Privacy policy

The Follicular Lymphoma Foundation is committed to protecting your privacy and being transparent about how we use your data. We will only use the information that we collect about you lawfully. This page tells you about how we collect, use and store your personal information.

If you have any queries about our privacy policy, please contact us by email or on +44 203 417 8583.

1. Why do we collect information?

We need to collect some personal details so we can respond appropriately to your contact with us. For example, to make sure we can process your donation, thank you for your support or send you information you have requested. We also collect statistical information to see how our website, social media channels and emails are performing in order to improve our communications.

Occasionally, we take time to learn more about our supporters. We use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters. It also allows us to target our resources effectively. We do this because it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would.

When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses, listed Directorships or typical earnings in a given area. If you would like to find out more about how, why and when we research our supporters please contact us at If at any time you would like to opt-out of your data being used in the ways described above please do contact us by email or on +44 203 417 8583.

2. What information do we collect and how do we collect it?

When you get in touch with us directly, we may ask you for personal information. For example, if you are setting up a regular payment by direct debit, we may ask for your name, address, email address, telephone number, and your bank account details. We only collect other information, such as relevant medical information, if it is necessary – for example, to ensure your safety when you register for a challenge event. The information we collect and in which ways are set out below.

2.1 Website visit tracking

Like most websites, this site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, and better understand how they find and use our web pages.

Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. We consider Google to be a third party data processor (see section 4 below). Google Analytics makes use of cookies, details of which can be found on Google’s developer guides.

Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

2.2 Donations

When you make a donation to us directly, whether it is a single or regular donation, directly collect information that is needed in order to process it: your name, address, and bank details. We’re required to store bank details in some circumstances, such as when they’re used for direct debit payments. We also ask for your email address so that we can send you an acknowledgement of the transaction for your records. However, if you would rather not receive further contact from us, beyond that which is needed to complete the transaction, you can let us know via the online donation form, or by contacting us.

2.3 Email updates

We invite visitors to our website to sign up to receive regular email updates about our work. These are of vital importance to the success of our mission. They include opportunities to support our work by organising activities to raise funds, or making financial donations to enable us to continue our work. They also include newsletters about specific projects. We aim to give you control over what emails you do and do not receive. You can update your preferences or unsubscribe from our email mailing lists at any time by clicking the unsubscribe link at the bottom of an email from us or by contacting us – see section 9 below for further details.

2.4 Contact forms and email links

Should you choose to contact us using a contact form or an email link, none of the data that you supply will be stored by this website or passed to/processed by any of the third party data processors defined in section 4. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices.

2.5 Applications for job and volunteer opportunities

If you apply for a job via email or post for a volunteer position you have seen on our website we will keep information for five months. We will also destroy or delete any electronic and hard-copy records we have of your application, including your personal details, after five months. We keep your information for this period in the event that you wish to dispute or challenge the outcome of your applications. Job applicants will only receive communications from us that are relevant to their applications. If you have any questions about the applications process, contact us at by email or on +44 203 417 8583. 

We also collect information when you agree to provide it to us via third parties. Further details can be found at section 6 below.

2.6 Social media

Depending on your settings or the privacy policies for social media and messaging services like Facebook or Twitter, you might give us permission to access information from those services such as Facebook and Twitter, for example when you publicly tag us in an event photo.

3. How do we keep your information safe?

We take all appropriate measures to ensure your personal information is kept secure. Personal information stored electronically is kept with limited access from appropriate staff for as long as is necessary for the fulfilment of our legal obligations or our obligations to you as a visitor, supporter or service user. To ensure our staff understand and are able to keep your data secure, all staff receive data protection training when joining the organisation.

Please note that while we have taken every appropriate measure to secure your data, transmission of information over the Internet is never 100% secure so while we take all possible precautions, we can’t 100% guarantee the security of any information you submit to us via our website.

4. What are our legal bases for processing your personal information?

Under current data protection law, we must have an appropriate legal basis for collecting and processing your personal information. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.


Consent means you have actively given consent for us to use your information for a specific purpose. We use this legal basis to send you email updates about our campaigns, events and fundraising opportunities. Under this legal basis, you have the right to withdraw your consent for any future use of your information for this purpose at any time.

Legal obligation

In some cases we must collect personal information in order to comply with one of our legal or regulatory obligations. For example, may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator or Information Commissioner, to use information we collect about you for due diligence or ethical screening purposes.

Performance of a contract / take steps at your request to prepare for entry into a contract

We must us your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are buying something from us (for instance, an event place), or applying to work/volunteer with us.

Vital interests

We must use your personal information where it is necessary for us to protect life or health. For instance if there were to be an emergency impacting individuals at one of our events, or a safeguarding issue which required us to contact people unexpectedly or share their information with emergency services.

Legitimate interests

The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights. We consider our legitimate interests to include all of the day-to-day activities the Follicular Lymphoma Foundation carries out. For example, by:

  • providing information to people living with FL and their families and friends
  • processing donations
  • administering events

“Legitimate interests” can also include your interests, such as when you have requested information from us. We rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our interests in us using your information in this way.

When we use sensitive personal information we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law for using this type of information (for example if you have made the information manifestly public, we need to process it for employment, social security or social protection law purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).

5. How long do we store your personal information?

We have specific criteria to determine how long we will retain your information, which vary according to legal bases under which we process it. For example, we are required to keep some personal information for tax or health and safety purposes, as well as keep a record of your interactions with us.

