Privacy and Data Protection Policy

The Brain Tumour Charity is committed to protecting your personal information and being transparent about what information we hold. This policy is designed to give you a clear explanation about how we collect and use the personal information you provide to us and ensure that we are honest and clear about your privacy and personal information at all times.

Who are we?

In our policies, 'we', 'us' and 'our' refers to The Brain Tumour Charity, TBTC Trading Ltd and The Lewis Moody Foundation, which is administered by The Brain Tumour Charity. We are registered with the Information Commissioner's Office as a Data Controller under registration reference Z7239747 for all of our activities.

TBTC Trading Ltd sells a range of products and all of its profits are donated to The Brain Tumour Charity.

We are a registered charity no. 1150054 (England and Wales) and SC045081 (Scotland). The Brain Tumour Charity is a company limited by guarantee no. 08266522 and TBTC Trading Ltd is a company limited by guarantee no. 08855559. All entities are registered at Hartshead House, 61-65 Victoria Rd, Farnborough GU14 7PA.

All entities are wholly owned and controlled by The Brain Tumour Charity and all staff are The Brain Tumour Charity employees.

We are registered with the Fundraising Regulator and follow their best practice code: Code of Fundraising Practice.

We are a member of the Association of Medical Research Charities, the Information Standard and the Helplines Partnership.

Your acceptance of this policy and our right to change it

By using our websites, social media pages, services (including phone, email and LiveChat) or providing your information to us, we will collect and use your information in the way(s) set out in this policy. If you do not agree with this policy, please do not use our sites, social media pages or services.

We may make changes to this policy from time to time. If we do so, we will post the changes on this page and they will apply from the time we post them. This policy was last updated on 31/05/2018 to update our information about email marketing.

What is personal data?

Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address. Some categories of data are more sensitive, which is known as personal sensitive data or special category data, including health information. Non-personal data is data that can't identify you personally, but can provide us with information to improve our services.

Overview of this policy

It's important that you read our policy in full but to help guide you if you don't have time right now, here is a quick summary:

  • We collect information that can be personal data, sensitive personal data or non-personal data.
  • We collect information about the people we support, our supporters, funders, volunteers, the researchers who have expressed an interest in our funding and employees.
  • We collect information to provide services or goods, to provide information, to provide grants to researchers, to fundraise for our work, for administration, research, profiling and analysis to better understand our supporters and for the prevention or detection of crime.
  • We only collect the information that we need or that helps us to provide the best possible service and fulfil our charitable aims and objectives.
  • We do our utmost to keep personal information secure, including SSL technology (secure server software) on all of our websites and storing data on a secure database.
  • We never share your data with another company or charity for their marketing or commercial purposes.
  • We only share data where we are required by law or with carefully selected suppliers and trusted partners who do work for us, for example, a mailing house to send out our newsletter. All our partners are required by their contract with us to treat your data as carefully as we do, to only use it as instructed and to allow us to check they do this.
  • Our websites use cookies so we can give you a personalised website experience.

Our full policy

This policy applies to all the websites we operate, our use of emails and any other methods we use for collecting information. It covers what we collect and why, what we do with your information, what we won't do with your information and what rights you have.

The information we collect

We collect information when you interact with us in order to build a world where brain tumours are defeated.

We collect three kinds of information

1.Non-personal information such as IP addresses (the location of the computer on the internet), pages accessed and files downloaded. This helps us to understand how many people use our websites, how many people visit on a regular basis and how popular/useful our web pages are. This information doesn't tell us anything about who you are or where you live.

2.Personal information. We will ask you for information in order to provide you with the services requested, for example to send you information or process a donation.

3. Sensitive personal information or special category data. We may ask you for information about your health, for example, the type of brain tumour you are living with, so that we can provide you with relevant information and support or in order to support your safe participation in an event. We may also collect this information if you make the information public or if you tell us about your experiences relating to a brain tumour (for example, if you agree to share your story with us). We only collect this information with your consent.

Under 16s

We are committed to protecting the privacy of the young people that engage with us. If you are under 16 and would like to get involved, please ensure you have consent from a parent or guardian before you provide your personal information to us. We do not send any marketing communications direct to children under 16.

