Our Privacy Policy

Our websites are owned and operated by BCUK (“BCUK ” /”us”/ “our”/ “we”) and accessible at the URLs breastcanceruk.org.uk and breastcancerprevention.org.uk the controller of all personal data and/or sensitive personal data (“personal information”) collected on the websites (“websites”).

We believe strongly in protecting the privacy of all Site users (“you”/ “your”), and this privacy policy sets out how we use your personal information. We are committed to protecting your privacy.

We will only use the personal information that we collect about you in full compliance with UK GDPR and the Data Protection Act 2018  and will continue to ensure that its policies and practices comply in all respects with any future laws and regulations in relation to your privacy.

1..Your consent and acknowledgement

(a) Unless you have expressly indicated otherwise, your use of our Websites constitutes your consent to our collection, use, sharing and transfer of your personal information under the terms of this privacy policy; and

(b) You acknowledge and agree that our Website Terms of Use apply to this privacy policy as if reproduced here in full;

(c) if you do not agree to the terms of our privacy policy or our Website Terms of Use you may not use our websites.

2. What personal information do we gather from you?

We gather personal information such as your name, telephone number, email address and postal address and any enquiries that you provide voluntarily when you contact us by e-mail, by phone or complete any online forms.

To provide you and other users with a personalised and valuable service, we operate a voluntary personal information submission process. During submission, a user is required to give contact information as described above.

We may ask you to provide us with information regarding your contact preferences to contact you about our products and services. You are not obliged to provide this information, and you can opt out of this contact during registration or subsequently.

Some of our services, such as our Prevention Planner service, include special category data related to health. This includes information about a prior breast cancer diagnosis or scares, your BMI and contraception and hormone replacement treatments.

As with all personal data, this special category data is only taken with the explicit consent of people wishing to prevent and reduce their risk of breast cancer and as a part of our non-profit charitable mission to protect personal and public health.

Our grant application process, or other services, may include submitting personal details on behalf of other people.  In such cases, the person submitting the data must have gained prior permission to do so.

Where special category personal data or criminal offence data is processed, we will also need to identify a lawful condition (as set out in Articles 9 and 10 of the UK GDPR, and Schedule 1 of the Data Protection Act 2018) for processing this type of data, and document it.

Additionally, our websites use website statistical services that compile statistics on the general geographical locations of users, IP addresses, the time spent on the website, the pages visited, the screen resolutions and other useful statistical data about visitors’ computers and the pages accessed when visiting the website. By viewing any page within our Websites, your data is collected by our stats services.

3. How do we use the personal information that we gather from you?

Our main aim in gathering your personal information is to understand your needs and provide you with a better and customised service.

We will handle your personal information fairly, securely, and in line with the law. We respect your rights and interests regarding your data, as explained in this privacy policy. We will only collect, record, process or store personal information which is needed:

  1. a) to improve our products and services or meet our contractual agreements with you, our customers, and business partners within the BCUK Network.
  2. b) to serve our legitimate business interests, which include administration, internal record keeping, credit assessments, marketing, or complying with legal requirements.
  3. c) to follow up on your inquiries about our products and services (via email, phone, or mail) as part of our customer care, or responding to questions you’ve submitted.
  4. d) to send you promotional information, marketing, and news about our products or services we think you’ll find interesting (like new offerings, improvements, or special offers). We’ll do this by email or other electronic communication with your prior consent (if you opt-in), or by email or other non-electronic communication unless you opt-out.

We may also combine personal information and statistics to monitor how our website is used. This helps us develop and improve our Websites and services. We may share this combined and anonymised information with third parties.

We may also use third parties to collect data on our behalf, such as via surveys, or for your sign-up for promotional materials, telemarketing or other activities.

If you inform us that you no longer wish us to contact you for any one or all of the reasons stated above in this clause 4(a) to (d) then we will cease contacting you, although you acknowledge that this may prevent us from providing information about our products and/or services to you or inhibit the quality of service provided to you.

If we record or monitor telephone calls to and from any customers for staff training and quality control purposes, we will first inform you that such recording and monitoring is taking place.

Should we decide to use your personal information for purposes not described in this policy, and if your consent is needed, we’ll inform you and request your approval.

We may share personal information within the BCUK network. This refers to BCUK, plus its officers, employees, agents, distributors, consultants, vendors, contractors (including data processing agencies), suppliers and certain selected third-party organisations. All members of the BCUK Network will process your personal information in line with this privacy policy and all privacy and communications legislation.

We will not share with, sell, lease or otherwise distribute your personal information to any organisation outside of the BCUK Network without your explicit consent.

