HRUK is dedicated to protecting your personal data and being honest and transparent about what information we hold about you and how we process this data. We can assure you we strictly comply with all General Data Protection Regulation so your data is safe with us.
We will look after any personal information that you share with us, whether this is collected online or via phone, email, in letters, face to face or in any other correspondence. This is central to our values as an organisation. We pride ourselves on our ethical approach to fundraising. HRUK has never and will never knock on your door, stop you in the street or ring you to ask for donations unless we have your permission.
We like a personal approach, so if we want to contact you we do it ourselves and with your permission, we certainly don’t pay anyone to do it. We treat people how we would like to be treated ourselves. We want everyone who deals with us to feel confident about how any personal information they share will be looked after or used.
Collecting relevant data from our donors and volunteers helps us to be more efficient and send you relevant information – all helping us to help people live healthier, happier, longer lives.
You can be confident that:
- We only use personal information in the ways we need to and that is expected of us
- We will only communicative with you about our work, including how we are spending your money and how you can continue to support us
- Our lawful basis is consent and legitimate interest
- We will make it easy for you to tell us how you want us to communicate with you, including how to opt out from future communications. We promise your request will be dealt with straight away
- We will never release your information to organisations outside of HRUK for their marketing purposes
- We take all reasonable care to safeguard your personal information through security policies, encrypted computer equipment, lockable filing cabinets and secure business processes
- What information HRUK collect about you
- How we use that information
- How we store your information
- Details about sharing/being in receipt of your information
- Your choices regarding the information you provide to us
- How you can change your mailing preferences
Please click on a header below to read more:
- About Us
As the second largest heart charity in the UK, Heart Research UK fund pioneering medical research into the prevention, treatment and cure of heart disease as well as helping communities improve their lifestyles with Healthy Heart Grants. Our work also expands into education where we train clinicians in expert techniques, educate children about heart health and educate workforces on how to improve their health.
Our registered charity number is: 1044821
Our registered office is: Suite 12D, Joseph’s Well, Leeds, LS3 1AB
Company limited by guarantee No 3026813
Registered in England
Your communication preferences can be updated at any time via www.heartresearch.org.uk/preference
We also have an office in the Midlands: 3rd Floor, 13 St Paul’s Square, Birmingham B3 1RB
- The information we collect
Information supplied by you. This comes in many forms such as when you engage with our social media, make a donation to us, register for an event or provide us with personal information. This can be given online, verbally, via a letter, email or other methods. When you register, we’ll ask for personal information, such as your name, postal address, email address, telephone numbers and DOB (occasionally) to store with your account. We store this information on our secure database so we can carry out your request and for internal purposes so we can track when we actioned your request – for instance if you do not receive what you have requested, we can check to see if this was actioned against your record.
Information we get from your use of our website. Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. Click on the cookies section to find out more about this.
In addition, the type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
We do not usually collect ‘sensitive personal data’ such as race, health information etc unless there is a clear reason for doing so, such as participation in a marathon or similar fundraising event or where we need this information to ensure that we provide appropriate facilities or support to enable you to participate in an event.
We may also collect sensitive personal data if you make the information public or if you tell us about your experiences relating to heart disease (for example, if you act as a case study for us or volunteer to be an Ambassador); however we will always make it clear to you when we collect this information, what sensitive personal data we are collecting and why.
- People who visit our website
We have an option for visitors to set up an account with our website – much like you would if you regularly purchased from a shopping site. If you set up an account on our website (to make a payment) then the following will apply:
We will collect information such as your name, postal address, email address, telephone number and occasionally your DOB. Once you set up an account you will not be anonymous to us when you subsequently sign in. There is always an option to not set up an account and sign in as a guest. This is put in place to make the website much more user friendly for supporters.
Your bank details
If you use your credit or debit card to donate to us, buy something or pay for a registration online or over the phone, we will ensure that this is done securely.
We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases or donations should be completed through the donation page our website (www.heartresearch.org.uk/support) or via our reception by calling 0113 234 7474.