How we collect your information

We collect information about you in the following ways:

Information you give to us directly, for example when you:

  • Sign up to take part in or attend one of our fundraising or support events
  • Register with and buy products on our shop
  • Make a donation or tell us about your fundraising plans
  • Request information from our services team, for example The Brainy Bag or an Information Pack
  • Contact our Information and Support Team, when you may choose to provide details, including details of a personal nature in particular about you or someone else's health
  • Join our closed Facebook support groups
  • Choose to share your story with us
  • Take part in surveys, questionnaires or get involved with our campaigns
  • Volunteer with us or apply to work with us
  • Sign up to our e-newsletter
  • When you visit our websites, we collect technical information such as the IP address you use to visit the website, your browser type and version
  • Contact us or become involved with us in any other way not listed above.

Information from third parties

We may also receive information about you from third parties if you have given them permission to share this information and indicated that you wish to support The Brain Tumour Charity, for example, if you set up a fundraising page for us with JustGiving, sign up to a challenge with Discover Adventure or enter an independently organised event like the London Marathon.

Depending on your settings or the privacy policies for social media and messaging services, we may access information from those accounts or services.

If you have been named as the Executor on a Will, we may receive your details in order to administer a Gift left to us in that Will.

Your credit and debit card information

If you use your credit or debit card to donate to us, pay for a registration or make a purchase over the phone, we will ensure this is done securely and in accordance with the Payment Card Industry Data Security Standard. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment or donation has been processed.

All purchases and donations completed online are handled securely by World Pay or PayPal and we do not receive your card details.

How we use your data

We will mainly use the information we collect about you to:

  • Provide you with the services, products or information you asked for, for example, The Brainy Bag, Information Pack or fundraising materials.
  • Administer your donation or support your fundraising, including submitting your details to HMRC to claim Gift Aid if applicable.
  • Administer your participation in an event.
  • Keep you up-to-date with the impact of your support and to ask for financial and non-financial support.
  • Manage our research grants, including the peer review process.
  • Support and further our mission, for example if you have shared your story or given us consent to use your photo, we may use this in marketing or promotional materials.
  • Carry out any obligations arising from any contracts entered into by you and us.
  • Process a job or volunteering application.

Keeping a record of your relationship with us

We record contact we have with you, so we have a clear understanding of our relationship, how you've supported us or have been supported by us in the past. We may also collect and retain your information if you send us feedback about our services, give us a compliment or make a complaint.

Understanding how we can improve our services, events, products or information

We believe it's important to make sure that all of our services are the very best they can be, which is why we evaluate them. Once you've used one of our services, taken part in an event, received information or bought a product, we may get in touch to ask you about your experience. You don't have to take part but it's really valuable to help us improve in the future.

Understanding our supporters and working more effectively

We are committed to providing everyone who gets in touch with us with the very best experience, providing you with timely and relevant communications and using our resources effectively.

To do this, we may use profiling techniques to provide us with general information about you, which may include geographic, demographic or other information relating to you to better understand your interests and preferences. This information is compiled, either by our employees or occasionally a third party insights company, using publicly available data or information that you have already provided to us.

Publicly available information may include information found in places such as Companies House, the Charity Commission, LinkedIn, listed Directorships, typical earnings in a given area or published in the media.

By doing this it allows us to understand the background of the people who support us and helps us to make the right requests. Importantly, it helps us to raise more funds, sooner, and more cost-effectively, than we otherwise would.

Communicating with you

If you have provided us with your postal address we may send you direct mail, including The Grey Matters newsletter, which will include updates on our work - the research we're funding, the information and support services we offer and our early diagnosis work. We may also contact you about fundraising, campaigning, events and trading. We do not ask for consent to write or call you about these things, because, as a charity, each of these activities is fundamental to how we work, so we have a legitimate interest to contact you. However, you will also have an option to opt-out of receiving marketing communications by post or phone.

We will only send you marketing communications by email if you have consented to receive these. You can unsubscribe at any time by clicking on the link in the email. Our mass email service allows us to track who has opened our e-newsletter and what links have been clicked on. This allows us to monitor what information is most useful to improve our content and information in future.

Storing your data

When you give us your details, you agree to us recording your details on our secure database, so we can provide you with the best possible service every time you contact us. We hold your personal information for as long as required to provide you with the information or services you have requested, to administer your relationship with us, to inform our research into brain tumours, to inform our supporters' preferences, to comply with the law or to ensure we do not communicate with people who no longer wish to hear from us.

The Brain Tumour Charity holds its data on a secure database which is hosted in the EU. Access to this system is limited and there is restricted access to data based on a person's role in the organisation.

The Brain Tumour Charity's digital files are stored on a terminal server hosted by Bluecube Technology Solutions at a data centre in the UK. Access to this data centre is restricted.

