My Account
My Account

York Against Cancer Privacy Policy

At York Against Cancer, we respect your privacy and are committed to protecting your personal information.

The notice is written in accordance with the Data Protection Act 1998 and the General Data Protection Regulation 2018. It provides you with details of how we collect and process your personal data through your use of our website,, including any information you may provide through our site when you purchase a product or service or sign up to our newsletter.

York Against Cancer is the data controller and we are responsible for your personal data (referred to as ‘we’, ‘us’, or ‘our’ in this privacy notice).

If you have any questions about this privacy notice, please contact us at

York Against Cancer

York Community Stadium

Kathryn Ave


YO32 9AF

You can also email us at

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (  We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at

What information do we collect about you?

Personal information is information capable of identifying an individual. It does not include anonymised data.

We may process certain types of personal information about you, as follows:

Identity data – this can include your first name, maiden name, last name, username, marital status, title, date of birth and gender

Contact data – this can include your email address, billing address, delivery address and telephone numbers

Financial data – this may include your bank account and credit or debit card details

Transaction data – this may include details about payments made between us and other details of purchases made by you

Marketing & Communications data – this may include your preferences in receiving communications from us

Sensitive data –We need to collect the following sensitive data about you if you wish to use our minibus service for radiotherapy patients:

Your NHS number and the dates and times of your hospital appointments.

We require your explicit consent for processing sensitive data, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

How do we gather information about you?

You may give us information directly, for example when you contact us by post, phone, email or otherwise to ask about our services, when you  fill in our forms, when you sign up to an event,  when you order items from us, when you subscribe to  our publications,  ask us for our help or give us feedback. You may also give us information when you make a donation to us or fundraise on our behalf.

We may also receive personal information about you from third parties as set out below:

Referrals to our services by York Hospital/York Cancer Care Centre

Minibus referrals from Bexley Wing, St James’s Hospital, Leeds

Organisers of fundraising events such as the Jane Tomlinson Run and R U Taking the P?

If you are aged 18 or under

If you’re 18 or under, you must get permission from your parent or guardian before providing any personal information on our website.

Media and publicity

Some people share with us their experiences with cancer to help us in what we do. This may involve details of their health and personal life as well as their biographical and contact information.

If we have the express, informed consent of the individuals, or their parent or guardian if they are under 18, this information may be relayed by us in our hard copy and online publicity as well as to external media organisations.

How do we use your information?

We use your personal information to give you the information, support, services or products about which you’ve contacted us.

We use it where we need to comply with a statutory or legal obligation and where it is necessary for our legitimate interests or those of a third party and where your interests and fundamental rights do not override those interests.

We also use your data to send you information about our activities and how you can help us to help you. This information includes the work of the charity and our fundraising and volunteering activities, and communicating it is necessary for our legitimate interests in growing the work of our charity.

Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you by email or text message. You can let us know if you don’t want to receive marketing communications at any time, by emailing or writing to us at 31 North Moor Road, Huntington, York YO32 9QN. Please mark your letter or email: ‘OPT OUT’.

We use your personal information to process credit and/or debit card transactions and/or to claim Gift Aid on your donations – legally necessary to carry out contracts with you and to pursue our legitimate interests to recover monies owed to us.

We also use the information to keep a record of your relationship with us, for example when you have used our respite properties or other services. This helps us to notify you of changes to our terms or privacy policy and to request you to leave a review or take part in a survey. These purposes are necessary to perform contracts with you, to comply with legal obligations and/or to pursue our legitimate interests to study how clients use our services, develop them and grow our work as a charity.

Marketing communications

You will receive marketing communications from us if you have requested information from us or purchased good or services from us and you have not opted out of receiving that marketing.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at or by writing to us at 31 North Moor Road, Huntington, York YO32 9QN.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for a new purpose is compatible with the original purpose, please email us at

Disclosures of your personal information

We may have to share your personal data with the parties set out below for the purposes specified:

Service providers who provide us with IT and system administration services

Fundraising organisations who help raise money for our charity, such as the Jane Tomlinson Run For All

Hospitals with whom we liaise to secure services on your behalf

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

International transfers

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

The provider of our e-newsletter service, Mailchimp, is based in the United States, so their processing of subscribers’ personal data will involve a transfer of data outside the EEA. Mailchimp is part of the EU-US Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

How do we protect your information?

We use strict procedures and security practices to protect against unauthorised access to your personal information. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from its unauthorised use or disclosure and whether we can achieve our purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers, including contact, identity, financial and transaction data, for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Accessing and updating personal information

You can request access to the information that we hold on you by contacting us at York Against Cancer, 31 North Moor Road, Huntington, York YO32 9QN. Please send a description of the information you want to see and proof of your identity. We cannot accept these requests by email because we need to ensure that we only provide personal data to the right person.

Under some circumstances, you have rights under data protection laws in relation to your personal data.

You can request correction or erasure of your personal data, object to processing of your personal data, request restriction of processing of your personal data and request transfer of your personal data, and you have the right to withdraw consent.

Read more about these rights at:

If you wish to exercise any of the rights set out above, please email us at

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


Our website may include links to other websites not owned or managed by ourselves, and we cannot be held responsible for the privacy of information collected by such websites. We encourage you to read the privacy notice of every website you visit.

We may change our privacy policy from time to time. Please check back periodically to stay up to date.