Collecting and processing personal information about you and other people helps us run smoothly and meet our charitable aims. We use this information to give you the best possible experience with us, whether that’s sending you information as quickly as possible, telling you about our latest campaign or thanking you for your support.
We will never sell any information we have about you to third parties for their own promotional marketing. You can change how, or if, we contact you at any point.
Thank you for your support.
Who we are
We are Diabetes UK and we’re a registered charity.
Our official name is the British Diabetic Association, but we’re usually known as Diabetes UK, Diabetes Scotland, Diabetes Cymru/Diabetes Wales or Diabetes Northern Ireland. We’re a charity registered in England (no. 215199) and Scotland (SC039136) and a not for profit company (no. 00339181). Our head office is in London and we have national offices in Wales, Scotland and Northern Ireland. We have regional offices across England and run local volunteer groups all over the whole of the UK. We also have a trading company, Diabetes UK Services Limited, which carries out some of our commercial activities like our online shop and our lottery to raise funds for the charity. All of its profits are donated to the charity. Any personal data you give us will be used by the charity and Diabetes UK Services Limited.
What personal data we collect
We collect information directly from you, when you give it to us by filling in forms, over the telephone, face to face, on your mobile phone or on our website. This includes information you provide to our local volunteer groups. We get some information about you from third parties, for example when you enter an event organised by someone else and choose to fundraise for us. We also collect some extra data about you from other sources.
Information we collect directly from you
When you provide us with your information directly, we usually ask you for your name, address and contact details. If you are making a donation to us or buying something from our shop, we will also collect your banking or credit card details and may ask for information about your tax status for Gift Aid. Often we also ask why you have chosen to support us, as that helps us understand how we can meet your needs.
Where we are delivering services to you (for example through our telephone helpline, events, community outreach, education and advocacy work) providing you with information about our work or when you take part in one of our campaigns, we regularly ask you for more information. This may be about about your health, for example what type of diabetes you have, to make sure we send you information which is right for you. It can also help us to have health, dietary and disability information about you if we need to make changes to meet your needs, like sending you audio publications or providing hypo kits at events we run. We sometimes also ask about your ethnicity to make sure we are reaching a diverse audience and because ethnicity increases your risk of Type 2 diabetes.
We work with the NHS and other organisations to improve the care and services which people living with diabetes receive. To do this, we periodically ask people living with diabetes to take part in surveys or audits about their experience and the care they receive. If you agree to take part, we will give you more details about how your information will be used and shared at the time.
If you volunteer for us, we may also collect details about your contact details, age, gender, skills and experience, emergency contact details, references, ethnic origin and criminal convictions.
If you come to an event, meeting or workshop that we run, we will often take photos to illustrate articles about them or for our future marketing. You can always opt out of this by letting the organiser know. We’ll ask you for your consent before using any close-ups or photos that are likely to identify you, but it’s often not practical to get everyone’s consent for a group shot, for example at a walking event or at a large conference.
Information we collect from you on our websites, social media sites and apps
Our Know Your Risk online tool collects information about your gender, age, ethnic background, body shape and blood pressure to give you a score for your risk of developing Type 2 diabetes in the next 10 years. This information is kept separately from any other information you may give us and is only used by us for statistical and trend analysis.
We use a number of interactive online tools to deliver education and support to you. Some of these ask you to give extra details about your personal health and ethnicity as well as extra information about you like your diabetes type, age, gender and date of diagnosis. This is so we can provide you with educational content which is relevant, clinically accurate and suitable for you.
The Diabetes UK Support Forum gives people the chance to share their experiences of living with diabetes and ask any questions. The forum is open to the public and anyone using our website has access to the posts you make, although we do moderate it to try to make sure it is a safe and supportive space. Please see our Acceptable Use policy for more information.
This includes allowing us to:
- recognise you when you visit our site more than once
- identify what device you used to access the site
- how you came to our site.
- what pages you looked at or what action you took,
- what pages are most popular,
- save any of your personalised settings.
