Privacy Statement

Last updated 24th May 2018

Pancreatic Cancer Action believe it’s important to be up front about what we do with your data – we are committed to treating it with respect and keeping it safe.

Pancreatic Cancer Action is the sole ‘Data Controller’ of your information. This means that we determine the purpose and way your information is used. We will never sell your personal information or share it with another organisation for their own purposes.

This statement outlines how we collect and use the information you give us and information about you provided  by third parties or from publicly available sources.  It also explains your rights over that data and how to contact us about it.

If you have any questions or concerns about data privacy, you can get in touch with us in the following ways:

By Post: Information Operations Manager, Pancreatic Cancer Action, Oakhanger Farm Business Park, Oakhanger Hampshire, GU35 9JA
By Email:
By Telephone: 0303 040 1770


Find out about:

Where we collect information about you

What information we collect and what we do with it

Direct marketing

How we keep your data secure

Who has access to your data and who we share it with

How to access and update your personal information

Raising Concerns

Where do we collect information about you?

We collect information in the following ways:

When you give it to us DIRECTLY

You may give us your information in order to sign up for one of our events, raise awareness for us, tell us your story, make a donation, purchase our products or communicate with us.  This may be by phone, by email or by filling in a form on our website.

When you give it to us INDIRECTLY

Information about you may be given to us by event organisers, for example the London Marathon, Great Runs or Skyline or by fundraising sites like Just Giving or Virgin Money Giving.  These independent third parties will only do this when you have indicated that you wish to support Pancreatic Cancer Action and are happy for us to receive your details. Please look at their Privacy Policy when you provide your information, to understand fully how they process it.

Social Media

Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access and use information about you from those accounts or services.

Information Available Publicly

We may use details about you that have been found in places such as Companies House or on publicly available websites and information that has been published in articles/ newspapers.

When we collect it as you use our WEBSITES OR APPS

Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. Cookies are small text files that our site transfers to your computer (or phone or tablet). They make interacting with our website faster and easier – for example by automatically filling your name and address in text fields. You can read more details about this in our Cookie Policy.

We may also collect information about the device you’re using when you access our website – but only if the device and your settings allow us to. We do this to improve how our website works for you and other visitors in the future. We may collect information about what type of device it is, what operating system you’re using and what the device settings are. If a software crash occurs when you are accessing our website, we may collect data about why the crash has happened.

Your device manufacturer or operating system provider will have more details about what information your device makes available to us.


What personal data we collect and what we do with it

Our work to improve early diagnosis of pancreatic cancer relies on your involvement and support. Your personal data helps us to develop a good understanding of how to help our supporters and fundraisers, to fundraise more efficiently and it allows us to make better decisions about the campaigns and services we provide – ultimately helping us to reach our goal of saving lives through earlier diagnosis of pancreatic cancer.

The type of information we collect and how we use it depends on why you are providing it.  You may do more than one of these:

Fundraise or Donate

 If you raise money for us or donate to us, we will usually collect:

We might also ask for:

We will use your data to:

The lawful basis for processing this data is ‘Legitimate Interests’:

Support Us / Raise Awareness

If you support us, for example, raise awareness for us, volunteer for us, help us at conferences, cheer for us at large events, we will usually collect:

Where it is appropriate we may also ask for:

We will use your data to:

The lawful basis for processing this data is ‘Legitimate Interests’:


Shop with us

If you order an item from our shop (either paid for or free) we will collect details about you necessary to process and send your order. We will usually collect:

Where it is appropriate we may also ask for:

The lawful basis for processing this data is ‘Legitimate Interests’:

Individuals affected by or worried about pancreatic cancer

We provide support to individuals affected by pancreatic cancer and collect personal data to do this. If you contact us for support, we may collect sensitive personal data about your health (or that of your loved one) when you speak, e-mail or send a message to us.  We will always ask your permission to record this.  We will usually collect:

We will use this information to answer your questions and give advice or guidance. We will also keep them as a record of your relationship with us, so that we may help you further if you contact us again. We will only use them for this purpose and only keep them for as long as necessary to support you.

The lawful basis for processing this data is ‘Legitimate Interests’ and for sensitive data it is ‘consent’:

Sharing your story

Some people choose to tell us about their experiences with pancreatic cancer to help raise awareness and to help others.  If you do this, you will give us sensitive information related to your health and family life in addition to your contact details. We will take extra care to keep this data safe.

We will only ever share this information publicly if we have your explicit consent to do so. We will usually share it via our website in the patient stories section or in a specific text approved by you. Sometimes we may use your information in materials promoting our campaigning and fundraising work, or in documents such as our annual report, but only with your consent.

From time to time we may be asked for details of your story, by third parties (such as newspapers, radio stations or TV producers). We will never pass your details to them without your explicit consent each and every time we are asked.

The lawful basis for processing this data is ‘Legitimate Interests’:

Children’s data

Occasionally we collect and use information about children, and aim to manage it in a way which is appropriate to the age of the child.  Information is usually collected when children attend our events or fundraise for us and will always be recorded alongside the details of their responsible adult.

We will always seek consent from a parent or guardian before collecting information about children.  Our events have specific rules about whether children can participate, and we‘ll make sure advertising for those events is age appropriate. We will never contact children with direct marketing and we will never share details of children without consent of their responsible adult.


