The British Heart Foundation is committed to protecting your personal information and being transparent about what information we hold, whether you are a donor, volunteer, shopper or campaigner.
Getting a better understanding of our supporters through their personal information allows us to fundraise more efficiently, which ultimately helps us beat the heartbreak caused by heart and circulatory diseases. We have made improvements to this Policy so that transparency is at the core of what we do.
We ensure that we use your personal information in accordance with the law. This Policy explains:
The Policy may change from time to time. For example, we have recently updated it to reflect new legal requirements of the EU General Data Protection Regulation (also known as the 'GDPR'). Please visit this website section periodically in order to keep up to date with the changes in our Policy.
By using our website, our social media pages (such as Facebook, Twitter, YouTube, Google+ and Instagram), subscribing to our services, making a donation to us and/or shopping with us online, you agree that, unless you have set your computer’s browser to reject them, we can place the types of cookies set out below on your device and use that data in accordance with this Policy.
In order to remember that you have accepted the use of BHF issued cookies, we will place a temporary cookie to remember your consent for 12 months.
Select to read more
Who we are
The British Heart Foundation is the leading heart charity in the UK and our registered charity numbers are 225971 in England and Wales, and SC039426 in Scotland. Our charity is also registered in England and Wales as a company limited by guarantee under number 00699547.
In this Policy ‘we’ means both the charity and its subsidiaries trading on its behalf who are: British Heart Foundation Ventures Limited a registered company in England and Wales: number 02767880, British Heart Foundation Sales Limited, registered company in England and Wales: number 00877530 and London to Brighton Bike Ride Limited, registered company in England and Wales: number 02672643.
The charity and each of these subsidiaries may collect and decide for themselves how to use your personal information. The legal phrase that's used to describe an organisation that makes these decisions is 'data controller'.
We collect information about you in the following ways:
- Information you give us. For example, when you post information on our social media or message boards, make a donation to us, register for an event or otherwise provide us with personal information. When you register, we’ll ask for personal information, like your name, email address, telephone number, date of birth, bank account details for setting up a regular direct debit gift and contact preferences.
- Information from known third parties. We may also receive information about you from our third party partners with whom you choose to interact, for example websites such as JustGiving when making a donation or Ebay when buying BHF related products. This can include information such as your name, postal or email address, phone number, your geographic location, credit/debit card details and whether you are a tax payer so that we can claim Gift Aid. To the extent that we have not done so already, we (or they) will notify you when we receive information about you from them and tell you how and why we intend to use that information.
- Information available publicly. We may include information found in places such as Companies House, LinkedIn and information that has been published in articles/newspapers. Please see ‘How we combine and analyse the information we collect about you’ to find out more
Wherever possible we use aggregated or anonymous information which does not identify individuals by name. See below How we use your information to understand our purposes for processing your personal information.
What personal information do we process?
We collect, store and use the following kinds of personal information:
- Your name and contact details, including postal address, telephone number, email address and, where applicable, your social media profile
- Your date of birth
- Financial information you provide where you make a payment, such as bank details or credit/debit card details, although we don't store credit or debit card details (see below)
- Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location
- Information about our services which you use/which we consider of interest to you
- Information as to whether you are a tax payer so that we can claim Gift Aid
- Any other personal information you share with us as described above
Do we process Sensitive Personal Information?
Certain categories of personal information are regarded by the law as more sensitive than others.
This is known as 'special category' or 'sensitive personal data' and covers things like information about your health, ethnic origin, religious beliefs, political opinions or any genetic or biometric data that is used to identify you.
We do not usually collect ‘sensitive personal data’ about our supporters unless there is a clear reason for doing so, such as participation in a marathon or similar fundraising event or where we need this information to ensure that we provide appropriate facilities or medical support to enable you to safely participate. We may also collect sensitive personal data if you make the information public or if you tell us about your experiences relating to heart disease (for example, if you agree to act as a case study for us or volunteer to be a ‘Heart Voice’).
We will always make it clear when we collect this information from you what sensitive personal data we are collecting and why.
Your debit and credit card information
If you use your credit or debit card to donate to us, buy something or pay for a registration online we will use a specialist payment processor. We will also ensure that card details are handled securely under Payment Card Industry (PCI) Data Security Standards. For more information about these Standards see here - https://www.pcisecuritystandards.org/security_standards/index.php.