Please note that even if you change your preferences with us, you will still see some content from us on social media, as the social media site will choose content for you based on other reasons.
When you visit our social media pages (including Facebook, Instagram, Twitter), the owner of that site will usually place cookies on your device. You can choose whether to allow this by changing your social media or browser preferences – see our Cookies Policy for details.
We also may periodically offer you the opportunity to take part in user experience testing via our website.
Information we get from other sources
If you’ve given permission to third parties to give us your data, we will sometimes receive information about you from them. For example, when you sign up to an event run by a third party, like running a race, and choose to fundraise for us, we can receive information about you from the race organisers or any fundraising sites you use like JustGiving, if you’ve agreed they can share that information with us. Social media sites like Facebook, WhatsApp and Google can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites.
We also collect a limited amount of extra information about you from public and private sources, to give us a better idea of what you’re interested in. This can include checking we’ve got your correct postal address from Royal Mail. We might collect demographic data like age, using commercially available survey data and databases like ACORN and the Eden Stanley Health & disability tracker to predict some information about you or people similar to you. Examples of information we may get are predictions about your likely purchasing behaviour, motivations, attitudes, media usage, leisure interests, how you engage with charities and indicators of financial status like house value. This analysis will be based on your postcode and doesn’t relate to you on an individual level. You can find out more about how we use this information to serve you better in the Understanding our beneficiaries and supporters better section below.
We want to give everyone a great fundraising experience. To do this we sometimes use information about your resources, positions of responsibility in the public, private and third sector, location, charitable interests and likelihood to give, personal interests and any other relevant information to help us tailor communications and make sure we get in touch with the right invites and suggestions.
We collect information we can find on publicly available and free sources for this purpose, like Companies House, other public registers, Who’s Who, newspaper, magazine and internet articles. We always check that our resources are reliable and verified.
We receive information about legacies which have been left to us through an automatic notification service. This draws information from grants of probate, which are public documents, and allows us to get in touch with executors to make sure we receive legacies intended for us. We’ll only use executors’ details for this purpose and we won’t send them any other information unless requested.
If we have reason to think that someone who has never been in touch with us before could be interested in our cause, we will collect basic information on them from publicly available, reliable sources. We may have read their story on a newspaper or know about them through our staff or major supporters. Once we know a bit more about them, if we believe they might be interested we do our best to get in touch with them, and we will usually do this within a month, at which point we will provide more information about how we use the data.
We provide age-appropriate information for children and young people living with diabetes on our website. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children for events we organise specifically for young people and their families or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people. When we take photos of children at to our events, we’ll always ask parents if we can use the images.
When we work with third party suppliers or customers we will usually collect limited contact details for key staff at that supplier or customer. These are only used for managing our business relationship with that supplier or customer.
How we use your data
We use the data you give us and the data we collect about you from other sources for the following purposes:
- To provide you with the services (e.g. events, helpline, community outreach, education), information and products you request.
- To provide you with information about campaigning, fundraising, research, volunteering and other ways you can support our charitable mission.
- To process your application for a research grant.
- For administration purposes, including processing donations (including Gift Aid and legacies), quality and compliance monitoring and staff training.
- To monitor and improve the performance of our website.
- To provide interactive services to you on our website.
- To safely and securely test the impact of technical system changes on your data
- To analyse and improve the services, products and information we offer and the campaigns and appeals we produce.
- To keep a record of your interactions with us.
- To better understand our supporters’ needs, wishes and interests.
- To tailor relevant information about us to you when you leave our site and go to other websites.
- To deliver information we believe will be relevant and interesting to other people with similar interests and characteristics to you.
- To make a decision about whether you are eligible to take part in a specific user experience project
Events and membership
If you sign up for one of our events, like a fundraising event or support event, we will use your contact details to provide you with information about the event and to support you with any associated fundraising. If you join our membership scheme, we will use your data to send you your membership benefits, information about other ways to get involved with us and to make sure the information we send you is relevant to you.
