Privacy notice

At Dementia UK, we are committed to keeping your personal information safe. This is our privacy notice, in which we tell you honestly how we use and look after your personal information. This privacy notice tells you what to expect us to do with your personal information if you choose to share it with us: this could be if you use our services; support our work with a donation or by fundraising for us; apply for a voluntary or paid position with Dementia UK; or use our website. We will tell you what information we collect about you; how we use this data; with whom we share it; and how we store it and keep it safe.

If you would like a printed paper copy of this privacy notice, contact our Supporter Care Team on 0300 365 5500, at supportercare@dementiauk.org or write to us using the address in the ‘Who we are’ section.

We last updated our privacy notice in October 2024.

We are Dementia UK — the specialist dementia nursing charity that is there for the whole family. Our specialist nurses, known as Admiral Nurses, provide life-changing support for families affected by all forms of dementia.

Dementia UK is a registered charity in England and Wales (1039404) and Scotland (SC 047429). Dementia UK is also a company limited by guarantee and registered in England and Wales (02944156).

Dementia UK is the data controller of personal information we collect. Dementia UK is registered with the Information Commissioner’s Office as a data controller under reference Z1250036.

For any queries, concerns, or complaints you may have about how Dementia UK collects, uses or stores your personal information, you can contact our Data Protection Officer at dataprotectionofficer@dementiauk.org

Or you can write to:

‘Data Protection Officer’
Dementia UK
7th Floor
One Aldgate
London
EC3N 1RE

If Dementia UK cannot resolve the issue, you can also make a complaint to the Information Commissioner’s Office (ICO: the UK supervisory authority for data protection) if you are unhappy with how we have used your data:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

ICO helpline number: 0303 123 1113
ICO website: ico.org.uk

As a data subject, under UK GDPR (data protection law) you have the right to:

• Access: you have the right to ask for copies of all information we have about you
• Rectification: you have the right to ask us to correct personal information you think is wrong. You also have the right to ask us to complete information you think is incomplete
• Erasure: you have the right to ask us to delete your personal information
• Restriction of processing: you have the right to ask us to limit the processing of your personal information
• Objection to processing: you have the right to say no to the processing of your personal information
• Data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you
• Withdraw consent: if Dementia UK has asked your consent to use your data for a particular reason, you have the right to take back that consent so that Dementia UK cannot use your data like that in the future. However if you choose to withdraw your consent this will not change anything that Dementia UK has used your data for in the past with your consent

You can choose to use any of these rights for free by contacting us at dataprotectionofficer@dementiauk.org, or writing to us at our address (see ‘Who we are’) with your request.

Dementia UK has one calendar month to respond to you from the time we receive your request. Dementia UK does not have to agree to your request, but if we do not agree we have to tell you why.

It is your choice to share your personal information with us and you do so at your own risk. However, we take information security seriously at Dementia UK. We work hard to make sure that your personal information is looked after securely, and that we only process data in the ways that we say we do in this privacy notice.

We make sure that your personal information is only seen by people who need to access it to do their job. We check who has access to all personal information regularly.

Our staff complete data protection and cyber security training so that they know how best to look after your personal information.

We put in place technical controls to protect your personal information. For example, our online forms are encrypted, and our network is protected and regularly monitored.

We comply with the Cyber Essentials Plus scheme. You can see our certificate Cyber Essentials Plus (dementiauk.org)

However, even though we are very careful we can never 100% guarantee the security of any information you give to us. If you are not happy or have concerns about how we look after your personal information, please contact our Data Protection Officer.

The Dementia UK website contains links to other websites that are not run by us. These websites should have their own privacy notices for you to read. We do not have any responsibility for how these websites or organisations process your personal information.  

Under UK Data Protection Law (UK GDPR), we must have what is known as a ‘legal basis’ for collecting and using your information. There are six legal bases, sometimes known as ‘lawful bases’:

• consent (your permission)
• performance of a contract
• legitimate interest
• vital interest (to save a life)
• legal requirement
• public interest

Often, we will ask for your consent (permission) to collect and use your personal information, and we will tell you what we will do with this when we ask your consent. If you choose not to give us your consent when we ask you, we will not do it.

