Savefor later Page saved! You can go back to this later in your Diabetes and Me Close

Privacy Policy

Our privacy policy explains how we look after any information we have about you, how it helps and why we need it. It makes clear how you can control that information, including how we contact you, and what it means if we have to share your information.

Collecting and processing personal information about you and other people helps us run smoothly and meet our charitable aims. We use this information to give you the best possible experience with us, whether that’s sending you information as quickly as possible, telling you about our latest campaign or thanking you for your support.

We will never sell any information we have about you to third parties for their own promotional marketing. You can change how, or if, we contact you at any point.

Thank you for your support.

Our privacy policy in full

Expand all

Who we are

We are Diabetes UK and we’re a registered charity. Find out more… 

Our official name is the British Diabetic Association, but we’re usually known as Diabetes UK, Diabetes Scotland, Diabetes Cymru/Diabetes Wales or Diabetes Northern Ireland. We’re a charity registered in England (no. 215199) and Scotland (SC039136) and a not for profit company (no. 00339181).  Our head office is in London and we have national offices in Wales, Scotland and Northern Ireland. We have regional offices across England and run local volunteer groups all over the whole of the UK. We also have a trading company, Diabetes UK Services Limited, which carries out some of our commercial activities like our online shop and our lottery to raise funds for the charity. All of its profits are donated to the charity. Any personal data you give us will be used by the charity and Diabetes UK Services Limited. 

This privacy policy covers what we do as a charity generally, whether across the UK, nationally, regionally or locally. Our use of data for recruitment and employment purposes is dealt with in a separate policy. If you are a researcher applying for a grant from us, please see our Research Privacy Policy (PDF).

What personal data we collect

We collect information directly from you, when you give it to us by filling in forms, over the telephone, face to face, on your mobile phone or on our website. This includes information you provide to our local volunteer groups. We get some information about you from third parties, for example when you enter an event organised by someone else and choose to fundraise for us. We also collect some extra data about you from other sources.

Information we collect directly from you

When you provide us with your information directly, we usually ask you for your name, address and contact details. If you are making a donation to us or buying something from our shop, we will also collect your banking or credit card details and may ask for information about your tax status for Gift Aid. Often we also ask why you have chosen to support us, as that helps us understand how we can meet your needs.

Where we are delivering services to you (for example through our telephone helpline, events, community outreach, education and advocacy work) providing you with information about our work or when you take part in one of our campaigns, we regularly ask you for more information. This may be about about your health, for example what type of diabetes you have, to make sure we send you information which is right for you. It can also help us to have health, dietary and disability information about you if we need to make changes to meet your needs, like sending you audio publications or providing hypo kits at events we run. We sometimes also ask about your ethnicity to make sure we are reaching a diverse audience and because ethnicity increases your risk of Type 2 diabetes.

We work with the NHS and other organisations to improve the care and services which people living with diabetes receive. To do this, we periodically ask people living with diabetes to take part in surveys or audits about their experience and the care they receive. If you agree to take part, we will give you more details about how your information will be used and shared at the time.

If you volunteer for us, we may also collect details about your contact details, age, gender, skills and experience, emergency contact details, references, ethnic origin and criminal convictions.

If you come to an event, meeting or workshop that we run, we will often take photos to illustrate articles about them or for our future marketing. You can always opt out of this by letting the organiser know. We’ll ask you for your consent before using any close-ups or photos that are likely to identify you, but it’s often not practical to get everyone’s consent for a group shot, for example at a walking event or at a large conference.

Information we collect from you on our websites, social media sites and apps

Our Know Your Risk online tool collects information about your gender, age, ethnic background, body shape and blood pressure to give you a score for your risk of developing Type 2 diabetes in the next 10 years. This information is kept separately from any other information you may give us and is only used by us for statistical and trend analysis.

We use a number of interactive online tools to deliver education and support to you. Some of these ask you to give extra details about your personal health and ethnicity as well as extra information about you like your diabetes type, age, gender and date of diagnosis. This is so we can provide you with educational content which is relevant, clinically accurate and suitable for you.

The Diabetes UK Support Forum gives people the chance to share their experiences of living with diabetes and ask any questions. The forum is open to the public and anyone using our website has access to the posts you make, although we do moderate it to try to make sure it is a safe and supportive space. Please see our Acceptable Use policy for more information.

Our website, like most others, uses cookies to improve the way it works and monitor its performance.

This includes allowing us to:

  • recognise you when you visit our site more than once
  • identify what device you used to access the site
  • how you came to our site
  • what pages you looked at or what action you took
  • what pages are most popular
  • save any of your personalised settings.

We also use cookies and similar types of code to show you targeted information from us when you leave our site and go to third party websites, for example on Google, Tiktok and Facebook and their associated sites like Instagram and YouTube.

When you visit our social media pages (including Facebook, Instagram, TikTok and Twitter), the owner of that site will usually place cookies on your device. You can choose whether to allow this by changing your social media or browser preferences – see our Cookies Policy for details.

Social media sites like Facebook, WhatsApp and Tiktok can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites.

This means we can tailor our marketing to better suit your needs and aim to display ads that we believe are relevant to you. You can find out more about this type of activity in our Cookie Policy. You can change your cookies settings on our website or change your social media settings to prevent this type of activity.

Please note that even if you change your preferences with us, you will still see some content from us on social media, as the social media site will choose content for you based on other reasons. When you visit our social media pages (including Facebook, Instagram, Twitter), the owner of that site will usually place cookies on your device. You can choose whether to allow this by changing your social media or browser preferences – see our Cookies Policy for details.

We also may periodically offer you the opportunity to take part in user experience testing via our website. See user experience research for further details.

Information we get from other sources

If you’ve given permission to third parties to give us your data, we will sometimes receive information about you from them. For example, when you sign up to an event run by a third party, like running a race, and choose to fundraise for us, we can receive information about you from the race organisers or any fundraising sites you use like JustGiving, if you’ve agreed they can share that information with us. Social media sites like Facebook, WhatsApp and Google can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites.

We also collect a limited amount of extra information about you from public and private sources, to give us a better idea of what you’re interested in. This can include checking we’ve got your correct postal address from Royal Mail. We might collect demographic data like age, using commercially available survey data and databases like ACORN and the Eden Stanley Health & disability tracker to predict some information about you or people similar to you. Examples of information we may get are predictions about your likely purchasing behaviour, motivations, attitudes, media usage, leisure interests, how you engage with charities and indicators of financial status like house value. This analysis will be based on your postcode and doesn’t relate to you on an individual level. You can find out more about how we use this information to serve you better in the understanding our beneficiaries and supporters better section.

We want to give everyone a great experience of supporting Diabetes UK. To do this we will sometimes use publicly available sources to supplement our understanding of an individual, company, trust or foundation. We do this to better understand how and why they are interested in the supporting the charity. To find out more, see the section ‘Profiling and Working with Major Donors’. 

We receive information about legacies which have been left to us through an automatic notification service. This draws information from grants of probate, which are public documents, and allows us to get in touch with executors to make sure we receive legacies intended for us. We’ll only use executors’ details for this purpose and we won’t send them any other information unless requested.

Children

We provide age-appropriate information for children and young people living with diabetes on our website. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children for events we organise specifically for young people and their families or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people. When we take photos of children at to our events, we’ll always ask parents if we can use the images.

Business contacts

When we work with third party suppliers or customers we will usually collect limited contact details for key staff at that supplier or customer. These are only used for managing our business relationship with that supplier or customer.

Profiling and working with major donors

Sometimes we may want to engage someone who has never been in touch with us before, but that we believe could be interested in our cause. We may have read their story in a newspaper or a social media post, or they may have been recommended to us by another supporter or a trustee. Before we reach out to them, we will try to verify their likely interest by conducting further research on them using the same publicly available sources as we do our existing supporters. Once we are confident that it is appropriate to engage them we will do our best to get in touch with them and, wherever possible, we will do this within a month, at which point we will provide them with more information about how we use their data.

To help us accelerate our fight against Diabetes, it is important for us to work with the people, companies, trusts and foundations that can help the charity by opening their networks, creating partnerships and making major donations, typically gifts worth more than £5000 a year. To help us grow this area of our fundraising, we will profile select individuals, companies, trusts and foundations so that we can confidently and efficiently use our funds to identify those that we think would be able and willing to support us in this way.

To do this we may conduct additional research into an individual’s professional background and any formal roles they hold in the public, private or third sector, for example whether they are a trustee of a grant-making charity, hold public office or serve on the board of directors of a company. We may use publicly available sources to ascertain their networks, charitable and personal interests, capacity to donate at a particular level based on their visible assets and history of charitable giving and any other relevant information to help us plan meetings, tailor communications and make sure we get in touch with appropriate invites and updates about the charity’s activities.