Our third party suppliers store data in the EU, with the following exceptions:

  • Our online shop is hosted by BigCommerce, who store data in the USA. If you create an account with them, you can manage your personal data online.
  • Our online grants application for researchers is hosted by Altum Inc, who store data in the USA.
  • Our online events registration, Eventbrite, who store data in the USA.
  • Our survey tool, SurveyMonkey, who store data in the USA.

Where we engage with organisations outside of the EU, we will endeavour to ensure that the processing of your data is subject to appropriate security measures. All of our current suppliers adhere to the EU-US Privacy Shield – you can find out more:

All paper records are stored on premises at our offices. These offices are securely locked when no members of staff are present and access is restricted and monitored during the working day.

In line with the principles defined in the Data Protection Act 2018 and the General Data Protection Regulation, The Brain Tumour Charity will ensure that personal data will be processed in ways that are:

  • Lawful, fair and transparent
  • Collected for specific explicit and legitimate purposes
  • Adequate, relevant and limited
  • Accurate and up-to-date
  • Not kept for longer than necessary
  • Secure

Your details will be kept securely and only shared with trusted suppliers who enable us to deliver our charitable objectives, for example, distribution of our newsletter or if required to by law, i.e. with the police or a regulatory body. At all times we remain legally responsible for your data. We never share your data with any third parties for their own marketing or commercial purposes, including charities.

Use of cookies and other online technology


We participate in Facebook's Custom Audience and Lookalike Audience programs so that you can receive relevant ads from us when you use Facebook, and so that we can raise awareness among users of Facebook who share similar interests to you. We provide personal information such as your email address to Facebook to enable them to determine if you are a registered account holder with Facebook. Our adverts may then appear when you access Facebook and on your Facebook feed. Your data is sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account. For more information please read the Facebook Business page about Custom Audiences and Facebook's Data Policy.

Cookies, web beacons and similar technologies

We may use cookies, web beacons, and similar technologies to collect, use and share certain information about your device(s), your use of our websites, app(s) or services and other unique identifiers personal to you with third party platforms so that they may target ads to you and to others, based on other information that third party may hold about you. In some cases, these third party platforms may also collect some or all of the above information using cookies or similar technologies. Where they do so, their collection, use and protection of your information is governed by those third parties' privacy policies and practices, and not this privacy policy.

You may be able to opt-out of third party advertising technologies (including cookies) which remember your browsing habits and try and display relevant advertising when you use our websites, app(s) or services by visiting If you choose to turn off these technologies, we may still serve you ads but these ads are unlikely to be tailored to your interests.

We don't store personally identifiable information, but we do use the information we gather to help improve the experience of our website. For example, they help us to identify and resolve errors, or to determine the most relevant information and services to show our visitors in the future.

Keeping your information up-to-date

Where possible we use publicly available sources to keep your records up-to-date, for example, the Post Office's National Change of Address database and the National Bereavement Register. However, we really appreciate it if you let us know if your contact details or circumstances change. Just contact our Supporter Services team at and we will update our records.

How to change the way we contact you

Your personal preferences and keeping your data accurate is of utmost importance to us.

If at any stage you do not want to hear from us or want to update your details, you can email, call us on 01252 237792 or write to us at The Brain Tumour Charity, Hartshead House, 61-65 Victoria Road, Farnborough GU14 7PA.

You can also now register your details with the Fundraising Preference Service if you want to tell us through the Fundraising Regulator that you would prefer us not to contact you.

Any email we send you will contain information about how to unsubscribe from email marketing communications. During any phone conversation you have with us, please feel free to let us know how you prefer to be contacted.

How to find out what information we have about you

Any person whose personal information is held or processed by The Brain Tumour Charity has the right to know:

  • What information we hold about them.
  • How to gain access to this information.
  • How to keep it up to date.
  • What the charity is doing to comply with the Data Protection Act 1998 and EU General Data Protection Regulation.

Individuals have a right to access certain personal data being kept about them, either physically or digitally. Anyone who wishes to exercise this right should apply, in writing, to the Data Protection Officer at the address above. The Charity will respond within one month, providing that the request includes appropriate contact details, proof of identity from the individual and we can validate the request.

If you are unhappy at any time about the way we process your personal information, please contact the Data Protection Officer at the address above, who will investigate your concerns.

We promise to keep your data safe and you can unsubscribe at any time in the future. More information is in our Privacy Policy.