Privacy and cookies policy
How we use your personal information and how we keep it safe.
If you’re reading this page you care about how your personal information is protected. We do too. So, on this page we outline how we use your data and how we keep it safe.
You can read the policy in detail below but we’d like to share the most important points here:
- We will only ever ask for what we really need to know.
- We will collect and use the personal data that you share with us transparently, honestly and fairly.
- We will always respect your choices around the data that you share with us and the communication channels that you ask us to use and you can let us know if you change your preference at any time.
- We will put appropriate security measures in place to protect the personal data that you share.
- We will never sell your data.
If you have any questions about anything at all related to how we use and store your personal data, please do get in touch.
Who we are
Guy’s & St Thomas’ Charity (a charity registered with the Charity Commission for England and Wales, registered Charity No. 1160316-18) is a linked charity of Guy’s & St Thomas’ Foundation (a charitable company limited by guarantee registered in England and Wales, registered Charity No. 1160316 and Company No. 9341980) whose registered office address is The Grain House, 46 Loman Street, SE1 0EH, who will be the controller of your data.
We, Guy’s & St Thomas’ Foundation also work with King’s College London (KCL), the charity’s fundraising partner who processes your personal data on our behalf.
The two organisations have worked together for many years and, since 2011, all fundraising for Guy’s & St Thomas’ Foundation (previously known as Guy’s and St Thomas’ Charity) has been carried out on its behalf by KCL to maximise the funds available for Guy’s and St Thomas’ Foundation’s activities.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which identifying details have been irreversibly removed (anonymous data).
The personal data we collect, use, store and transfer depends on how you use our website and otherwise engage with us. This may include the following personal data:
- Identity Data which includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data which includes address, email address and telephone numbers.
- Technical Data which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data which includes your interests, preferences, feedback and survey responses.
- Usage Data which includes information about how you use our website, products and services.
- Marketing and Communications Data which includes your preferences to receive marketing and other communications from us and any third parties who are identified to you form whom you have consented to received communications.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is anonymous data and not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy statement.
We do not usually collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership via this website). However, we do occasionally collect information that is pertinent to your participation in fundraising events such as your health history or a disability, or if you disclose it to us when sharing your reason for donating. We will not use this special category data for a particular purpose without your consent, unless we have another legal basis for doing so, such as where the processing of such data is necessary to protect your vital interests or those of a third party.
We use different methods to collect data from you and about you including through:
- Direct interactions e.g. You may give us your Identity and Contact Data when you submit feedback or enquiries through a form on our website, sign up for a newsletter, or donate to us.
- Automated technologies or interactions e.g. Technical Data will be collected as you interact with our website to help us improve your user experience as described in our Cookies Policy below.
- Third parties or publicly available sources e.g. Technical Data from analytics providers such as Google as also set out in our Cookies Policy below; Identity and Contact Data from publicly available sources such as Companies House for the research and profiling purposes described below.
We will only use your personal data when the law allows us to. The legal bases we may rely on include:
- consent: where you have given us clear consent for us to process your personal data for a specific purpose (such as direct marketing by email or electronic means)
- contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
- vital interests: where our use of your personal data is necessary to protect you or someone else’s life or health
- legitimate interest: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information or safeguard your rights or freedoms which overrides such legitimate interests). These legitimate interests include the operation and administration of our organisation, checking that make sure we are following our internal policies and procedures, preventing and detecting activities which could be damaging for us and for you, sending marketing material by post regarding our activities, and analysis and improvement of the website.
We may use your data for research and profiling. Philanthropy is vital to Guy’s & St Thomas’ Charity to ensure we can continue to support the best care for our young patients and undertake translational research which goes above and beyond to find cures to life-limiting conditions. Research and profiling are activities which enable us to achieve this as they allow us to gain a better understanding of who we should engage with, how we should engage with you, and tailor our communications more effectively and appropriately. This also helps us make informed decisions about our fundraising strategy an ensure our internal resources and investments are used as effectively as possible. Our objective is to ensure any approaches we make to you are respectful, professional and are based on evidence that you might be interested in our work, providing you with the best experience we can.