When appropriate, we use other legal bases, like vital interest or legal requirement, for collecting and using your information.

Legitimate interests

Other times, we use your personal information using the legal basis of legitimate interest. This means that the reason that we are processing information is because it is beneficial to us and not harmful to you.

We can only use legitimate interest as a lawful basis if we first do a ‘legitimate interest assessment’. This assessment helps us to balance the benefits of what we want to use your personal information for, with the impact it can have on you. We only approve this assessment if we are confident that what we want to do with your personal information does not cause harm to you.

The next sections of this privacy notice tell you which uses of your personal information rely on a legitimate interest.

For more information, contact our Data Protection Officer.

What information do we collect?

We may collect personal information such as your name, gender, date of birth, email address, postal address and telephone number. We may also collect details relating to your health, personal circumstances, medication, and other health-related information. We might also ask why you are getting in contact with Dementia UK.

If you are accessing our specialist dementia services in a professional capacity as someone who works with people living with dementia, we may collect personal information such as your name, email address, job title, where you work and your professional role. This is to help us to offer the correct information and services. If you have an enquiry about a specific individual we will also ask for non-identifiable information about the individual including diagnosis, health profile and support network to help us advise you correctly. Please note that we do not take referrals from anyone other than the a Dementia UK staff member, an individual or their personal carers.

If you call the Admiral Nurse Dementia Helpline (0800 888 6678) or are contacted by a Clinic’s Admiral Nurse, your call will be recorded. All outgoing telephone calls from Consultant Admiral Nurses and telephone clinic appointments will also be voice recorded. This is so we can monitor all calls and ensure that we provide a good service.

How do we collect your information, and why do we have it?

You may give us your personal information directly. Your information may be shared with us by your family or a carer; or through referrals from staff members.

You share personal information with us when you submit an enquiry; use our services; share your story with us; join one of our networks; give us feedback; or make a complaint.

When you contact the Admiral Nurse Dementia Helpline (by phone or email) you share personal information with us.

When you book and attend an Admiral Nurse Clinical Delivery service (in person, online via video or by phone) you share personal information with us.

We use information you or someone else on your behalf gives us to:

• provide the best possible advice about your health and care
• record any advice we have given you
• contact you to discuss any advice we have given you
• contact you to ask your feedback on your experience of our services

Can you share someone else’s information with us?

If you contact the Admiral Nurse Clinical Delivery service on behalf of another person, before you give any of their identifying personal information to us you must make sure that you have the right to share their personal information. You may have the right to share their personal information if you are their primary carer and they have given you permission. You may also have the right to share another person’s information if they lack capacity to make their own informed decisions, a decision needs to be made for them, and you are acting in their best interests.

For more information, you may wish to read about the Mental Capacity Act.

If you are aged under 16, you must ask a responsible adult to share information with Dementia UK on your behalf.

When do we use legitimate interests?

We will often ask your permission to use your personal information. However, here are the reasons we have for using your personal information if we rely on our legitimate interests as a legal basis:

• To record your personal information when you book and attend one of our services. This means we can provide you with support
• To update our records with accurate and up to date information
• To provide any information you have requested from us and direct you to any services that may be relevant
• To send you a follow-up email after you have used our services. This email will contain links to more information and tell you how you can contact us again
• To contact you by post or email to ask you about your experience of our services. This helps us to improve our services
• To record calls to our Admiral Nurse Helpline or Clinics. This helps us to check that we are offering the best possible service and investigate complaints, legal claims or other issues
• To investigate and respond to complaints, legal claims or other issues
• To detect and reduce fraud

You can ask us to stop using your personal information in any of these ways at any time by contacting our Data Protection Officer.

How do we store your information? How long for?

Your personal information is stored in a database which can only be accessed by Dementia UK staff who deliver and support our services.

We will only keep your personal information for as long as we need it, and for as long as the law tells us we must keep it. We usually keep medical and healthcare information for eight years. We keep recordings of Helpline calls, Clinic appointments, and Consultant Admiral Nurse services for three months.

At Dementia UK we have documents which tell us how long we need to keep personal information. The information in these documents is based on legal and operational needs. We make sure that we fully delete or anonymise personal information that we do not need to keep anymore.

