Privacy Notice

1. Overview

1.1. This Privacy Notice been drawn up to provide you with an overview of how we record, save, process, pass on or transmit your data when you visit our website or use the services offered on our website.

1.2. When processing your personal data, we strictly adhere to the data protection specifications of the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We also follow guidance provided by the Information Commissioner’s Office.

1.3. Personal data comprises all data that relates to you personally, including your IP address, name, address, e-mail data and user behavior.

1.4. We reserve the right to modify the content of this Privacy Notice and therefore recommend that you consult this notice at regular intervals.

1.5. The controller as per Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is DKMS Foundation (also known as DKMS UK). DKMS Registry gGmbH (Kressbach 1, 72072, Tübingen, Germany) is also a joint controller of DKMS UK’s personal data relating to blood stem cell donor recruitment, registration and collection.

1.6 DKMS UK’s data protection officer can be contacted by email at: dataprotection@dkms.org.uk or by writing to our postal address with reference to the “Data Protection Officer”.

2. What personal data do we process?

We record data relating to you when you visit our website or use our services offered on the website. Depending on how you use our website, this may comprise the following information:

2.1. Purely informational use: You can visit our website without providing any personal data. When you use the website purely for informational purposes, in other words if you do not use our homepage to donate money, register as a blood stem cell donor, complete a contact form or transfer information to us in any other way, we do not record any personal data, with the exception of the data that your browser automatically transmits to our server in order to allow you to visit our website. If you wish to view our website, we record the following data, which is technically necessary in order for us to display our website to you as well as to ensure stability and security:

  • IP address
  • Time zone difference to Greenwich Mean Time (GMT)
  • Country of access
  • Content of the request (ie, the specific page)
  • Date and time of the request
  • Website from which the request originates
  • Transmitted data volume
  • HTTP status code
  • Operating system and its interface
  • Language and version of the browser software
  • Whether cookies on/off
  • Notification whether access/retrieval was successful. This information relates to the computer system used. We use this data (with the exception of your computer’s IP number) solely for statistical purposes, to measure demand for our web content and services. We simply record this data cumulatively for all users of the website, meaning that it is not possible to assign the data to a specific person. This data is not merged with data from other data sources.

2.2. In addition to providing a website for informational purposes, we provide you with various services (donating money, ordering a registration kit, contact forms, etc), which you can use if interested. To do this, you usually need to provide further personal data, which we require in order to provide the respective service.

2.2.1. Contact via e-mail or contact form: If you contact us by e-mail or one of the contact forms provided when visiting our website, we will additionally process and save the data that you have provided (your e-mail address and, possibly, your name and phone number) in order to answer your questions. User data may be saved in a customer relationship management system (CRM system) or some comparable system.

2.2.2. Donating money via our website: If you would like to use the option provided on our website to donate money, we will also process the data you share that is required to perform the requested transaction. The way we process your personal data depends on the selected payment method:

  • Payment by credit card: When you select payment by credit card, we process your name, address and e-mail address to perform the required payment transaction and to send you confirmation of donation, if required.
  • Payment by direct debit: If you use the option available on our website to donate money via direct debit, we will process your name, address and e-mail address as well as your account data to perform the payment transaction and to send you confirmation of donation, if required.
  • Payment by PayPal: If you decide to pay using the online payment services provider PayPal, you will be redirected to the PayPal website. PayPal is a service from PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg PayPal assumes the function of an online payment services provider and trustee and offers protection services. The data protection regulations of PayPal apply in this case. You can find PayPal’s Privacy Statement here. If you choose this payment method, we shall only process the personal data you provide to the extent that this is necessary to assign the payment made. This information is always your name, your e-mail address and, if applicable, your address. However, this only happens if you have agreed during the payment procedure on the PayPal website that your address and name will be passed on to us to confirm your donation.
  • Payment by Apple Pay: If you decide to make a donation via Apple Pay, you will be accessing services provided by Apple Inc, One Apple Park Way, Cupertino, California, USA, 95014, which assumes the function of an online payment services provider for those Apple account holders who choose to use these services. In these circumstances, for users in the European Economic Area, the data controller will be Apple Distribution International Limited in Ireland, and the relevant privacy notice and terms and conditions of use can be found at Legal - Apple Privacy Policy - Apple, while a more general overview can be found here Apple Pay & Privacy – Apple Support (UK). If you choose this payment method, we shall only process the personal data you provide to the extent that this is necessary to assign the payment made. This information is always your name, your e-mail address and, if applicable, your address.
  • Payment by Google Pay: If you decide to make a donation via Google Pay, you will be accessing services provided by Google LLC or its wholly owned subsidiaries, including Google Payment Corp, which assumes the function of an online payment services provider for those Google account holders who choose to use these services. In these circumstance, for users in the European Economic Area, the data controller will be Google Payment Ireland Ltd, and the relevant privacy notice and terms and conditions of use can be found at Google Payments Privacy Notice and Google Pay/Google Payments Terms of Service. The Google Payments Privacy Notice describes how Google, the Google Pay Terms of Service shall prevail. If you choose this payment method, we shall only process the personal data you provide to the extent that this is necessary to assign the payment made. This information is always your name, your e-mail address and, if applicable, your address.
  • Payment by bank transfer: If you decide to pay via bank transfer, we do not process any personal data other than that which is processed when you visit our website purely for information purposes.
  • Payment by SMS: If you decide to make a donation via SMS, we process only your phone number.

