Collecting and processing personal information about you and other people helps us run smoothly and meet our charitable aims. We use this information to give you the best possible experience with us, whether that’s sending you information as quickly as possible, telling you about our latest campaign or thanking you for your support.
We will never sell any information we have about you to third parties for their own promotional marketing. You can change how, or if, we contact you at any point.
Thank you for your support.
Version 2: last modified by Craig Walker, Information Governance Manager at Diabetes UK
Date: 14 January 2021
We are Diabetes UK and we’re a registered charity.
Our official name is the British Diabetic Association, but we’re usually known as Diabetes UK, Diabetes Scotland, Diabetes Cymru/Diabetes Wales or Diabetes Northern Ireland. We’re a charity registered in England (no. 215199) and Scotland (SC039136) and a not for profit company (no. 00339181). Our head office is in London and we have national offices in Wales, Scotland and Northern Ireland. We have regional offices across England and operate local volunteer groups spread across the whole of the UK. We also have a trading company, Diabetes UK Services Limited, which carries out some of our commercial activities like our online shop and our lottery to raise funds for the charity. All of its profits are donated to the charity and any personal data you provide to us will be used by both entities.
Find out more about us.
What personal data we collect
We collect some information directly from you when you provide it by filling in forms, over the telephone, face to face or on our website. This includes information you provide to our local volunteer groups. We obtain some information about you from third parties, for example when you enter an event organised by someone else and choose to fundraise for us. We also collect some additional data about you from other sources.
Information we collect directly from you
When you provide us with your information directly, we usually ask you for your name, address and contact details. If you are making a donation to us or buying something from our shop, we will also obtain your banking or credit card details. On occasion, we also ask why you have chosen to support us, as that helps us understand how we can meet your needs.
Where we are delivering services to you, providing you with information about our work or when you participate in one of our campaigns, we may ask you for more information about your health, for example what type of diabetes you have, to make sure we send you information which is tailored to you. It can also help us to have health information about you if we need to make adjustments to meet your medical needs, such as sending you large text publications or providing hypo kits at events we run. We sometimes also ask about your ethnicity to ensure we are reaching a diverse audience and because ethnicity can have an impact on your Type 2 diabetes risk.
As part of our charitable mission, we work with the NHS and other organisations to improve the care and services which people living with diabetes receive. To do this, we periodically ask people living with diabetes to participate in surveys or audits about their experience and the care they receive. If you agree to participate, we will provide you with further details about how your information will be used and shared.
Information we collect from you on our websites and apps
Our Know Your Risk online tool collects information about your gender, age, ethnic background, body shape and blood pressure to give you a score for your risk of developing Type 2 diabetes in the next 10 years. This information is kept securely from any other information you may give us.
We operate a number of interactive online tools to deliver education and support to you. Some of these ask you to provide additional details about your personal health and ethnicity as well as additional information about you (like your diabetes type, age, gender and date of diagnosis) to provide you with educational content which is relevant, clinically accurate and suitable for you.
The Diabetes UK Online Support Forum gives people the chance to share their experiences of living with diabetes and ask any questions. The forum is open and anyone using our website has access to the posts you make, although we do moderate it to try to make sure it is a safe and supportive space. Please see our Acceptable Use policy for more information.
If you’ve given permission to third parties to give us your data, we will sometimes receive information about you from them. For example, when you sign up to an event run by a third party, like the London Marathon, and choose to fundraise for us, we can receive information about you from the race organisers or any fundraising sites you use such as JustGiving if you’ve agreed they can share that information with us. Social media sites such as Facebook, WhatsApp and Google can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites
We also collect a limited amount of additional information about you from public and private sources, to give us a better idea of what you’re interested in. This can include checking we’ve got your correct postal address from Royal Mail, using demographic data like age, using commercially available survey data and databases like ACORN to predict some information about you. Examples of information we may get are predictions about your likely purchasing behaviour, motivations, attitudes, media usage, leisure interests and indicators of financial status like house value. This analysis will be based on your postcode and do not relate to you on an individual level. You can find out more about how we use this information to serve you better in the understanding our beneficiaries and supporters better section.
We want to give everyone a great fundraising experience. To do this we sometimes use information about your resources, positions of responsibility in the public, private and third sector, location, charitable interests and likelihood to give, personal interests and any other relevant information to help us tailor communications and make sure we get in touch with the right invites and suggestions.
We collect information we can find on publicly available and free sources for this purpose, like Companies House, other public registers, Who’s Who, newspaper, magazine and internet articles. We always check that our resources are reliable and verified.