Do we share your information?

Usually, Dementia UK will not share any of your personal information without your permission. We never sell your personal information.

We will sometimes share your information with organisations working for us: to send you some information you have asked for; or to help us improve our services.

In some special circumstances we need to share your personal information without your permission. This is often to protect or support you or someone else.

When we need to share your personal information in these circumstances, we will, if we can, let you know who we are sharing it with and why. We will share as little information as is needed, and we will share it in a way that keeps it safe. We will also check that the person or organisation who will be given your information will look after it properly.

Here are the reasons we may need to share your personal information:

• We are told to by law. We may need to give personal information to your GP (doctor), the police, legal advisors, professional regulators, or safeguarding agencies
• We think it would be helpful to you for your GP to have your personal information
• You are at risk of serious harm, neglect, death or threat to personal safety and wellbeing
• You tell us that a child may be being hurt or is in danger
• We believe a crime is happening or may happen if nothing is done to stop it

Do we send your information outside the UK?

We try to keep your personal information inside the UK. Sometimes, we may need to move your personal information outside the UK if one of the organisations that works for us is based outside the UK.

When this happens, we make sure that your personal information is safe and that the organisation that works for us is obeying UK data protection law, even if it is based outside the UK.

This section is for individuals who attend any of our virtual Summer School sessions. Dementia UK’s free annual online Summer School is for all health and social care staff, including students and volunteers, with an interest in supporting families living with dementia.

What information do we collect?

We collect personal information such as your name, email address, city, organisation, and job title.

The Summer School is hosted virtually on the online conferencing platform Zoom. Please refer to Zoom’s privacy notice for information on how Zoom processes your information.

How do we collect your information, and why do we have it?

We ask you directly to input your information into our online registration form, hosted on Zoom. We amalgamate the information, anonymise it, and use it for evaluation purposes. This helps us to understand the audience for our Summer School better and make plans for its development. We use the lawful basis of legitimate interests to collect your information and use it for insight and evaluation.

How do we store your information? How long for?

We store your information in Zoom for 2 weeks before anonymising it for insight and evaluation purposes. Your information is collected and stored on the Zoom platform. Please refer to Zoom’s privacy notice for information about how long Zoom keeps your information.

Do we share your information? Do we keep your information in the UK?

We do not share your information externally. However, by registering for the Summer School you give your personal information to Zoom as well as Dementia UK. Zoom is an organisation based in the United States which has different privacy laws to the UK. For more information, see Zoom’s privacy notice.

Please note in particular that Zoom operates globally, which means personal data may be transferred, stored (for example, in a data centre), and processed outside the country or region where it was initially collected, where Zoom or its service providers have customers or facilities – including in countries where meeting participants or account owners hosting meetings or webinars that you participate in or receiving messages that you send are based. Dementia UK hosts all Summer School sessions from the UK.

This section is for adults with parental responsibility for a child or children who use our Children and Young People Consultant Admiral Nurse Service. This service offers support to children of all ages up to age 18.

Our children’s privacy notice, written for children and young people under 18, can be found here.

What information do we collect?

To make an appointment with our Consultant Admiral Nurse for Children and Young People we need to collect the child’s or young person’s:

• first name
• date of birth
• contact number
• email address
• postal address
• purpose for referral

We may process the following information when your child or young person accesses the service:

• gender
• type and stage of education
• relationship to person living with dementia
• details of next of kin
• details of friends and other family members
• living situation
• support mechanisms
• if the child or young person is a registered carer

We may also process the following sensitive category information if it is disclosed to us:

• ethnicity
• religion
• medical information
• dementia diagnosis of person living with dementia
• sexual orientation

We record all telephone appointments with our Consultant Admiral Nurses and their teams. We also record all calls to our Helpline and clinic services. This is to monitor service quality and enable us to listen back to the call if we need to check anything.

How do we collect your child’s information, and why do we have it?

Adults with a parental responsibility can refer a child or young person to the service by calling the Helpline on 0800 888 6678 or by booking an appointment with a clinic Admiral Nurse here. Young people or adults can also email childrenandyoungpeoplecan@dementiauk.org.

When you or a young person make a referral, you will be asked to provide personal information of the child or young person.