If you buy a product from our shop, we will use the information you provide to complete your order. We will also use your details to ask you to fill in a feedback survey via a survey agent about the products you’ve bought. We need to share your information with our suppliers to do this, but we’ll keep your data safe when we do this. Please see “Who we share your data with” for more details. If we notice that you’ve left items in your shopping basket without checking out, we will send you an automatic reminder. If an item is out of stock, you can also choose to receive a reminder when it’s back in stock.
Research grant applications
If you apply for a research grant from us, our online grant application platform is provided by CC Technology, a third party supplier. We will share your data with experts involved in the evaluation of your application and we will publish brief details of the awards we make. Please see the terms and conditions of use of Grant Tracker, our Grant Conditions and our Research privacy notice [link] for more details about how your data is used.
Supporting people living with diabetes
We provide a helpline for people living with diabetes, their family, carers and friends or people who are worried they may be at risk of diabetes. Any medical information you provide to the helpline is kept strictly confidential. We only use this information to answer your questions and provide you with any support you request, for staff training and quality assessment.
We also provide a customer care centre, which deals with a whole range of other questions, issues and complaints about our work. We use the information you give us to answer your questions, provide support to you or investigate any complaints, for staff training and quality monitoring.
Some people agree to share their diabetes story with us to help us in our work and to help other people who may have similar experiences. This may involve you providing us with more detailed information about your health, background, ethnicity, diabetes story and some photographs. We’re always really grateful when people agree to get involved in our work in this way and we’ll always ask you for your consent to use this information so that you stay in control of how this information is used.
Providing you with information about what we do and how you can help
Our charitable mission is that by bringing people together to work in partnership, we will support those living with diabetes, prevent Type 2, make research breakthroughs in diabetes, and ultimately find a cure. In order to achieve our mission, we need to talk to as many people as possible about what we’re doing. This is why we think it’s reasonable and legitimate for us to use your contact details to contact you by post and by telephone to tell you more about our work and how you can support us. This includes newsletters, appeals, magazines, raffle mailings, event invitations and information about how we help, campaigns we’re running, ways you can support us and about the research we’ve funded. We also offer a variety of different e-newsletters which you can sign up for. Some of these publications are supported by third party advertising, but we don’t give your details to our advertisers.
If you’ve subscribed to the Telephone Preference Service, we won’t call you about our work or for fundraising purposes unless you tell us that you’re happy to hear from us in this way. We will only call you for strictly necessary administrative purposes, like to check Gift Aid status or to respond to a complaint you’ve made. We’ll only send you information about our work by email if you give us consent to contact you by email. The same applies for text messages.
You can change the way you hear from us, or stop hearing from us, quickly and easily at any time by contacting us. Please see details in the “Contact” section below.
Understanding our beneficiaries and supporters better
It’s important to us to understand the likes, dislikes, needs and interests of our beneficiaries, supporters and potential supporters. We do this in a number of different ways.
We get extra information about you from other public and private sources (please see “Information we obtain from other sources” to get to know you better. We look at how you support us and the amount and frequency of any donations you may have made to us. This helps us to make sure that we’re only asking for financial support when it’s appropriate to do so and we don’t ask you too often. It also means that if we think you might be able and willing to give a bit more, or to leave us some money in your will, we can contact you to see if you wish to do so.
So we can assess your ability and likelihood to support us, we analyse the information people give us and your relationship with Diabetes UK. Very occasionally we do more detailed research on individuals. But this is the exception not the rule. We only do it if we have reason to think someone is particularly influential or might have the capacity to be a major donor to us. This assessment is either based on personal interaction or on a more general analysis of our database of contacts done by applying demographic data, social factors, population and consumer behaviour (as mentioned above).
