top of page

Privacy Policy

We collect and process personal information about our supporters and other people that we engage with in order to help us run smoothly and meet our charitable purposes.

We use this information to give you the best possible experience of us, whether that’s sending you information as quickly as possible, telling you about our latest campaign or thanking you for your support.  Our privacy policy explains how we look after any information we have about you, how you can exercise your privacy rights, including how we contact you, what it means if we have to share your information, and how it helps and why.  We will never sell any information we have about you.  You can change how or if we contact you at any point. 

Thank you for your support.

Absolute fundamentals


We will always and only ever collect and process your personal information:

  • Fairly,

  • Ethically

  • Using your personal information only for purposes YOU would KNOW we are using it for and would THINK were fair and lawful, and

  • We will NEVER share data with other charities, organisations or individuals, save to enhance the experience we offer you or if forced by law to do so.

Who we are

We are Steps to Your Healthy Future and we’re a registered charity. 

We’re officially called a Charitable Incorporated Organisation or CIO with a charity registration in England with the Charity Commission (no 1175348).

Find out more about us.

This privacy policy covers what we do as a charity generally, whether across the UK, nationally, regionally or locally.

What personal data we collect

We collect some information directly from you when you provide it by filling in forms, over the telephone, face to face or on our website.  This includes information you provide to our local volunteer groups.  We also collect some additional data about you from other sources. 

Information we collect directly from you

When you provide us with your information directly, we usually ask you for your name, address and contact details.  If you are making a donation to us, we may also obtain your banking or credit card details. On occasion, we also ask why you have chosen to support us, as that helps us understand how we can meet your needs. 

Where we are delivering services to you, providing you with information about our work or when you participate in one of our campaigns, we may ask you for more information about your health, for example what type of diabetes you have, to make sure we send you information which is tailored to you.  It can also help us to have health information about you if we need to make adjustments to meet your medical needs, such as sending you large text publications or providing hypo kits at events we run.  We sometimes also ask about your ethnicity to ensure we are reaching a diverse audience and because ethnicity can have an impact on your Type 2 diabetes risk. 

As part of our charitable mission, we work with the NHS and other organisations to improve the care and services which people living with diabetes receive.  To do this, we periodically ask people living with diabetes to participate in surveys or audits about their experience and the care they receive.  If you agree to participate, we will provide you with further details about how your information will be used and shared. 

Information we collect from you on our website

We have a number of tools to deliver education and support to you.  Some of these may ask you to provide additional details about your personal health and ethnicity as well as additional information about you (like your diabetes type, age, gender and date of diagnosis) to provide you with educational content which is relevant, clinically accurate and suitable for you. 

Our website, like most others, uses cookies to improve the way it works and to monitor its performance.  This includes allowing us to recognise you when you visit our site more than once, identify what device was used to access the site, how you came to our site, monitor what pages are most popular and save any personalised settings.  We also use cookies and similar types of code to show you targeted information from us when you leave our site and go to third party websites, for example on Google and Facebook and their associated sites such as Instagram and YouTube. 

This means we can tailor our marketing to better suit your needs and aim to display ads that we believe are relevant to you. You can find out more about this type of activity in our Cookies Policy. You can change your cookies or social media settings to prevent this type of activity. Find out more about how to do this at YourOnlineChoices.  Please note that even if you change your preferences with us, you will still see some content from us on social media, as the social media site will select content for you based on other factors. 

Information we get from other sources

Social media sites such as Facebook, WhatsApp and Google can share your data with third parties, including us, depending on the settings you’ve chosen on those sites. 

We also collect a limited amount of additional information about you from public and private sources, to give us a better idea of what you’re interested in.  This can include checking we’ve got your correct postal address from Royal Mail, using demographic data like age, using commercially available survey data and databases like ACORN to predict some information about you.  Examples of information we may get are predictions about your likely purchasing behaviour, motivations, attitudes, media usage, leisure interests and indicators of financial status like house value.  This analysis will be based on your postcode and do not relate to you on an individual level.  You can find out more about how we use this information to serve you better in the Understanding our beneficiaries and supporters better section.