We collect information from publicly available sources such as public registers like Companies House, the Charity Commission and the electoral roll, as well as newspaper, magazine and internet articles, annual reviews and company annual reports. 

On occasion we may employ third party prospect research companies to help us conduct this research. We always check that our sources are reliable and verified and that any third parties are operating in accordance with the relevant legislation. 

You can opt-out of this form of data-processing at any time via our I’m in Charge form.

How we use your data

We use the data you give us and the data we collect about you from other sources for the following purposes:

  • To provide you with the services (e.g. events, helpline, community outreach, education), information and products you request.
  • To provide you with information about campaigning, fundraising, research, volunteering and other ways you can support our charitable mission.
  • To process your application for a research grant.
  • For administration purposes, including processing donations (including Gift Aid and legacies), quality and compliance monitoring and staff training.
  • To monitor and improve the performance of our website.
  • To provide interactive services to you on our website.
  • To safely and securely test the impact of technical system changes on your data.
  • To analyse and improve the services, products and information we offer and the campaigns and appeals we produce.
  • To keep a record of your interactions with us.
  • To better understand our supporters’ needs, wishes and interests.
  • To tailor relevant information about us to you when you leave our site and go to other websites.
  • To deliver information we believe will be relevant and interesting to other people with similar interests and characteristics to you.
  • To make a decision about whether you are eligible to take part in a specific user experience project.
  • To ensure that we can accept support in accordance with our Gift Acceptance Policy
  • To make an informed decision about approaching you for further support

Events and membership

If you sign up for one of our events, like a fundraising event or support event, we will use your contact details to provide you with information about the event and to support you with any associated fundraising. If you join our membership scheme, we will use your data to send you your membership benefits, information about other ways to get involved with us and to make sure the information we send you is relevant to you.

Online shop

If you buy a product from our shop, we will use the information you provide to complete your order. We will also use your details to ask you to fill in a feedback survey via a survey agent about the products you’ve bought. We need to share your information with our suppliers to do this, but we’ll keep your data safe when we do this. Please see who we share your data with for more details. If we notice that you’ve left items in your shopping basket without checking out, we will send you an automatic reminder. If an item is out of stock, you can also choose to receive a reminder when it’s back in stock.

Research grant applications

If you apply for a research grant from us, our online grant application platform is provided by CC Technology, a third party supplier. We will share your data with experts involved in the evaluation of your application and we will publish brief details of the awards we make. Please see the terms and conditions of use of Grant Tracker, our Grant Conditions and our Research privacy notice (PDF) for more details about how your data is used.

Supporting people living with diabetes

We provide a helpline for people living with diabetes, their family, carers and friends or people who are worried they may be at risk of diabetes. Any medical information you provide to the helpline is kept strictly confidential. We only use this information to answer your questions and provide you with any support you request, for staff training and quality assessment.

We also provide a customer care centre, which deals with a whole range of other questions, issues and complaints about our work. We use the information you give us to answer your questions, provide support to you or investigate any complaints, for staff training and quality monitoring.

Case studies

Some people agree to share their diabetes story with us to help us in our work and to help other people who may have similar experiences. This may involve you providing us with more detailed information about your health, background, ethnicity, diabetes story and some photographs. We’re always really grateful when people agree to get involved in our work in this way and we’ll always ask you for your consent to use this information so that you stay in control of how this information is used.

Providing you with information about what we do and how you can help

Our charitable mission is that by bringing people together to work in partnership, we will support those living with diabetes, prevent Type 2, make research breakthroughs in diabetes, and ultimately find a cure. In order to achieve our mission, we need to talk to as many people as possible about what we’re doing. This is why we think it’s reasonable and legitimate for us to use your contact details to contact you by post and by telephone to tell you more about our work and how you can support us. This includes newsletters, appeals, magazines, raffle mailings, event invitations and information about how we help, campaigns we’re running, ways you can support us and about the research we’ve funded. We also offer a variety of different e-newsletters which you can sign up for. Some of these publications are supported by third party advertising, but we don’t give your details to our advertisers.

If you’ve subscribed to the Telephone Preference Service, we won’t call you about our work or for fundraising purposes unless you tell us that you’re happy to hear from us in this way. We will only call you for strictly necessary administrative purposes, like to check Gift Aid status or to respond to a complaint you’ve made. We’ll only send you information about our work by email if you give us consent to contact you by email. The same applies for text messages.

You can change the way you hear from us, or stop hearing from us, quickly and easily at any time by contacting us. Please see details in the contact section.

Understanding our beneficiaries and supporters better

It’s important to us to understand the likes, dislikes, needs and interests of our beneficiaries, supporters and potential supporters. We do this in a number of different ways.

We get extra information about you from other public and private sources (please see information we obtain from other sources to get to know you better). We look at how you support us and the amount and frequency of any donations you may have made to us. This helps us to make sure that we’re only asking for financial support when it’s appropriate to do so and we don’t ask you too often. It also means that if we think you might be able and willing to give a bit more, or to leave us some money in your will, we can contact you to see if you wish to do so.

So we can assess your ability and likelihood to support us, we analyse the information people give us and your relationship with Diabetes UK. Very occasionally we do more detailed research on individuals. But this is the exception not the rule. We only do it if we have reason to think someone is particularly influential or might have the capacity to be a major donor to us, typically by donating more than £5000 a year. This assessment is either based on personal interaction or on a more general analysis of our database of contacts done by applying demographic data, social factors, population and consumer behaviour (as mentioned above).

Choosing to accept a donation

We also have a requirement and often a legal duty to understand the source of large gifts, typically those worth £10,000 or more, and ensure that the charity’s integrity is not risked by accepting such offers of support. To do this we will conduct additional research using publicly available sources and do so only to assess and manage potential risks and ensure there is no conflict with the charity’s mission and activities.

Analysing data to improve what we do

We often use personal information to analyse the success of our campaigns, appeals and initiatives. This helps us make sure we’re reaching the right people and having the greatest impact. It’s also useful to us to group our supporters together in our databases on the basis of common interests or characteristics. This is often known as segmentation or profiling. It helps us to understand what kind of people take part in particular campaigns or appeals, so that we can improve what we do. For example, we might find that a particular group of people are more likely to drop out of our Swim22 challenge, so we can offer them extra support and encouragement. It allows us to tailor our communications to make sure they are more relevant to each group. For example we might learn that one group is more likely to be interested in self-education to manage their diabetes, but aren’t interested in cooking so we signpost them to our online Learning Zone content rather than recipes. As a result, we can save money, by not sending out unwanted communications. We can also use these groups to work out where some of our messages aren’t being successful and try new ways to reach people to achieve our charitable goals. While we may use profiling to target the way we communicate with our supporters, our services are always available to everyone affected by diabetes on an equal basis.

If you’ve agreed to receive emails from us, we also track whether emails have been opened and whether you’ve clicked on any of the links in those emails to see if they were useful and interesting to you.

Applications to participate in user experience research

If you apply to participate in a user experience research project, our online recruitment platform may automatically decide whether you are suitable to participate. This decision is based on the data you provide during the sign-up process. Each research project is different, and our sign-up process will clearly explain who we are looking for and the reasons why. Your application to participate in user experience research – whether accepted or not – has no effect on any other involvement you have with us now or in the future.

Who we share information with

We can’t do everything ourselves, so often we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and give you information you’ve requested. We may also share your personal information with third parties so they can give us advice or services to carry out our work. We’ll always make sure that your information is kept securely and can’t be used for other purposes. If you sign up for our user experience research, we will share your information with our research clients so they can contact you to participate in research. We will never sell or give your information to third parties for their own promotional marketing purposes.

Occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or detect a crime.

Providing information to you and delivering services

When we send out information to you, for example about our events, campaigns or membership benefits, we often use companies who provide support services like printing, creative services and mailing to do this. When you place an order with our online shop, we need to share your contact details with our suppliers, warehouse and logistics providers to complete your order. Your details may also be passed to a survey provider for feedback on the products you buy, so that we can improve the range of products we offer.

If you pay for products or for services or make donations online or over the telephone, we will share your information with the payment providers who process the payments for us, like Mastercard, Google Pay, Stripe or Apple Pay.

If you ask for support from us, we may give your details to local groups in your area who can provide that support, but we’ll always ask you first if you’re happy with this.

We sometimes team up with other partner organisations like other charities, healthcare organisations or companies where we have common goals. This often allows us to achieve more than doing things on our own. We’ll always give you the choice on whether your details are passed to our partners or not.

Suppliers who provide services to us

Like most charities, we may use professional fundraisers to carry out face-to-face or telephone fundraising on our behalf. We always put in place safeguards, like monitoring and call listening to check they are behaving in a professional way and comply with the Fundraising Code.