Research could include research on financial, business, philanthropic, biographical and demographic information sourced from publicly available data, such as Companies House, the Charity Commission and the media. We may also look at professional networks such as LinkedIn, and process special category data that may indicate an interest in our charitable causes if it has been manifestly made public by you; for example, through an interview or a publicly directed social media post. In addition, we may combine the data you provide us with, such as data your address, the name of your bank, or where you previously went to school, with data we obtain from other sources. We use this data both to verify we have the correct information, but also to assess whether it would be appropriate to approach you directly about philanthropic opportunities at Guy’s & St Thomas’ Charity. Mostly this work is carried out manually in-house, but occasionally it is carried out by a trusted third-party supplier and entails using information such as your name, postcode and data on your existing relationship with us to identify whether it is appropriate to approach you about higher level giving. This is known as wealth screening and is a tool which helps us to better understand who to approach about fundraising and volunteering opportunities in an appropriate way and therefore generate funds cost-effectively.
Profiling could include analysis of financial, philanthropic, biographical and other personal data we hold on you to assess the likelihood that you might wish to engage with us, as well as broader data analysis. This analysis helps us to gain a better understanding of how to approach you, of your interests, and of broader demographic, geographic and engagement trends amongst our supporters. This process is not solely automated processing and always contains manual assessment to ensure we are making correct assumptions from the analysis.
If you do not wish your data to be used in any of the ways listed above or have questions about this, you have the choice to change your privacy options and opt-out of such research. If you are unsure and have further queries on how we might use your data, please get in touch and we’ll be happy to answer your questions.
In order to comply with our legal obligations and charity regulations such as the Charity Commission’s CC20 and ‘Know Your Donor Policy and the Fundraising Regulator’s Code of Practice, we may also undertake due diligence research to assess the source of funds for donations and to ensure that we are robustly considering ethical and reputational risks to our organisation. We consider this processing to be a legal obligation and thus are relying on this as a lawful basis for processing data under the UK General Data Protection Regulation and Data Protection Act 2018.
How we use your information to fulfil your requests
If you contact us directly, we will use the information you give to us to handle your enquiry or request. This may include responding to your query or feedback, or sending you relevant information, such as fundraising materials. We may also keep a record of conversations we have with you, feedback you provide and any materials we send out to you.
This includes keeping a record of any pledges, gift agreements or any other indications that you are planning to donate to us. We keep a record of any donations we receive for audit purposes, and as we are legally required to keep information related to Gift Aid. We may need to use your information to prevent fraud and maintain effective cybersecurity.
We may receive this information when you contact us directly, or when you give to us through a third-party giving platform or website.
If you have completed a form or otherwise contacted us to register or enquire about an event or activity, or to sign up to one of our campaigns, we will consider this as a request to send you details about the event, activity or campaign.
Where you provide contact details, we will provide you with relevant event, activity or campaign information and support by post, phone, mobile messaging, email, via social media, and any other channels for which you have provided your details. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
We may also receive certain information regarding your participation through event organisers or through third party giving platforms or websites you have been raising funds through so we know you are fundraising for us.
Where appropriate, we will use the information you provide to us or through such a third party to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers.
When we collect information for this purpose, we will always explain to you at the time we collect your information how it will be used and whether it will be held anonymously or not. If we will be using health or any other special category information in a way that could be connected to you personally, we will ask your permission to do so.
Where employees of Guy’s and St Thomas’ NHS Foundation Trust or its partners interact with our funding team, including submitting requests via this website, we maintain a database of contact and job details. We use the personal details supplied for the purposes of administering funding applications and managing grants when awarded.
How we use your information to tell you about our work
Where you have provided an email or mobile phone number and have consented to being contacted by email or SMS, we will send you information by those channels covering ways to give or raise money for us, to volunteer for us and be provided with information on our wider work. This may include promoting the work of a partner organisation that we believe will benefit us and our charitable cause.