If we have reason to think that someone who has never been in touch with us before could be interested in our cause, we will collect basic information on them from publicly available, reliable sources. We may have read their story in a newspaper or know about them through our staff or major supporters. Once we know a bit more about them, if we believe they might be interested we do our best to get in touch with them, and we will usually do this within a month, at which point we will provide more information about how we use the data.
We provide age-appropriate information for children and young people living with diabetes on our website. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children in connection with events we organise specifically for young people and their families. Wherever possible, we will ask for consent from parents to collect information about children and young people.
When we work with third party suppliers we will usually collect limited contact details for key staff at that supplier.
How we use your data
We use the data you provide to us and the data we collect about you from other sources for the following purposes:
- To provide you with the services, information and products you request.
- To provide you with information about campaigning, fundraising, research, volunteering and other ways you can support our charitable mission.
- To process your application for a research grant.
- For administration purposes, including processing donations (including Gift Aid processing), quality and compliance monitoring and staff training.
- To monitor and improve the performance of our website.
- To provide interactive services to you on our website.
- To analyse and improve the services, products and information we offer and the campaigns and appeals we produce.
- To keep a record of your interactions with us.
- To better understand our supporters needs, wishes and interests.
- To tailor relevant information about us to you when you leave our site and go to other websites.
- To deliver information we believe will be relevant and interesting to other people with similar interests and characteristics to you.
Events and membership
If you sign up for one of our events, like a fundraising event or support event, we will use your contact details to provide you with information about the event and to support you with any associated fundraising. If you join our membership scheme, we will use your data to send you your membership benefits, information about other ways to get involved with us and to make sure the information we send you is relevant to you.
If you buy a product from our shop, we will use the information you provide to complete your order. We will also use your details to ask you to complete a feedback survey via a survey agent about the products you’ve bought. We need to share your information with our suppliers to do this, but we’ll keep your data safe while we’re doing this. Please see the section about who we share your information with for more details. If we notice that you’ve left items in your shopping basket without checking out, we will send you an automatic reminder. If an item is out of stock, you can also choose to receive a reminder when it’s back in stock.
Research grant applications
If you apply for a research grant from us, our online grant application platform is provided by CC Technology, a third party supplier. We will share your data with experts involved in the evaluation of your application and we will publish brief details of the awards we make. Please see our grant conditions for more details about how your data is used.
Managing research grants
If you are awarded a research grant from us we will share information about your work with LifeArc for the purposes of monitoring and evaluating the potential impact of our research portfolio.
Diabetes UK is a member of Europe PubMed Central, and as per the contract, we are required to provide details of awarded grants on an annual basis.
We will also provide details of all our research awards (which includes brief details about award holders) to the Association of Medical Research Charities (AMRC) for the purpose of reporting as per membership requirement.
Communicating about research
If you are awarded a Diabetes UK grant, we will include details of your project on our website and may refer to your research in other communications channels. We may also share information about your research with potential donors for fundraising purposes.
Supporting people living with diabetes
We provide a helpline for people living with diabetes, their family, carers and friends or people who are worried they may be at risk of diabetes. Any medical information you provide to the helpline is kept strictly confidential. We only use this information to answer your questions and provide you with any support you request, for staff training and quality monitoring.
We also provide a customer care centre, which deals with a whole range of other questions, issues and complaints about our activities and the services we provide. We use the information you provide to us via this service to answer your questions, provide support to you or investigate any complaints, for staff training and quality monitoring.
Some people agree to share their diabetes story with us to help us in our work and to help other people who may have similar experiences. This may involve you providing us with more detailed information about your health, background, ethnicity and diabetes story. We’re always really grateful when people agree to get involved in our work in this way and we’ll always ask you for your consent to use this information so that you stay in control of how this information is used.
Providing you with information about what we do and how you can help
Our charitable mission is that by bringing people together to work in partnership, we will support those living with diabetes, prevent Type 2, make research breakthroughs in diabetes, and ultimately find a cure. In order to achieve our mission, we need to reach as many people as possible and talk to them about what we’re doing. We, therefore, think it’s reasonable and legitimate for us to use your contact details to contact you by post and by telephone to tell you more about our work and how you can support us. This includes newsletters, appeals, magazines, raffle mailings, event invitations and information about the services we offer, campaigns we’re running, ways you can support us and about the research we’ve funded. We also offer a variety of different e-newsletters which you can sign up for.