We also use the services of online or mobile platforms for a number of reasons, for example to manage registrations for the conferences and events we run, to support fundraising efforts associated with these events, to support campaigns, to manage grant applications, to manage mobile messaging and mobile donations and to send out forms and surveys. When you submit your data to these platforms, the platform will collect and send your registration details to us. Sometimes the platforms will use your data for their own purposes such as analysing the use of their platform or for advertising, so we recommend that you check their privacy policies for more details.

Sometimes we share information about our supporters with third parties like creative agencies and data analysts who advise us on how to create and improve our campaigns and appeals. They may advise us on which groups of our supporters are more likely to respond to particular communications, including financial appeals and legacy requests. Any data will usually be shared on an anonymised basis, but occasionally we may need to share more details to get the best results.

We always make sure that we have a robust legal agreement in place with our third party suppliers, which obliges them to only use your information on our instructions and in accordance with the law.

To help us efficiently and accurately identify future major donors to the charity, we may occasionally employ third party prospect research companies. These companies offer specialist services such as database screening which helps identify supporters who may be able and willing to give more than £5000 a year, identifying new trust and foundation supporters, or helping us to conduct legally required due diligence on our highest-level prospects and donors.

Sharing information to and from social media

Reaching people through social media is a very cost-effective tool for charities.

We sometimes share with Facebook the email addresses of people who have donated to us, registered to take part in one of our fundraising events, or engaged with us in another way. These email addresses are used by Facebook to create ‘custom audiences’, so they can determine whether you are a registered account holder with them, and therefore display relevant adverts to you about our events or services. Our adverts may then appear when you access their platform. For example, if you have signed up to one of our events in the past, we may share your email address with Facebook so we can show you ads letting you know when the next event is next happening. These email addresses can also be used by Facebook to create ‘lookalike audiences’. These are groups of people with similar characteristics and interests to our supporters, who might therefore be interested in getting involved with us. We will then use Facebook to show relevant advertising to these audiences. For example, we might find that people who like walking are more likely to take part in our London Bridges Walk.

We do this to make sure we are using our funds in the most efficient and cost-effective way possible, to reach and provide support to more people, and raise more funds to aid our vital work for people living with diabetes. We will only include supporters in these lists if they have opted in to receive our marketing. Any information we share with Facebook will be shared in an encrypted format, will be deleted by Facebook after a short period of time, and not used for any other purpose. You can tell us at any time if you don’t want your data to be shared in this way by contacting us.
You can also change your own social media settings.
For more information, please review Facebook’s privacy policy, the UK versions of which are available at https://en-gb.facebook.com/policy.php

User Experience research

From time to time we may offer you opportunities to engage as a participant in user experience research via our website. ‘User experience research’ is the process of getting feedback about products and services aimed at people with diabetes, and is different to ‘clinical research’ that aims to scientifically prove medical and lifestyle interventions. Although we will always consider clinical research as part of our charitable mission, we also offer user experience research as a chargeable consultancy service to other organisations that we have vetted. We do this to raise funds for our work, but also to encourage products and services targeted at people with diabetes to take into account their needs.

If you choose to participate in any of our user experience research projects, we may introduce you to our research clients and also share data with them relating to your involvement in that user experience research project. Our signup process will always let you know what data will be collected and shared before you complete the sign up process.

Involvement in our user experience research projects is your choice, and requires your active agreement for each and every research project. We will never share any data with our clients that we have collected from our other activities with you, and we will never sell your data to anyone for their own promotional marketing purposes.

Information sharing required by law or regulation

Our services are confidential. However, we may share information you give us with support agencies or the police if a member of staff or volunteer has concerns about your own or someone else's safety or wellbeing. We would need to share what you tell us with someone if:

  • we believe your life or someone else’s life is in danger
  • you tell us that you or someone else is being, or is at risk of being abused by another person
  • it’s necessary to prevent or detect a crime
  • we are required to do so under a court order.

Transfers outside the European Economic Area

Our work is based in the UK and we store the data we hold within the European Economic Area (where you have the same level of protection for your data as in the UK). However, a few of our suppliers may store their data outside the European Economic Area. We will only transfer your data to them if we are confident that your data will be adequately protected, for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of European Union citizens, or if we have a contract with them that says they will meet EEA data processing standards.

Partnership with Blis

We sometimes partner with third party marketing agencies to help us reach our supporters better and we have recently partnered with Blis to provide geo-targeted programmatic display advertising for us.

This technique allows us to deliver digital advertising on some websites you might visit, so the adverts you see are more relevant to you. We do this by using GPS location data, where you have given consent to share this data.

You will always need to give Blis explicit consent to participate in this technique and to allow them to use your data in this way. All of your information will be processed and stored in accordance with Blis’ Privacy Policy.

You may opt out of advertising and processing of your data by Blis at any time, and you can also directly contact Blis' privacy department to review, correct, update, or subject to delete your data.

How long we keep your information

As diabetes is a long-term, chronic condition, we know that your needs for support and your relationship with us will change over time. We will normally keep your personal information only for as long as necessary.

We normally keep your details on our supporter database while we have an ongoing relationship with you. If we haven’t heard from you for seven years, we will archive your data, which means we won’t use it any more unless you decide to restart your relationship with us.

We keep recordings of calls to our helplines and complaints for two years, except where we need to keep the data as a record of your consent to be contacted by us, in which case we keep it for as long as we need it for compliance purposes.

We keep financial records, Gift Aid records and details of any contracts we enter into with you for seven years after the relevant transaction, which is required by law. We do not keep your credit card details in accordance with payment industry standards.

We may keep details about any actual, suspected or potential criminal offences or concerns for longer periods of time in accordance with governmental, regulatory or police guidance.

If you’ve told us that you’ve left us a gift in your will or have expressed an interest in leaving us a gift in your will, we will keep a limited amount of information about your relationship with us until six years after your estate is wound up. This information will be only used to make sure we receive any gift you may make.

How we keep your information securely

We guard against unauthorised access to our systems by reviewing our information collection, storage and processing practices, including physical security measures. We restrict access to personal information to employees, contractors and third parties who need to know that information to process it for us and put in place contracts which require them to keep it confidential. We regularly assess the security of our systems. If we need to transfer data to or from third parties, we will always use a secure method to do so.

Our legal basis for processing data

Organisations that collect personal data need to have a lawful basis for doing so. The law sets out six ways to process personal data (plus extra conditions for processing sensitive personal data). Five of these are relevant to the types of processing that we carry out.

This includes information that is processed on the basis of:

  • A person’s consent (for example to send you direct marketing by e-mail or SMS)
  • Diabetes UK’s legitimate interests (please see below for more information)
  • A contractual relationship (for example to provide you with goods or services that you have bought from us, or when you agree to participate in user experience research)
  • Processing that is necessary for meeting legal obligations (for example to process a Gift Aid declaration and carrying out due diligence on large donations), and
  • In rare cases, to protect someone’s life.

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and doesn’t adversely impact the rights of the individual concerned.;

We will always consider if it is fair and balanced to use your personal information and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to make sure that we use your personal information in ways that are not unduly intrusive or unfair.

Our legitimate interests

  • Achieving our charitable aims –These include providing support and advice to people living with diabetes and its related complications and for those who care for them, increasing the understanding of diabetes, educating healthcare professionals and the general public and promoting research into the causes, prevention and cure of diabetes and publishing the results of research.
  • Administration and operational management - This includes running the charity, legal and financial reporting and meeting legal requirements, , responding to your enquiries, providing information and our support, research, surveys, events management, the administration of volunteers and employment and recruitment requirements.
  • Fundraising and campaigning This includes running campaigns and donations, sending and making direct marketing by post and phone, analysing data to make sure our work is effective and maintaining a list of people who don’t want to hear from us.

If you would like more information on our uses of legitimate interests or to change our use of your personal data, please get in touch with us using the details in the “Contact us” section below.

Your rights

You’re in control of your data and the way we use it.

You can ask us for a copy of the information we hold about you at any time by contacting us at the details below. We will generally supply any information you ask for within 30 days unless it is a particularly complex request. We will not charge you for this information other than in exceptional circumstances. We may ask you for proof of identity as we need to be sure we are only releasing your personal data to you.

You can also ask us at any time:

  • to amend your data
  • to stop using your data for a particular purpose, if you’ve changed your mind about it
  • to limit the way we use your data
  • to stop using your data for direct marketing (for example fundraising and campaigning appeals)
  • to stop analysing your data to understand our supporters better or
  • to delete your data.