Analysing data to improve what we do
We often use personal information to analyse the success of our campaigns, appeals and initiatives. This helps us make sure we’re reaching the right people and having the greatest impact. It’s also useful to us to group our supporters together in our databases on the basis of common interests or characteristics. This is often known as segmentation or profiling. It helps us to understand what kind of people take part in particular campaigns or appeals, so that we can improve what we do. For example, we might find that a particular group of people are more likely to drop out of our Swim22 challenge, so we can offer them extra support and encouragement. It allows us to tailor our communications to make sure they are more relevant to each group. For example we might learn that one group is more likely to be interested in self-education to manage their diabetes, but aren’t interested in cooking so we signpost them to our online Learning Zone content rather than recipes. As a result, we can save money, by not sending out unwanted communications. We can also use these groups to work out where some of our messages aren’t being successful and try new ways to reach people to achieve our charitable goals. While we may use profiling to target the way we communicate with our supporters, our services are always available to everyone affected by diabetes on an equal basis.
If you’ve agreed to receive emails from us, we also track whether emails have been opened and whether you’ve clicked on any of the links in those emails to see if they were useful and interesting to you.
Applications to participate in user experience research
If you apply to participate in a user experience research project, our online recruitment platform may automatically decide whether you are suitable to participate. This decision is based on the data you provide during the sign-up process. Each research project is different, and our sign-up process will clearly explain who we are looking for and the reasons why. Your application to participate in user experience research – whether accepted or not – has no effect on any other involvement you have with us now or in the future.
Who we share information with
We can’t do everything ourselves, so often we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and give you information you’ve requested. We may also share your personal information with third parties so they can give us advice or services to carry out our work. We’ll always make sure that your information is kept securely and can’t be used for other purposes. If you sign up for our user experience research, we will share your information with our research clients so they can contact you to participate in research. We will never sell or give your information to third parties for their own promotional marketing purposes.
Occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or detect a crime.
Providing information to you and delivering services
When we send out information to you, for example about our events, campaigns or membership benefits, we often use companies who provide support services like printing, creative services and mailing to do this.
When you place an order with our online shop, we need to share your contact details with our suppliers, warehouse and logistics providers to complete your order. Your details may also be passed to a survey provider for feedback on the products you buy, so that we can improve the range of products we offer.
If you pay for products or for services or make donations online or over the telephone, we will share your information with the payment providers who process the payments for us, like Mastercard, Google Pay, Stripe or Apple Pay.
If you ask for support from us, we may give your details to local groups in your area who can provide that support, but we’ll always ask you first if you’re happy with this.
We sometimes team up with other partner organisations like other charities, healthcare organisations or companies where we have common goals. This often allows us to achieve more than doing things on our own. We’ll always give you the choice on whether your details are passed to our partners or not.
Suppliers who provide services to us
Like most charities, we may use professional fundraisers to carry out face-to-face or telephone fundraising on our behalf. We always put in place safeguards, like monitoring and call listening to check they are behaving in a professional way and comply with the Fundraising Code.
We also use the services of online or mobile platforms for a number of reasons, for example to manage registrations for the conferences and events we run, to support fundraising efforts associated with these events, to support campaigns, to manage grant applications, to manage mobile messaging and mobile donations and to send out forms and surveys. When you submit your data to these platforms, the platform will collect and send your registration details to us. Sometimes the platforms will use your data for their own purposes such as analysing the use of their platform or for advertising, so we recommend that you check their privacy policies for more details.
Sometimes we share information about our supporters with third parties like creative agencies and data analysts who advise us on how to create and improve our campaigns and appeals. They may advise us on which groups of our supporters are more likely to respond to particular communications, including financial appeals and legacy requests. Any data will usually be shared on an anonymised basis, but occasionally we may need to share more details to get the best results.
We always make sure that we have a robust legal agreement in place with our third party suppliers, which obliges them to only use your information on our instructions and in accordance with the law.
Sharing information to and from social media
Reaching people through social media is a very cost-effective tool for charities.