If you’ve subscribed to the Telephone Preference Service, we won’t call you unless you tell us that you’re happy to hear from us in this way.
We know that filling up your inbox with unwanted emails is annoying, so we’ll only send you information about our work by email if you give us consent to contact you by email (we’re also legally obliged to get your permission). The same applies to text messages.
We respect the fact that it’s your choice to hear from us or not. You can change the way you hear from us, or stop hearing from us, quickly and easily at any time by contacting us.
It’s important to us to understand the likes, dislikes, needs and interests of our beneficiaries, supporters and potential supporters. We do this in a number of different ways.
We get additional information about you from other public and private sources, to get to know you better. We look at how you support us and the amount and frequency of any donations you may have made to us. This helps us to make sure that we’re only asking for financial support when it’s appropriate to do so and we don’t ask you too often. It also means that if we think you might be able and willing to give a bit more or to leave us a legacy, we can contact you to see if you wish to do so.
So we can assess your ability and likelihood to support us, we analyse the information people give us and your existing relationship with Diabetes UK. We sometimes do some more detailed research on individuals. But this is the exception, not the rule: we only do it if we have reason to think someone is particularly influential or might have the capacity to be a major donor to us. This assessment is either based on personal interaction or on a more general analysis of our database of existing contacts done by applying demographic data, social factors, population and consumer behaviour (as mentioned above).
It’s also useful to us to group our supporters together in our databases on the basis of common interests or characteristics. This allows us to tailor our communications to make sure they are timely and interesting to each group. And it helps us to save money, by not sending out unwanted communications.
If you’ve agreed to receive emails from us, we also track whether emails have been opened and whether you’ve clicked on any of the links in those emails to see if they were useful and interesting to you.
We also use some of this information to analyse actual or likely responses to our campaigns and appeals so that we can continue to improve and achieve our charitable mission more effectively.
We can’t do everything ourselves, so sometimes we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and provide you with the information you’ve requested. We also may share your personal information with third parties so they can provide services and advice to us in our work. We’ll always make sure that your information is kept securely and can’t be used for other purposes. We will never sell or give your information to third parties for their own marketing purposes.
Very occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or detect a crime.
Providing information to you and delivering services
When we send out information to you, for example about our events, campaigns or membership benefits, we often use companies who provide support services such as printing, creative services and mailing to do this.
When you place an order with our online shop, we need to share your contact details with our suppliers, warehouse and logistics providers to fulfill your order. Your details may also be passed to a survey provider for feedback on the products you buy, so that we can improve the range of products we offer.
If you pay for products or for services online or over the telephone, we will share your information with our payment providers who process the payments for us, like Mastercard. We don’t keep a record of your credit card details.
If you ask for support from us, we may pass your details on to local groups in your area who can provide that support, but we’ll always ask you first if you’re happy with this.
We sometimes team up with other partner organisations (for example other charities, healthcare organisations or companies) where we have common goals. This often allows us to achieve more than doing things on our own. We’ll always give you the choice on whether your details are passed to our partners or not.
Suppliers who provide services to us
Like most charities, we may use professional fundraisers to carry out face-to-face or telephone fundraising on our behalf. We always put in place safeguards, like monitoring and call listening to check they are behaving in a professional way and comply with the Code of Fundraising Practice.
We also use the services of online platforms for a number of reasons, for example to manage registrations for the conferences and events we run, to support fundraising efforts associated with these events, to support campaigns, to manage grant applications and to send out forms and surveys. When you submit your data to these platforms, the platform will collect and send your registration details to us.
Sometimes we share information about our supporters with third parties like creative agencies and data analysts who advise us on how to create and improve our campaigns and appeals. They may advise us on which groups of our supporters are more likely to respond to particular communications, including financial appeals and legacy requests. Any data will usually be shared on an anonymised basis, but occasionally we may need to share more details to get the best results.
We always ensure that we have a robust and legally compliant agreement in place with our third party suppliers, which obliges them to only process data on our instructions and in accordance with the law.
Reaching people through social media is a very cost-effective tool for charities. We sometimes share names and e-mail addresses with social media platforms in order to find people with similar likes and interests to our supporter groups, who might be interested in getting involved with us. Any information we share with social media platforms will be shared in an encrypted format and will not be used for their own purposes. You can tell us at any time if you don’t want your data to be shared in this way or you can opt out by changing your social media settings. See our Cookies policy for more details.