6. Is my information shared with anyone?

We will never sell or share your personal information with other organisations who can contact you except where we are required to by law. We work with suppliers or professional agents to process your data, for example in order to process donations or send out newsletters. When we do this, we always put in place legal agreements with these third parties governing how your data will be used. These third parties have been carefully chosen. These may include (among others):

  • business partners, suppliers and sub-contractors
  • independent event organisers, for example fundraising sites like Just Giving
  • advertisers and advertising networks
  • analytics and search engine providers
  • it service providers
  • third parties we will share your information with include: HMRC to claim gift aid, ToucanTech, our CRM solution on our website, and payment providers such as Stripe for one off donations by payment card or for regular direct debit or recurring  donations, Go Cardless for UK direct debits and PayPal. You can find a link to the privacy policies for Stripe, Go Cardless and PayPal privacy statements here,
  • where these companies are based in the US we use Privacy Shield or sign an agreement with compliant clauses to ensure your data is protected.

We reserve the right to disclose your personal information to third parties if we are under any legal or regulatory duty to do so.

7. What legislation does our data protection policy comply with?

Along with our business and internal computer systems, this website to complies with the General Data Protection Regulation (GDPR) (EU) 2016/679. This site’s compliance with the above legislation, which is stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with data protection and user privacy legislation in your country of residence, you should contact our data protection officer (details can be found in section 10) for clarification.

8. What are your rights under the current data protection laws?

Under UK data protection law, you have rights over personal information that we hold about you:

Right to access your personal information

You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply. If you want to access your information, send a description of the information you want to see by post to Data Protection Follicular Lymphoma Foundation 417 Finchley Road, London, NW3 6HJ. Right to have your inaccurate personal information corrected. You have the right to have inaccurate or incomplete information we hold about you corrected. If you believe the information we hold about you is inaccurate or incomplete, please provide us with details and we will investigate and, where applicable, correct any inaccuracies.

Right to restrict use of your personal information

You have a right to ask us to restrict the processing of some or all of your personal information in the following situations: if some information we hold on you isn’t right; we’re not lawfully allowed to use it; you need us to retain your information in order for you to establish, exercise or defend a legal claim; or you believe your privacy rights outweigh our legitimate interests to use your information for a particular purpose and you have objected to us doing so.

Right to erasure of your personal information

You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions, you have the right for this to be done.

Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format. 

Right to object to the use of your personal information

If we are processing your personal information based on our legitimate interests or for scientific/historical research or statistics, you have a right to object to our use of your information.

If we are processing your personal information for direct marketing purposes, and you wish to object, we will stop processing your information for these purposes as soon as reasonably possible.

If you want to exercise any of the above rights, please contact us by post at:

Data Protection
Follicular Lymphoma Foundation,
417 Finchley Road, London, NW3 6HJ.

We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO (link is external)).

9. How can you change your contact details and preferences with us?

If you are a Follicular Lymphoma Foundation supporter you can update your contact information and contact preferences by emailing us at or by writing to us at the following address:

Data Protection
Follicular Lymphoma Foundation
417 Finchley Road, London, NW3 6HJ.

To stop receiving emails from us at any time please contact us using the details above or you can click the unsubscribe link at the bottom of an email from us.

Remember: if you make a donation or request information online you will receive a one-off transactional email about that activity for your records.

10. How to find out what personal information we hold about you

You can request details of the personal information we hold about you under the General Data Protection Regulation (GDPR) (EU) 2016/679. You have the right to access this information free of charge, but we have the right to ask you for a reasonable administrative fee if your request is excessive or repetitive. We will respond within one month as required by data protection legislation. If you would like a copy of the information we hold on you, in the first instance please write to:

Data Protection
Follicular Lymphoma Foundation
417 Finchley Road, London, NW3 6HJ.

11. What if you would like to make a complaint?

If you are unhappy with any aspect of how we are using your personal information we’d like to hear about it. We appreciate the opportunity this feedback gives us to learn and improve. To make a complaint, please contact the: Data Protection, Follicular Lymphoma Foundation. Finchley Road, London, NW3 6HJ.

You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office (link is external), the UK data protection regulator.

12. Cookies

This website uses cookies to help you in your interactions with the site. Most cookies are session cookies, lasting only for the duration of your visit and are deleted when you close your browser. No personally-identifiable data is collected. Examples of the sort of information that is collected via session cookies are provided below. This list is not exhaustive:

  • the last search term that you used within the site.
  • your preference in terms of accessible viewing options.
  • a unique ID to track your session from page to page, which is vitally important should you sign in to the site.
  • which page you have looked at within a multi-paged index of content, or search results.

Certain cookies are persistent, meaning that they last beyond your session, enabling an enhanced user-experience when you return to the site. Again, a non-exhaustive list of examples of the use of persistent cookies includes the option to “Remember my username” when signing-in to the site. 

Third-party cookies Google Analytics

This site uses Google Analytics to allow us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. The cookie contains no personally-identifiable information, but it does use your computer’s IP address to determine where in the world you are accessing the site from, and to track your page visits within the site. However, Google does not permit us to access this data. Read Google’s privacy policy.

Embedded content

From time to time, we may embed external content from third-party websites (e.g. posts from Facebook or videos from YouTube) within our website. These websites may utilise cookies and the Privacy Policy that will apply to such third-party content will be that published on the website of that third-party content provider. Read Facebook’s privacy policy and Youtube’s privacy policy


Facebook is a social media platform we use to communicate with our supporters through our organisational paid, via posts and advertising. We use cookies to measure the effectiveness of paid advertising and to include or exclude people who have visited our website. Read Facebook’s privacy policy

Changing cookies settings

You can change your cookie settings at any time via your web browser settings. To find out more visit or

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

13. Change log

  • 22/7/2022: policy updated.
  • 05/11/2019: policy updated.