We only ask the information we need to deliver the service. Personal information helps us to tailor the advice we provide; gain and understanding of family circumstances and the stage of dementia; and provide suitable and age- appropriate information. Depending on the personal information provided to us, we will contact you by email, telephone and/or post with information and resources. We will record any advice we give to you and/or your child.

When do we use legitimate interests?

We will often ask your permission to use your child’s personal information. However, here are the reasons we have for using your child’s personal information if we rely on our legitimate interests as a legal basis:

• To record your child’s personal information when you book and attend one of our services. This means we can provide your child with support
• To update our records with accurate and up- to- date information
• To provide any information you and/or your child have requested from us and direct you and/or your child to any services that may be relevant
• To send you a follow-up email after your child has used our services. This email will contain links to more information and tell you and/or your child how you or they can contact us again
• To contact you by post and/or email to ask you about your and/or your child’s experience of our services. This helps us to improve our services
• To record calls to our Admiral Nurse Helpline and clinics. This helps us to check that we are offering the best possible service and investigate complaints, legal claims or other issues
• To investigate and respond to complaints, legal claims or other issues
• To detect and reduce fraud

You can ask us to stop using your child’s personal information in any of these ways at any time by contacting our Data Protection Officer.

How do we store your child’s information? How long for?

Your child’s personal information is stored in a database which can only be accessed by Dementia UK staff who deliver and support our services.

We will only keep your child’s personal information for as long as we need it, and for as long as the law tells us we must keep it. We usually keep medical and healthcare information for children until their 25th birthday, or their 26th birthday if they were aged 17 years at discharge. We keep recordings of Helpline calls , clinics and appointments with Consultant Admiral Nurses for three months.

At Dementia UK we have documents which tell us how long we need to keep personal information. The information in these documents is based on legal and operational needs. We make sure that we fully delete or anonymise personal information that we do not need to keep anymore.

Do we share your child’s information?

Usually, Dementia UK will not share any of your child’s personal information without your permission. We never sell your personal information.

We will sometimes share your child’s information with organisations working for us: to send you or your child some information you or they have asked for; or to help us improve our services.

In some special circumstances we need to share your child’s personal information without your permission. This is often to protect or support you, your child or someone else.

When we need to share your child’s personal information in these circumstances, we will, if we can, let you know who we are sharing it with and why. We will share as little information as is needed, and we will share it in a way that keeps it safe. We will also check that the person or organisation who will be given your information will look after it properly.

Here are the reasons we may need to share your child’s personal information:

• We are told to by law. We may need to give personal information to the police, legal advisors, professional regulators, or safeguarding agencies
• Your child is at risk of serious harm, neglect, death or threat to personal safety and wellbeing
• You or your child tells us that another child may be being hurt or is in danger
• We believe a crime is happening or may happen if nothing is done to stop it

Do we send your child’s information outside the UK?

We try to keep your child’s personal information in the UK. Sometimes, we may need to move personal information outside the UK if one of the organisations that works for us is based outside the UK.

When this happens, we make sure that your personal information is safe and that the organisation that works for us is obeying UK data protection law, even if it is based outside the UK.

What information do we collect?

We may collect personal information such as your name, date of birth, email address, postal address, telephone number, bank details and credit/debit card details. We may collect other information too.

Sometimes, we will ask you why you are supporting us as this helps us understand the importance of our services.

If we send you an email, we look at whether you have opened or clicked on any links in the email. This helps us to understand how successful our emails are, improve the content and send them to the people who are most interested.

Some people kindly leave gifts to Dementia UK in their Wills. If you leave a gift to us in your Will, we need to collect personal information for solicitors, executors, next of kin, family members and other named beneficiaries and employees of other organisations. We need to do this to obey the law and make sure that the money is received and spent properly as you intend.

How do we collect your information, and why do we have it?

Information you give to us

You may give us your personal information when you sign up for one of our events; make a donation; register to volunteer; share your story with us; support one of our campaigns; give us feedback or answer a survey; or make a complaint. You may give your personal information to us in person, by post, telephone or online.

If you are aged under 16, you must ask a responsible adult to share your information with Dementia UK on your behalf.