We will do our best to follow your requests as long as we’re able to do so. For example, if you’ve signed up to attend an event, we will still need to be able to use your details to process your attendance. If you ask us to delete your data, or to stop sending marketing information to you, we will retain limited details on a suppression list (a list of people we can’t contact), to make sure we don’t contact you again by mistake. In this case, your details won’t be used for any other purpose. You can also subscribe to the Fundraising Preference Service, which enables you to block communications from named charities.

If you have any complaints about the way we collect and manage your data, please let us know so we can address them. We have appointed a Data Protection Officer to oversee the way we manage personal data. They can be contacted at infogov@diabetes.org.uk. If you’re unhappy with the way we respond to any complaint, you also have the right to complain to the Information Commissioner’s Office which regulates the use of personal data in the UK at https://ico.org.uk/concerns/. You can also contact the Fundraising Regulator which regulates fundraising charities at https://www.fundraisingregulator.org.uk/make-a-complaint/complaints/.

Version 2: last modified by Craig Walker, Information Governance Manager at Diabetes UK

Date: 17 April 2023

Previous versions of our privacy policy

Expand all

Version 1

 

Who we are

We are Diabetes UK and we’re a registered charity.

Our official name is the British Diabetic Association, but we’re usually known as Diabetes UK, Diabetes Scotland, Diabetes Cymru/Diabetes Wales or Diabetes Northern Ireland. We’re a charity registered in England (no. 215199) and Scotland (SC039136) and a not for profit company (no. 00339181). Our head office is in London and we have national offices in Wales, Scotland and Northern Ireland. We have regional offices across England and operate local volunteer groups spread across the whole of the UK. We also have a trading company, Diabetes UK Services Limited, which carries out some of our commercial activities like our online shop and our lottery to raise funds for the charity. All of its profits are donated to the charity and any personal data you provide to us will be used by both entities.

Find out more about us.

This privacy policy covers what we do as a charity generally, whether across the UK, nationally, regionally or locally. Our use of data for recruitment and employment purposes is dealt with in a separate policy.

What personal data we collect

We collect some information directly from you when you provide it by filling in forms, over the telephone, face to face or on our website. This includes information you provide to our local volunteer groups. We obtain some information about you from third parties, for example when you enter an event organised by someone else and choose to fundraise for us. We also collect some additional data about you from other sources.

Information we collect directly from you

When you provide us with your information directly, we usually ask you for your name, address and contact details. If you are making a donation to us or buying something from our shop, we will also obtain your banking or credit card details. On occasion, we also ask why you have chosen to support us, as that helps us understand how we can meet your needs.

Where we are delivering services to you, providing you with information about our work or when you participate in one of our campaigns, we may ask you for more information about your health, for example what type of diabetes you have, to make sure we send you information which is tailored to you. It can also help us to have health information about you if we need to make adjustments to meet your medical needs, such as sending you large text publications or providing hypo kits at events we run. We sometimes also ask about your ethnicity to ensure we are reaching a diverse audience and because ethnicity can have an impact on your Type 2 diabetes risk.

As part of our charitable mission, we work with the NHS and other organisations to improve the care and services which people living with diabetes receive. To do this, we periodically ask people living with diabetes to participate in surveys or audits about their experience and the care they receive. If you agree to participate, we will provide you with further details about how your information will be used and shared.

Information we collect from you on our websites and apps

Our Know Your Risk online tool collects information about your gender, age, ethnic background, body shape and blood pressure to give you a score for your risk of developing Type 2 diabetes in the next 10 years. This information is kept securely from any other information you may give us.

We operate a number of interactive online tools to deliver education and support to you. Some of these ask you to provide additional details about your personal health and ethnicity as well as additional information about you (like your diabetes type, age, gender and date of diagnosis) to provide you with educational content which is relevant, clinically accurate and suitable for you.

The Diabetes UK Online Support Forum gives people the chance to share their experiences of living with diabetes and ask any questions. The forum is open and anyone using our website has access to the posts you make, although we do moderate it to try to make sure it is a safe and supportive space. Please see our Acceptable Use policy for more information.

Our website, like most others, uses cookies to improve the way it works and monitor its performance. This includes allowing us to recognise you when you visit our site more than once, identify what device was used to access the site, how you came to our site, monitor what pages are most popular and save any personalised settings. 

We also use cookies and similar types of code to show you targeted information from us when you leave our site and go to third party websites, for example on Google, Tiktok and Facebook and their associated sites like Instagram and YouTube. 

When you visit our social media pages (including Facebook, Instagram, TikTok and Twitter), the owner of that site will usually place cookies on your device. You can choose whether to allow this by changing your social media or browser preferences – see our Cookies Policy for details. 

Social media sites like Facebook, WhatsApp and Tiktok can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites.

This means we can tailor our marketing to better suit your needs and aim to display ads that we believe are relevant to you. You can find out more about this type of activity in our Cookie Policy. You can change your cookies or social media settings to prevent this type of activity. Find out more about how to do this at YourOnlineChoices. Please note that even if you change your preferences with us, you will still see some content from us on social media, as the social media site will select content for you based on other factors.

Information we get from other sources

If you’ve given permission to third parties to give us your data, we will sometimes receive information about you from them. For example, when you sign up to an event run by a third party, like the London Marathon, and choose to fundraise for us, we can receive information about you from the race organisers or any fundraising sites you use such as JustGiving if you’ve agreed they can share that information with us. Social media sites such as Facebook, WhatsApp and Google can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites

We also collect a limited amount of additional information about you from public and private sources, to give us a better idea of what you’re interested in. This can include checking we’ve got your correct postal address from Royal Mail, using demographic data like age, using commercially available survey data and databases like ACORN to predict some information about you. Examples of information we may get are predictions about your likely purchasing behaviour, motivations, attitudes, media usage, leisure interests and indicators of financial status like house value. This analysis will be based on your postcode and do not relate to you on an individual level. You can find out more about how we use this information to serve you better in the understanding our beneficiaries and supporters better section.

We want to give everyone a great fundraising experience. To do this we sometimes use information about your resources, positions of responsibility in the public, private and third sector, location, charitable interests and likelihood to give, personal interests and any other relevant information to help us tailor communications and make sure we get in touch with the right invites and suggestions.

We collect information we can find on publicly available and free sources for this purpose, like Companies House, other public registers, Who’s Who, newspaper, magazine and internet articles. We always check that our resources are reliable and verified.

If we have reason to think that someone who has never been in touch with us before could be interested in our cause, we will collect basic information on them from publicly available, reliable sources. We may have read their story in a newspaper or know about them through our staff or major supporters. Once we know a bit more about them, if we believe they might be interested we do our best to get in touch with them, and we will usually do this within a month, at which point we will provide more information about how we use the data.

Children

We provide age-appropriate information for children and young people living with diabetes on our website. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children in connection with events we organise specifically for young people and their families. Wherever possible, we will ask for consent from parents to collect information about children and young people.

Business contacts

When we work with third party suppliers we will usually collect limited contact details for key staff at that supplier.

How we use your data

We use the data you provide to us and the data we collect about you from other sources for the following purposes:

  • To provide you with the services, information and products you request.
  • To provide you with information about campaigning, fundraising, research, volunteering and other ways you can support our charitable mission.
  • To process your application for a research grant.
  • For administration purposes, including processing donations (including Gift Aid processing), quality and compliance monitoring and staff training.
  • To monitor and improve the performance of our website.
  • To provide interactive services to you on our website.
  • To analyse and improve the services, products and information we offer and the campaigns and appeals we produce.
  • To keep a record of your interactions with us.
  • To better understand our supporters needs, wishes and interests.
  • To tailor relevant information about us to you when you leave our site and go to other websites.
  • To deliver information we believe will be relevant and interesting to other people with similar interests and characteristics to you.

Events and membership

If you sign up for one of our events, like a fundraising event or support event, we will use your contact details to provide you with information about the event and to support you with any associated fundraising. If you join our membership scheme, we will use your data to send you your membership benefits, information about other ways to get involved with us and to make sure the information we send you is relevant to you.

Online shop

If you buy a product from our shop, we will use the information you provide to complete your order. We will also use your details to ask you to complete a feedback survey via a survey agent about the products you’ve bought. We need to share your information with our suppliers to do this, but we’ll keep your data safe while we’re doing this. Please see the section about who we share your information with for more details. If we notice that you’ve left items in your shopping basket without checking out, we will send you an automatic reminder. If an item is out of stock, you can also choose to receive a reminder when it’s back in stock.

Research grant applications

If you apply for a research grant from us, our online grant application platform is provided by CC Technology, a third party supplier. We will share your data with experts involved in the evaluation of your application and we will publish brief details of the awards we make. Please see our grant conditions for more details about how your data is used.

Managing research grants

If you are awarded a research grant from us we will share information about your work with LifeArc for the purposes of monitoring and evaluating the potential impact of our research portfolio.

Diabetes UK is a member of Europe PubMed Central, and as per the contract, we are required to provide details of awarded grants on an annual basis.

We will also provide details of all our research awards (which includes brief details about award holders) to the Association of Medical Research Charities (AMRC) for the purpose of reporting as per membership requirement.

Communicating about research

If you are awarded a Diabetes UK grant, we will include details of your project on our website and may refer to your research in other communications channels. We may also share information about your research with potential donors for fundraising purposes.

Supporting people living with diabetes

We provide a helpline for people living with diabetes, their family, carers and friends or people who are worried they may be at risk of diabetes. Any medical information you provide to the helpline is kept strictly confidential. We only use this information to answer your questions and provide you with any support you request, for staff training and quality monitoring.

We also provide a customer care centre, which deals with a whole range of other questions, issues and complaints about our activities and the services we provide. We use the information you provide to us via this service to answer your questions, provide support to you or investigate any complaints, for staff training and quality monitoring.

Case studies

Some people agree to share their diabetes story with us to help us in our work and to help other people who may have similar experiences. This may involve you providing us with more detailed information about your health, background, ethnicity and diabetes story. We’re always really grateful when people agree to get involved in our work in this way and we’ll always ask you for your consent to use this information so that you stay in control of how this information is used.

Providing you with information about what we do and how you can help

Our charitable mission is that by bringing people together to work in partnership, we will support those living with diabetes, prevent Type 2, make research breakthroughs in diabetes, and ultimately find a cure. In order to achieve our mission, we need to reach as many people as possible and talk to them about what we’re doing. We, therefore, think it’s reasonable and legitimate for us to use your contact details to contact you by post and by telephone to tell you more about our work and how you can support us. This includes newsletters, appeals, magazines, raffle mailings, event invitations and information about the services we offer, campaigns we’re running, ways you can support us and about the research we’ve funded. We also offer a variety of different e-newsletters which you can sign up for.

If you’ve subscribed to the Telephone Preference Service, we won’t call you unless you tell us that you’re happy to hear from us in this way.

We know that filling up your inbox with unwanted emails is annoying, so we’ll only send you information about our work by email if you give us consent to contact you by email (we’re also legally obliged to get your permission). The same applies to text messages.

We respect the fact that it’s your choice to hear from us or not. You can change the way you hear from us, or stop hearing from us, quickly and easily at any time by contacting us.

Understanding our beneficiaries and supporters better

It’s important to us to understand the likes, dislikes, needs and interests of our beneficiaries, supporters and potential supporters. We do this in a number of different ways.

We get additional information about you from other public and private sources, to get to know you better. We look at how you support us and the amount and frequency of any donations you may have made to us. This helps us to make sure that we’re only asking for financial support when it’s appropriate to do so and we don’t ask you too often. It also means that if we think you might be able and willing to give a bit more or to leave us a legacy, we can contact you to see if you wish to do so.

So we can assess your ability and likelihood to support us, we analyse the information people give us and your existing relationship with Diabetes UK. We sometimes do some more detailed research on individuals. But this is the exception, not the rule: we only do it if we have reason to think someone is particularly influential or might have the capacity to be a major donor to us. This assessment is either based on personal interaction or on a more general analysis of our database of existing contacts done by applying demographic data, social factors, population and consumer behaviour (as mentioned above).

It’s also useful to us to group our supporters together in our databases on the basis of common interests or characteristics. This allows us to tailor our communications to make sure they are timely and interesting to each group. And it helps us to save money, by not sending out unwanted communications.

If you’ve agreed to receive emails from us, we also track whether emails have been opened and whether you’ve clicked on any of the links in those emails to see if they were useful and interesting to you.

We also use some of this information to analyse actual or likely responses to our campaigns and appeals so that we can continue to improve and achieve our charitable mission more effectively.

Who we share information with

We can’t do everything ourselves, so sometimes we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and provide you with the information you’ve requested. We also may share your personal information with third parties so they can provide services and advice to us in our work. We’ll always make sure that your information is kept securely and can’t be used for other purposes. We will never sell or give your information to third parties for their own marketing purposes.

Very occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or detect a crime.

Providing information to you and delivering services

When we send out information to you, for example about our events, campaigns or membership benefits, we often use companies who provide support services such as printing, creative services and mailing to do this.

When you place an order with our online shop, we need to share your contact details with our suppliers, warehouse and logistics providers to fulfill your order. Your details may also be passed to a survey provider for feedback on the products you buy, so that we can improve the range of products we offer.

If you pay for products or for services online or over the telephone, we will share your information with our payment providers who process the payments for us, like Mastercard. We don’t keep a record of your credit card details.

If you ask for support from us, we may pass your details on to local groups in your area who can provide that support, but we’ll always ask you first if you’re happy with this.

We sometimes team up with other partner organisations (for example other charities, healthcare organisations or companies) where we have common goals. This often allows us to achieve more than doing things on our own. We’ll always give you the choice on whether your details are passed to our partners or not.

Suppliers who provide services to us

Like most charities, we may use professional fundraisers to carry out face-to-face or telephone fundraising on our behalf. We always put in place safeguards, like monitoring and call listening to check they are behaving in a professional way and comply with the Code of Fundraising Practice.

We also use the services of online platforms for a number of reasons, for example to manage registrations for the conferences and events we run, to support fundraising efforts associated with these events, to support campaigns, to manage grant applications and to send out forms and surveys. When you submit your data to these platforms, the platform will collect and send your registration details to us.

Sometimes we share information about our supporters with third parties like creative agencies and data analysts who advise us on how to create and improve our campaigns and appeals. They may advise us on which groups of our supporters are more likely to respond to particular communications, including financial appeals and legacy requests. Any data will usually be shared on an anonymised basis, but occasionally we may need to share more details to get the best results.

We always ensure that we have a robust and legally compliant agreement in place with our third party suppliers, which obliges them to only process data on our instructions and in accordance with the law.

Reaching people through social media is a very cost-effective tool for charities. We sometimes share names and e-mail addresses with social media platforms in order to find people with similar likes and interests to our supporter groups, who might be interested in getting involved with us. Any information we share with social media platforms will be shared in an encrypted format and will not be used for their own purposes. You can tell us at any time if you don’t want your data to be shared in this way or you can opt out by changing your social media settings. See our Cookies policy for more details.

Information sharing required by law or regulation

Diabetes UK services are confidential. However, we may share information you give us with support agencies or the police if a member of staff or volunteer has concerns about your own or someone else's safety or wellbeing. We would need to share what you tell us with someone if:

  • we believe your life or someone else’s life is in danger
  • you tell us that you or someone else is being, or is at risk of being abused by another person
  • it’s necessary to prevent or detect a crime
  • we are required to do so under a court order.

Transfers outside the European Economic Area

Diabetes UK’s operations are based in the UK and we store the data we hold within the European Economic Area (where you have the same level of protection for your data as in the UK). However, a few of our suppliers may store their data outside the European Economic Area. We will only transfer your data to them if we are confident that your data will be adequately protected, for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of European Union citizens, or if we have obtained contractual assurances from them that they will meet EU data processing standards.

How long we keep your information for

As diabetes is a long-term, chronic condition, we know that your needs for support and your relationship with us will change over time. We will normally keep your personal information only for as long as we have an ongoing relationship with you.

We keep recordings of calls to our helplines and complaints for two years, except where we need to keep the data as a record of your consent to be contacted by us, in which case we keep it for as long as we need it for compliance purposes.

We keep financial records, Gift Aid records and details of any contracts we enter into with you for seven years after the relevant transaction, which is required by law. We may keep details about any actual, suspected or potential criminal offences or concerns for longer periods of time in accordance with governmental, regulatory or police guidance.

How we keep your information secure

We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems. We restrict access to personal information to employees, contractors and third parties who need to know that information to process it for us and who are subject to appropriate contractual confidentiality obligations. We regularly assess the security of our systems. If we need to transfer data to or from third parties, we will always use a secure method to do so.

Our legal basis for processing data

Organisations that collect personal data need to have a lawful basis for doing so. The law sets out six ways to process personal data (plus additional conditions for processing sensitive personal data). Four of these are relevant to the types of processing that we carry out.

This includes information that is processed on the basis of:

  • (a) A person’s consent (for example to send you direct marketing by e-mail or SMS);
  • (b) Diabetes UK’s legitimate interests (please see below for more information;
  • (c) A contractual relationship (for example to provide you with goods or services that you have purchased from us); and
  • (d) Processing that is necessary for compliance with a legal obligation (for example to process a gift aid declaration and carrying out due diligence on large donations)

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned.

When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Diabetes UK’s legitimate interests include:

  • Achieving our charitable objectives – including delivery of our charitable purposes in providing relief, support and advice to people with diabetes and its related complications and for those who care for them, advancing the understanding of diabetes and educating healthcare professionals and the general public and promoting research into the causes, prevention and cure of diabetes and publishing the results of such research;
  • Administration and operational management – including running and administering the charity, completing statutory and financial reporting and other regulatory compliance requirements, responding to solicited enquiries, providing information and our services, research, surveys, events management, the administration of volunteers and employment and recruitment requirements.
  • Fundraising and Campaigning – including administering campaigns and donations, and sending and making direct marketing by post and phone, and analysis, targeting and segmentation of data to develop communication strategies and maintaining communication suppressions.

If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please get in touch.

Your rights

You’re in control of your data and the way we use it.

You can ask us for a copy of the information we hold about you at any time by contacting us. We will generally supply any information you ask for within 30 days unless it is a particularly complex request. We will not charge you for this information other than in exceptional circumstances. We may ask you for proof of identity as we need to be sure we are only releasing your personal data to you.

You can also ask us at any time to:

  • amend your data,
  • withdraw consent (where we are processing your data on this basis),
  • limit the way we use your data,
  • stop using your data for direct marketing,
  • stop analysing your data to understand our supporters better, or
  • delete your data.

We will do our best to comply with your requests as long as we’re able to do so. For example, if you’ve signed up to attend an event, we will still need to be able to use your details to process your attendance. If you ask us to delete your data or to stop sending marketing information to you, we will retain limited details on a suppression list, to make sure we don’t contact you again by mistake. In this case, your details won’t be used for any other purpose. You can also subscribe to the Fundraising Preference Service, which enables you to block communications from named charities.

If you have any complaints about the way we collect and manage your data, please let us know so we can address them. We have appointed a Data Protection Officer to oversee the way we manage personal data. They can be contacted at dpo@diabetes.org.uk.

If you’re unhappy with the way we respond to any complaint, you also have the right to complain to the Information Commissioner’s Office (which regulates the use of personal data in the UK) or to the Fundraising Regulator (which regulates fundraising charities).

How to contact us

Our social media channels

We use a platform called SocialSignIn run by Orlo to manage our social media interactions. This helps us respond to you quickly and efficiently. If you message us, tag us, like us, follow us, share or comment on our posts, your personal data will be stored by Orlo on our behalf. Your data will be stored securely and will only be used by us either to respond to social media interactions or to help us analyse how we can better communicate with our supporters. Orlo won’t use your data for anything else. You can find out more information about how we use your personal data in the rest of our privacy policy.

Version 2

Who we are

Our official name is the British Diabetic Association, but we’re usually known as Diabetes UK, Diabetes Scotland, Diabetes Cymru/Diabetes Wales or Diabetes Northern Ireland. We’re a charity registered in England (no. 215199) and Scotland (SC039136) and a not for profit company (no. 00339181).  Our head office is in London and we have national offices in Wales, Scotland and Northern Ireland. We have regional offices across England and run local volunteer groups all over the whole of the UK. We also have a trading company, Diabetes UK Services Limited, which carries out some of our commercial activities like our online shop and our lottery to raise funds for the charity. All of its profits are donated to the charity. Any personal data you give us will be used by the charity and Diabetes UK Services Limited. 

This privacy policy covers what we do as a charity generally, whether across the UK, nationally, regionally or locally. Our use of data for recruitment and employment purposes is dealt with in a separate policy. If you are a researcher applying for a grant from us, please see our Research Privacy Policy (PDF).

What personal data we collect

We collect information directly from you, when you give it to us by filling in forms, over the telephone, face to face, on your mobile phone or on our website. This includes information you provide to our local volunteer groups. We get some information about you from third parties, for example when you enter an event organised by someone else and choose to fundraise for us. We also collect some extra data about you from other sources.

Information we collect directly from you

When you provide us with your information directly, we usually ask you for your name, address and contact details. If you are making a donation to us or buying something from our shop, we will also collect your banking or credit card details and may ask for information about your tax status for Gift Aid. Often we also ask why you have chosen to support us, as that helps us understand how we can meet your needs.

Where we are delivering services to you (for example through our telephone helpline, events, community outreach, education and advocacy work) providing you with information about our work or when you take part in one of our campaigns, we regularly ask you for more information. This may be about about your health, for example what type of diabetes you have, to make sure we send you information which is right for you. It can also help us to have health, dietary and disability information about you if we need to make changes to meet your needs, like sending you audio publications or providing hypo kits at events we run. We sometimes also ask about your ethnicity to make sure we are reaching a diverse audience and because ethnicity increases your risk of Type 2 diabetes.

We work with the NHS and other organisations to improve the care and services which people living with diabetes receive. To do this, we periodically ask people living with diabetes to take part in surveys or audits about their experience and the care they receive. If you agree to take part, we will give you more details about how your information will be used and shared at the time.

If you volunteer for us, we may also collect details about your contact details, age, gender, skills and experience, emergency contact details, references, ethnic origin and criminal convictions.

If you come to an event, meeting or workshop that we run, we will often take photos to illustrate articles about them or for our future marketing. You can always opt out of this by letting the organiser know. We’ll ask you for your consent before using any close-ups or photos that are likely to identify you, but it’s often not practical to get everyone’s consent for a group shot, for example at a walking event or at a large conference.

Information we collect from you on our websites, social media sites and apps

Our Know Your Risk online tool collects information about your gender, age, ethnic background, body shape and blood pressure to give you a score for your risk of developing Type 2 diabetes in the next 10 years. This information is kept separately from any other information you may give us and is only used by us for statistical and trend analysis.

We use a number of interactive online tools to deliver education and support to you. Some of these ask you to give extra details about your personal health and ethnicity as well as extra information about you like your diabetes type, age, gender and date of diagnosis. This is so we can provide you with educational content which is relevant, clinically accurate and suitable for you.

The Diabetes UK Support Forum gives people the chance to share their experiences of living with diabetes and ask any questions. The forum is open to the public and anyone using our website has access to the posts you make, although we do moderate it to try to make sure it is a safe and supportive space. Please see our Acceptable Use policy for more information.

Our website, like most others, uses cookies to improve the way it works and monitor its performance.

This includes allowing us to:

  • recognise you when you visit our site more than once
  • identify what device you used to access the site
  • how you came to our site
  • what pages you looked at or what action you took
  • what pages are most popular
  • save any of your personalised settings.

We also use cookies and similar types of code to show you targeted information from us when you leave our site and go to third party websites, for example on Google, Tiktok and Facebook and their associated sites like Instagram and YouTube.

When you visit our social media pages (including Facebook, Instagram, TikTok and Twitter), the owner of that site will usually place cookies on your device. You can choose whether to allow this by changing your social media or browser preferences – see our Cookies Policy for details.

Social media sites like Facebook, WhatsApp and Tiktok can also share your data with third parties, including us, depending on the settings you’ve chosen on those sites.

This means we can tailor our marketing to better suit your needs and aim to display ads that we believe are relevant to you. You can find out more about this type of activity in our Cookie Policy. You can change your cookies settings on our website or change your social media settings to prevent this type of activity.

Please note that even if you change your preferences with us, you will still see some content from us on social media, as the social media site will choose content for you based on other reasons. When you visit our social media pages (including Facebook, Instagram, Twitter), the owner of that site will usually place cookies on your device. You can choose whether to allow this by changing your social media or browser preferences – see our Cookies Policy for details.

We also may periodically offer you the opportunity to take part in user experience testing via our website. See user experience research for further details.

Information we get from other sources

We want to give everyone a great fundraising experience. To do this we sometimes use information about your resources, positions of responsibility in the public, private and third sector, location, charitable interests and any other relevant information to help us tailor communications and make sure we get in touch with the right invites and suggestions.

We collect information we can find on publicly available and free sources for this purpose, like Companies House, other public registers, Who's Who, newspaper, magazine and internet articles. We always check that our resources are reliable and verified. 

We receive information about legacies which have been left to us through an automatic notification service. This draws information from grants of probate, which are public documents, and allows us to get in touch with executors to make sure we receive legacies intended for us. We’ll only use executors’ details for this purpose and we won’t send them any other information unless requested.

If we have reason to think that someone who has never been in touch with us before could be interested in our cause, we will collect basic information on them from publicly available, reliable sources. We may have read their story on a newspaper or know about them through our staff or major supporters. Once we know a bit more about them, if we believe they might be interested we do our best to get in touch with them, and we will usually do this within a month, at which point we will provide more information about how we use the data.

Children

We provide age-appropriate information for children and young people living with diabetes on our website. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children for events we organise specifically for young people and their families or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people. When we take photos of children at to our events, we’ll always ask parents if we can use the images.

Business contacts

When we work with third party suppliers or customers we will usually collect limited contact details for key staff at that supplier or customer. These are only used for managing our business relationship with that supplier or customer.

How we use your data

We use the data you give us and the data we collect about you from other sources for the following purposes:

  • To provide you with the services (e.g. events, helpline, community outreach, education), information and products you request.
  • To provide you with information about campaigning, fundraising, research, volunteering and other ways you can support our charitable mission.
  • To process your application for a research grant.
  • For administration purposes, including processing donations (including Gift Aid and legacies), quality and compliance monitoring and staff training.
  • To monitor and improve the performance of our website.
  • To provide interactive services to you on our website.
  • To safely and securely test the impact of technical system changes on your data.
  • To analyse and improve the services, products and information we offer and the campaigns and appeals we produce.
  • To keep a record of your interactions with us.
  • To better understand our supporters’ needs, wishes and interests.
  • To tailor relevant information about us to you when you leave our site and go to other websites.
  • To deliver information we believe will be relevant and interesting to other people with similar interests and characteristics to you.
  • To make a decision about whether you are eligible to take part in a specific user experience project.

Events and membership

If you sign up for one of our events, like a fundraising event or support event, we will use your contact details to provide you with information about the event and to support you with any associated fundraising. If you join our membership scheme, we will use your data to send you your membership benefits, information about other ways to get involved with us and to make sure the information we send you is relevant to you.

Online shop

If you buy a product from our shop, we will use the information you provide to complete your order. We will also use your details to ask you to fill in a feedback survey via a survey agent about the products you’ve bought. We need to share your information with our suppliers to do this, but we’ll keep your data safe when we do this. Please see who we share your data with for more details. If we notice that you’ve left items in your shopping basket without checking out, we will send you an automatic reminder. If an item is out of stock, you can also choose to receive a reminder when it’s back in stock.

Research grant applications

If you apply for a research grant from us, our online grant application platform is provided by CC Technology, a third party supplier. We will share your data with experts involved in the evaluation of your application and we will publish brief details of the awards we make. Please see the terms and conditions of use of Grant Tracker, our Grant Conditions and our Research privacy notice (PDF) for more details about how your data is used.

Supporting people living with diabetes

We provide a helpline for people living with diabetes, their family, carers and friends or people who are worried they may be at risk of diabetes. Any medical information you provide to the helpline is kept strictly confidential. We only use this information to answer your questions and provide you with any support you request, for staff training and quality assessment.

We also provide a customer care centre, which deals with a whole range of other questions, issues and complaints about our work. We use the information you give us to answer your questions, provide support to you or investigate any complaints, for staff training and quality monitoring.

Case studies

Some people agree to share their diabetes story with us to help us in our work and to help other people who may have similar experiences. This may involve you providing us with more detailed information about your health, background, ethnicity, diabetes story and some photographs. We’re always really grateful when people agree to get involved in our work in this way and we’ll always ask you for your consent to use this information so that you stay in control of how this information is used.

Providing you with information about what we do and how you can help

Our charitable mission is that by bringing people together to work in partnership, we will support those living with diabetes, prevent Type 2, make research breakthroughs in diabetes, and ultimately find a cure. In order to achieve our mission, we need to talk to as many people as possible about what we’re doing. This is why we think it’s reasonable and legitimate for us to use your contact details to contact you by post and by telephone to tell you more about our work and how you can support us. This includes newsletters, appeals, magazines, raffle mailings, event invitations and information about how we help, campaigns we’re running, ways you can support us and about the research we’ve funded. We also offer a variety of different e-newsletters which you can sign up for. Some of these publications are supported by third party advertising, but we don’t give your details to our advertisers.

If you’ve subscribed to the Telephone Preference Service, we won’t call you about our work or for fundraising purposes unless you tell us that you’re happy to hear from us in this way. We will only call you for strictly necessary administrative purposes, like to check Gift Aid status or to respond to a complaint you’ve made. We’ll only send you information about our work by email if you give us consent to contact you by email. The same applies for text messages.

You can change the way you hear from us, or stop hearing from us, quickly and easily at any time by contacting us. Please see details in the contact section.

Understanding our beneficiaries and supporters better

It’s important to us to understand the likes, dislikes, needs and interests of our beneficiaries, supporters and potential supporters. We do this in a number of different ways.

We get extra information about you from other public and private sources (please see information we obtain from other sources to get to know you better). We look at how you support us and the amount and frequency of any donations you may have made to us. This helps us to make sure that we’re only asking for financial support when it’s appropriate to do so and we don’t ask you too often. It also means that if we think you might be able and willing to give a bit more, or to leave us some money in your will, we can contact you to see if you wish to do so.

So we can assess your ability and likelihood to support us, we analyse the information people give us and your relationship with Diabetes UK. Very occasionally we do more detailed research on individuals. But this is the exception not the rule. We only do it if we have reason to think someone is particularly influential or might have the capacity to be a major donor to us. This assessment is either based on personal interaction or on a more general analysis of our database of contacts done by applying demographic data, social factors, population and consumer behaviour (as mentioned above).

Analysing data to improve what we do

We often use personal information to analyse the success of our campaigns, appeals and initiatives. This helps us make sure we’re reaching the right people and having the greatest impact. It’s also useful to us to group our supporters together in our databases on the basis of common interests or characteristics. This is often known as segmentation or profiling. It helps us to understand what kind of people take part in particular campaigns or appeals, so that we can improve what we do. For example, we might find that a particular group of people are more likely to drop out of our Swim22 challenge, so we can offer them extra support and encouragement. It allows us to tailor our communications to make sure they are more relevant to each group. For example we might learn that one group is more likely to be interested in self-education to manage their diabetes, but aren’t interested in cooking so we signpost them to our online Learning Zone content rather than recipes. As a result, we can save money, by not sending out unwanted communications. We can also use these groups to work out where some of our messages aren’t being successful and try new ways to reach people to achieve our charitable goals. While we may use profiling to target the way we communicate with our supporters, our services are always available to everyone affected by diabetes on an equal basis.

If you’ve agreed to receive emails from us, we also track whether emails have been opened and whether you’ve clicked on any of the links in those emails to see if they were useful and interesting to you.

Applications to participate in user experience research

If you apply to participate in a user experience research project, our online recruitment platform may automatically decide whether you are suitable to participate. This decision is based on the data you provide during the sign-up process. Each research project is different, and our sign-up process will clearly explain who we are looking for and the reasons why. Your application to participate in user experience research – whether accepted or not – has no effect on any other involvement you have with us now or in the future.

Who we share information with

We can’t do everything ourselves, so often we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and give you information you’ve requested. We may also share your personal information with third parties so they can give us advice or services to carry out our work. We’ll always make sure that your information is kept securely and can’t be used for other purposes. If you sign up for our user experience research, we will share your information with our research clients so they can contact you to participate in research. We will never sell or give your information to third parties for their own promotional marketing purposes.

Occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or detect a crime.

Providing information to you and delivering services

When we send out information to you, for example about our events, campaigns or membership benefits, we often use companies who provide support services like printing, creative services and mailing to do this. When you place an order with our online shop, we need to share your contact details with our suppliers, warehouse and logistics providers to complete your order. Your details may also be passed to a survey provider for feedback on the products you buy, so that we can improve the range of products we offer.

If you pay for products or for services or make donations online or over the telephone, we will share your information with the payment providers who process the payments for us, like Mastercard, Google Pay, Stripe or Apple Pay.

If you ask for support from us, we may give your details to local groups in your area who can provide that support, but we’ll always ask you first if you’re happy with this.

We sometimes team up with other partner organisations like other charities, healthcare organisations or companies where we have common goals. This often allows us to achieve more than doing things on our own. We’ll always give you the choice on whether your details are passed to our partners or not.

Suppliers who provide services to us

Like most charities, we may use professional fundraisers to carry out face-to-face or telephone fundraising on our behalf. We always put in place safeguards, like monitoring and call listening to check they are behaving in a professional way and comply with the Fundraising Code.

We also use the services of online or mobile platforms for a number of reasons, for example to manage registrations for the conferences and events we run, to support fundraising efforts associated with these events, to support campaigns, to manage grant applications, to manage mobile messaging and mobile donations and to send out forms and surveys. When you submit your data to these platforms, the platform will collect and send your registration details to us. Sometimes the platforms will use your data for their own purposes such as analysing the use of their platform or for advertising, so we recommend that you check their privacy policies for more details.