To fulfil our contractual obligations to you, you agree to our transferring personal information about you to any member or members of the BCUK Network outside of the UK and European Economic Area (“EEA”).

The Charity may transfer personal data outside the UK on the basis that that country, territory or organisation is designated as having an adequate level of protection, or that the organisation receiving the data has provided adequate safeguards to ensure the protection of personal data.

You acknowledge that we reserve the right to use or disclose any personal information as needed to satisfy any law regulation or otherwise or legal request to protect and defend the integrity of our Websites (including to enforce our Website Terms of Use or this privacy policy) and you agree to fulfil our requests and/or to cooperate in any law enforcement or regulatory investigation.

Unless stated above, we do not transfer, share or disclose personal information (collected from our online or offline activities) to third parties outside the BCUK Network.

should we be acquired or merged with another organisation in the future or if they acquire most of our assets, including our systems, you understand and agree that your personal information may well be among the transferred assets.

4. How we use cookies

Cookies are small text files that websites can place on your device through your web browser. They’re designed to help websites remember information about you or your browsing activity.

We use cookies on our website for a few key reasons:

a) To make our website work better for you: cookies help us understand how you use our website, like which pages you visit. This information, often collected as anonymous statistics, helps us improve our website and tailor our services to your needs. For example, we might track popular pages to ensure they load quickly.

b) For secure access, we use cookies for login areas of our website, accessible only by authorised staff, franchisees, vendors, or other approved individuals. These are typically “session cookies,” which disappear once you close your browser. If you disable these cookies, you won’t be able to log in to these secure sections.

c) Improving your experience: while our general consumer pages don’t usually require session cookies right now, we might implement them in the future if it helps improve your experience and convenience on our website.

Cookies do not give us access to your computer or any personal information about you beyond the data you choose to share or the statistical data we collect to enhance our website. We only use this information for website improvement, statistical analysis, or to manage secure logins. We believe the benefits you gain from their proper use are valuable.

Your cookie choices

You have control over cookies through your web browser settings. Most browsers automatically accept cookies, but you can usually change your settings to:

  • Notify you before a cookie is placed on your device.
  • Decline all cookies completely.

Please be aware that if you decline cookies, you might not be able to use some parts of our website properly, or at all.

You can also delete cookie files that are stored as part of your internet browser. For more detailed information on managing and deleting cookies, including understanding the difference between persistent and session cookies, please visit www.allaboutcookies.org/manage-cookies/.

5. Protection of your personal information

We are committed to ensuring the security and integrity of your personal information. We implement appropriate technical and organisational measures to protect the personal data we process from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to.

We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we Process and identified risks (including use of encryption, Pseudonymisation and Anonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure the security of our Processing of Personal Data.

We will only provide access to your personal information to members of the BCUK Network who need access to carry out your requests or our contractual obligations to you.

We have taken appropriate steps to ensure the security of personal information, whether it is stored in computer systems, paper files or other storage media. Only members of the BCUK Network who need the information to perform a specific job are granted access to personally identifiable information.

Our websites are hosted on servers managed by members of the BCUK Network, including our webmaster, website personnel, and trusted hosting companies. While the BCUK Network expects all our data processors, agents, and sub-contractors to meet high standards of security and confidentiality, and we’ve chosen hosting companies that use the latest technology and strict security guidelines, we cannot control or guarantee the operating procedures and data management of these third-party hosting companies.

In addition, data travels through many channels across the internet, including your Internet Service Provider (ISP), with whom we have no association. Therefore, we cannot guarantee the process by which data is handled and managed by them.

6. Your rights: Accessing, updating and retention of personal information

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal data.

Your right to rectification / correction – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure / deletion – You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

Further information about your data protection rights is available on  the Information commissioners Office (ICO) website.

Retention periods are in place to ensure that personal information is only stored whilst they are required for the purposes in question or to meet administrative legal and regulatory requirements. Where personal information is no longer required by us we will ensure that they are disposed of securely.

7. Links to third-party websites

Our Websites may from time to time include links to websites which are controlled and maintained by third parties. These are websites other than our own.

We provide these links for your convenience and do not constitute any endorsement by us of the websites, their products or services. We also do not have any control over, or knowledge of, their privacy practices or content.

We have not reviewed these third-party websites and do not make any promises about their availability, content or accuracy.  If you decide to access third-party websites through links on our site, you do so at your own risk. Before you submit any personal information to those websites, you should always read their privacy policies.

8. Email opt-out and unsubscribe

You can choose to subscribe to our email services for promotional information, marketing updates, and news about our products and services that we believe might interest you (like new offerings, improvements, or special deals). You also have the option to unsubscribe from our postal mail or telephone services for these types of communications.