We sometimes share with Facebook the email addresses of people who have donated to us, registered to take part in one of our fundraising events, or engaged with us in another way. These email addresses are used by Facebook to create ‘lookalike audiences’. These are groups of people with similar characteristics and interests to our supporters, who might therefore be interested in getting involved with us. We will then use Facebook to show relevant advertising to these audiences. For example, we might find that people who like walking are more likely to take part in our London Bridges Walk. We do this to make sure we are using our funds in the most efficient and cost-effective way possible, to reach and provide support to more people, and raise more funds to aid our vital work for people living with diabetes. Any information we share with Facebook will be shared in an encrypted format, and will not be used for their own purposes. You can tell us at any time if you don’t want your data to be shared in this way by contacting us. You can also change your own social media settings.
Some of the cookies and tags on our website come from third parties like Facebook or Google. This allows them to collect information about pages which visitors have visited on our website and show you advertising from us when you go elsewhere on the internet. See our Cookies policy for more details and how to opt out.
We use a platform called SocialSignIn run by Orlo to manage our social media interactions. This helps us respond to you quickly and efficiently. If you message us, tag us, like us, follow us, share or comment on our posts, your personal data will be stored by Orlo on our behalf. Your data will be stored securely and will only be used by us either to respond to social media interactions or to help us work out how we can better communicate with our supporters. Orlo won’t use your data for anything else.
To help us thank our supporters who fundraise for us on Facebook, we use a platform called GivePanel. This allows us to understand who is fundraising for us and post thank you messages on their public fundraising pages. To use this tool, the data we receive from Facebook is shared securely with the company that runs GivePanel. They can’t use this information for any other purpose and will never contact you directly.
User Experience research
From time to time we may offer you opportunities to engage as a participant in user experience research via our website. ‘User experience research’ is the process of getting feedback about products and services aimed at people with diabetes, and is different to ‘clinical research’ that aims to scientifically prove medical and lifestyle interventions. Although we will always consider clinical research as part of our charitable mission, we also offer user experience research as a chargeable consultancy service to other organisations that we have vetted. We do this to raise funds for our work, but also to encourage products and services targeted at people with diabetes to take into account their needs.
If you choose to participate in any of our user experience research projects, we may introduce you to our research clients and also share data with them relating to your involvement in that user experience research project. Our signup process will always let you know what data will be collected and shared before you complete the sign up process.
Involvement in our user experience research projects is your choice, and requires your active agreement for each and every research project. We will never share any data with our clients that we have collected from our other activities with you, and we will never sell your data to anyone for their own promotional marketing purposes.
Information sharing required by law or regulation
Our services are confidential. However, we may share information you give us with support agencies or the police if a member of staff or volunteer has concerns about your own or someone else's safety or wellbeing. We would need to share what you tell us with someone if:
- we believe your life or someone else’s life is in danger
- you tell us that you or someone else is being, or is at risk of being abused by another person
- it’s necessary to prevent or detect a crime
- we are required to do so under a court order.
Transfers outside the European Economic Area
Our work is based in the UK and we store the data we hold within the European Economic Area (where you have the same level of protection for your data as in the UK). However, a few of our suppliers may store their data outside the European Economic Area. We will only transfer your data to them if we are confident that your data will be adequately protected, for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of European Union citizens, or if we have a contract with them that says they will meet EEA data processing standards.
How long we keep your information
As diabetes is a long-term, chronic condition, we know that your needs for support and your relationship with us will change over time. We will normally keep your personal information only for as long as necessary.
We normally keep your details on our supporter database while we have an ongoing relationship with you. If we haven’t heard from you for seven years, we will archive your data, which means we won’t use it any more unless you decide to restart your relationship with us.
We keep recordings of calls to our helplines and complaints for two years, except where we need to keep the data as a record of your consent to be contacted by us, in which case we keep it for as long as we need it for compliance purposes.
We keep financial records, Gift Aid records and details of any contracts we enter into with you for seven years after the relevant transaction, which is required by law. We do not keep your credit card details in accordance with payment industry standards.
