JDRF is committed to protecting your personal information and being transparent about what information we hold about you.
Developing a better understanding of our supporters through their personal data allows us to work more efficiently, which ultimately helps us in our search for the cure for type 1 diabetes.
The purpose of this policy is to give you a clear explanation about how JDRF and our subsidiary trading company collect and use the personal information you provide to us and that we collect, whether online, via phone, email, in letters or in any other correspondence or from third parties.
We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information JDRF may collect about you
- How we will use that information
- When and why we disclose your details to anyone else
- Your choices regarding the information you provide to us; and
Email – firstname.lastname@example.org
Post – Liz Swinburne, JDRF, 17/18 Angel Gate, City Road, London EC1V 2PT
Phone: 0207 713 2030
Select to read more
We are the type 1 diabetes charity. We are committed to eradicating type 1 diabetes and its effects for everyone in the UK with type 1, and at risk of developing it.
Juvenile Diabetes Research Foundation Ltd (JDRF) is a registered charity. Our charity numbers are 295716 in England and Wales and SC040123 in Scotland. We are also registered as a company limited by guarantee in England and Wales under registration number 2071638.
Our registered address is 17/18 Angel Gate, City Road, London, EC1V 2PT.
Within the context of this policy ‘we’ means both the charity and the company limited by guarantee. Each of these organisations is a data controller under the rules of the General Data Protection Regulation (GDPR).
JDRF may collect information in the following ways:
When you give us information directly
You may provide your details to us when you request specific information, make a donation, campaign for us, participate in one of our events, volunteer for us or apply for a job with us.
We may work with professional fundraising agencies who will collect this information on our behalf. Please be assured that in this situation, we are still responsible for your data, and will adhere to all our commitments regarding the use and storage of this data.
When you give us information indirectly
When you have given other organisations permission to share your information
You may provide your information to another organization that works with JDRF. For example, signing up for a third party event, purchasing a product via Shopify in our shop, or applying for a job via a recruitment agency. However, when working with other organisations, we work to ensure it is completely clear to you that your information will be shared with JDRF. The information we get from these services depends on your settings or the response choices you give, so you should check what you have agreed to with third party organisations.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, Twitter and Instagram, you may give us permission to access information from those accounts or services.
When we collect information when you are using our website
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you are using, what your device settings are and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
When we are reviewing and monitoring our website, wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website.
When your information is available from other public sources
We may collect personal details about you from the public domain, such as from social networks, company websites, political and property registers and news archives. We may use data services agencies to collect this information. Please see the section ‘What categories of personal information do we collect?’ below for more details.
Data protection law recognizes that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, race, religious beliefs and political opinions.
You may provide us with information about yourself that is classed as sensitive personal data. It might be necessary for us to record this information for a number of reasons – for example if you are participating in a fundraising event, or if you sign up for one of our Discovery Days. You might also provide details about your health information if you choose to share your experience of living with diabetes.
We will only hold sensitive personal data on our database if you have given us clear permission to do so. You can ask us to delete this data at any time.
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you support us, for example by making a donation, volunteering, registering to fundraise, signing up for an event or campaigning for us, we may collect where relevant:
- Your name
- Your contact details (postal address, email address, phone number, mobile number)
- Your date of birth
- Your bank or credit card details (only if you are making a donation)
- Where it is appropriate, we may ask you for your connection to type 1 diabetes, your reason for giving and/or your specific interests relating to JDRF’s work. We will never make these questions mandatory, and only want to know the answer if you are comfortable telling us. If you tell us that you have type 1 diabetes yourself, we will ask you to confirm that you are happy for us to store this information on our database.
- We automatically collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our website or social media pages, or view or interact with our ads and content.
When we are reviewing and monitoring our website, wherever possible we use aggregated or anonymous information which does not identify individual visitors to our websites.
While we do not actively collect information from children (under 16 years of age), we appreciate that our supporters are of all ages. Where appropriate, we will always ask for consent from a parent or guardian before we collect information about children.
All JDRF events will have clear rules on whether or not children can take part, and the collection of data will take managed in accordance with each individual event, with appropriate safeguards in place.
Your information enables us to provide you with information about type 1 diabetes and to keep you informed about how your support is helping us in our work to find the cure for type 1. You may receive communications from us about our work which may cover our research, news, our appeals, fundraising activities, online shop and other initiatives you may want to hear about or get involved with.
We may also use your personal information for other purposes, including:
- For administrative purposes, including the processing of donations, legacies and Gift Aid
- To respond to your query or complaint
- To display your profile or content on our website (if you have given us permission to do so)
- To maintain our organisational records and to ensure that we have your most up-to-date marketing preferences
- To invite you to participate in interactive features on our website
- To invite you to participate in voluntary surveys or research
- To allow us to fulfil any contractual obligation entered into between you and us (for example, when you purchase something from our online shop)
- To help us improve our services, campaigns or information provision
- To tailor advertising that is presented to you online according to your interests, preferences and other characteristics
- To analyse which of our communications are most effective. This can help to reduce administration costs and increase the funds available to support our work.
- To analyse and improve the operation of our website
- To analyse the way that you use our website and to improve the way it operates
- To contact you where you have been identified as a contact person for an organisation, such as a school, hospital, clinic or business. If we obtain your contact details in this way, we will only use them to contact you in the ways in which you have agreed to be contacted
- If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit; the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our websites.
We carry out targeted fundraising activity to ensure that our communication with you is as relevant and timely as possible and provides you with the best possible experience of supporting JDRF. In doing so, we may supplement what we know about you with information from third party sources to help us better understand your background and ensure that any communication is tailored to you and how you might support us in the future. This also helps us not to send irrelevant or inappropriate communications to our supporters, so that we can operate as cost effectively as possible. We may use profiling techniques or use third party insight companies to provide us with general information about you. Our suppliers will not share your information with any other organisation, and it will only be used for the purposes set out above.