Information shared with us by an organisation with your permission

Your personal information may be shared with us by fundraising or in memory giving sites like JustGiving or MuchLoved, or by organisers of events you have registered interest or taken part in. These organisations will only share your personal information with us with your permission.

We also receive personal information from online services like Meta (Facebook, Instagram) and X (previously known as Twitter) if you give your permission. The personal information we get from these online services depends on your personal account settings on each site. You can change these settings yourself if you do not want your information to be shared.

You may give your personal information in person or by telephone to a trusted fundraising organisation working for us. If you agree to set up a regular donation to Dementia UK, the fundraising organisation will pass your personal information to us so that we can process your donations, thank you and contact you about the difference your donation can make.

If you are involved in administering a Will (for example, if you are a solicitor, executor, or family member of the deceased) we may be given your personal information by solicitors or other professionals, or by organisations like Smee & Ford which advise charities that have been named in a Will.

Public information we use with your personal information

Your personal information may be available from public sources. From time to time, we may keep your records up to date and add information to them by checking against publicly available information. For example, we might work with an organisation that uses an external service to find your new address, or to update the address we have for you to make it more accurate.

We may also research information about you, either from publicly available information or from information that we have already collected from you. We do this to ensure you receive information that is relevant to you.

We work with organisations that help us identify supporters who may be able to make a significant donation. To do this we use personal information we have about you to research your potential to be a significant donor. We may collect more information from public sources like your job title and employment history; the value of your home; and donations to other organisations. We may estimate how likely you are to give to Dementia UK. This helps us to use our time wisely and approach supporters who are most likely to give to Dementia UK.

You can ask us to stop using your personal information in any of these ways at any time by contacting our Data Protection Officer.

When do we use legitimate interests?

We will often ask your permission to use your personal information.

However, here are the reasons we have for using your personal information if we rely on our legitimate interests as a legal basis:

Administration

• Processing your donations
• Claiming Gift Aid on your donations
• Recording your involvement with us
• Actioning your requests
• Updating your record with accurate and up-to-date information, including changes of address, preferences for hearing from us or Gift Aid eligibility. This may involve using information shared with us by an external organisation
• Moving your personal information from one place to another to make it more secure or benefit from technological updates
• Sharing your information with a fundraising event organiser when it is hosting an event you have signed up for, to enable you to take part safely
• Investigating and responding to complaints, legal claims, or other issues

Getting in contact with you

• Providing any information you have requested from us, and directing you to any services that may be relevant
• Thanking you for your support
• Thanking you as the next of kin if we receive a donation in memory of a loved one
• Letting you know about changes to our services or policies
• Contacting you to remind you how to finish registering for a fundraising event if you are part way through the registration
• Contacting you about a fundraising event you have signed up for. We may contact you by email, telephone, post, or text. If we contact you by text, we may use software that uses generative artificial intelligence to help us send replies quickly. Replies are always read and approved by someone who works at Dementia UK to make sure you have a personal and safe experience.
• Contacting you, if you are the administrator of a Trust or grant-giving body, to find out more about your giving criteria and to apply for funds
• Contacting you, if you work for a company that is a potential corporate partner of Dementia UK, to find out if there are any ways that your company can support us
• Sending you communications by post about our work and how you can help us, for example, information about our fundraising activities, volunteering, and campaigns
• Advertising to you on social media

Finding out more about you

• Detecting and reducing fraud
• If we send you an email, looking at whether you have opened or clicked on any links in the email. This helps us to understand how successful our emails are, improve the content and send them to the people who are most interested
• Identifying supporters who may be able to give a significant donation
• Analysing your personal information to understand our supporters better and target our communications to you so that you have the most relevant information. For example, we may wish to send you invitations to attend special events or discuss specific fundraising projects. To do this, we may share your information with trusted organisations who help us to build profiles or assign scores to your record of personal information. This helps us to cost-effectively and efficiently raise funds to support our work
• If you are a running event participant, we will work with partnered digital coaching apps (like Coopah Running) to provide us with information about how your training is going. We will use this information to provide personalised support and communications.

One of the tools that we use to target communications to you online is provided by Facebook (owned by Meta) and is called a ‘custom audience’. We upload your name and email address to Facebook in an encrypted format. Facebook then searches its own data for a match. Where a match is found, our marketing will start to appear in your news feed.

