Last Updated: 1st of March 2024
brcachat.com (the “Site) is owned and operated by BRCA+ Chat (“we/ us”).
Contacting Us
Christen Williams is the data controller and can be contacted at christen@brcachat.onmicrosoft.com.
Purpose
The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our Site of the following:
- The personal data we will collect;
- The use of collected data;
- Who has access to the data collected;
- The rights of Site users; and
- The Site’s cookie policy.
Please read this Privacy Policy carefully; this policy allows you to understand how, why, and where we may collect and use your personal information. The processing of your information is carried out by or on behalf of BRCA+ Chat, a charity registered in England and Wales (Charity No. 1195944). This Privacy Policy applies in addition to the terms and conditions of our Site. Our registered office is 49 Station Road, Polegate, East Sussex, BN26 6EA.
Keeping your Information Safe
BRCA+ Chat will always endeavour to keep any personal information you share with us safe, and use it responsibly. BRCA+ Chat is committed to using your personal information in accordance with applicable laws, and will only use your personal information where you would reasonably expect us to.
Why and how do we Collect your Personal Information?
We will collect and use your personal information either because:
- You have consented and/ or explicitly consented to its collection and use for specific purposes described in this policy;
- The collection and use of your personal information is necessary in order for us to comply with our obligations under a contract between you and us;
- It is necessary for a legal obligation placed upon us;
- It is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we or a third-party has in processing your personal data, which is not overridden by your interests in data privacy and security;
- Along with one of the reasons above, you may also have made particular personal information public yourself;
- Along with one of the reasons above, in relation to a legal claim.
We may collect your personal information in the following ways:
- We receive your personal information that you provide by filling in forms on our Site. This includes, but is not limited to, personal information provided to subscribe to our services or newsletter, signing up for events. Requesting awareness or fundraising material, registering to volunteer or applying for a job, or making a donation;
- We may receive your personal information from a third-party, for example, Virgin Money Giving or Just Giving;
- If you contact us, we may keep a record of that correspondence;
- We may ask you to complete surveys that we use for research purposes, although you are under no obligation to respond;
- When you visit our Site, we automatically collect technical information, including but not limited to your device’s IP address (please see our cookie policy);
- If you sign up for an event, we will store this information securely so we can send you correspondence in relation to that event; and
- We receive your personal information when you interact with our Site, or social media channels, including but not limited to Facebook, Instagram, X or TikTok.
How do we Use your Personal Information?
We use your personal information in order to:
- Process a request via email or social media for awareness and/or fundraising materials or other information resources;
- Contact you in relation to an event, fundraiser, meetup, or other service you have signed up for on our Site;
- Administer and process donations or support your fundraising efforts. We keep a record of all donations received for audit purposes, and are legally required to keep any personal information related to Gift Aid;
- Process Gift Aid on donations;
- Manage your marketing preferences;
- Comply with financial or legal requirements;
- Contact you for marketing purposes, if you have opted in to this. You can opt out at any time by contacting us at christen@brcachat.onmicrosoft.com;
- Send you our Newsletter if you have subscribed. You can unsubscribe from our newsletter at any time by clicking the “Unsubscribe” button at the bottom the email received;
- If you have shared your personal story with us, identifiable details will not be shared without consent, but we may use non-identifiable information in your story for impact reporting, media interviews or funding opportunities;
- Review your application for volunteering or a job position;
- Monitor equal opportunities;
- Assist you with volunteering for us;
- Deal with any queries or complaints brought to us by you;
- Provide useful information, products, and services to you;
- Administer our Site and for internal operations; including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- Analyse how our services are used and to identify trends.
If you use Instagram or Facebook Messenger, we will analyse the information you submit in order to provide you with personalised information in response and adapt and improve our services.
What About Sensitive Information?
Some of the personal information that you may share with us can be very sensitive, what is legally called Special Categories of Personal Data. This is personal information that can relate to your racial or ethnic origin, your health, religious or sexual orientation, sex life, political opinions or philosophical beliefs. We will keep this personal information confidential at all times and it will be processed under the strictest rules.
Who Do We Share Personal Information With?
BRCA+ Chat does now sell any personal information to third-parties – however we may share personal information with third-parties working on our behalf, for example, financial providers assisting us with processing donations; or companies who provide us with IT and other technical support services.
We may be required to share your personal information by law, for example. We are legally required to provide your data to the following types of organisations:
- HMRC if you have agreed to us claiming Gift Aid on your behalf;
- Law enforcement and regulatory bodies and authorities such as the police, the ICO, the Charity Commission or the Fundraising Regulator;
- Health and Safety authorities and/or professionals where we believe such disclosure is necessary and appropriate to prevent harm.