If you provide your card details to make a donation by phone, only BHF staff who are authorised and trained to process payments should be able to collect or see your card details. We never store your credit or debit card details following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed.
Please do not send an email containing any credit or debit card details, since it will be immediately deleted and no payment will be taken. If this happens, we'll let you know.
All purchases or donations should be completed through the donation page or online shop on our website (www.bhf.org.uk) or via our customer support centre by calling 0300 330 3322.
- All BHF websites collect personal information you supply when you register with us.
- The website you sign up to will collect information such as your name, email address and post code. Once you register with that website, you will not be anonymous to us when you subsequently sign in.
- As part of the registration process and continued use of BHF services, you agree that any registration information you give to BHF will always be accurate, correct and up to date. Please do get in touch should you need to amend or update any of your personal information.
- We collect and retain information about your interactions with us so that we can process any request you make and efficiently deal with future queries.
- Our website may use SessionCam for analysis. SessionCam is a product that has been developed by SessionCamLTD. SessionCam may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Any information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.
If you apply to work at the BHF, we will only use the information you give us to process your application or to monitor recruitment statistics on an unidentified basis. If we want to disclose information to someone outside the BHF, for example, if we need a reference from your previous employer, we will tell you beforehand. The only exception is where the law obliges us to disclose information to a third party (such as the police) and we are not allowed to tell you.
If you are unsuccessful in your job application, we may hold your personal information after we’ve finished recruiting for the post you applied for, for up to 12 months to deal with any follow up queries or issues.
We keep statistical information about all applicants to develop our recruitment processes however no individual applicant would be identifiable from this information.
If you commence employment with the BHF, your personal information will be processed in accordance with your employment contract and other applicable human resources policies we have from time to time.
How we use your information
We use your personal information for a number of purposes including the following:
- To provide you with the services, products or information you have requested;
- To provide information about our work, activities, volunteering or events although this will only be where you have consented to being contacted for those purposes unless the BHF is in a position to rely on the Legitimate Interest basis for contacting you via postal communication only (see further information below under Legal Basis for Processing)
- To process donations we may receive from you;
- To fundraise in a manner referred to in this Policy or that you would reasonably expect;
- To create an account for you if you register with us;
- To deliver products or services you
- To process orders from our shops or provide after-sales service;
- To invite you to participate in interactive features on our website when you choose to do so;
- For administration purposes (for example we may contact you regarding a donation you have made or the event you have registered for);
- For internal management, such as record keeping of enquiries, feedback or complaints;
- To invite you to participate in surveys or research (although this is voluntary);
- To use IP addresses to identify your approximate location, to block disruptive use, to record website traffic or to personalise the way our information is presented to you;
- To analyse and improve the online services we offer, to make them as user-friendly as possible;
- We may collect personal information to conduct supporter research and this is on occasion through our existing network. We may also analyse information you provide to us with other freely available public information to create a profile of supporter interests, preferences and level of potential donations so that we can contact you in the most appropriate way and with the most relevant information (for more information about this use, see How will you combine and analyse the information we collect about you?)
- Where collecting and holding your information is required or authorised by law;
- We may use your personal information for the purposes of credit risk reduction or fraud prevention (using external specialist agencies to help us); and
- Other specific purposes that you may agree to from time to time.
How will you combine and analyse the information we collect about you?
Before contacting you, we may use data analysis to interpret your data and predict how likely you are to be interested in or responsive to a particular campaign or fundraising message. Where we have identified that you have the capacity and/or affinity to support the British Heart Foundation at a higher level, we may collect additional information about you (see 'How we use your information') and combine, analyse and compile that information into a profile of you in order to assist us in engaging with you in a more personalised way.
We typically look at and combine information published in the media but other commonly used publically available sources including company resources, the Electoral Register and any data you choose to make public on LinkedIn such as your professional memberships and networks. We may also use any publically available data that you share on social media. We may use additional information such as geographical information for measures of affluence where available. In order to do this efficiently, we may use trusted third party specialist companies that collate and analyse information from public registers alongside statistical social-economic data to automate some of this work. This helps us to understand more about your interests and level of potential engagement or donation. Examples of companies who assist us with this process include CACI Limited (Acorn) (https://acorn.caci.co.uk/) and Management Diagnostics Limited (Boardex) (http://corp.boardex.com/not-for-profit/).