We may also use the Facebook ‘lookalike’ tool to help us find profiles of people who are like you and who may be interested in supporting our charity. Once identified by Facebook they may also start to see our marketing in their news feed.

We may also share the email address you use on a Meta-owned social media site (Facebook or Instagram) with Twitter/X to help us identify potential fundraisers and donors on Twitter/X. This helps us target adverts on social media sites and spend money wisely to find people interested in fundraising for Dementia UK.

We will only share your details with Facebook, Instagram, or Twitter/X in this way if you have consented to us sending you marketing via email. You can contact us at any time to let us know that you would prefer us not to use your information in this way. You can also update your preferences within the social media site to stop receiving marketing.

You can ask us to stop using your personal information in any of these ways at any time by contacting our Data Protection Officer.

How do we store your information? How long for?

Your personal information is stored in a database which can only be accessed by relevant staff at Dementia UK who help to deliver our fundraising and marketing services. Your personal information may also be stored in secure online tools we use to provide a service to you.

We will only keep your personal information for as long as we need it, and for as long as the law tells us we must keep it.

At Dementia UK we have documents that tell us how long we need to keep personal information. The information in these documents is based on legal and operational needs. For example, if you give us a donation or leave a gift in your Will, we are required to keep a record of this for up to seven years because of legal obligations. We make sure that we fully delete or anonymise personal information that we do not need to keep anymore.

Do we share your information?

Usually, Dementia UK will not share any of your personal information without your permission. We never sell your personal information.

We will sometimes share your information with trusted organisations working for us to send you some information you have asked for, or to help us improve our services.

For example, when you indicate that you would like to receive information from us by post or email, we may provide your name and address or email address to an organisation working for us that will put together and send out the mailings on our behalf. You will only receive information that you have agreed to receive from us, and the organisation working for us will not contact you for any other purpose.

We may also share your information with a trusted organisation that will use it to understand the types of people supporting us, and how and why they choose to support us. This helps us reach more supporters in the most effective way in the future. These organisations will not use or process the information for any purpose other than what we have asked them to do.

In some special circumstances we may need to share your personal information, without your permission. This is often to protect or support you or someone else.

When we need to share your personal information in these circumstances, we will, if we can, let you know who we are sharing it with and why. We will share as little information as is needed, and we will share it in a way that keeps it safe. We will also check that the person or organisation who will be given your information will look after your personal information properly.

Here are the reasons we may need to share your personal information:

• We are told to by law. We may need to give personal information to the police, legal advisors, professional regulators, or safeguarding agencies
• You are at risk of serious harm, neglect, death or threat to personal safety and wellbeing
• You tell us that a child may be being hurt or is in danger
• We believe a crime is happening or may happen if nothing is done to stop it. This includes financial fraud

Do we send your information outside the UK?

We try to keep your personal information within the UK. Sometimes, we may need to move your personal information outside the UK if one of the organisations that works for us is based outside the UK.

When this happens, we make sure that your personal information is safe and that the organisation that works for us is obeying UK data protection law, even if it is based outside the UK.

What information do we collect?

When you apply or register to be a volunteer, we may ask for personal information including:

• your title
• name
• email address
• phone number
• postal address
• skills and availability
• how you heard about Dementia UK
• your inspiration to apply to be a volunteer
• whether you hold a driving licence
• if you have the right to volunteer in the UK
• emergency contact details
• any reasonable adjustments you may need to volunteer.

If your application is successful, we may ask for contact information for referees, which we may use to collect a reference for you. We may also ask for a signature once you have read a volunteering agreement and Dementia UK policies.

Whilst you are volunteering with us, we may take photographs of you and ask you about your experience of volunteering for us. We will ask your permission to share your photo and story in our materials, either online or published. It is your choice, and you can say no. You can also ask us not to share your photo or story if you say yes when asked and then later change your mind.

We may send you a survey and collect your feedback on your experience of volunteering with us. You do not have to fill in the survey and it is your choice to give us your feedback.

How do we collect your information, and why do we have it?

