We are committed to protecting and respecting your privacy. We will take all reasonable steps to process and protect any personal data in accordance with the Data Protection Act 1998.
This policy (together with our Terms and Conditions of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
For the purpose of the Data Protection Act 1998, the data controller is Juvenile Diabetes Research Foundation Limited (operating as JDRF) of 17/18 Angel Gate, City Road, London EC1V 2PT.
Michael Hall is JDRF’s Data Protection Officer and can be contacted at firstname.lastname@example.org should you have any concerns about our use of your personal data.
Information we may collect from you
We may collect and process the following data about you:
Information you give us. You may give us information about you by filling in forms on our site, posting comments or stories on our interactive services, or by corresponding with us by phone, e-mail or otherwise. This will include information you provide when you make a donation to us, place an order through our site, answer a question about diabetes, participate in social media functions through our site, enter a competition or survey, sign up for an event or when you report a problem with our site, amongst others. The information you give us may include your name, date of birth, postal address, e-mail address, phone number, credit/debit card information, personal description and photograph, details of your visits to the site and resources that you used. You may also give us information regarding your, or others’, health if you tell us about your diabetes experience or the experiences of a friend or relative.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, for system administration and to report aggregate information to our advertisers. These are statistical data about our users’ browsing actions and patterns, and do not identify any individual. The information may be used to help us assess the use and usability of our site. We will not attempt to trace that IP address to you personally, nor will it allow that information to be tracked by outside agencies; and
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); pages users visit most often and which services, events or facilities are of most interest.
Information we receive from other sources. We may receive information about you if you use any of the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties and may receive information about you from them.
When someone visits our site we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We will make it clear when we collect personal information and will explain what we intend to do with it. You can choose to opt-out of this by visiting Google Analytics’ current available opt-out for the web.
Google Analytics’ Advertising Features will also collect information on age, gender, and interest data. We do this to help enable our online advertising to be targeted at the right audience. As stated above this information is only processed in a way which does not identify anyone.
We use a third party provider, Dotmailer, to deliver our e-magazine and e-newsletter. For more information, please see Dotmailer’s privacy notice.
We use a third party service, Eventbrite, for event registration. There is also occasionally the option for users to make donations for free ticketed events through Eventbrite. For more information, please see Eventbrite’s privacy notice.
We use third party services, RSM 2000 and Engaging Networks, for our online donation payment services. For more information, please see RSM 2000’s and Engaging Network’s privacy notices.
We use a third party service, Shopify, for JDRF online sale transactions. For more information, please see Shopify’s privacy notice.
Uses made of the information
We use information held about you in the following ways:
Information you give to us. We will use this information:
- to assess the use and usability of JDRF site;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us and notify you about changes to our service;
- to further JDRF’s charitable aims, including fundraising activities; and
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to comply with any legal obligations such as HMRC’s requirements for Gift Aid declarations; and
- as part of our efforts to keep our site safe and secure.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our group.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you; and
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If JDRF or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions of Use or Terms and Conditions of Supply; or to protect the rights, property, or safety of JDRF, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We reserve the right to communicate to you about third party products and services via our website, newsletters or otherwise. All communications will come direct from JDRF however, and none of your information will be shared with third parties other than via the methods described in this policy.
Security of your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
JDRF will retain your data for a reasonable period.
You have the right to ask us not to process your personal data for marketing purposes. We do not intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Act 1998. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.