Our privacy and cookies policy


What this privacy and cookie policy covers

The British Heart Foundation is committed to protecting your personal information and being transparent about what information we hold, whether you are a donor, volunteer, shopper or campaigner.

Developing a better understanding of our supporters through their personal data allows us to fundraise more efficiently, which ultimately helps in the fight for every heartbeat. We have made improvements to this policy so that transparency is at the core of what we do, especially around our policy on profiling and wealth screening (see 'Fundraising' section below).

The purpose of this policy is to give you a clear explanation about how the BHF and all of its subsidiaries collects and uses the personal information you provide to us and that we collect, whether online, via phone, email, in letters or in any other correspondence or from third parties.

We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:

  • What information the BHF may collect about you;
  • How we will use that information;
  • Whether we disclose your details to anyone else;
  • Your choices regarding the information you provide to us; and
  • How we use cookies to provide services to you or to improve your use of our websites.

If you have any queries about this privacy and cookies policy please contact the Data Protection Officer at the Legal and Corporate Governance Department, British Heart Foundation, 180 Great Hampstead Road, London or email: [email protected].

Select to read more

Who we are

We are the leading heart charity in the UK and our registered charity numbers are 225971 in England and Wales, and SC039426 in Scotland. We are also registered as a company in England and Wales under registration number 00699547.

British Heart Foundation Ventures Limited a registered company in England and Wales: number 02767880, British Heart Foundation Sales Limited, registered company in England and Wales: number 00877530 and London to Brighton Bike Ride Limited, registered company in England and Wales: number 02672643 are wholly owned subsidiaries of BHF which trade on its behalf. Within the context of this policy ‘we’ means both the charity and its subsidiaries. Each of these organisations are data controllers under the data protection rules.

Information collection

We collect information in the following ways:

  • Information you give us. For example, when you engage with our social media or message boards, make a donation to us, register for an event or otherwise provide us with personal information. When you register, we’ll ask for personal information, like your name, email address and telephone number to store with your account.
  • Information we get from your use of our website and services. We collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our websites or view and interact with our ads and content.
  • Information from third parties.We may also receive information about you from third parties. This can include information such as your name, postal address, email address, phone number, your geographic location (for mobile devices), credit/debit card details and whether you are a tax payer so that we can claim Gift Aid.  We, like all companies, are able to confirm what browser you are using, IP address and computer operating systems that are being used and this information may be used to improve the services we offer

Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our websites. See below, under Marketing materials – to understand our purposes for processing your personal information.

Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, race, religious beliefs and political opinions. We do not usually collect ‘sensitive personal data’ about our supporters unless there is a clear reason for doing so, such as participation in a marathon or similar fundraising event or where we need this information to ensure that we provide appropriate facilities or support to enable you to participate in an event.

We may also collect sensitive personal data if you make the information public or if you tell us about your experiences relating to heart disease (for example, if you call our helpline, act as a case study for us or volunteer to be a ‘Heart Voice’); however we will always make it clear to you when we collect this information from you, what sensitive personal data we are collecting and why. 

Website users

All BHF websites use cookies to help our websites work well and to track information about how people are using them. More information on cookies can be found further down the page under 'Cookies'.

 

In addition, if you register on our websites then the following will also apply:

  • All BHF websites collect personal information when you register with us.
  • The website you sign up to will collect information such as your name, email address and post code. Once you register with that website you will not be anonymous to us when you subsequently sign in.
  • As part of the registration process and continued use of BHF services, you agree that any registration information you give to BHF will always be accurate, correct and up to date. Please do get in touch should you need to amend any of your personal information.
  • We collect and retain information about your interactions with us so that we can process your interactions and deal with future queries.
  • We use cookies to allow us to store limited information on an individual’s computer to either track them through tracking cookies or to allow people to have automatic logons as an example. We use this information to provide you with a good experience when browsing our website and to improve the functionality of our site.

Your debit and credit card information

If you use your credit or debit card to donate to us, buy something or pay for a registration online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here - https://www.pcisecuritystandards.org/security_standards/index.php

We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.

