This page contains our website privacy notice. Refer to the bottom of the page for links to our other privacy notices pertaining to health records, campaigns, social media, case studies and recruitment
Collection of personal information
In accordance with the UK’s Data Protection Act, BPAS will hold and process your personal data in order to provide the services or information you have requested. This data will not be sold or passed on to any unrelated party.
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website, for instance by completing a call back request form, providing comments and feedback on the website or asking to receive the BPAS newsletter.
Every effort has been made to ensure that information sent over the internet is secure and that your details will remain confidential and accessible to only those who need to know that information in relation to the service / help requested.
Automated collection of personal information
BPAS is committed to protecting the privacy of all individuals using this website. As with many other websites, when you access pages on the BPAS website certain information provided by you is automatically recorded. When you visit our website, our server will record your computer’s IP address (the unique numerical address given to every computer connected to the internet) and the time and duration of your visit.
What are cookies?
A cookie is a small data file made up of letters and numbers which is placed by a website on the device you use to access the internet. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises cookies. These cookies are crucial for remembering site-specific preferences, accessibility options and navigating between pages, improving the end-user experience. Cookies may also be used to provide targeted advertising so that the adverts seen online by visitors are tailored specifically to their interests, depending on prior search-terms used and websites visited. Cookies can be “first party”, i.e. cookies set by the operator of the website for use in that website only, or “third party” – set by another company who will then externally inspect and extract data from these cookies to provide services offered, such as performance tracking or targeted advertising.
Types of cookies
When assessing cookie compliance, the ICO separates cookies into 4 categories, detailed below.
Category 1: strictly necessary cookies
Generally these cookies will be essential first-party session cookies. Strictly necessary cookies are normally used to store a unique identifier to manage and identify the user as unique to other users currently viewing the website, in order to provide a consistent and accurate service to the user. Examples include: cookies used to verify and validate a user’s login ID; cookies required for account management; cookies required for shopping basket functionality.
Category 2: performance cookies
These cookies can be first or third party, session or persistent cookies. Their usage is limited to performance and website improvement. Examples include: cookies used for web analytics such as Google Analytics.
Category 3: functionality cookies
These cookies can be first party, third party, session or persistent cookies. These cookies will typically be the result of a user action, but might also be implemented in the delivery of a service not explicitly requested but offered to the user. They can also be used to prevent the user being offered a service again that had previously been offered to that user and rejected.
Category 4: targeting or advertising cookies
These cookies will usually be third-party cookies. They will always be persistent but time-limited cookies. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store a code that can be translated into a set of browsing habits or preferences using information stored elsewhere. These cookies may also be used to limit the number times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign.
What cookies do we use on this site?
This website uses the following third-party cookies created by Google that allow us to use the Google Analytics service:
Google Analytics (__utma, __utmb, __utmc, __utmv and __utmz)
These cookies are created, stored and retrieved by Google when a user visits this website and are classified as category 2 performance cookies.
__utma is a persistent cookie that uniquely defines visitors;
__utmb & __utmc are session cookies that last for a maximum of 30 minutes;
__utmv allows custom tracking parameters to be passed;
__utmz is a persistent cookie that lets us know how visitors reached our website.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous manner such as the number of visitors to the site, where visitors have come from geographically, the pages they have visited and the devices and browsers the visitor is using.
This website uses the following third-party cookie from Civic UK:civicCookieControl
This cookie is set in order to remember your preferences in regards to cookies.
How to manage, disable or prevent Cookies
You can manage or disable cookies in your Internet browser without affecting your use of this website.
Click here for information on how to manage cookies stored on your computer or stop cookies being installed by your browser.
Continued use of this website means that implied consent has been granted for BPAS to place the aforementioned cookies onto the user’s device.
This website is operated by:
20 Timothys Bridge Road
Stratford Enterprise Park
Telephone: 0345 365 5050
Data Privacy Notice
Marketing, External Affairs & Social Media Data Privacy Notice
BPAS – Marketing, External Affairs & Social Media
This privacy notice was last updated on 19th July 2018.
1. What is the purpose of this Privacy Notice?
Your ‘personal data’ or ‘personal information’ is any piece of information that would allow us to identify you as an individual. The processing of personal data is governed by the EU General Data Protection Regulation (the “GDPR”) and national laws that implement the GDPR in each European Economic Area (“EEA”) country.
We take your privacy very seriously, and this document sets out what personal information we collect from you in relation to this service, how we intend to use it and what your rights in respect of that information are. By participating in our marketing, fund raising, campaign, donation activities and/or events and using our social media sites, you are accepting and consenting to the practices described in this Privacy Notice.