Where it is appropriate and relevant, and you have provided us with a telephone number or a postal address, we will occasionally call or write to you to tell you about ways to give or raise money for us, to volunteer for us, and on our wider work. We do this as we consider it is a legitimate interest to promote our charitable cause and communicate with you about ways you can support us. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service/Corporate Telephone Preference Service or you have previously told us you do not wish to be contacted for marketing purposes.
You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us at any time. We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again. When you receive a marketing email from us it will always include an unsubscribe link. Clicking on that link will unsubscribe you for all future email marketing activity from Guy’s & St Thomas’ Charity until you opt back in.
We try to ensure that our communications are as effective as possible so that we make the best use of the money we spend on them. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us directly, for example the record of your previous donations to us, your age or the type of activity you have been involved with, to tailor our communications with you about future activities. We will also use information about how you use our website or interact with our emails so we can make them more effective. For example, we will collect technical information, including the IP address used to connect your device to the internet, information about your visit such as the interactions you made with our website. We will also track whether you have opened or clicked a link in the emails which we send you.
In addition, when accessing our website, the settings on your device may provide us with statistical data and information about that device. We use this information to look at how our websites perform on different devices and to help us make improvements to the user experience.
We will analyse data from our database so that we can understand our supporters. We will also use broad demographic information such as statistics and analysis from third parties to better understand how our own supporter base compares to the general population. This helps us to decide who to send our communications to and is useful to ensure the communications you receive are relevant to you.
On occasion, we will use the information you provide us to target our digital and social media advertising effectively. This could include securely providing contact details such as your name and email address to digital advertising networks or social media companies such as Facebook, Google and Twitter. For example, we may use your information to enable us to display adverts to you, or to potential supporters who have similar characteristics to you.
Any information we share with social media companies will be shared in an encrypted format and will not be used for the social media companies’ own purposes. You can stop your information being used in this way by contacting us.
Where you have asked us not to use your information for targeted digital advertising, you may still see adverts related to us. This is because the social media site or advertising network may select you based on information they hold, such as your age and location, or websites you have visited, without using information that has been provided by us.
You can control the kind of advertising which you see through the relevant social media site:
We will take all appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. This includes procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Sometimes organisations and individuals who work on our behalf may manage information outside the UK or EEA (European Economic Area, which consists of all member states of the EU plus Iceland, Liechtenstein and Norway). A transfer out of the UK or EEA may be to countries that are not subject to privacy regimes that are equivalent to the privacy regime in the UK or EEA. In those circumstances, we will make sure that we have a valid reason for doing so under current data protection legislation.
This could include ensuring the country where the data is held has been approved as having adequate data protection standards by the UK Government or European Commission, or by including approved contract clauses to ensure your data is safeguarded. You can find out more about this by contacting us. We will always take such measures as are appropriate to ensure the confidentiality, integrity and availability of your information.
We will never sell your personal data, however, we may share your data with others in order to fulfil the purpose for which it was collected or the delivery of a service you expect of us. These include our agents and contractors where there is a legitimate reason for their receiving the information (e.g. suppliers of IT and online services) or professional advisers; and with other parties when we are legally required to do so (e.g., by a court, government body, law enforcement agency or other authority of competent jurisdiction).
We have contracts in place with all our third-party suppliers who process data on our behalf (called ‘processors’) to make sure they protect and respect your information with the same commitment as we do.
We will retain your personal data no longer than is necessary for the purposes for which it is collected and processed.
Personal data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements, such as relevant Information Commissioner Office guidance.
Under data protection legislation you have several rights concerning your personal data. These are:
- the right to be informed what personal data we hold about you and/or to obtain access to it
- the right to rectification of personal data we hold about you if it is inaccurate
- the right to erasure of your personal data (in certain circumstances)
- the right to restrict processing (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal)
- the right to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller
- the right to object on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Before responding to the above, we may ask for further information to verify your identity or clarify the scope of your request. We may also refuse or charge a fee for dealing with any excessive or manifestly unfounded requests. You can find out more about your rights under data protection legislation at www.ico.org.uk.