You can opt out of your data being combined and analysed for marketing purposes by contacting our Supporter Care Team or our Data Protection Office as set out in the Contact Us below.
Please note that before seeking or accepting major donations we are required to conduct a minimum level of due diligence. This is in accordance with our legal and regulatory obligations and our internal risk management policies and procedures. This means that if you opt out of analysis of your data for due diligence purposes, we may not be able to accept donations from you.
Legal basis for processing
The law requires us to set out the lawful grounds on which we collect and process your personal information as described in this Policy. Depending on the purposes for which we use your data, one or more of the grounds listed below may be relevant:
In certain instances, we collect and use your personal information by relying on the legitimate interest legal basis. In broad terms, our “legitimate interests” means our interest in being able to run the British Heart Foundation as a charitable entity effectively in pursuit of our aims and ideals. This includes:
- Sending direct marketing material to supporters by post for fundraising purposes
- Conducting research to better understand who our supporters are and better target our fundraising activity;
- Measure and understand how our audiences respond to a variety of marketing activity so we can ensure our activity is well targeted, relevant and effective;
- Providing information about heart health;
- Processing donations;
- Administering events;
- Staff recruitment and taking applications for volunteers and contacting volunteers about their role; and
- The use of CCTV recording equipment in and around our premises for monitoring and security purposes
However “legitimate interests” can also include your interests, such as when you have requested information or certain goods/services from us, and those of third parties.
If we rely on the "legitimate interests" basis to use your personal information, we will only use the information in accordance with the purposes described in this Policy.
When we legitimately process your personal information in this way, we also consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law)
In many instances, we will rely on obtaining your consent to our use of your personal information in a certain way (for example, asking for your consent to use your personal information to send you direct marketing information, and we may ask for your explicit consent to share sensitive personal information with us)
We may need to collect, process and disclose personal information to comply with a legal obligation. For example, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes. We may also use personal information to cross check and prevent known malicious activities on BHF operated services.
Performance of a contract:
For example if you purchase something from our online shop or agree to work for us, we need to be able to process your information for the purpose of meeting our contractual obligations.
You have the following legal rights in relation to our collection and processing of your personal information:
It is always your choice as to whether you want to receive information about our work, how we raise funds and the ways you can get involved. If you do not want us to continue to contact you, you have the right to object or change your mind at any time.
You may opt-out of our marketing communications at any time by clicking the ‘unsubscribe’ link in at the end of our marketing emails or by sending us an "opt-out" text message, following the instructions we provide you in our initial text.
You can also change or edit any of your contact preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone, or by post) by contacting our Customer Support Centre on 0300 330 3322 or [email protected] or you can write to: Customer Support Centre, British Heart Foundation, Lyndon Place, 2096 Coventry Road, Sheldon, Birmingham, B26 3YU.
If you have indicated that you do not wish to be contacted by us for marketing purposes, we will retain your details on a 'do not contact' list to help ensure that we do not contact you accidentally. However, we may still need to contact you if you carry on dealing with us, including (but not limited to):
- Processing a donation you make or any continuing direct debit;
- Providing you with information you need in order to participate in an activity or event for which you have registered;
- Explaining and apologising where we have made a mistake; and
- Dealing with future legal claims in connection with a contract we have with you
You can also enter your details on the Fundraising Preference Service (FPS) website and choosing ‘British Heart Foundation’ (Charity Number 699547 or in Scotland No. SC039426). This service is run by the Fundraising Regulator and allows you to stop email, telephone, addressed post, and/or text messages from a selected charity or charities by using the online service at www.fundraisingpreference.org.uk or by calling the telephone helpline on 03003033517. Once you have made a request through the FPS, we will ensure that your new preferences take effect within 28 days of your request.
To exercise any of these rights, please send a description of the personal information in question to our Data Protection Office at the address shown in the Contact us section below. Please note that some of these rights may be subject to legal restrictions, which we'll tell you about if they apply.
For more information about your rights or if you are not happy with our response to your request, you can contact the Information Commissioner’s Office (ICO) – for more details, see https://ico.org.uk/.
