data may include:

• Identification data: name, date of birth
• Contact details: postal address, email, phone numbers
• Donation data: Gift Aid status
• Marketing preferences: your opt-in choices and communication channels
• Health data (special category): if you are a patient engaging with us
• Digital data: IP addresses, cookie identifiers, browsing behaviour
• Professional data: job applications, trustee information

In most circumstances we would only receive your personal data directly from you (Article 13). We may, however, also receive your personal data from our NHS partners where they believe we may be of assistance to you (Article 14). We may also receive your personal data from third party organisations with whom we fundraise in partnership, for example, when you sign up for an event (such as the London Marathon) or fundraise for us through a third party such as Just Giving.

For marketing and promotional content, for example, our newsletter, we rely on your consent. For existing supporters who have previously donated or engaged with us, we may rely on legitimate interest to send relevant updates including marketing via post, provided you have not opted out.

When you make a general enquiry to us, we rely on legitimate interest for the processing of your personal data in responding and further correspondence. If you do not wish to receive further communications, please let us know by .

In all instances, and in line with your rights under the UK GDPR, if you do not wish to receive these types of communications, please let us know by contacting us or click the unsubscribe option in the emails we sent.

We also rely on our legal obligations to use the data provided to update our financial records in line with the UK legislations.

When completing a survey, providing us with your story or feedback, we would always publish any findings with your personal data fully anonymised (identifying data removed), unless if you have given us explicit consent to associate your personal data with any published contents.

For employment, volunteering, or other contract agreements (e.g. event registration), we rely on the lawful basis of contract to process your personal data.

In order to aid our fundraising objectives and to ensure that our administration is kept to a minimum, we rely on legitimate interest as a lawful basis for the processing activity of wealth screening. You have the right to ask us not to process your personal data in this manner, please contact us and let us know if you do not wish for your data to be processed for this purpose.

If you provide us with your health data, in all instances, we require your explicit consent before we process data regarding your health, which is considered as Special Category Personal Data under the UK GDPR (Article 9).

When visiting our website, in line with the requirement under the Privacy and Electronic Communication Regulation (PECR), we may collect analytics data in order to deliver the appropriate user experience. Certain identifier (e.g. IP Address, IP Geolocation) may be captured for security purposes, and details like your preferences may be uploaded to your browser (as cookies) to enhance user experience upon revisits.

Where appropriate, a legitimate interest assessment would be conducted to ensure that we balance our legitimate interest as a charity against the rights of the data subjects.

To learn more on how and why we process your personal data in line with the purpose of collecting, please select the appropriate group below:

• As a job post applicant
• As a volunteer
• As a Trustee

We would process your personal data in order to deliver our objectives and to function as a charity. Following are the purposes in which we would process your personal data:

• To process your donations and to claim Gift Aid
• To register your interest in our Newsletter, to send you fundraising appeals and updates, including personalised communications.
• To manage events you have registered to attend or take part in
• Conduct health-related research and to provide patient support
• To recruit staff, volunteers and trustees
• To analyse supporter trends (including wealth screening)
• Serve relevant ads on social media (see section 8)

We follow the guidelines of both the UK GDPR and the Privacy & Electronic Communication Regulation (PECR) when communicating with our community, where they may be donors, event supporters, service users etc, in all instances we would ensure that we have a lawful basis for the contact.

Email

To assist with our charity’s objectives, we many send you promotional emails where allowed. You have the right to ask for this to stop. If you do not wish to receive these types of email, please click the or contact us using the contact details on this page.

SMS

We may send you SMS messages if you have provided us with your mobile number as part of you contact details.  Please let us know if you do not wish for your contact number to be used for SMS by contacting us using the contact details on this page. You can also opt-out by texting “STOP” to the number provided.

Telephone

We may call you if you have provided us with your phone number as part of you contact details. Please let us know if you do not wish to be contacted via telephone by informing the caller, or by contacting us using the contact details on this page. We use the TPS (Telephone Preference Service) to avoid unsanctioned calls.

AI

We may utilise AI technologies to aid the communications with our supporters via channels where this will add value to our interactions with our supporters. Where we adopt the use of AI technologies, appropriate safeguards will be in place to secure the contents.

WhatsApp

We may contact you via WhatsApp if you have provided us with your mobile number and have given your consent for us to do so. You can opt-out at any time by replying “STOP” or by contacting us using the details provided.

Post

We may send you marketing by post where we have a legitimate interest, for example to raise funds for research. You can opt out at any time.

We adhere to requests made via the Fundraising Preference Service (FPS).

You can manage or withdraw your preferences at any time by:

• Clicking unsubscribe in our emails
• Replying to our emails
• Calling 0203 735 5444
• Emailing [email protected]
• Writing to us at 23-24 Great James Street, London WC1N 3ES
• Requesting a preference update through our website or forms link here

If you unsubscribe, we may retain minimal identifying information to record your preference and prevent re-marketing.