You can opt out of your data being used for profiling by contacting email@example.com, or by calling 020 7713 2030 and asking for Supporter Care.
We never sell or share personal details to third parties for the purposes of their own marketing or for the monetisation of your data.
If we run an event in partnership with another named organisation, your details may need to be shared between us and the other organisation. We will be very clear what will happen to your data when you register for the event.
JDRF may disclose your personal information in the following circumstances:
- To other JDRF entities, trading subsidiaries, suppliers or service providers only to provide the products or services you’ve requested from our site(s) where, for example, we use an external supplier to deliver goods to you.
- To third parties who provide a service to us and are data processors. Before working with these companies we check they meet all relevant regulations and legislation. We always implement a contract with our suppliers, imposing robust data protection requirements including the provisions of this policy. We always seek to provide maximum protection of your personal details.
- We may be legally required to disclose your details if required to by the police or for regulatory reasons.
- We will only ever share your data in other circumstances if we have your consent to do so.
If you use your credit or debit card to donate to us, buy something or pay for a registration online or over the phone, we will ensure this is done securely and in accordance with the Payment Card Industry Data Security Standard. Find out more information about PCI DSS.
We do not store your credit or debit card details after your transaction is completed. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.
We make it easy for you to tell us how you want us to communicate with you, in a way that suits you. Our forms have clear marketing preference questions, and we include information on how to opt out when we send you marketing.
Although in many cases we will seek consent to process your personal data, in some instances we may process your information without consent when we are legally allowed to do so. This will only be where it is in our legitimate interests to do so and where we are confident that such processing is not likely to prejudice your legitimate interests or rights or freedoms.
Where we are processing our personal data on the basis of consent that you have given us, you are entitled to withdraw that consent at any time such that we can no longer rely on it as a basis for continuing to process your personal information.
If you don’t want to hear from us, that’s fine. Just let us know when you provide your data, or contact us at any time on 020 7713 2030 or firstname.lastname@example.org. You can also opt out of our email communication at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails.
You can also use the Fundraising Preference Service (FPS) to tell us that you do not want us (or any other named charity) to contact you.
FPS requests can be submitted via their website. After you submit a request, we will remove your details from our direct marketing lists within 21 days.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not contact you in the future.
If you actively provide your consent to us along with your email address and/or mobile phone numbers, we may contact you for marketing purposes by email or text message. By subscribing to JDRF emails, or opting into email communication from JDRF, you grant us the right to use your email address for both email marketing purposes and advertisement targeting.
If you have provided us with your postal address or telephone number we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information. We also actively check telephone numbers against the Telephone Preference Service and will only make telephone calls to you where your telephone number is listed on the TPS if you have specifically told us that you do not object to such calls and have consented to receive them.
Data security and protection of your personal information is very important to us. We take care in the selection and implementation of appropriate security measures and controls to keep your data protected and safe.
JDRF and our wholly owned trading company may share supporter information with each other in order to further JDRF’s charitable aims. We do not sell, rent or share your information with external organisations. In the execution of our work, we do engage trusted partners and service providers to work on our behalf. Any partners or service providers working on behalf of JDRF only have access to the information they need.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Where possible we use publicly available sources to keep your records up-to-date, for example, the Post Office’s National Change of Address database and the National Bereavement Register. However, we really appreciate it if you let us know if your contact details or circumstances change. Just contact us at email@example.com and we will update our records.
We will hold your personal information on our systems for as long as it is reasonably necessary for the relevant activity. For example, we will keep a record of any donations you have made for at least six years, because HMRC may ask us to produce this information for tax purposes.
If you ask us to stop sending you marketing materials, we will keep a record of your contact details and appropriate information to enable us to comply with your request to not be contacted by us.
Legacy income is vital to JDRF. We may keep data you provide to us indefinitely, both to administer legacy gifts and to communicate with the families of people who leave us gifts in their wills. This also enables us to identify and analyse the source of legacy income we receive.
When you contribute material to us, for example through user generated content or in response to a particular campaign, we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted, unless stated at the point of generation.
Under the Data Protection Act 1998 you have a right to request a copy of the personal information we hold about you and to have any accuracies corrected. You also have a right to request us to erase your personal information, request us to restrict our processing of your personal information or to object to our processing of your personal information.
If you wish to exercise these rights, we need you to prove your identity with two pieces of approved identification. Please address requests to Liz Swinburne, Data Manager, JDRF, 17/18 Angel Gate, City Road, London EC1V 2PT.
We will respond within 28 days of receipt of your written request and confirmed identification.
Where you have provided consent for our use of your personal information, you always have a right to withdraw your consent at any time.
Under the General Data Protection Regulation, which became law in the UK in May 2018 you are also granted a number of additional rights. These include:
- The right to rectification (putting right any errors in the data that we hold about you)
- The right to erasure (deletion of all information that we hold about you)
- The right to data portability (getting a copy of all information that we hold about you, in a format that enables you to transfer it to another organisation)
- The right to object (raising a complaint about what we do with your data)
- Rights in relation to automated decision making and profiling (being able to forbid us to use computer programmes to make decisions about you)
For more information on these rights, please read the relevant guidance issued by the Information Commissioners Office (ICO).
If you would like to make a complaint about how we process your personal data, please contact Liz Swinburne, our data manager.
If you are not happy with how your complaint is dealt with you should contact the ICO. Alternatively, you are entitled to make a complaint to the ICO without first referring your complaint to us.