Privacy Policy

Privacy Policy – Calon Hearts UK

Last updated: 20th April 2026

Calon Hearts UK (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, and protect your information when you interact with us, including through our website, bookings, events, and communications.

 

1. Who We Are

Calon Hearts UK is a charity dedicated to preventing sudden cardiac death through heart screenings, defibrillator provision, and CPR training.

Calon Hearts UK is the data controller responsible for your personal data.
Registered charity number: 1193404
Registered address: 18c High Street, Llandaff, Cardiff, CF5 2DZ

If you have any questions about this policy or your data, you can contact us at:

Email: info@calonhearts.org
Website: www.calonhearts.org

 

2. What Information We Collect

We may collect and process the following types of personal data:

a) Personal Details

• Name
• Email address
• Phone number
• Address

b) Screening & Health Information

• Date of birth
• Medical questionnaire responses (relevant to heart screenings)
• Screening results (processed in accordance with strict confidentiality and data protection requirements)

c) Booking & Payment Information

• Booking details for screenings or events
• Payment information (processed securely via third-party providers - we do not store full card details)
• Additional note on children and young people - Our services include individuals under 18. Where required, we obtain consent from a parent or guardian before collecting or processing personal data and this is verified through the booking process.

d) Communication Data

• Emails, messages, or enquiries you send to us
• Preferences for receiving marketing communications

e) Website Usage Data

• IP address
• Browser type and device
• Pages visited and usage patterns (via cookies/analytics tools)
• We use trusted service providers including secure payment processors, booking systems, and IT platforms. A list of key processors is available on request

 

3. How We Use Your Information

We use your data to:

• Provide and manage heart screenings and services
• Process bookings, donations, and event registrations
• Communicate important information about your appointment or enquiry
• Send updates about our work, events, and fundraising (only where you have opted in)
• Improve our website and services
• Meet legal and regulatory obligations

 

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

• Consent – for marketing communications and certain health data
• Contract – to fulfil bookings or services you request
• Legal obligation – where required for compliance
• Legitimate interests – to operate and improve our services
•  

For health-related data (special category data), we process this only where necessary and with appropriate safeguards.

We process health data under Article 9 of UK GDPR, typically on the basis of explicit consent and/or for the provision of health care and treatment.

 

5. How We Store and Protect Your Data

We take appropriate security measures to protect your data, including:

Secure servers and systems

• Restricted access to sensitive data
• Encryption and secure third-party platforms

We only retain your data for as long as necessary for the purposes outlined in this policy or as required by law.

We retain data for different periods depending on its purpose, for example:

• • Medical records: retained in line with clinical and legal requirements
• • Financial records: retained for a minimum period required for accounting and regulatory purposes (typically 6 years)
• • Marketing data: retained until you withdraw consent

We regularly review our data protection practices to ensure ongoing compliance with UK GDPR and best practice.

International Transfers

Some of our trusted service providers may store or process your personal data outside the UK (for example, email, booking, payment, or IT systems).

Where this occurs, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations (where the destination country is approved), or
• the UK International Data Transfer Agreement (IDTA), or
• the UK Addendum to the EU Standard Contractual Clauses (SCCs).
• These safeguards ensure your data remains protected to UK GDPR standards.

 

 

6. Sharing Your Information

We do not sell your personal data.

We may share your data with trusted third parties where necessary, including:

• Medical professionals conducting screenings
• Payment processors
• Booking and CRM systems
• IT and website service providers

All third parties are required to respect your data and keep it secure.

 

7. Marketing Communications

We may send you updates about:

• Upcoming screenings
• Events and fundraising activities
• News and developments

You can unsubscribe at any time by clicking the link in our emails or contacting us directly.

 

8. Cookies

Our website may use cookies to improve your experience and analyse website traffic.

You can control or disable cookies through your browser settings. For more detailed information, please refer to our Cookie Policy or the cookie controls available on our website. 

 

9. Your Data Protection Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection

To exercise any of these rights, please contact us at info@calonhearts.org

 

10. Third-Party Links

Our website may contain links to other websites. We are not responsible for the privacy practices of those sites.

 

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.