We use various social media platforms to help us with the promotion of our charitable objectives through advertisements, where our ads will be displayed on their user’s social media page. In order to utilise our marketing budget in the most efficient way, we may share some details (names and email addresses) with these social media platforms in order for them to determine users within their platform who may have similar interests and be shown our promotional materials. Any data we share will be fully anonymised (unreadable).

To understand our supporters better and fundraise more efficiently, we may conduct research and profiling, including wealth screening. We use reputable third-party providers to review publicly available information (e.g., Companies House, newspapers, charity registers).

These activities are based on our legitimate interests in promoting our charitable objectives. Legitimate Interests Assessments are used to ensure these do not unduly impact your rights.

For specific projects and where stated, we may collect health information.

Certain categories of personal information are recognised in law as sensitive, including health information and information regarding race, religious beliefs and political opinions (‘special category data’). Special category data can be a valuable asset in assisting us in our scientific research, although in most cases no associated personal data will be published along with any published statistics, and we only collect it when we have a lawful basis to do so and in accordance with the requirements of the UK Data Protection Act 2018 and UK GDPR.

We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected. For example, all financial transactional data will be retained for 6 years (plus 1) in line with the requirement under the Finance Act. For event supporters and attendees, we retain this data for 6 years in line with the requirement under the Limitation Act. For other contact groups, we would retain the personal data for up to 5 years after the last meaningful interaction, or as soon as practical (given operational restrictions and legal obligations) should you ask us to remove your personal data.

We may retain or archive certain datasets for medical research and development, in these instances any associated Personally Identifiable Information (PII) will be remove and data fully anonymised.

We never sell your data. We may share it with trusted third parties who help us deliver services, such as:

• Payment processors
• Fundraising platforms
• Email and SMS providers
• Event management systems
• Marketing automation and analytics partners
• Wealth screening partners
• Social media platforms for advertising
• AI content generation tools

All third parties operate under contract and meet our data protection requirements.

If data is transferred outside the UK or EEA, we ensure it is protected through appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses.

Our website uses cookies to enhance your experience. Please refer to our [Cookie Policy] for detailed information on:

• Types of cookies used
• Their purposes
• How to manage and withdraw consent

We use a cookie consent platform to obtain explicit consent for non-essential cookies.

The UK GDPR gives individuals eight data subject rights as listed below:

• Right to be informed: organisations must tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
• Right of access: individuals have the right to request a copy of the information that an organisation holds on them, this is known as a Data Subject Access Request (DSAR).
• Right of rectification: individuals can correct inaccurate or incomplete data.
• Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data stored on them.
• Right of portability: in some circumstances, individuals can request that an organisation transfer any data that it holds on them to another company.
• Right to restrict processing: in some circumstances, individuals can request that an organisation limits its use of personal data.
• Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.
• Rights related to automated decision making, including profiling: under most circumstances, individuals have the right to object to having decisions made about them by automated processes or profiling.

To make a Data Subject Access Request, please email [email protected] and include proof of ID. We will respond within one calendar month in line with the ICO’s guidelines.

We are committed to protecting your personal data from unauthorised access, unlawful processing, accidental loss, destruction, or damage. We achieve this by implementing a comprehensive range of appropriate technical and organisational measures, in accordance with UK GDPR requirements.

These safeguards include:

Technical Measures:

Encryption: We encrypt your data both when it is stored (data at rest) and when it is transmitted over networks (data in transit), using industry-standard encryption protocols.

Access Controls: We restrict access to your personal data to only those employees, volunteers, or third-party service providers who have a legitimate need to access it for their duties. Access is granted on a “least privilege” basis.

Network Security: We utilise firewalls, intrusion detection systems, and other network security technologies to protect our systems from external threats.

Regular Software Updates: Our systems and software are regularly updated to ensure we are protected against known vulnerabilities.

Robust Backup and Disaster Recovery: We maintain regular backups of your data and have robust disaster recovery plans in place to ensure business continuity and the availability of your data in the event of an incident.

Organisational Measures:

Data Protection Policies: We have internal policies and procedures in place to govern how personal data is handled by all staff and volunteers.

Staff Training: All staff and volunteers receive regular data protection and information security training to ensure they understand their responsibilities.

Confidentiality Agreements: All personnel with access to personal data are bound by confidentiality obligations.

Due Diligence with Third Parties: Where we use third-party service providers to process data on our behalf, we conduct thorough due diligence and put in place robust data processing agreements to ensure they meet our high standards for data security.

While we strive to use commercially acceptable means to protect your personal data, it’s important to acknowledge that no method of transmission over the internet or method of electronic storage is totally secure. Therefore, we cannot guarantee its absolute security. Any transmission of personal data is at your own risk.

Our website and communications may include links to third-party sites. We are not responsible for their privacy practices. Please review their policies before sharing any personal data.

If you have any queries or concerns about our use of your personal information, you can contact our DPO at:

Write to us at: 
Prostate Cancer Research,

Suite 2, 23-24 Great James Street,

London WC1N 3ES,

phone us on 0203 735 5444

email us at [email protected]

You can also complain to the ICO if you are unhappy with how we have used your data, their details:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk