EU/UK Privacy Notice

This Privacy Notice was last updated in March 2024.

St. Baldrick’s Foundation, of 1333 S. Mayflower Avenue, Suite 400, Monrovia, CA 91016, USA, operating as St. Baldrick’s (‘St. Baldrick’s’ or ‘us’ or ‘we’) is committed to protecting and respecting your informational privacy.

This Privacy Notice explains how, when and why we use your personal information and explains your rights in relation to that information. Your personal information is described and referred to in this Privacy Notice as your ‘personal information’ or your ‘personal data’.

We are based in California in the United States of America (‘USA’) and the computer systems we operate are also hosted in the USA, therefore any personal information you provide to us will be processed by St. Baldrick’s in the USA. However, as we may collect, process and retain the personal information of individual volunteers, participants and donors who are based in the Europe Economic Area (including the European Union and the UK), (the ‘EEA’); we honor and observe the requirements of the EU GDPR and the UK GDPR as it applies to us as a charitable foundation based in the USA.

We must make you aware that data protection laws and related privacy regulations in the USA may not provide individuals with the same level of regulatory protection as in some other parts of the world, in particular the EEA. If you visit the St. Baldrick’s Foundation website, register as a volunteer; participant or you make a donation, and you do so from outside the USA, you are agreeing to the terms of this EEA Privacy Policy and you are also consenting to the transfer of your personal information to the USA.

This Privacy Notice also explains how others, including other organisations we work with may or will use your personal data.

Therefore, this is our Privacy Notice for individuals based in the EEA and applies to:

• Our website https://www.stbaldricks.org
• Our volunteers, participants and donors; or,
• Anyone interested in becoming a volunteer or participant with St. Baldrick’s;
• Individuals applying for research grants.

By engaging with us (including visiting our website) you agree to the collection, use, storage and transfer of your information under the terms of this Privacy Notice, including, where applicable, the terms and conditions of our Participant Agreement; the EU GDPR and for individuals based in the UK the Data Protection Act 2018 and the UK GDPR.

Who we are and what we do

We are a USA based charity. The St. Baldrick’s Foundation recruits and trains volunteers to fundraise for scientific research into cancer affecting children. We use the funds that we raise to make grants for childhood cancer research all over the world. We help to organize fundraising events in the USA and occasionally in the EEA, with the help of our volunteers and our participants in order to encourage and attract charitable donations. We call these fundraising events our ‘signature events’ and the money we raise through those signature events, as well as our other activities, makes the research grants possible.

Identify of data controller

St. Baldrick’s Foundation, of 1333 S. Mayflower Avenue, Suite 400, Monrovia, CA 91016, USA, is the data Controller.

If you have any enquiries, concerns or complaints about our data processing activities, please contact us at sbinfo@stbaldricks.org

Securing your personal information and your responsibilities

We take the security of your personal information very seriously and we use appropriate security measures to protect your informational privacy.

Although it is our responsibility to ensure compliance with EEA data protection laws, we also ask you to act responsibly with your own or your family and/or groups’ personal data; so please:

• Make sure you read this Privacy Notice and make sure that you and any other individuals you involve fully understand its contents. If you have any questions about it, please contact us; and,
• If you believe your informational privacy has been breached by using our website or in any dealings you have with us, please contact us immediately; and,
• Although we use appropriate security measures to protect your informational privacy and follow best practice, you must understand that unfortunately, any form of data transmission which is based upon or which uses the Internet (including unencrypted emails) can never be guaranteed as completely secure.

Please also see the section below How is your Information Protected?

What information do we collect about you

1VISITORS TO OUR WEBSITE

We will collect information about you when you access or visit our website (including when you complete the online contact sign up form); when you search our website for information about our charitable operations; or, when you request further information from us.

The type of information we may collect from you when you visit or search our website, may include your name, postal address, e-mail address and telephone number (if you complete the online contact sign up form); as well as information about your computer or mobile device via analytics software such as Google Analytics or other similar technologies. The information we collect includes details of your visits to our website, traffic data, location data, your IP address, operating system and browser type (please also see our Cookies Policy).

If you contact St. Baldrick’s, we may keep a record of any communication you make dependant on the nature and purpose of the communication, subject to the terms of our data retention policy.

1.1 How do we use the website information we collect about you?

• If you have contacted us via our website, then to reply to you about your website enquiry or for your views on our services;
• If you agree, to keep you informed about our charitable operations including our news, events and promotions;
• To manage, maintain and improve the performance of our website and to provide targeted information about our events and operations.

1.2How long do we hold your personal information?

We only retain general information that we collect via our website (for example: the mobile telephone number of a device you may use to browse our website and the unique device identifier (International Mobile Equipment Identity or International Circuit Card Identifier); your IP address, login information; browser type and version, time zone setting, browser plug-in types, geolocation tracking information about where you might be; operating system and version) for as long as necessary for the purpose for which it was processed and/or as permitted by U.S. law.

However, please note that if you contact us via our website platform, then please also see the section below relating to Volunteers, Participants, Donors and applicants for Grants.

2VOLUNTEERS, PARTICIPANTS, DONORS AND APPLICANTS FOR GRANTS

We will collect information about you if: you contact us to make an enquiry and/or to ask us for further information; or, you register to volunteer (either as an event organizer or otherwise) or participate in our events; or, if you apply for a grant (via Proposal Central or otherwise); or, sign up to our mailing list (via our website or by other means); or, if you use our support and administrative services; or, if you wish to make a complaint.

The categories of personal information that we may collect from you is:

• Personal details (your name, age and gender);
• Contact details including your home and email address and telephone numbers;
• Biographical and Occupational information;
• Photographic image;
• Financial details (credit/debit card and bank details) although these are not retained;
• Health information;
• Information about your social preferences and interests.

If you provide personal information to us on behalf of any other person particularly if they are under the age of eighteen, please also see the section below on Consent and Processing Special Category Data and Children’s Privacy.

2.1 How do we use the information we collect about you?

• To process and manage your enquiry, volunteer registration, donation or application for a grant;
• Sharing your personal data with third parties that provide us with operational support (please also see the section below on Sharing and transferring your personal data with or to third parties);
• For Charity fund management purposes, including grant payments;
• For record-keeping and management purposes;
• To respond to complaints;
• To notify you about important changes or developments;
• If you agree, to keep you informed about our charitable purpose, events and operations.

2.2How long do we hold your personal information?

We retain our volunteer, participant, donor and grantee data for as long as it is necessary to fulfil the purposes it was collected for or as required by U.S. Law. We assess our data retention periods by reference to the following criteria: as required in order to satisfy the obligations we have for any legal, accounting, regulatory or reporting or operational purposes; or, as necessary to resolve complaints or disputes.

Basis of our lawful processing

The obligations imposed on us by data protection law means that we can only use your personal data if we have a lawful reason to do so. In this section we explain the lawful reasons we have for using your personal data:

Our agreement with you

We use your personal data because it is necessary for the purposes of: (i) the formation, performance or termination of our Volunteer Organizer, Participant, or Host Agreements with you in relation to our charitable operations and/or the services that we provide; or, (ii) because we have asked you or you have asked us to take specific steps before entering into such an agreement.

In summary, processing your personal data is contractually necessary for:

• The provision of our charitable operations and linked services;
• Managing St. Baldrick’s events;
• Publicity Consent and Release;
• Agreement on Conduct and Fitness for an Event;
• Our management and Administrative purposes, including providing and administering events, donations and grants; service support; messages and notifications; accounts purposes e.g. processing payments.

Our own legal obligations

Processing your personal data is necessary to fulfil a legal obligation that we are required to comply with such as adhering to the requirements imposed on us by US legislation or other mandatory obligations imposed by public law agencies. This may also include defending our own legal rights; our insurance and record keeping obligations.

Your consent

You have given us your explicit consent for us to process your personal data for any and/or all of the following purposes:

• The transfer of your data to the USA (Important: please also see below the section on Transferring your personal data to the USA and sharing with or to third parties
• The processing of any special category data, which is strictly necessary for the processing and performance of the Volunteer Event Organizer, Participant, and Host Agreements;
• When you visit or use our website;
• Sending you notifications, text messages and emails about our charitable operations, services, events and promotions;

Please note that if you are a parent of legal guardian, or any other lawfully authorised individual and you are providing personal information to us on behalf of any person under the age of eighteen, then you warrant and agree that:

• You have the explicit consent of all individuals concerned to provide the necessary categories of personal information to us, and;
• That all individuals concerned are aware of our Privacy Notice and that their information is to be passed to us for processing.

(Please also see the sections below on Processing Special Category Data and Keeping You Informed).

Our own legitimate interests

Where processing your personal data is necessary for our own legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your individual rights and interests.

Our legitimate interests are:

• Delivering, developing, and improving our operations and services;
• Our direct marketing activities, including determining whether our marketing activities are effective;
• Recording and monitoring telephone calls for training purposes and to improve the quality of our services;
• Improving customer facing services, including managing complaints;
• Producing management information.

We do not make your personal details available to third party companies for marketing purposes. We do not rent or trade marketing lists with other organisations or businesses. You can withdraw your consent to our direct marketing emails at any time either by clicking on the ‘Unsubscribe’ link in our notifications, messages or emails (where applicable) or by replying to our email with the words ‘please unsubscribe’ or calling us on 1-888-899-2253

Processing Special Category Data

Where we collect, process and store any of your special category data, we only do so with your explicit consent or because:

• Processing is necessary in the event of emergency, to protect your vital interests if you become physically or legally incapable of giving consent;
• It is necessary for reasons of public interest in the area of public health such as protecting against serious cross-border threats to health;
• It is necessary for the establishment, exercise or defence of legal claims either when we are faced with any legal claims made against us or where we pursue legal claims ourselves.
• It is necessary for the purposes of carrying out our obligations and exercising specific rights in the field of employment, social security and social protection law.

Children’s Personal Data

Children’s personal data (which we consider to be the personal information of a person under the age of 18) is processed in accordance with the terms of this Privacy Notice and our terms and conditions of participation.

We do not knowingly collect information about children under 13 years old without parental consent. If you believe a child has submitted his/her personal information to us without parental consent, please let us know and we will promptly delete it.

For the avoidance of doubt, we do not send marketing communications to children, nor do we use automated decision-making about children.

Where is the Data stored?

All data collected by St. Baldrick’s is stored in the USA. We must make you aware that data protection laws and related privacy regulations in the USA may not provide individuals with the same level of regulatory protection as in some other parts of the world, in particular the EEA.

This means that where we may transfer or store your information outside the UK or EEA (European Economic Area), we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice (please also see the section below Transferring your personal data to the USA and sharing with or to third parties

Keeping you Informed

If you are an existing volunteer, participant, donor or grantee, or you have enquired about our charitable operations or services before, we may also use the information we collect about you to let you know about our future events, services and provide information on our charitable grants and seek your ongoing support for future donations.

However, if you no longer want to receive material from us you can withdraw your consent at any time either by replying to our email with the words ‘please unsubscribe’ or emailing us at sbinfo@stbaldricks.org or phone 1-888-899-2253 .

Transferring your personal data to the USA and sharing with or to third parties

Because we are based in California, USA and the computer systems we operate are also hosted in the USA, it is important for the purposes of obtaining your explicit consent that you are informed of the possible risks of a data transfer to the USA.

Data protection laws and related privacy regulations in the USA may not provide individuals with the same level of regulatory protection as in some other parts of the world, in particular in the UK and the EU

If you visit the St. Baldrick’s Foundation website, register with us as a volunteer; participant or grantee or you make a donation, and you do so from outside the USA, you are agreeing to the terms of this EEA Privacy Policy and you are also explicitly consenting to the transfer of your personal information to the USA.

If you enter into a Volunteer Event Organizer, Participant or Host Agreement with us, then the transfer of your personal data to the USA is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request.

In such cases, you agree to your personal information being transferred to the USA and shared with organisations and companies in non-EEA destinations as necessary to fulfil our agreement with you or as required to perform our charitable operations. If you do not agree to us sharing or transferring your personal information in this way, then we will not be able to provide our services to you and you should not visit our website or deal with us.

Depending on how you deal with us, we may share and transfer your personal data with or to other organisations and companies in order to provide our services to you or meet our legal obligations. We will only provide your personal information to those organisations and companies in order to deliver the service we have engaged them to provide or to do so on your behalf or as we are required to do by law.

We may also share personally identifiable information with third parties that provide operational services or otherwise assist St. Baldrick’s in providing you with support and resources, such as website hosting, data analytics, email delivery, donor and volunteer engagement, and other services. In addition, we may share limited personal information, such as contact information, with some volunteers responsible for the event you support. Volunteers entrusted with personal information agree to keep that information private. Even then, our volunteers only receive the limited contact information that you voluntarily provided.

How is your Information Protected?

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Any processing of your information will only be carried out in an authorised manner and is subject to a duty of confidentiality.

Please also see the section above on Securing your personal information and your responsibilities.

Cookies

As you browse St. Baldricks.org, trusted third party vendors may place anonymous cookies (small text files that do not damage a visitor’s system or files) or similar technologies on your computer in order to better understand how you use the site and ways that we can improve your experience to tailor more relevant content to you. Most browsers will allow a user to accept or deny cookies. If a visitor rejects our cookies, they may still use our site, though some sections may be in accessible. We do not currently respond to Do Not Track signals.

Other Websites

This privacy policy only applies to St. Baldrick’s. Any links to third-party websites are governed by the privacy policies of those third-party websites. You should review those websites’ privacy policies for additional information on how they use, collect, and share your data, as well as what other rights you may have. Our Web site’s linking to another site should not be interpreted as an endorsement of the website, its contents, or its privacy and cybersecurity practices.

Your Information Rights

St. Baldrick\'s will remove all collected user data or discontinue contact with any person upon oral or writtenrequest.

In summary, your Information rights are:

• The right to obtain confirmation from us as to whether or not we are processing your personal data and if we are, the right to be provided with certain supplementary information about our processing activities; however, please note that this Privacy Policy is already designed to provide you with that supplementary information;
• The right to ask us to correct any mistakes contained in the information we hold about you;
• The right to require us to erase your personal data in certain situations;
• The right to data portability, which means the right to receive (or for a third party you have chosen to receive) an electronic copy of the personal data you have given to us;
• The absolute right to object at any time to processing your personal data where we only use it for direct marketing;
• The right to object to decisions being taken about you based solely on automated means which produce legal effects concerning you or are similarly significant in how they affect you;
• The right to object in certain other situations to our continued processing of your personal information;
• The right to otherwise restrict our processing of your personal information in certain circumstances.

If you would like your user data deleted or for us to discontinue contact with you, please contact us at St. Baldrick\’s Foundation, of 1333 S. Mayflower Avenue, Suite 400, Monrovia, CA 91016, USA, or by email at sbinfo@stbaldricks.org or phone 1-888-899-2253. Please provide us with enough information to identify you and let us know the information to which your request relates.

We always want to make sure that the personal information we hold about you is accurate and up to date. Therefore, if you think any information we hold about you is incorrect or incomplete, please email or write to us at the addresses given above as soon as possible so we can update our records.

Changes to this Privacy Notice

We keep our Privacy Notice under regular review and if we change our Privacy Notice we will post those changes on this page so that you are always aware of what personal information we collect and how we use it. You should therefore refer to this policy regularly.