If you tell us you no longer want to be contacted for any of the reasons mentioned in clauses 4(a) through (d) of this policy, we will stop contacting you. However, please understand that this may prevent us from providing certain products or services to you, or it could affect the quality of service we can offer you.

If you would like to change your preferences with us or other members of the BCUK Network, simply contact us using the methods listed below.

9. Changes to our privacy policy

We may update this policy at any time. If we make changes, we will let you know by posting the updated policy to this page or by posting a notification on our website homepage.

It is your responsibility to check for these updates. Changes become effective 24 hours after they are posted. If you continue to access the website after that time, it means you have accepted the changes.

10. Our commitment to accountability

We are committed to upholding the principles of data protection and demonstrating our compliance with the UK GDPR. This means we are responsible for, and must be able to demonstrate, that we process personal data in line with the law.

To achieve this, we:

a) We will inform individuals about how their data is collected, used, and stored through clear and accessible privacy notices, like this one.

b) We will ensure the quality and accuracy of the personal data we hold, taking reasonable steps to keep it up-to-date.

c) We will regularly review the personal data we collect and store, ensuring it remains relevant and necessary for the stated purposes.

d) We will dispose of personal data securely when it is no longer required, in line with our data retention policies.

e) We will implement robust technical and organisational security measures to protect personal data from unauthorised or unlawful processing, accidental loss, destruction, or damage.

f) We only share personal data when necessary and legally permitted, ensuring appropriate safeguards are in place.

g) We have clear procedures for handling data subject rights requests, ensuring individuals can exercise their rights effectively.

h) We maintain records of our data processing activities to help us manage data protection risks and demonstrate compliance.

i) We will report personal data breaches to the relevant authorities and affected individuals when required.

11. Record keeping

To demonstrate our compliance with data protection laws and ensure effective management of personal data, we maintain comprehensive records of our processing activities. These records help us understand what personal data we hold, why we hold it, and how it is processed. Our records include, but are not limited to:

  1. The purposes for which we process personal data.
  2. The categories of personal data we collect and the categories of individuals whose data we process.
  3. The recipients to whom personal data have been or will be disclosed.
  4. Details of any transfers of personal data to countries outside the UK, including the safeguards implemented for such transfers.
  5. Our established retention schedules for different categories of personal data.
  6. A description of the technical and organisational security measures we have in place to protect the data.
  7. Specific records where we process special categories of personal data (e.g., health data) or data relating to criminal convictions and offences, detailing the conditions for such processing.

These records are regularly reviewed and updated to ensure accuracy and completeness.

12. Reporting a personal data breach

A personal data breach can occur in various ways, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Examples include:

  • Loss or theft of data or equipment containing personal data.
  • Unauthorised access to IT systems, databases, or electronic records.
  • Accidental disclosure of personal data to an unauthorised recipient.
  • Alteration of personal data without permission.
  • Unavailability of personal data (e.g., due to a cyber-attack or system failure).

Our Procedure for handling breaches:

In the event of a suspected or actual personal data breach, we follow a strict procedure:

  1. Immediate notification: any Charity personnel who suspect or discover a personal data breach must immediately report it to the Data Protection Officer (DPO).
  2. Containment and assessment: we will take immediate steps to contain the breach, assess its nature and severity, and identify the personal data affected.
  3. Internal investigation: a thorough internal investigation will be conducted to determine the cause of the breach, the extent of the impact, and the necessary remediation actions.
  4. Reporting to the ICO: if the personal data breach is likely to result in a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner’s Office (ICO) without undue delay, and, where feasible, not later than 72 hours after becoming aware of it.
  5. Notifying affected individuals: if the personal data breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform the affected individuals directly without undue delay, explaining the nature of the breach and the steps taken to address it.
  6. Review and improvement: following any breach, we will review our processes and security measures to prevent similar incidents in the future.

We aim to manage any breach effectively, minimise its potential impact, and ensure continuous improvement in our data protection practices.

13. Questions or complaints: contact us

By providing us with your personal information, you agree to our (and our business BCUK Network partners’) use of that information as set out in this privacy policy.

If you have any questions, concerns or comments about this privacy policy, how we collect or use your personal information, or its accuracy, please contact us.

You can also contact us if you would like to see the personal information we hold about you or if you want us to stop processing your information for any specific reason.

You can reach us by e-mail at: data-protection@@breastcanceruk.org.uk or by writing to:

The Data Compliance Officer
Breast Cancer UK

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.