We want to give everyone a great fundraising experience.  To do this, we sometimes use information about your resources, positions of responsibility in the public, private and third sector, location, charitable interests and likelihood to give, personal interests and any other relevant information to help us tailor communications and make sure we get in touch with the right invites and suggestions.

We collect information we can find on publicly available and free sources for this purpose, like Companies House, other public registers, Who’s Who, newspaper, magazine and internet articles.  We always check that our resources are reliable and verified. 

If we have reason to think that someone who has never been in touch with us before could be interested in our cause, we will collect basic information on them from publicly available, reliable sources.  We may have read their story in a newspaper or know about them through our staff or major supporters.  Once we know a bit more about them, if we believe they might be interested, we do our best to get in touch with them, and we will usually do this within a month, at which point we will provide more information about how we use the data.


We provide age-appropriate information for children and young people living with diabetes on our website. We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children in connection with events we organise specifically for young people and their families.  Wherever possible, we will ask for consent from parents to collect information about children and young people. 

Business contacts

When we work with third party suppliers we will usually collect limited contact details for key staff at that supplier. 

How we use your data

We use the data you provide to us and the data we collect about you from other sources for the following purposes:

  • To provide you with the services, information and products you request.

  • To provide you with information about campaigning, fundraising, research, volunteering and other ways you can support our charitable mission.

  • For administration purposes, including processing donations (including Gift Aid processing), quality and compliance monitoring and staff training.

  • To monitor and improve the performance of our website.

  • To provide interactive services to you on our website.

  • To analyse and improve the services, products and information we offer and the campaigns and appeals we produce.

  • To keep a record of your interactions with us.

  • To better understand our supporters needs, wishes and interests.

  • To tailor relevant information about us to you when you leave our site and go to other websites.

  • To deliver information we believe will be relevant and interesting to other people with similar interests and characteristics to you. 


Events and membership

If you sign up for one of our events, like a fundraising event or support event, we will use your contact details to provide you with information about the event and to support you with any associated fundraising.

Supporting people living with diabetes

We run informal groups for people living with diabetes, their family, carers and friends or people who are worried they may be at risk of diabetes.  Any medical information you provide at these is kept strictly confidential.  We only use this information to answer your questions and provide you with any support you request, for staff training and quality monitoring. 

Case studies

Some people agree to share their diabetes story with us to help us in our work and to help other people who may have similar experiences.  This may involve you providing us with more detailed information about your health, background, ethnicity and diabetes story.  We’re always really grateful when people agree to get involved in our work in this way and we’ll always ask you for your consent to use this information so that you stay in control of how this information is used.

Providing you with information about what we do and how you can help

Our charitable purpose is to work with and support people who have long term health conditions through regular informal groups, one-off group sessions and education programmes in the community or online.

In order to fulfil this purpose, we need to reach as many people as possible and talk to them about what we’re doing.  We therefore think it’s reasonable and legitimate for us to use your contact details to contact you by post, email, text and telephone to tell you more about our work and how you can support us.  This includes newsletters, appeals, magazines, raffle mailings, event invitations and information about the services we offer, campaigns we’re running and ways you can support us.  We also offer e-newsletters which you can sign up for.

If you’ve subscribed to the Telephone Preference Service, we won’t call you unless you tell us that you’re happy to hear from us in this way.

We know that filling up your inbox with unwanted emails is annoying, so we’ll only send you information about our work by email if you give us consent to contact you by email (we’re also legally obliged to get your permission).  The same applies to text messages. 

We respect the fact that it’s your choice to hear from us or not.  You can change the way you hear from us, or stop hearing from us, quickly and easily at any time by contacting us

Understanding our beneficiaries and supporters better

It’s important to us to understand the likes, dislikes, needs and interests of our beneficiaries, supporters and potential supporters.  We do this in a number of different ways. 