Sometimes we share information about our supporters with third parties like creative agencies and data analysts who advise us on how to create and improve our campaigns and appeals. They may advise us on which groups of our supporters are more likely to respond to particular communications, including financial appeals and legacy requests. Any data will usually be shared on an anonymised basis, but occasionally we may need to share more details to get the best results.

We always make sure that we have a robust legal agreement in place with our third party suppliers, which obliges them to only use your information on our instructions and in accordance with the law.

Sharing information to and from social media

Reaching people through social media is a very cost-effective tool for charities.

We sometimes share with Facebook the email addresses of people who have donated to us, registered to take part in one of our fundraising events, or engaged with us in another way. These email addresses are used by Facebook to create ‘custom audiences’, so they can determine whether you are a registered account holder with them, and therefore display relevant adverts to you about our events or services. Our adverts may then appear when you access their platform. For example, if you have signed up to one of our events in the past, we may share your email address with Facebook so we can show you ads letting you know when the next event is next happening. These email addresses can also be used by Facebook to create ‘lookalike audiences’. These are groups of people with similar characteristics and interests to our supporters, who might therefore be interested in getting involved with us. We will then use Facebook to show relevant advertising to these audiences. For example, we might find that people who like walking are more likely to take part in our London Bridges Walk.

We do this to make sure we are using our funds in the most efficient and cost-effective way possible, to reach and provide support to more people, and raise more funds to aid our vital work for people living with diabetes. We will only include supporters in these lists if they have opted in to receive our marketing. Any information we share with Facebook will be shared in an encrypted format, will be deleted by Facebook after a short period of time, and not used for any other purpose. You can tell us at any time if you don’t want your data to be shared in this way by contacting us.
You can also change your own social media settings. For more information, please review Facebook’s privacy policy, the UK versions of which are available at https://en-gb.facebook.com/policy.php

User Experience research

From time to time we may offer you opportunities to engage as a participant in user experience research via our website. ‘User experience research’ is the process of getting feedback about products and services aimed at people with diabetes, and is different to ‘clinical research’ that aims to scientifically prove medical and lifestyle interventions. Although we will always consider clinical research as part of our charitable mission, we also offer user experience research as a chargeable consultancy service to other organisations that we have vetted. We do this to raise funds for our work, but also to encourage products and services targeted at people with diabetes to take into account their needs.

If you choose to participate in any of our user experience research projects, we may introduce you to our research clients and also share data with them relating to your involvement in that user experience research project. Our signup process will always let you know what data will be collected and shared before you complete the sign up process.

Involvement in our user experience research projects is your choice, and requires your active agreement for each and every research project. We will never share any data with our clients that we have collected from our other activities with you, and we will never sell your data to anyone for their own promotional marketing purposes.

Information sharing required by law or regulation

Our services are confidential. However, we may share information you give us with support agencies or the police if a member of staff or volunteer has concerns about your own or someone else's safety or wellbeing. We would need to share what you tell us with someone if:

  • we believe your life or someone else’s life is in danger
  • you tell us that you or someone else is being, or is at risk of being abused by another person
  • it’s necessary to prevent or detect a crime
  • we are required to do so under a court order.

Transfers outside the European Economic Area

Our work is based in the UK and we store the data we hold within the European Economic Area (where you have the same level of protection for your data as in the UK). However, a few of our suppliers may store their data outside the European Economic Area. We will only transfer your data to them if we are confident that your data will be adequately protected, for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of European Union citizens, or if we have a contract with them that says they will meet EEA data processing standards.

Partnership with Blis

We sometimes partner with third party marketing agencies to help us reach our supporters better and we have recently partnered with Blis to provide geo-targeted programmatic display advertising for us.

This technique allows us to deliver digital advertising on some websites you might visit, so the adverts you see are more relevant to you. We do this by using GPS location data, where you have given consent to share this data.

You will always need to give Blis explicit consent to participate in this technique and to allow them to use your data in this way. All of your information will be processed and stored in accordance with Blis’ Privacy Policy.

You may opt out of advertising and processing of your data by Blis at any time, and you can also directly contact Blis' privacy department to review, correct, update, or subject to delete your data.

How long we keep your information

As diabetes is a long-term, chronic condition, we know that your needs for support and your relationship with us will change over time. We will normally keep your personal information only for as long as necessary.

We normally keep your details on our supporter database while we have an ongoing relationship with you. If we haven’t heard from you for seven years, we will archive your data, which means we won’t use it any more unless you decide to restart your relationship with us.

We keep recordings of calls to our helplines and complaints for two years, except where we need to keep the data as a record of your consent to be contacted by us, in which case we keep it for as long as we need it for compliance purposes.

We keep financial records, Gift Aid records and details of any contracts we enter into with you for seven years after the relevant transaction, which is required by law. We do not keep your credit card details in accordance with payment industry standards.

We may keep details about any actual, suspected or potential criminal offences or concerns for longer periods of time in accordance with governmental, regulatory or police guidance.

If you’ve told us that you’ve left us a gift in your will or have expressed an interest in leaving us a gift in your will, we will keep a limited amount of information about your relationship with us until six years after your estate is wound up. This information will be only used to make sure we receive any gift you may make.

How we keep your information securely

We guard against unauthorised access to our systems by reviewing our information collection, storage and processing practices, including physical security measures. We restrict access to personal information to employees, contractors and third parties who need to know that information to process it for us and put in place contracts which require them to keep it confidential. We regularly assess the security of our systems. If we need to transfer data to or from third parties, we will always use a secure method to do so.

Our legal basis for processing data

Organisations that collect personal data need to have a lawful basis for doing so. The law sets out six ways to process personal data (plus extra conditions for processing sensitive personal data). Five of these are relevant to the types of processing that we carry out.

This includes information that is processed on the basis of:

  • A person’s consent (for example to send you direct marketing by e-mail or SMS)
  • Diabetes UK’s legitimate interests (please see below for more information)
  • A contractual relationship (for example to provide you with goods or services that you have bought from us, or when you agree to participate in user experience research)
  • Processing that is necessary for meeting legal obligations (for example to process a Gift Aid declaration and carrying out due diligence on large donations), and
  • In rare cases, to protect someone’s life.

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and doesn’t adversely impact the rights of the individual concerned.;

We will always consider if it is fair and balanced to use your personal information and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to make sure that we use your personal information in ways that are not unduly intrusive or unfair.

Our legitimate interests

  • Achieving our charitable aims –These include providing support and advice to people living with diabetes and its related complications and for those who care for them, increasing the understanding of diabetes, educating healthcare professionals and the general public and promoting research into the causes, prevention and cure of diabetes and publishing the results of research.
  • Administration and operational management - This includes running the charity, legal and financial reporting and meeting legal requirements, , responding to your enquiries, providing information and our support, research, surveys, events management, the administration of volunteers and employment and recruitment requirements.
  • Fundraising and campaigning This includes running campaigns and donations, sending and making direct marketing by post and phone, analysing data to make sure our work is effective and maintaining a list of people who don’t want to hear from us.

If you would like more information on our uses of legitimate interests or to change our use of your personal data, please get in touch with us using the details in the “Contact us” section below.

Your rights

You’re in control of your data and the way we use it.

You can ask us for a copy of the information we hold about you at any time by contacting us at the details below. We will generally supply any information you ask for within 30 days unless it is a particularly complex request. We will not charge you for this information other than in exceptional circumstances. We may ask you for proof of identity as we need to be sure we are only releasing your personal data to you.

You can also ask us at any time:

  • to amend your data
  • to stop using your data for a particular purpose, if you’ve changed your mind about it
  • to limit the way we use your data
  • to stop using your data for direct marketing (for example fundraising and campaigning appeals)
  • to stop analysing your data to understand our supporters better or
  • to delete your data.

We will do our best to follow your requests as long as we’re able to do so. For example, if you’ve signed up to attend an event, we will still need to be able to use your details to process your attendance. If you ask us to delete your data, or to stop sending marketing information to you, we will retain limited details on a suppression list (a list of people we can’t contact), to make sure we don’t contact you again by mistake. In this case, your details won’t be used for any other purpose. You can also subscribe to the Fundraising Preference Service, which enables you to block communications from named charities.

If you have any complaints about the way we collect and manage your data, please let us know so we can address them. We have appointed a Data Protection Officer to oversee the way we manage personal data. They can be contacted at infogov@diabetes.org.uk. If you’re unhappy with the way we respond to any complaint, you also have the right to complain to the Information Commissioner’s Office which regulates the use of personal data in the UK at https://ico.org.uk/concerns/. You can also contact the Fundraising Regulator which regulates fundraising charities at https://www.fundraisingregulator.org.uk/make-a-complaint/complaints/.

How to contact us

Back to Top
Brand Icons/Telephonecheck - FontAwesomeicons/tickicons/uk