We take the protection of children very seriously. To that end, we require that children under 18 do not submit any information to our website without a parent’s or guardian’s consent. We will not knowingly request or collect from a child any information online that can be traced to the child, such as an email address, name, or information about the child’s family. Unless a parent or guardian consents to such use in advance, we will not knowingly use information that a child provides to us for any fundraising or promotional purpose.
We recognise the importance of protecting our vulnerable supporters and follow the guidance issued by the Institute of Fundraising on treating donors fairly. We believe this helps to support our staff and fundraisers who come into contact with supporters in providing high-quality customer care, ensuring anyone donating to the Charity is in a position to make a free and informed decision.
If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. You also have the right to lodge a complaint about any use of your information with the Information Commissioner’s Office, the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
A cookie is a small file of letters and numbers that we store on your device (for example, your computer or smartphone). It allows our website to recognise your device and store some information about your preferences or past actions.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website.
- Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Marketing cookies. These are used by our advertising partners (e.g. Facebook) to collect information about how you use our website and show you associated adverts on other sites. The information that’s been used to build that profile may also be used to find other people with similar interests to yours so that our adverts can be shown to them too.
We monitor how people use our website so we can improve it. If you visit our website, we may record information including:
- The areas of the website you visit
- The amount of time you spend on the site
- Whether you are new to the site or have visited it before
- How you came to our website — for example, through an email link
- The type of device or browser you use
- How you use the website and the quality of your experience – for example, we may record a session or test different variations of a webpage to see how easy it is for you to find what you are looking for so we can improve the service.
All cookies have an ‘owner’ which can be identified by looking at the domain (i.e. the company or website name in the cookie). Cookies can either be first-party (i.e. they’re owned by the website who set them) or third-party (i.e. they’re not owned by the website who set them). We use both first-party and third-party cookies on our websites.
|Hotjar||Analytics||Hotjar is a website analytics tool we use to see how our supporters use our website and get feedback This helps us to improve supporters’ experience.||First Party|
|Google Analytics||Analytics||Google cookies are used for web analytics and management of tags, pixels and cookies. We use the information from Google to improve our website experience for website visitors and to measure the effectiveness of our online advertising.
|Google Optimize||Analytics||Testing tool that allows us to test two different versions of a page to users to determine which one performs better. For on page optimisation.||First Party|
|Google Tag Manager||Analytics
|This is the tracking tag manager that the Google Analytics tracking sits in. All tags on the site are put into this so it loads asynchronously to not slow down page load time. The actual data that comes from these tags feed into Google Analytics.||First Party|
Cookies also enable us to serve advertisements or not to people who have visited our website. The cookie does not allow us to access to your account or provide us with any confidential information relating to your account.
|Social Media Analytics & Marketing||We use Twitter for advertising. This cookie means we can track the effectiveness of this activity.||Third Party|
|Social Media Analytics & Marketing||We use these to provide conversion / anonymous audience data to optimise spend on marketing and ensure the relevant people are targeted.||Third Party|
|Google DoubleClick||Social Media Analytics & Marketing||We use the DoubleClick cookie to measure the effectiveness of our online advertising and target future advertising to get best value for money. DoubleClick tracks anonymised conversion data so that we can measure advertising effectiveness. They are used to serve advertising enabling us to reach or exclude people who have visited our website. The cookie also allows us to limit the number of times a person sees our advertisement. DoubleClick cookies sometimes include a ‘pixel’ (similar to a cookie) from the advertising networks we work with. This allows us to target adverts effectively on their networks||Third Party|
|PayPal||We use PayPal to accept online donations on our site. The PayPal session cookies are required to identify irregular site behaviour, prevent fraudulent activity and improve security. It is also required for users to be able donate via PayPal on our website.||Third Party|
To deactivate the use of third party cookies, you may visit the consumer page to manage the use of these types of cookies. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
When visiting our website, you have the ability to choose which types of cookie you wish to accept and you can update your preferences at any time.
We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide Guys & St Thomas’ Charity with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information.