If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases or donations should be completed through the donation page or online shop on our website (www.bhf.org.uk) or via our customer support centre by calling 0300 330 3322.

Legal basis

In certain instances, we collect and use your personal information by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from the BHF, we have a legitimate organisational interest to use your personal information to respond to you and there is no overriding prejudice to you by using your personal information for this purpose. This is also the case where we process your donations in support of BHF's objectives, for our internal administrative purposes, and where we need to take steps to protect our network security or risk of fraud.

In most instances, however, we will rely on obtaining your consent to our use of your personal information. This is the case, for example, where we seek to obtain your consent to receive email marketing about the BHF. 

Marketing Materials

We want to ensure you receive the level of information about the BHF that is right for you.

Email/text marketing:

If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to BHF emails or opting in to email communication from BHF, you grant us the right to use the email for both email marketing purposes and advertisement targeting

Post/telephone marketing:

If you have provided us with your postal address or telephone number we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information. We also actively check telephone numbers against the Telephone Preference Service and will only make telephone calls to you where your telephone number is listed on the TPS if you have specifically told us that you do not object to such calls and have consented to receive them.

Your choice:

It is always your choice as to whether you want to receive information about our work, how we raise funds and the ways you can get involved. If you do not want us to use your personal information in these ways please indicate your preferences on the form on which we collect your data.

You may opt-out of our marketing communications at any time by clicking the ‘unsubscribe’ link in at the end of our marketing emails sending us an "opt-out" text message, following the instructions we provide you in our initial text.

You can also change any of your contact preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone, or by post) by contacting our Customer Support Centre on 0300 330 3322 or [email protected].

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you.

Fundraising

We carry out targeted fundraising activity to ensure that we are contacting you with the most appropriate communication, which is relevant and timely and will ultimately provide an improved experience for you. In doing so, we may use profiling techniques or use third party wealth screening companies and insight companies to provide us with general information about you. Such information is compiled using publicly available data about you or information that you have already provided to us.

This activity assists us in understanding the background of the people who support us and helps us to make appropriate requests to supporters who may have the means and the want to give more. You can opt out of your data being used for profiling and wealth screening techniques by contacting [email protected]

Recipients - Information and disclosure

The BHF may disclose your personal information in the following circumstances:

  • To other BHF entities, trading subsidiaries, suppliers or service providers only to provide the products or services you've requested from our site(s) where, for example, we use a separate company to deliver goods to you.
  • To third parties who provide a service to us and are data processors.This would include our trusted partners that work with us in connection with our charitable purposes, and other entities that act as fundraisers for BHF, sell BHF products or provide BHF information and marketing (subject to your communication preferences and our internal policies and procedures). We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all of our data processors and regularly monitor their activities to ensure they are complying with BHF policies and procedures.

     

  • Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect the BHF, for example in cases of suspected fraud or defamation.

Rest assured, we will never share, sell or swap your details with any third parties for the purposes of their own marketing or the monetising of your data. 

Heart helpline

If you contact our nurses, dieticians or advisors on our Heart Helpline, you may choose to provide details of a personal nature in particular about you or someone else’s health. Only the Heart Helpline nurses, dieticians or advisors will use this personal information and only for the purposes of responding to your enquiry. They will not pass the personal information on to  anyone else without express permission except in exceptional circumstances to comply with the nurses’ code of professional conduct or the law. Your personal information and details of your enquiry will be recorded for quality and monitoring purposes and stored on a secure database. Your details will not be used for marketing purposes. If for any reason you want your details removed from these records, please contact the Heart Helpline on 0300 330 3311. 

Under 18s

We are committed to protecting the privacy of the young people that engage with us through our prevention, survival and support services for young people on our website, at events and at schools.

Our fundraising events also request specific information about the age of participants. If you are under 18 and would like to get involved, please ensure that you have consent from a parent or guardian before giving us your personal information. When we collect information about a child or young person aged under 18 we will make it very clear as to the reasons for collecting this information and how it will be used.

Vulnerable supporters policy

We are committed to protecting vulnerable supporters. Please refer to our Vulnerable Supporters Policy on our website under the ‘We are respectful’ section of our Supporter Promise page.

https://www.bhf.org.uk/about-us/supporter-promise

Inappropriate website content

If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content on our forums or social media pages, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies. 