It is important that you read this Privacy Notice (together with any other privacy notice or fair processing notice we may provide you with on specific occasions when we are collecting or processing personal data about you) and we encourage you to keep copies of all such notices for your records.
Our products and/or services are not intended for children and we do not knowingly collect data relating to children.
2. Who controls your personal information, and how do you get in touch?
The controller of your personal information is British Pregnancy Advisory Service (BPAS), which is a charity and limited company registered in England and Wales under Guarantee No: 1803160 and registered Charity No: 289145 and registered with the UK Information Commissioners Office under data controller number: Z5613684 (“we”, “us”, “our”).
Should you have any query in respect of this Privacy Notice or your personal information, you can contact us at the following:
Data controller: British Pregnancy Advisory Service (BPAS)
Address: 20 Timothys Bridge Road, Stratford Enterprise Park, Stratford-upon-Avon, Warwickshire, CV37 9BF
Telephone: +44 345 365 5050
3. What information do we collect about you, and for what purpose?
We may collect, use, store and/or transfer information about your identity, contact details and marketing & communications preferences if you sign up to be a supporter for one of our newsletters, sign a petition or become an e-campaigner (on the website or in person), including:
- Email address
- Mobile telephone number (for SMS marking / updates)
- Communication preferences.
We may also collect, use, store and/or transfer information about your identity, contact details and profile if you use our social media sites, or interact with us on social media:
- Email address
- Details you share with your social media platform and allow us to have access to
If you come to an event or attend one of our training courses, we may collect, use, store and/or transfer information about your identity, contact details, financial and/or transaction data and marketing & communications preferences, such as your:
- Email address
- Telephone Number
- Transaction or financial information (although your financial data, such as payment card details, will be captured by our payment service providers and not by us directly)
If you donate or attend a fundraising event, we may collect, use, store and/or transfer information about your identity, contact details, financial and/or transaction data and marketing & communications preferences, such as your:
- Email address
- Telephone Number
- Transaction or financial information
If you are a member of the press, or an interested party and your information is publicly available then we may collect, use, store and/or transfer information about your identity and contact details, such as your:
- Email address
- Telephone Number
- Previous interactions with us, or commentary about us that you make available via public sources of information
We may also process publicly available data based on what people say about us in the press, social media or other websites. We may collect information including what people are saying about women’s health, reproductive health and maternal health. We may do this directly or via a third party who will anonymise the data for us. This data will be processed under our legitimate interests to improve our services. Where possible this data will be anonymised or pseudonymised and kept for no longer than necessary.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose if you cannot be identified in any way. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any special categories of personal data about you for these services (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences for these services.
4. How do we collect and use your personal information?
We collect your personal information through different methods, including:
- Information you give us.You may give us information about your identity, contact details, financial and/or transaction data and marketing & communications preferences when you sign up to a newsletter, sign a petition or become an e-campaigner, join us at an event, training session or donate to us.
- Information we automatically collect about you. We may automatically collect information about your profile if you share certain details with your social media platform or donation partner.
- Information we receive from other sources.We may receive personal data about you from various third parties and public sources. For example, we may receive:
o Technical data from analytics providers;
o Contact, financial and transaction data from providers of technical, payment and delivery services;
o Public sources of information on the internet based on what you do (journalists) or your opinions as they relate to our services, and
o Identity and contact data from selected business partners, data brokers or aggregators.
We may purchase lists of data from organisations, from time to time, that can provide data privacy records showing your consent for the use of this data by us. There may also be instances where people make purchases on your behalf and sign you up to our services or information. If this is the case then we will endeavour to contact you within thirty (30) days to let you know this has happened, and you can ask us to stop processing at this point. We may also use your information if you have made this public, are over 18 and may have interacted with us.
5. What is our legal basis for collecting and using your personal information?
We will use your personal information in the following ways and for the following purposes:
6. What if you do not want to provide your personal information?
You do not have to provide your personal information to us. However, should you choose not to provide it, you will be unable to receive our newsletters or other information from us, join our campaigns, interact with us over social media, come to an event or attend one of our training courses. Where we need to collect personal data by law or under the terms of a contract we have with you (e.g. if you try to purchase a training course or make a donation) and you fail to provide it when requested, we may not be able to perform the contract we have or are trying to enter into with you and may have to cancel the service you have with us (but we will notify you at the time if this is the case).
7. How is your personal information protected?
We maintain strong physical, electronic and procedural safeguards to protect the confidentiality, integrity and availability of your personal information. We have taken appropriate security measures against illegal and/or unauthorised access to your personal information, and against the accidental loss of, or damage to it.