You give us your personal information in your online volunteer application, or when you sign up to volunteer at an event. We use your contact information to let you know if your application has been successful; and to send you important information about your responsibilities as a volunteer, details of events and volunteering opportunities.

We will use your contact information to send you updates and communicate with you throughout your time volunteering for us, including asking for feedback about your experience.

We will use information you give us about your skills, experience and whether you have a driving licence to match you to the most suitable roles for you. We will use information about any reasonable adjustments to help support you in your volunteer role.

When do we use legitimate interests?

We will often ask your permission to use your personal information.

However, here are the reasons we have for using your personal information if we rely on our legitimate interests as a legal basis:

• Reviewing your application to consider if you are a good fit for the volunteering role you have applied for
• Contacting you, supporting you in your role and managing our relationship with you
• Updating your records with accurate and up to date information. This may involve using information shared with us by an external organisation
• Telling you about a volunteering opportunity
• Collecting and keeping references, and the contact information you give us for referees
• Collecting and keeping contact details you give us of your emergency contact
• Communicating with you about your duties as a Dementia UK volunteer
• Asking for your feedback on your volunteer experience
• Letting you know about changes to our services and policies
• Investigating and responding to complaints, legal claims, or other issues
• Detecting and reducing fraud

You can ask us to stop using your personal information in any of these ways at any time by contacting our Data Protection Officer.

How do we store your information? How long for?

Your personal information is stored in a database which can only be accessed by relevant staff at Dementia UK who help to deliver our fundraising, volunteering, and marketing services. Your personal information may also be stored in secure online tools we use to provide a service to you.

We will only keep your personal information for as long as we need it, and for as long as the law tells us we must keep it.

We will keep your volunteer information for three years after you leave your volunteer post, and it will then be securely deleted from all our systems. We will keep a basic record of your name, contact details, the fact that you were a volunteer and the dates of your position for seven years. If you are unsuccessful in your application to become a volunteer or decide the role is not for you, we will delete your data after six months.

We make sure that we fully delete or anonymise personal information that we do not need to keep anymore.

Do we share your information?

Usually, Dementia UK will not share any of your personal information without your permission. We never sell your personal information.

However, we will sometimes share your information with trusted organisations working for us, to send you some information you have asked for, or to help us improve our services.

For example, when you indicate that you would like to receive information from us by post or email, we may provide your name and address or email address to an organisation working for us that puts together and sends out mailings on our behalf. This organisation will not use or process the information for any purpose other than putting together and sending out the relevant mailing.

As a volunteer, we will only send you communications related to your volunteering role, unless you have specifically and separately opted in to receive Dementia UK marketing communications.

In some special circumstances we need to share your personal information without your permission. This is often to protect or support you or someone else.

When we need to share your personal information in these circumstances, we will, if we can, let you know who we are sharing it with and why. We will share as little information as is needed, and we will share it in a way that keeps it safe. We will also check that the person or organisation who will be given your information will look after it properly.

Here are the reasons we may need to share your personal information:

• We are told to by law. We may need to give personal information to the police, legal advisors, professional regulators, or safeguarding agencies
• You are at risk of serious harm, neglect, death or threat to personal safety and wellbeing
• You tell us that a child may be being hurt or is in danger
• We believe a crime is happening or may happen if nothing is done to stop it. This includes financial fraud

Do we send your information outside the UK?

We try to keep your personal information within the UK. Sometimes, we may need to move your personal information outside the UK if one of the organisations that works for us is based outside the UK.

When this happens, we make sure that your personal information is safe and that the organisation that works for us is obeying UK data protection law, even if it is based outside the UK.

What information do we collect?

Whether you apply directly or via a recruitment agency for a paid role at Dementia UK, you will be asked to share your curriculum vitae (CV) and, where applicable, a supporting statement to evidence how you match the job requirements.

Your CV may contain personal information such as your name, telephone number, email address and postal address, in addition to your job history and qualifications.

Recruitment agencies typically share anonymised versions of CVs.

At any stage during the recruitment process, you may also choose to share details of any disability, neurodiversity, or medical condition to help us best support you with any reasonable adjustments to the process.

At interview stage, your interviewers will take notes to assess and record evidence of your suitability for the role, and to support their decision-making.