Information sharing required by law or regulation
Diabetes UK services are confidential. However, we may share information you give us with support agencies or the police if a member of staff or volunteer has concerns about your own or someone else's safety or wellbeing. We would need to share what you tell us with someone if:
- we believe your life or someone else’s life is in danger
- you tell us that you or someone else is being, or is at risk of being abused by another person
- it’s necessary to prevent or detect a crime
- we are required to do so under a court order.
Transfers outside the European Economic Area
Diabetes UK’s operations are based in the UK and we store the data we hold within the European Economic Area (where you have the same level of protection for your data as in the UK). However, a few of our suppliers may store their data outside the European Economic Area. We will only transfer your data to them if we are confident that your data will be adequately protected, for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of European Union citizens, or if we have obtained contractual assurances from them that they will meet EU data processing standards.
How long we keep your information for
As diabetes is a long-term, chronic condition, we know that your needs for support and your relationship with us will change over time. We will normally keep your personal information only for as long as we have an ongoing relationship with you.
We keep recordings of calls to our helplines and complaints for two years, except where we need to keep the data as a record of your consent to be contacted by us, in which case we keep it for as long as we need it for compliance purposes.
We keep financial records, Gift Aid records and details of any contracts we enter into with you for seven years after the relevant transaction, which is required by law. We may keep details about any actual, suspected or potential criminal offences or concerns for longer periods of time in accordance with governmental, regulatory or police guidance.
How we keep your information secure
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems. We restrict access to personal information to employees, contractors and third parties who need to know that information to process it for us and who are subject to appropriate contractual confidentiality obligations. We regularly assess the security of our systems. If we need to transfer data to or from third parties, we will always use a secure method to do so.
Our legal basis for processing data
Organisations that collect personal data need to have a lawful basis for doing so. The law sets out six ways to process personal data (plus additional conditions for processing sensitive personal data). Four of these are relevant to the types of processing that we carry out.
This includes information that is processed on the basis of:
- (a) A person’s consent (for example to send you direct marketing by e-mail or SMS);
- (b) Diabetes UK’s legitimate interests (please see below for more information;
- (c) A contractual relationship (for example to provide you with goods or services that you have purchased from us); and
- (d) Processing that is necessary for compliance with a legal obligation (for example to process a gift aid declaration and carrying out due diligence on large donations)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Diabetes UK’s legitimate interests include:
- Achieving our charitable objectives – including delivery of our charitable purposes in providing relief, support and advice to people with diabetes and its related complications and for those who care for them, advancing the understanding of diabetes and educating healthcare professionals and the general public and promoting research into the causes, prevention and cure of diabetes and publishing the results of such research;
- Administration and operational management – including running and administering the charity, completing statutory and financial reporting and other regulatory compliance requirements, responding to solicited enquiries, providing information and our services, research, surveys, events management, the administration of volunteers and employment and recruitment requirements.
- Fundraising and Campaigning – including administering campaigns and donations, and sending and making direct marketing by post and phone, and analysis, targeting and segmentation of data to develop communication strategies and maintaining communication suppressions.
If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please get in touch.
You’re in control of your data and the way we use it.
You can ask us for a copy of the information we hold about you at any time by contacting us. We will generally supply any information you ask for within 30 days unless it is a particularly complex request. We will not charge you for this information other than in exceptional circumstances. We may ask you for proof of identity as we need to be sure we are only releasing your personal data to you.
You can also ask us at any time to:
- amend your data,
- withdraw consent (where we are processing your data on this basis),
- limit the way we use your data,
- stop using your data for direct marketing,
- stop analysing your data to understand our supporters better, or
- delete your data.
We will do our best to comply with your requests as long as we’re able to do so. For example, if you’ve signed up to attend an event, we will still need to be able to use your details to process your attendance. If you ask us to delete your data or to stop sending marketing information to you, we will retain limited details on a suppression list, to make sure we don’t contact you again by mistake. In this case, your details won’t be used for any other purpose. You can also subscribe to the Fundraising Preference Service, which enables you to block communications from named charities.
If you have any complaints about the way we collect and manage your data, please let us know so we can address them. We have appointed a Data Protection Officer to oversee the way we manage personal data. They can be contacted at firstname.lastname@example.org.
If you’re unhappy with the way we respond to any complaint, you also have the right to complain to the Information Commissioner’s Office (which regulates the use of personal data in the UK) or to the Fundraising Regulator (which regulates fundraising charities).
- Phone us on 0345 123 2399
- Email us at email@example.com
- Visit us at forms.diabetes.org.uk/im-in-charge
Our social media channels