We get additional information about you from other public and private sources, to get to know you better. We look at how you support us and the amount and frequency of any donations you may have made to us.  This helps us to make sure that we’re only asking for financial support when it’s appropriate to do so and we don’t ask you too often. It also means that if we think you might be able and willing to give a bit more or to leave us a legacy, we can contact you to see if you wish to do so. 

So we can assess your ability and likelihood to support us, we analyse the information people give us and your existing relationship with Steps to Your Healthy Future.  We sometimes do some more detailed research on individuals.  But this is the exception, not the rule: we only do it if we have reason to think someone is particularly influential or might have the capacity to be a major donor to us.  This assessment is either based on personal interaction or on a more general analysis of our database of existing contacts done by applying demographic data, social factors, population and consumer behaviour (as mentioned above). 

It’s also useful to us to group our supporters together in our databases on the basis of common interests or characteristics.  This allows us to tailor our communications to make sure they are timely and interesting to each group.  And it helps us to save money, by not sending out unwanted communications. 

If you’ve agreed to receive emails from us, we also track whether emails have been opened and whether you’ve clicked on any of the links in those emails to see if they were useful and interesting to you. 

We also use some of this information to analyse actual or likely responses to our campaigns and appeals so that we can continue to improve and achieve our charitable mission more effectively.  


Who we share information with


We will never sell or give your information to third parties for their own marketing purposes.


But we can’t do everything ourselves, so sometimes we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and provide you with the information you’ve requested.  We may also share your personal information with third parties so they can provide services and advice to us in our work.  We’ll always make sure that your information is kept securely and can’t be used for other purposes. 


Very occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or

detect a crime. 

Providing information to you and delivering services 

When we send out information to you, for example about our events, campaigns or membership benefits, we often use companies who provide support services such as printing, creative services and mailing to do this. 

If you pay for products or for services online or over the telephone, we will share your information with our payment providers who process the payments for us, like Mastercard.  We don’t keep a record of your credit card details. 

If you ask for support from us, we may pass your details on to local groups in your area who can provide that support, but we’ll always ask you first if you’re happy with this.  


We sometimes team up with other partner organisations (for example other charities, healthcare organisations or companies) where we have common goals.  This often allows us to achieve more than doing things on our own.  We’ll always give you the choice on whether your details are passed to our partners or not.  

Suppliers who provide services to us


We use the services of online platforms for a number of reasons, for example to manage registrations for the conferences and events we run, to support fundraising efforts associated with these events, to support campaigns, to manage grant applications and to send out forms and surveys.


When you submit your data to these platforms, the platform will collect and send your registration details to us. 


We always ensure that we have a robust and legally compliant agreement in place with our third party suppliers, which obliges them to only process your personal information on our instructions and in accordance with the law. 


Reaching people through social media is a very cost-effective tool for charities.  We sometimes share names and e-mail addresses with social media platforms in order to find people with similar likes and interests to our supporter groups, who might be interested in getting involved with us.  Any information we share with social media platforms will be shared in an encrypted format and will not be used for their own purposes.  You can tell us at any time if you don’t want your personal information to be shared in this way or you can opt out by changing your social media settings.  See our Cookies policy for more details.   

Information sharing required by law or regulation

Steps to Your Healthy Future services are confidential.  However, we may share information you give us with support agencies or the police if a member of staff or volunteer has concerns about your own or someone else's safety or wellbeing.  We would need to share what you tell us with someone if:

  • we believe your life or someone else’s life is in danger

  • you tell us that you or someone else is being, or is at risk of being abused by another person

  • it’s necessary to prevent or detect a crime

  • we are required to do so under a court order.


Transfers outside the European Economic Area


Steps to Your Healthy Future’s operations are based in the UK and we store the data we hold within the European Economic Area (where you have the same level of protection for your data as in the UK).  However, a few of our suppliers may store their data outside the European Economic Area.  We will only transfer your data to them if we are confident that your data will be adequately protected, for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of European Union citizens, or if we have obtained contractual assurances from them that they will meet EU data processing standards. 