International transfers of personal information

For financial and technical reasons we may, on occasion decideto use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. This includes countries that the European Union authorities do not consider provides and adequate level of protection for personal data. However we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the European Commission approved standard contractual clauses. If you would like to receive further information about our safeguards, please contact the Data Protection Office, Legal and Corporate Governance Department, British Heart Foundation, 180 Hampstead Road, London or email: [email protected]

Keeping your personal information

We keep your personal information only  for as long as required to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required, we will ensure it is disposed of in a secure manner. 

Cookies

Cookies

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to improve the performance of a website, for saving different options and to provide website owners with information on how the site is being used. 

We use cookies to enhance the experience of the websites, to increase the performance, to identify how the website is being used and where we can make improvements and to monitor how our advertisements perform. Some of our cookies are vital for the websites to operate effectively and others are optional, but may decrease the usability or performance of the websites.

The cookies that the BHF issue and manage, their name, purpose, what website they appear from and how long they remain on your device are listed below.

British Heart Foundation website

 Name  Purpose  Lifetime
 cookiePrefs  Used by BHF site to track whether the user had already confirmed the cookie policy.  1 year
 __storejs__  Unknown  1 hour
 SC_ANALYTICS_GLOBAL_COOKIE    Used by Sitecore CMC. Randomly generated identifier assigned to a visitor to help identify returning visits to the site.  10 years
 BHF-SurveyInvitation  Used by BHF site to track whether the user had already been invited to take the survey.  1 month
 ASP.NET_SessionId  Used by ASP.NET to identify the user and store session information.  Session (expires when browser window is closed)
 ARRAffinity  Used by the load balancer to ensure users stay on the same content delivery server.  Session (expires when browser window is closed)

Wear It Beat It

 Name  Purpose  Lifetime
 s_fid  This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies.  2 years

Bag It Beat It

 Name  Purpose  Lifetime
 s_fid  This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies.  2 years
 wp-settings-1  Profile user settings because when logged in.  1 year
 Wordpress_test_cookie    Set to see of cookies can be stored.  1 year

Dechox

 Name  Purpose  Lifetime
 s_fid  This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies.  2 years
 wp-settings-1  Profile user settings because when logged in.  1 year
 Wordpress_test_cookie  Set to see of cookies can be stored.  1 year
 
Gift of Hope
Give in Celebration
 Name  Purpose  Lifetime
yourAuthCookie Used when you select 'remember me' when you log in to the website. Saves your login details so you do not need to keep entering them on each visit to the site. Session (expires when browser window is closed)
XSRF-V
XSRF-TOKEN
Cookies that protect from CSRF attacks Session (expires when browser window is closed)
UMB_UCONTEXT Umbraco cookie. Stores a Guid reference to the current logged in user. Randomly generated at login and stored in the umbracoUserLogins database table, it allows you access the current user, without having to store any user specific data in the cookie. 1 day
ASP.NET_SessionId A cookie that ASP.NET uses to store a unique identifier for your session. The session cookie is not persisted on your hard disk. Session (expires when browser window is closed)
__atuvs and or __atuvc The __atuvc cookie is created and read by the AddThis social sharing site JavaScript on the client side in order to make sure the user sees the updated count if they share a page and return to it before our share count cache is updated. No data from that cookie is sent back to AddThis and removing it when disabling cookies would cause unexpected behaviour for users. 2 years
 _gat_UA-82078943-1
_ga
The Google Analytics cookies are used to gather anonymous information about how you use our site. We use this information to improve our site and make it easier to use. You can opt out of being tracked by Google Analytics using the Opt Out Browser Add-On from Google.
 