If you advise us or help us with our work (for example providing us with expert medical advice, reviewing our patient information) we will usually collect:

We will mainly use your data to:


Direct Marketing

We produce regular updates about the progress we are making, with news about pancreatic cancer and pancreatic cancer research and to tell you about other ways you could get involved or give your support.  We will only contact you in this way if you have given us consent to do so.

We send our updates in a number of ways:

Whenever we collect details from you, we will make it easy for you to tell us if you want to receive these updates. You will be able to select a way that suits you.. We will use some of the information we hold about you to ensure the updates we send are timely and relevant to you. We will not send updates to you if you have never consented to us doing so.

If you don’t want to hear from us, that’s fine.  Just let us know when you provide your data or you can contact us on 0303 040 1770, email us on or fill in this form: Change Your Preferences to tell us to stop.

We never sell or share personal details with third parties for the purposes of marketing.


How we keep your data secure

We ensure that there are reasonable and appropriate technical controls in place to protect your personal details. We use a secure network and trusted software to hold and process your data. Our online forms are always encrypted, and our security practices are routinely monitored and updated.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers, or contractors. Anyone not directly employed by us is asked to sign a confidentiality agreement and only given access to the data they require, to do the job we have asked of them.

Whenever we embark on a new activity where we collect personal details, we perform a Privacy Impact Assessment to ensure we do not put your personal details at risk.


Who has access to your data and who we share it with

Pancreatic Cancer Action would not be able to perform its work without relying on third party services.

We use the services external companies to collect, store and process personal data. We do comprehensive checks on these companies and their services before we work with them, to make sure they have adequate policies and security in place.

Wherever possible we aim to keep your details within the EEA. However, some of services we use run their operations outside the European Economic Area (EEA).  Although they may not be subject to same data protection laws as companies based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

The types of company and service we rely on are described below.

Cloud & data centers

We make use of cloud based tools and services for much of our day to day work. This includes things like email, storing documents and spreadsheets and running our supporter database, running our website and online shop. Your personal data is handled and stored using these tools. Be reassured that we use verified, trusted and leading providers. Some of them host data outside of the UK so we ensure that they have the relevant international data protection agreements in place.

Examples of these tools include Microsoft Office 365, Salesforce CRM, WordPress for our website.


Payment processing

Credit card details you provide are handled directly by our credit card payment processors, Secure Trading and PayPal and are not held by us.

For direct debit payments, the bank details you provide are collected and handled directly by our online Direct Debit provider, Go Cardless and are not held by us.

PayPal account details you provide are collected and handled directly by PayPal and are not held by us.

Thes are leading providers of payment processing services with appropriate security and data protection in place.


Email Newsletter subscription

We use MailChimp to send e-mail updates and newsletters. If you have told us you would like to be kept up to date with news and opportunities from PCA, your name and email addresses will be handled by MailChimp to provide this. MailChimp is verified, trusted, and a leading provider of this service.

All messages sent include a one-click opt-out option (an unsubscribe link) that will remove individuals from the email mailing list.

Postal Newsletter Subscription

We use various postal mailout fulfilment companies to send our Action Magazine. If you have told us you would like to be kept up to date with news and opportunities from PCA by post, the fulfilment company will handle your name and address to provide this.

We only use verified, trusted providers of this service who will delete their copy of your details as soon as they have completed fulfilment.

Fundraising event participation

When you sign up to an event with PCA, we will pass your details on to the event organiser to register your place. We only buy charity places from trusted event organisers. Event organisers process your details according to their own privacy policies so please check you are happy with them before signing up. We will always tell you what will happen to your details when you sign up.

Examples of these event organisers are London Marathon, Tough Mudder, Great Runs.


From time to time we exhibit at large, nationally recognised conferences. At these, we may use a scanner or mobile phone technology to collect contact details so that we can get in touch when we return to the office.

Your data will be collected and stored by the provider of these technologies in conjunction with the conference organiser, who will then pass on your details to us. Please make sure you have read and are happy with their privacy policies and notices before providing your details to them.

Other official bodies

On occasion, we may need to disclose your details if required by law – to the police, regulatory bodies, or legal advisors. We will only do this in response to a valid request in compliance with UK law.


How to access and update your personal information

We want to make sure that your personal information is accurate and up to date and that you are happy with the way we use it.

You may ask us to:

You have a right to access the personal information we hold about you and in certain circumstances to be provided with a copy of that information.  To do so, please send a description of the information you want to see along with proof of your identity, by post to the address below.   

Data Protection Officer,

Pancreatic Cancer Action,

Oakhanger Farm Business Park,



GU35 9JA

For more guidance about requesting a copy of your personal data click here: Information Commissioner’s Office – requesting personal information (link is external)


Raising Concerns

We take great care to look after your personal details and to keep them safe and we want you to be happy with the way we do so.  If however, you wish to raise a concern, please read our complaints procedure to find out how.

You can find further guidance on how to raise concerns about personal data here: Information Commissioner’s Office – raising concerns  (link is external).  


Pancreatic Cancer Action Privacy Statement       last updated:   24th May 2018