8. Do we share your personal information with anyone?
Data is shared as part of providing these services with parties outside of BPAS that allow us to process your data and provide elements of services for us. These parties may include:
Microsoft – Microsoft provide our email service and when you email us this will be controlled under: https://products.office.com/en-us/business/office-365-trust-center-privacy
More Onion –More Onion manages BPAS petitions and email campaigns. More Onion act as a data processor which means we have a contract in place with them, that they cannot do anything with your personal information unless we have instructed them to do so, and that they will not share your personal information with any organisation apart from us. They will retain information securely on our behalf and retain it for the period we instruct.
JustGiving – If you donate to us through Just Giving then you will be subject to their data privacy notice that can be found at: https://www.justgiving.com/info/privacy-policy-versions/privacy-policy-v20
GoCardless – If you decide to become a friend of bpas, your donation will handled by GoCardless, so we do not store your bank details. We will use contact details collected by GoCardless to keep you updated with news and other relevant information.
VirginMoneyGiving – If you donate to us through Virgin Money Giving, then you will be subject to their data privacy notice that can be found at: https://uk.virginmoneygiving.com/giving/terms/privacy-policy.jsp
Savoo – If you donate to us through Savoo then you will be subject to their data privacy notice that can be found at: https://www.savoo.co.uk/info/the-legal-stuff/privacy/
HMRC – If you allow us to reclaim GiftAid then we need to check your status with HMRC and apply for the tax rebate, when we do this we exchange information with HMRC and this data will be subject to their data privacy notice that can be found at: https://www.gov.uk/government/publications/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you
Payment service provider / Bank – If you donate to us; to process your payment, we may need to share information with our partners to process this payment.
We may also need to share your personal information with the following in limited circumstances:
- IT security providers
- External advisors (for example solicitors or auditors) and
- Public authorities or law enforcement.
If we sell or buy (or plan to sell or buy) any business or assets or seek investment from a third-party investor, we may disclose your personal data to the investor or prospective seller or buyer of such business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Any time we provide access to your personal information to someone else, we will ensure that it is adequately secured to protect your privacy and that they comply with the requirements of the applicable data protection legislation.
9. Will your personal information be transferred outside of the EEA?
If you are a resident of a country in the EEA, we may need to transfer your personal information outside of the EEA, for example where our data storage facilities or processing locations are in another country.
Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by putting adequate, legally-approved safeguards in place, including at least one of the following:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe and
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
If you would like more information about our safeguards, please contact us using the details inserted in section 2 above.
Please note that some of the social media companies that we interact with may share your data outside of the EEA. We have no control over this as it is bound by their data privacy notices to you. Please see section 8 above and review their data privacy notices carefully.
10. How long do we keep your personal information?
We will only retain your personal data for as long as necessary to fulfil the purposes we hold it for, including for the purposes of satisfying any legal, accounting or reporting requirements. In general, we will need to keep the information that we collect from you for the following periods of time:
We may sometimes need to keep a copy of your personal information for a longer period, for example in the event of an incident, to investigate a data breach or to comply with legal requirements. We will never keep your personal information for longer than we consider necessary.
In all cases, your personal information will be securely destroyed once the retention periods described above expire.
11. What are your rights in respect of your personal information?
You have rights in respect of the personal information we hold on you, including the right to ask us to:
- Informyou on how we collect and use it (this Privacy Notice is designed to do that)
- Rectifyit if you believe that it is incorrect
- Deleteit (only to the extent you consented to us using it)
- Provide you with a copyof any information we hold on you in a portable data format that we agree
- Request the transferof it to you or a third party
- Tell you about automated decision-making solutionsthat we use and
- Restrictthe processing of it e.g. stop processing or using it temporarily.
You can object to our use of your personal information for our legitimate purposes at any time.
Should you want to exercise any of those rights, please contact us using the details set out in Section 2 above.
Our partners use automated decision making for the following reasons:
- To process your payment card for your purchase to be approved.
BPAS does not handle these processes directly and they are provided to us. If you would like to know more about these processes and which companies to contact to find out how this data is processed then please contact us using the details set out in Section 2 above. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
12. Will we do anything else with your information in the future?
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new, unrelated purpose, we will endeavour to notify you and communicate the legal basis which allows us to do so before starting any new processing.
The exception to this is where use of the personal information is required or permitted by law e.g. generation of reporting information for the government or for another legal reason that may require us to contact you. In this case, we may process your personal information without your knowledge or consent.
13. You have the right to complain to us or our supervisory authority
You also have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office, which can be contacted at the following:
Supervisory Authority: UK Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Telephone: 0303 123 1113
14. Changes to this Privacy Notice and your duty to inform us of changes
We may need to make changes to this Privacy Notice in the future (for example, to comply with new legal requirements).
Where that is the case, we will provide you with a revised Privacy Notice on our website, which you will be able to access. If required by law, we will seek your prior approval before revising this Privacy Notice.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.