How Do We Look After Your Personal Information?
We are committed to looking after your personal information at BRCA+ Chat, and have measures in place to do so. We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to protect the personal information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):
- Disposing or deleting your personal information so it is done so securely;
- Working closely with our IT service providers and ensure they use appropriate security;
- All financial transactions are undertaken on secure encrypted third-party sites. Sensitive personal information is only looked after by trained and authorised staff, and we will always do our best to only contact you with information that you have requested or consented to.
- Some of our suppliers process personal information outside of the EU or EEA. In these circumstances we do have agreements in place and they are required to look after such personal information in accordance with UK and EU laws.
Third-Parties
Your personal information may be shared with us by third-party organisations, including but not limited to fundraising sites such as Virgin Money Giving or Rapidata. Please read their privacy policies carefully you understand how they will process your information and what information they share with us.
Examples of personal information we may receive are your name, postal address, telephone number, age, date of birth, email address, gift aid information and credit or debit card details. If we obtain your information from a third-party your rights under this policy are not affected and you are able to exercise your rights contained within this Privacy Policy.
Transferring Information Outside the EEA
Sometimes organisations and individuals who work on our behalf may manage information outside the EEA. A transfer outside of the EEA may be to countries that are not subject to privacy regimes that are equivalent to the privacy regime in the EEA. In those circumstances, we will make sure that we have a valid reason for doing so under current data protection legislation. This could include ensuring the country where the data is held has been approved as having adequate data protection standards by the European Commission, or by including approved contract clauses to ensure your data is safeguarded. You can find out more about this by contacting us. We will always take such measures as are appropriate to ensure the confidentiality, integrity and availability of your information.
Cookie Policy
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser and us to track the use of our website.
We use cookies to help us understand what our users’ interests and preferences are, to ensure the website is as user-friendly as possible. We monitor how people use our Site wo we can make improvements and updates.
If you visit out website, we may record the following information:
- The pages of the website you visit;
- The amount of time spent on our Site;
- Whether you are new to the Site or have previously visited;
- How you came to our Site – for example, email link, or Google search;
- The type of browser or device you used to visit our Site;
- How you use our Site, and the quality of your experiences. For example, we may record a session or test different variations of a webpage to see how easy it is for you to find what you are looking for, so we can improve our services.
We may also use cookies to make sure we keep your information confidential and secure as you move through secure or password-protected areas of our Site. Some of the cookies that we use are “Session Cookies”, which are deleted when you close your browser. Other cookies remain on your browser or device until they expire, or you delete them from your browser history – these are known as “Persistent Cookies”.
All cookies have an “owner”, which can be identified by looking at the domain (i.e. the company or website name in the cookie). Cookies can either be first-party (i.e. they are owned by the website that set them) or third-party (i.e. they’re not owned by the website who set them). We use both first-party and third-party cookies on our Site.
We use the following categories of cookies:
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Marketing Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Links
Our websites may include links to websites run by other organisations. BRCA+ Chat is not responsible for the privacy practices of these other websites so please do read their privacy policies carefully.
Your Rights: How you can access, correct, or delete your personal data
If you would like to update your personal information or let us know that any personal information we hold is incorrect, you may do so by emailing us at the address below.
Under the Data Protection Act 2018 you have the following rights:
- Information Right: You have the right to receive the information contained in this policy and our data collection forms about the way we process your personal data
- Personal Data Access Right: You have the right to know that we are processing your personal data and, in most circumstances, to have a copy of your personal data held by us. You can also ask for certain other details such as what purpose we process your data for and how long we hold it
- Personal Data Correction Right: You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you
- Personal Data Erasure Right: Known as the ‘Right to be forgotten’. In certain circumstances you may request that we erase your personal data held by us
- Personal Data Restriction Right: You have the right to restrict the way we process your personal data in certain circumstances, for example, if you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims or where we are relying on legitimate interests to process data
- Data Processing Objection Right: You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests
- Data Portability Right: You have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances
Where we use your personal information based on your prior consent, such information about your health, or where you have given us permission to send you marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting us.
If you want to contact us for any of the reasons above, please email christen@brcachat.onmicrosoft.com.
How Long Will We Keep Your Personal Information?
As a general rule (and unless otherwise specified by applicable law), the required retention period for any personal information will be deemed to be 7 years from the date of receipt by us of that personal information. The retention periods stated in this Notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the personal information or if there is an on-going investigation into the personal information). We are committed to looking after your personal information, email us at christen@brcachat.onmicrosoft.com if you would like to know more about how long we will hold your details for.
General
We may revise this privacy policy from time to time. Any change will take effect once the revised privacy policy is available on this website.
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.