We may keep details about any actual, suspected or potential criminal offences or concerns for longer periods of time in accordance with governmental, regulatory or police guidance.
If you’ve told us that you’ve left us a gift in your will or have expressed an interest in leaving us a gift in your will, we will keep a limited amount of information about your relationship with us until six years after your estate is wound up. This information will be only used to make sure we receive any gift you may make.
How we keep your information securely
We guard against unauthorised access to our systems by reviewing our information collection, storage and processing practices, including physical security measures. We restrict access to personal information to employees, contractors and third parties who need to know that information to process it for us and put in place contracts which require them to keep it confidential. We regularly assess the security of our systems. If we need to transfer data to or from third parties, we will always use a secure method to do so.
Our legal basis for processing data
Organisations that collect personal data need to have a lawful basis for doing so. The law sets out six ways to process personal data (plus extra conditions for processing sensitive personal data). Five of these are relevant to the types of processing that we carry out.
This includes information that is processed on the basis of:
- A person’s consent (for example to send you direct marketing by e-mail or SMS)
- Diabetes UK’s legitimate interests (please see below for more information)
- A contractual relationship (for example to provide you with goods or services that you have bought from us, or when you agree to participate in user experience research)
- Processing that is necessary for meeting legal obligations (for example to process a Gift Aid declaration and carrying out due diligence on large donations), and
- In rare cases, to protect someone’s life.
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and doesn’t adversely impact the rights of the individual concerned.
We will always consider if it is fair and balanced to use your personal information and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to make sure that we use your personal information in ways that are not unduly intrusive or unfair.
Our legitimate interests
- Achieving our charitable aims –These include providing support and advice to people living with diabetes and its related complications and for those who care for them, increasing the understanding of diabetes, educating healthcare professionals and the general public and promoting research into the causes, prevention and cure of diabetes and publishing the results of research.
- Administration and operational management - This includes running the charity, legal and financial reporting and meeting legal requirements, , responding to your enquiries, providing information and our support, research, surveys, events management, the administration of volunteers and employment and recruitment requirements.
- Fundraising and campaigning This includes running campaigns and donations, sending and making direct marketing by post and phone, analysing data to make sure our work is effective and maintaining a list of people who don’t want to hear from us.
If you would like more information on our uses of legitimate interests or to change our use of your personal data, please get in touch with us using the details in the “Contact us” section below.
You’re in control of your data and the way we use it.
You can ask us for a copy of the information we hold about you at any time by contacting us at the details below. We will generally supply any information you ask for within 30 days unless it is a particularly complex request. We will not charge you for this information other than in exceptional circumstances. We may ask you for proof of identity as we need to be sure we are only releasing your personal data to you.
You can also ask us at any time:
- to amend your data
- to stop using your data for a particular purpose, if you’ve changed your mind about it
- to limit the way we use your data
- to stop using your data for direct marketing (for example fundraising and campaigning appeals)
- to stop analysing your data to understand our supporters better or
- to delete your data.
We will do our best to follow your requests as long as we’re able to do so. For example, if you’ve signed up to attend an event, we will still need to be able to use your details to process your attendance. If you ask us to delete your data, or to stop sending marketing information to you, we will retain limited details on a suppression list (a list of people we can’t contact), to make sure we don’t contact you again by mistake. In this case, your details won’t be used for any other purpose. You can also subscribe to the Fundraising Preference Service, which enables you to block communications from named charities.
If you have any complaints about the way we collect and manage your data, please let us know so we can address them. We have appointed a Data Protection Officer to oversee the way we manage personal data. They can be contacted at firstname.lastname@example.org. If you’re unhappy with the way we respond to any complaint, you also have the right to complain to the Information Commissioner’s Office which regulates the use of personal data in the UK at https://ico.org.uk/concerns/. You can also contact the Fundraising Regulator which regulates fundraising charities at https://www.fundraisingregulator.org.uk/make-a-complaint/complaints/.