10 minutes
2 years

MyMarathon

 Name  Purpose  Lifetime
 s_fid  This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies.  2 years
 wp-settings-1  Profile user settings because when logged in.  1 year
 Wordpress_test_cookie    Set to see of cookies can be stored.  Session

Community

 Name  Purpose  Lifetime
 SERVERID  Usually used for load balancing. Identifies the server that delivered the last page to the browser. Associated with the HAProxy Load Balancer software. The main purpose of this cookie is: Strictly Necessary.  Session
 has_js  Most commonly associated with the Drupal content management system. Drupal uses this cookie to indicate whether or not the visitors browser has JavaScript enabled. The main purpose of this cookie is: Functionality.  Session

Online shop

 Name  Purpose  Lifetime
 __cfduid  used to override any security restrictions based on the IP address the visitor is coming from. It does not correspond to any userid in the web application, nor does the cookie store any personally identifiable information. Note: This cookie is strictly necessary for site security operations and can't be turned off.  1 year
 frontend  Your session ID on the server.  

BHF jobs

 Name  Purpose  Lifetime
 ASPSESSIONIDSWRTQAAR  Only one set by Eploy. Used to handle user sessions. Expires with session.  Session
 s_fid  This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies.  2 years

BHF Retail jobs

 Name  Purpose  Lifetime
 PHPSESSID   Cookie used by internally PHP (the software used by Amris) to track the applicants progress through the site.  Session
 TestCookie  Used to check that the browser has cookies enabled.  Session
 s_fid  This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Not used for implementations that use first-party cookies.  2 years

BHF Raffle

 Name  Purpose  Lifetime
_ga 
_gat 
_utma 
_utmt 
_utmb 
_utmc 
_utmz 
_utmv 

The Google Analytics cookies are used to gather anonymous information about how you use our site. We use this information to improve our site and make it easier to use.

You can opt out of being tracked by Google Analytics using the Opt Out Browser Add-On from Google. 

 2 years
10 minutes
2 years
10 minutes
30 minutes
Session
6 months
2 years
bhf_raffle This session cookie is used to store information about your activity on the site so that you can easily pick up where you left off next time you visit.  Session
PHPSESSID 
JSESSIONID 
machine 
ASP.NET_SessionId
 These cookies are essential for the online payments section of our website and are deleted when you close your browser.
 
 Session
 x-mapping-fjhppofk  This is a cookie that ties your session to one of our web servers. This helps us distribute visitors to different servers to keep the site fast even when lots of people visit at once.  Session

BHF Christmas Appeal

 Name  Purpose  Lifetime
_ga 
_gat 
_utma 
_utmt 
_utmb 
_utmc 
_utmz 
_utmv 
The Google Analytics cookies are used to gather anonymous information about how you use our site. We use this information to improve our site and make it easier to use.  2 years
10 minutes
2 years
10 minutes
30 minutes
Session
6 months
2 years
bhf_cause This session cookie is used to store information about your activity on the site so that you can easily pick up where you left off next time you visit.  Session
PHPSESSID 
JSESSIONID 
machine 
ASP.NET_SessionId
These cookies are essential for the online payments section of our website and are deleted when you close your browser.
 
 Session
 x-mapping-fjhppofk This is a cookie that ties your session to one of our web servers. This helps us distribute visitors to different servers to keep the site fast even when lots of people visit at once.  Session

The cookies that we use can be broken into four categories:

1. Cookies which are necessary to run the websites 

 Some of our site cookies are essential to run the websites and without the acceptance or use of these cookies the website or elements of the website will not work. These include, but are not limited to:

  • Adding items to a shopping basket
  • Remembering items in a shopping basket if you leave the website

2. Cookies which are optional

All other cookies are optional and the removal of these cookies may decrease the usability or performance of our websites. Such optional cookies include, but are not limited to:

  • Remembering that you are logged in across all of our websites
  • Your optional settings
  • Tracking usage of a website

3. Cookies which ensure value for money

 To ensure that we are getting best value for money from our advertisements we may use cookies that track how many people click on the advertisements and subsequent actions which is known as a “click through”.   

4. Cookies which are from trusted third parties

 We utilise the technology of third parties on a regular basis to ensure that we are using up to date systems which are managed by the best companies to provide us with the information that we need. This in turn means that there will be a number of third party cookies from our trusted suppliers used on our websites. Each company is responsible for the cookies that they place onto your device and have separate policy documents to highlight their use. 