If you are successful at interview and we make you an offer of employment or contract for services, Dementia UK will ask you to share some or all the following information with us, or with a trusted organisation that completes legal checks on our behalf:

• your date of birth
• National Insurance number
• passport or relevant sharecode to enable us to check your right to work in the UK
• contact details for referees
• your P45 or information needed to complete an HMRC new starter checklist
• details of your emergency contacts
• details relating to your health, including disability or health conditions, to assess how we may best support you with any reasonable adjustments
• bank account details

We will also ask for the following where it is an essential criterion of the role:

• evidence of your professional qualifications
• evidence of your professional registrations, for example, nursing PIN to confirm registration with the Nursing and Midwifery Council (NMC)
• completion of a Disclosure and Barring Service (DBS) check. This will be at a basic, standard or enhanced level
• evidence that you can safely drive for business travel, for example, your driving licence; details of your last vehicle MOT; and details of your business travel car insurance

How do we collect your information, and why do we have it?

When you apply for a paid role at Dementia UK via a recruitment agency, it may share your CV with us. If you apply directly to Dementia UK, you share your CV and a supporting statement with us. How much information you choose to share in your CV and supporting statement is up to you.

We use information shared with us during the recruitment process to administer your application and to assess your suitability for a specific job.

If Dementia UK makes you a job offer, we will either ask you for your information directly, or we will put you in contact with a trusted organisation working on our behalf. All information that we ask for at this stage is used to fulfil our legal obligations as an employer/engager of services. For example, we must confirm your right to work in the UK, any reasonable adjustments you may require, and find out if you have any criminal convictions that would prevent you from working with vulnerable people.

When do we use legitimate interests?

We do not use the lawful basis of legitimate interest when processing the personal information of job applicants. We use the lawful basis of legal obligation or performance of a contract.

How do we store your information? How long for?

We ask you to email your CV and supporting statements, where applicable, to recruitment@dementiauk.org. We store your personal information in Microsoft Outlook. We share your application with employees who are hiring for the role you have applied using Microsoft Teams/SharePoint. Only individuals who are involved in the recruitment process for the role you have applied for will have access to your application information.

If you take part in an interview, all written notes created by the interview panel and others involved in the interview process will be saved in a private channel in Microsoft Teams.

If your application is unsuccessful, your application information will be deleted after one year.

If your application is successful and you are offered (and accept) a role, your personal information will be moved into an e-personnel file and entered into the Human Resources Information System (HRIS) database by the People Team. This team will also set up accounts for you on our learning and development platforms and reward and benefits platforms, including pension providers.

We will keep all employment-related information for you for seven years after the termination of your employment contract/contract for services.

Do we share your information?

Employees in our People Team will share your application information via a private Microsoft Teams channel with individuals who are involved in hiring for the role you apply for.

If you are successful and accept a job offer, Dementia UK will ask you to share your personal information with several trusted organisations that provide important services such as pensions, occupational health, and learning and development. You will be asked to share this information before you start at Dementia UK as an employee/worker.

In some special circumstances we may also need to share your personal information for other reasons. This is often to protect or support you or someone else.

When we need to share your personal information, we will, if we can, tell you who we are sharing it with and why. We will share as little information as is needed, and we will share it in a way that keeps it safe. We will also check that the person or organisation that will be given your information will look after your it properly.

Here are the reasons we may need to share your personal information:

• We are told to by law. We may need to give personal information to the police, legal advisors, professional regulators, or safeguarding agencies
• You or another person is at risk of serious harm, neglect, death or threat to personal safety and wellbeing
• We suspect a crime is happening or may happen if nothing is done to stop it. This includes the crime of falsifying qualifications or professional registration, or where you have been disqualified from professional practice or are required to practice under specific limitations

Do we send your information outside the UK?

We try to keep your personal information within the UK. Sometimes, we may need to move your personal information outside the UK if one of the organisations that works for us is based outside the UK.

When this happens, we make sure that your personal information is safe and that the organisation that works for us is obeying UK data protection law, even if it is based outside the UK.

We monitor the use of our website. You can find out more about how we use information about the devices you use to access our website, such as IP address (the location of the computer on the internet) and cookies, in our Cookie Notice.

For more information, please see our Cookie Notice.