Recipients - Information and disclosure
We do not share, sell or rent your information to third parties for marketing purposes. However, we may disclose your personal information in the following circumstances:
- To other BHF entities, trading subsidiaries, suppliers or service providers to provide the products or services you've requested from our website(s). For example, where, we use a separate company to deliver goods to you.
- To third parties who support our operations and services under our instructions. The legal phrase used to describe these types of third parties is 'data processor'. These third parties include trusted partners (e.g. Workday (our Human Resource Management Platform) (https://www.workday.com/en-us/homepage.htm), StarVale Management & Technologies Ltd (our external lottery managers) (https://starvale.safeandsecurewebservices.net/), MDA (Fulfilment House) www.mdams.com/), Blackbaud (Non-Profit Software and Donor Management and Fundraising) https://www.microsoft.com that work with us to assist us in achieving our charitable aims and objectives, and other entities that act as fundraisers for BHF, sell BHF products or deliver BHF information and marketing support on our behalf (subject to your communication preferences). We require these third parties to act lawfully in accordance with our instructions and ensure that appropriate controls are in place to keep your information secure. We regularly monitor the activities of these companies and partners to ensure they are complying with the BHF's high standards of care.
- Where you have agreed to receive email or SMS marketing communications from us, we may provide your email address or mobile phone number in an encrypted format to social media companies, such as Facebook, Instagram, Twitter or YouTube, or to digital advertising networks that are providing services to us by displaying our advertising to you on those social media platforms and other websites, as well as identifying audiences with interests similar to yours. You can opt out of your data being used to display advertising to you by contacting our Supporter Care Team or our Data Protection Officer as described below. However, this will not prevent our advertisements being shown to you without targeting you personally. Opting out in this way may mean that you stop receiving marketing communications from us generally.
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example, where ordered by government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to lawful operation of our website or enforcing applicable terms and conditions) or to protect the BHF, for example in cases of suspected fraud or defamation.
If you contact our nurses, dieticians or advisors on our Heart Helpline, you may choose to provide details of a personal nature in particular about your health or someone else’s health. Only the Heart Helpline nurses, dieticians or advisors will use this personal information and only for the purposes of responding to your enquiry. They will not pass the personal information on to anyone else without your express permission, except in exceptional circumstances to comply with the nurses’ code of professional conduct or the law.
Your call will be recorded for quality and monitoring purposes and stored on a secure database where access is only granted to the Customer Support Team, which consists of two members of staff. The call will be retained for two years, after which it will be deleted. Your details will not be used for marketing or any other purposes. If for any reason you want your details removed from these records, please contact the Heart Helpline on 0300 330 3311.
We are committed to protecting the privacy of the young people that engage with us through our prevention, survival and support services for young people. This may happen on particular areas on our website, at events and at schools.
If you are under 18, please ensure that you have consent from a parent or guardian before giving us your personal information. When we collect information about a child or young person aged under 18 we will make it very clear as to the reasons for collecting this information and how it will be used. We take particular care with such personal information relating to young people.
Vulnerable supporters policy
We are committed to protecting vulnerable supporters. Please refer to our Vulnerable Supporters Policy on our website under the ‘We are respectful’ section of our Supporter Promise page.
Inappropriate website content
If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory, abusive, or hateful content on our forums or social media pages, if necessary, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.
International transfers of personal information
For financial and technical reasons we may, on occasion decide to use the data hosting or data processing services of a supplier who is based outside the UK and European Economic Area (EEA), which means that your personal information may be transferred to that supplier and processed and stored outside the UK and EEA. This includes countries that are not considered to have the same standards for legal protection of personal information that you enjoy in the UK. We will always take steps to choose highly reputable suppliers, who respect your security and will put in place suitable legal safeguards with that supplier to protect your personal information, so that it is subject to the same privacy standards that you have in the UK.
If and when this occurs, the supplier is usually based in the USA and we always ensure that they have adopted the EU-US Privacy Shield Framework or are subject to EU-approved contract clauses which offer a mechanism for the non-EU based supplier to comply with EU data protection requirements in respect of your personal information.
For more information about this (and any safeguards we've taken) please contact us at the address in the Contact Us section below.
Keeping your personal information
We keep your personal information only for as long as we need to use it for the purposes set out in this Policy.