- Legitimate Interest
In certain instances, we collect and use your personal information by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from HRUK, we have a legitimate organisational interest to use your personal information to respond to you and there is no overriding prejudice to you by using your personal information for this purpose. This is also the case where we process your donations in support of HRUK’s objectives, for our internal administrative purposes, and where we need to take steps to protect our network security or risk of fraud.
In most instances, however, we will rely on obtaining your consent to our use of your personal information. This is the case, for example, where we seek to obtain your consent to receive email marketing about HRUK.
We always try and send you relevant information about HRUK - what we do, how we spend your money and how you can support us. We never bombard our supporters – we send out very little direct mail – often only twice a year and our emails are kept to a minimum so not to bother you.
If you have provided us with your postal address we may send you direct mail about our work unless you have told us that you would prefer not to receive such information.
If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to HRUK emails or opting in to email communication from HRUK, you grant us the right to use the email for email marketing purposes, until you opt out.
You are always in control:
We pride ourselves that you always have and always will be in control as to whether you want to receive information about our work, how we raise funds and the ways you can support us. If you do not want us to use your personal information in these ways please indicate your preferences at the time we collect your data, whether that be verbally, by post or via email, text or on our website.
You can opt-out of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of our marketing emails sending us an "opt-out" text message, following the instructions we provide you in our initial text.
You can change any of your communication preferences at any time, including telling us that you no longer want to hear from us, by visiting www.heartresearch.org.uk/preference or calling 0113 234 7474
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you.
- How we fundraise
We treat people how we would like to be treated ourselves.
HRUK has never and will never knock on your door, stop you in the street or ring you to ask for regular donations unless we have your permission. If you donate to us regularly through direct debit, you will never get a call from us asking you to increase what you give, we are grateful for every penny you give and it is up to YOU to tell us if you would like to increase your support, certainly not the other way round.
We like a personal approach, so if we want to contact you we do it ourselves, with your permission and we certainly don’t pay anyone to do it.
We pride ourselves on not harassing people for money, we understand that you will get lots of requests to support many charities, some of which you will have a personal connection with. We hope you find what we have to say interesting and understand that it is only through fundraising that we are seeing more and more people living with heart disease, cancers and other conditions. Our objective is to keep families together for longer and allow people to live healthier, happier, longer lives and with around 7 million people living with cardiovascular disease in the UK, it’s a very real problem that affects most of us at some point. The good news is that since HRUK was established in 1967 the annual number of deaths from cardiovascular disease in the UK has fallen by half and in the 1960’s more than 7 out of 10 heart attacks in the UK were fatal. Today at least 7 out of 10 people survive. These positive statistics only happen because of people who support us, as you can see, your donations are very powerful.
We are proud members of the Fundraising Regulator and follow the codes of fundraising practice.
- Sharing/receiving information from third parties
HRUK may disclose/receive your personal information in the following circumstances:
We may share your postal address to a mailing house if they are posting out event packs on our behalf. This will only be the case for our mass participation event entrants and is only shared because we do not have the resources to manage the mailing in-house
We may share your contact information to a data cleansing company to ensure that we are not sending any communications out to deceased or gone away individuals - saving the charity money
We may share/receive display name/profile information following interactions with our social media platforms. These are subject to user’s privacy settings for each of their social media networks
We may give our web providers access to your data to improve our website and deal with any technical issues
We may receive your data from third parties who provide a service to us, some of which are data processors. This includes trusted companies and other entities that act as fundraisers for HRUK. The personal data they share with us is for the purpose of acting on your request and we would only send you marketing information if you gave them permission at the time of data collection. These include CAF (charities aid foundation), Charitable Giving, Charities Trust, Justgiving, Virgin Money Giving, Skyline, Global Adventure Challenges, Payroll Giving in Action, The Payroll Giving Team, Much Loved, Smee and Ford, Funeral Directors
These third parties comply with data protection laws. We enter into contracts with all of our data processors and regularly monitor their activities to ensure they comply.
We may share your data where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect HRUK, for example in cases of suspected fraud, breach of contract or defamation
We use due-diligence when working with any third party to ensure, like us, they adhere and comply with the General Data Protection Regulation.