Our list of trusted third parties who may deploy a cookie to your device, with a link to their cookie details is below:

What will happen if you disable some or all of the cookies that BHF uses?

If you opt to disable some or all cookies, we are unable to guarantee that our websites will operate. 

How do I manage my cookie settings?

Internet browsers (such as but not limited to Internet Explorer, Google Chrome, Firefox, Opera or Safari) will allow some control over most cookies through their settings. You will need to refer to the operating manual or review the settings of your browser software to identify what cookies are on your device and how to remove them.

Find out more about cookies and how to manage them. Some third parties may allow you to manage their cookies independently. Please refer to the list of third party providers above and confirm their respective policy pages for further information.  

Acceptance of cookie use

By continuing to use our website you will have been deemed to have agreed to our use of cookies subject to any preferences you may have indicated to us or any overriding browser settings you may have. 

Tracking

We use multiple first and third party technologies such as pixel tags and web beacons to track and improve the user experience on our sites, quality of service and to monitor the effectiveness of campaigns and digital marketing activity.

We may use them to:

  • see what website content is popular and how people are using the site as they allow us to track users movement through our websites.  This type of information is amalgamated so that we can build up a picture of how the site is performing.
  • make sure we offer you a consistent service. For example, if we are testing new website content or we want to run a survey, we use tracking to remember what content you have seen or if you have already been asked to join the survey.

In addition, when we email you, we may place a tag (also known as ‘tracking pixel’) on the email we send out. These let us monitor performance of our emails marketing activity. 

Your ability to edit and delete your account information and preferences

The accuracy of your personal information is important to us. You can edit your BHF account information, including your address and contact details at any time. If you would like to change your preferences or update the details we hold about you other than online, please contact our Customer Support Centre on 0300 330 3322 or [email protected] or write to Customer Support Centre, British Heart Foundation, Lyndon Place, 2096 Coventry Road, Sheldon, Birmingham, B26 3YU.

Your rights to your personal information

Under the Data Protection Act 1998 you have a right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. You also have the right to request us to erase your personal information, request us to restrict our processing of your personal information or to object to our processing of your personal information.

Should you wish to exercise these rights we require you to prove your identity with two pieces of approved identification. Please address requests to the Data Protection Officer, Legal Team, British Heart Foundation, 180 Hampstead Road, London, NW1 7AW and we will respond within 40 days, of receipt of your written request and confirmed ID. Please provide as much information as possible about the nature of your contact with us to help us locate your records. We reserve the right to charge a fee of £10 for this process.

Where you have provided your consent for our use of your personal information, you always have a right to withdraw your consent at any time. 

Your ability to edit and delete your account information preferences

The accuracy of your personal information is important to us. You can edit your BHF account information, including your address and contact details at any time. If you would like to change your preferences or update the details we hold about you other than online, please contact our Customer Support Centre on 0300 330 3322 or [email protected] or write to Customer Support Centre, British Heart Foundation, Lyndon Place, 2096 Coventry Road, Sheldon, Birmingham, B26 3YU.

Your rights to your personal information

Under the Data Protection Act 1998 you have a right to request a copy of the personal information we hold about you and to have any inaccuracies corrected. You also have the right to request us to erase your personal information, request us to restrict our processing of your personal information or to object to our processing of your personal information.

Should you wish to exercise these rights weWe require you to prove your identity with two pieces of approved identification. Please address requests to the Data Protection Officer, Legal Team, British Heart Foundation, 180 Hampstead Road, London, NW1 7AW and we will respond within 40 days, of receipt of your written request and confirmed ID. Please provide as much information as possible about the nature of your contact with us to help us locate your records. We reserve the right to charge a fee of £10 for this process.

Where you have provided your consent for our use of your personal information, you always have a right to withdraw your consent at any time.

Changes to this privacy policy

We may update the terms of this policy at any time, so please do check it from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website(s). By continuing to use our website you will be deemed to have accepted such changes.

Complaints compliments or comments

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services.

Please find further information about giving us feedback, or lodging a complaint on the following page of our website:

Lodge a request on our feedback form