We have adopted a data retention policy that sets out the different periods we retain personal information for in respect of these relevant purposes. The criteria we use for determining these retention periods is based on various legal requirements; the purpose for which we hold data and whether there is a legitimate reason for continuing to store it (such as in order to deal with any future legal disputes); and guidance issued by relevant regulatory authorities including, but not limited to, the Information Commissioner's Office (ICO).
Personal information that we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it. Some personal information may be retained by us in archives for statistical or historical research purposes although we will do this in a manner that complies with applicable data protection law.
We continually review what personal information and records that we hold, and delete what is no longer required. We never store payment card data after the transaction has been completed.
If you would like to receive further information about this Policy or any of our safeguards, please contact the Data Protection Office, Legal and Corporate Governance Department, British Heart Foundation, 180 Hampstead Road, London NW1 7AW or email: [email protected]
What is a cookie?
Cookies are small text files that are automatically placed onto your device via the browser (e.g. Microsoft Internet Explorer, Apple Safari, Google Chrome or Firefox) that you use to access a website that you visit. They are widely used to improve the performance of websites, for saving different options and to provide website owners with information on how their website is being used.
There are broadly four reasons why a cookie might be stored on your device when visiting the BHF website:
- Cookies that make the website work properly for you and enable you to make use of the secure online services that we provide
- Cookies that collect data about your use of the website which are then anonymised and used to help us improve our online services
- Cookies that remember your preferences and make the website easier for you to use
- Cookies that are placed by third party services we make use of to enhance the information we present online. We have no control over these third party cookies.
Further details about the cookies that the BHF issue and manage, their name, purpose, what website they appear from and how long they remain on your device can be seen here.
Categories of Cookies We Use
- Strictly Necessary Cookies - These cookies are essential for you to be able to use and move around website or for you to use certain features: e.g. adding items to a shopping basket or remembering items in a shopping basket if you revisit the website.
- Performance Cookies - These cookies collect information about how you as the viewer makes use of the website: e.g. which pages you visit most. These cookies do not collect information that personally identify you as a viewer.
- Functionality Cookies - These cookies remember choices made by you or aspects of your interaction with our website to enhance your experience during your visit to our website. These cookies are also used to remember a user’s preferences for a font size, or customisable parts of a web page: e.g. language, appeals visited or user’s location.
- Targeting cookies i.e. Third Party Cookies and Cookies used for Advertising - These cookies collect information if you decide to share a page from the website or if you use social media sites: e.g. Facebook etc, These may track how you interact with our website which then shows you relevant content elsewhere on the internet. These may also be used to choose the advertisements that are displayed to you on our website and other websites.
Other Third Party Cookies
You may notice some other cookies that are not related to the BHF’s website whilst visiting www.bhf.org.uk. Some of our pages contain embedded content such as You Tube video, Twitter feeds, Facebook likes or Google+ shares, and you may receive cookies delivered from these websites. The British Heart Foundation does not govern the publication of third-party cookies. To understand more about these third party cookies and their privacy policies, please visit the relevant sites as detailed below.
How do I manage my cookie settings?
The “Help” menu in the toolbar of most web browsers will tell you how to change your browser’s cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. Below is some helpful guidance about how to make these changes.
Please find below links describing how to do this on some popular browsers.
What will happen if you disable some or all of the cookies that BHF uses?
- If you opt to delete cookies or prevent us from placing cookies onto your device, some features of our website may not be as effective or work in the intended manner. To delete or review cookies that are on your device, you will need to go into the settings of your browser and review them.
Find out more detailed information on cookies please visit: http://www.aboutcookies.org or https://ico.org.uk/for-the-public/online/cookies/
Some third parties may allow you to manage their cookies independently. Please refer to the list of other third party cookies in the table above and their respective policy pages for further information.
We use multiple first and third party technologies such as pixel tags and web beacons to track and improve the user experience on our websites, marketing emails, the quality of our service and to monitor the effectiveness of campaigns and digital marketing activity.
We may use these technologies to:
- See what website content is popular and how people are using the site as they allow us to track users' movement through our websites. This type of information is amalgamated so that we can build up a picture of how the site is performing.
- Make sure we offer you a consistent service. For example, if we are testing new website content or we want to run a survey, we use tracking to remember what content you have seen or if you have already been asked to join the survey.
In addition, when we email you, we may place a tag (also known as ‘tracking pixel’) on a direct marketing email that we send out. These let us monitor performance of our emails marketing activity.