How long we keep your information for


As diabetes is a long-term, chronic condition, we know that your needs for support and your relationship with us will change over time.  We will normally keep your personal information only for as long as we have an ongoing relationship with you. 


We keep recordings of calls to our helplines and complaints for two years, except where we need to keep the data as a record of your consent to be contacted by us, in which case we keep it for as long as we need it for compliance purposes. 


We keep financial records, Gift Aid records and details of any contracts we enter into with you for seven years after the relevant transaction, which is required by law.  We may keep details about any actual, suspected or potential criminal offences or concerns for longer periods of time in accordance with governmental, regulatory or police guidance.  

How we keep your information securely

We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.  We restrict access to personal information to employees, contractors and third parties who need to know that information to process it for us and who are subject to appropriate contractual confidentiality obligations.  We regularly assess the security of our systems.  If we need to transfer data to or from third parties, we will always use a secure method to do so.  

Our legal basis for processing data

Organisations that collect personal data need to have a lawful basis for doing so.  The law sets out six ways to process personal data (plus additional conditions for processing sensitive personal data).  Four of these are relevant to the types of processing that we carry out. 


This includes information that is processed on the basis of:

  • Your consent – for example to send you direct marketing by e-mail or text;

  • Steps to Your Healthy Future’s legitimate interests (please see below for more information);

  • A contractual relationship – for example to provide you with goods or services that you have requested from us; and 

  • Processing that is necessary for compliance with a legal obligation – for example to process a Gift Aid declaration and carrying out due diligence on large donations.


We may legally collect and use your personal information if it is necessary for our legitimate interest, as long as its use is fair and does not adversely impact your rights. 


When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations.  We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.  


Steps to Your Healthy Future’s legitimate interests include:

  • Achieving our charitable objectives – including fulfilling our charitable purpose to provide relief, support and advice to people with diabetes and its related complications, other long term health conditions and for those who care for them, to advance the understanding of diabetes and to educate healthcare professionals and the general public;

  • Administration and operational management – including running and administering the charity, completing statutory and financial reporting and other regulatory compliance requirements, responding to solicited enquiries, providing information and our services, surveys, events management, the administration of volunteers and employment and recruitment requirements. 

  • Fundraising and campaigning – including administering campaigns and donations and sending and making direct marketing by post, email, text and phone, and analysis, targeting and segmentation of data to develop communication strategies and maintain communication suppressions.


If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please contact us.


Your rights


You are in control of your data and the way we use it.  

You can ask us for a copy of the information we hold about you at any time by contacting us.  We will generally supply any information you ask for within 30 days unless it is a particularly complex request.  We will not charge you for this information other than in exceptional circumstances.  We may ask you for proof of identity as we need to be sure we are only releasing your personal information to you.


You can also ask us at any time to:

  • amend your personal information, 

  • cancel your consent – where we are processing your personal information on this basis,

  • limit the way we use your personal information, 

  • stop using your personal information for direct marketing,

  • stop analysing your personal information to understand our supporters better, or

  • delete your personal information.


We will do our best to comply with your requests as long as we’re able to do so.  For example, if you’ve signed up to attend an event, we will still need to be able to use your details to process your attendance.  If you ask us to delete your personal information or to stop sending marketing information to you, we will retain limited details on a suppression list, to make sure we don’t contact you again by mistake.  In this case, your details won’t be used for any other purpose.  You can also subscribe to the Fundraising Preference Service, which enables you to block communications from named charities.  


If you have any complaints about the way we collect and manage your personal information, please let us know so we can address them.  We have appointed a Data Protection Officer to oversee the way we manage personal data.  They can be contacted at

If you’re unhappy with the way we respond to any complaint, you also have the right to complain to the Information Commissioner’s Office (which regulates the use of personal data in the UK) or to the Fundraising Regulator (which regulates fundraising charities). 


How to contact us

bottom of page