Rest assured, we will never share, sell or swap your details with any third parties for the purposes of their own marketing.
- Where we store your personal data
All information you provide to us is stored on our secure servers and on our secure database Donorflex. All of our laptops are encrypted to ensure that if any were stolen or lost, any information would be safe. No personal details are saved on local drives. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to prevent unauthorised access such as cyber-attacks.
- How long do we keep your data
Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
- review the length of time we keep your personal data;
- securely delete hard copies of information that is no longer needed for this purpose; and
- update, archive or securely delete information if it goes out of date.
We keep paper financial records for as long as required to operate the service in accordance with legal requirements and tax and accounting rules. Once your data is no longer required, we will destroy it securely. In terms of financial records on our CRM, this cannot be deleted as we keep records for our financial auditing purposes and to ensure we are transparent with recording the money we receive. Please note that your credit/debit card details are not saved on our CRM, only your name, contact details and what you have donated.
- Vulnerable people
If we are made aware, or notice ourselves that any of our supporters are showing signs of vulnerability then they will be marked on our database as a ‘no mailer’ and will no longer receive information from us unless it is in reaction to an action they have made which requires a communication such as they have made a donation and require a receipt.
Cookies are a small piece of data stored as a text file in your web browser. They are installed to help you navigate our website efficiently, as well as provide information about you to us. For example, they tell us whether you have visited before or whether you are new visitor and what device you are viewing our website on.
You have the right to choose whether to accept these cookies. You can exercise this right by amending or setting the controls on your browser to reflect your cookie preferences. The ‘Help’ menu within the toolbar will inform you on how to change your settings, disable cookies and notify you when you receive a new one.
On our website there are two broad types of cookies - 'first party cookies' and 'third party cookies':
First party cookies are cookies that are served directly by the website operator to your computer, and are often used to recognise your computer when it revisits that site and to remember your preferences as you browse the site.
Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognise your computer when it visits other web sites. Third party cookies are used for a variety of reasons, most commonly used for website analytics or advertising purposes. More details are provided in the third party cookie section.
In addition, cookies may be either 'session cookies' or 'persistent cookies'. Your computer automatically removes session cookies once you close your browser. Persistent cookies will survive on your computer until an expiry date specified in the cookie itself, is reached.
Your right to erasure and to access your personal information
By law, you have a right to request details of the personal information we hold about you and to have any inaccuracies corrected. You also have the right to request us to erase your personal information, request us to restrict our processing of your personal information or to object to our processing of your personal information.
Should you wish to exercise these rights, we require you to prove your identity with two pieces of approved identification. Please address requests to Data Protection, Heart Research UK, Suite 12D, Joseph’s Well, Leeds, LS3 1AB and we will respond within 1 month of receipt of your written request and confirmed ID.
It is our legitimate interest to hold some of your data if it may be required for legal purposes and also for the purpose of ensuring that you are not contacted again if you have requested this. This data will be secure and only used for screening purposes to ensure you are not contacted again.
Where you have provided your consent for our use of your personal information, you always have a right to withdraw your consent at any time.
- Subway Helping Hearts™ Family 5K Series
Entry to the Subway Helping Hearts™ Family 5K Series
All the above data protection compliance applies to the use of your data when you have applied for a place in the Subway Helping Hearts™ Family 5K Series. To ensure your safety we may share your data with the emergency services should an emergency arise. Your personal data will only shared with the relevant emergency services if it falls into the lawful basis of vital interest.
SUBCARD® points promotion
- To receive your points as part of the Subcard® 5K offer it is the entrant’s responsibility to enter their email address correctly. Eat Commerce Ltd , Subway® or Heart Research UK will not accept any responsibility for any information entered incorrectly.
- By providing your email address in the Subcard® 5K offer you give permission for that email address to be shared with Eat Commerce Ltd and selected suppliers in accordance with the Subcard®
- Neither Eat Commerce Ltd nor Subway® will accept responsibility for those Subcard® users who do not receive their points allocation because their membership has expired