2.2.3. Ordering a blood stem cell donor registration kit (sometimes also referred to as a “buccal swab kit): When you visit our website, if you decide to order a kit to register as a blood stem cell donor, we process the following information that you provide directly to us through the registration process:

1. Contact details (name, address, email, phone)

2. Biological sex

3. Height and weight

4. Medical and GP details

5. Ethnicity

6. Date of birth

7. Genetic data collected from returned buccal swabs (if returned to us).

If you return your buccal swabs and are registered as a potential blood stem cell donor, we will retain your data on the DKMS database and the UK Stem Cell Registry until your 61st birthday, unless you withdraw your consent and ask us to remove it before then.

2.2.4. Links to websites of third-party providers

At various places on our website there are links to third-party provider websites. After clicking on the link provided, you are forwarded to the website of the third-party provider concerned. In the process of forwarding, user information is transmitted to the third-party provider. If you send information to or via these sites of third-party providers, we recommend that you read the data protection privacy policies for these sites before providing them with any further information that can be assigned to you personally. For information with regard to how your data is handled while using the websites of third-party providers, please refer to the respective data protection policies of the third-party providers. We are not responsible for their operation, including how they handle data.

3. For what purposes do we process your personal data?

3.1. We only process your personal data to the extent that is necessary in order to provide a working website and to provide our content and services. Personal data is only processed on a regular basis where this is permitted by statutory provisions or where the person concerned has given consent.

3.2. If you use our website purely for informational purposes, we record only the data that is technically necessary in order for us to display our website to you as well as ensure stability and security. The legal basis for processing is “legitimate interest” under Art. 6 para. 1 (f) of the GDPR.

3.3. When you contact us by e-mail or via a contact form, your personal data will only be used for the purpose of answering your request. The legal basis for processing is “legitimate interest” under Art. 6 para. 1 (f) of the GDPR.

3.4. If you use our website to donate money, your data shall be processed only to the extent that this is necessary to fulfill the donation contract. The legal basis for processing your personal data is “performance of a contract” under Art. 6 para. 1 (b) of the GDPR.

3.5. If you use our website to request delivery of a blood stem cell registration kit (also known as a buccal swab kit), we shall use the data you provide in this process to send you the registration kit via post and to accelerate the important registration process. The personal and genetic data we collect via the registration process and via the return of the buccal swab is used for the following purposes:

  • To register you as a potential blood stem cell donor on the DKMS database and as part of the UK Stem Cell Registry.
  • To allow your tissue characteristics to be matched with those of potential blood stem cell transplant recipients (ie, patients with blood cancers or disorders in need of a potentially life-saving stem cell transplant).
  • Using your pseudonymised genetic data for scientific analysis, assessment and immunogenetics research aimed at improving the process and outcomes of blood stem cell transplantation for patients with blood cancers and disorders.
  • To fulfil and comply with any lawful requests from regulatory or enforcement agencies that oversee DKMS UK’s work in the field of blood stem cell donor recruitment and blood stem cell transplantation.

3.6. On the website we process your e-mail address solely for the purpose of any existing queries and information relating to the registration kit order.

3.7. The legal basis for processing your personal/genetic data is your express and freely given consent provided in accordance with Art. 6 para. 1 (a) of the GDPR.

4. How do we process your personal data?

4.1. When you use our website, your data is transmitted to us in encrypted form in order to prevent access by unauthorised third parties. We save your data on specially protected servers. Access to that personal data is only possible for those DKMS employees with special authorisation, all of whom are familiar with the relevant Data Protection Regulations and compelled to comply with them.

5. Is personal data passed on to third parties?

5.1. Your personal data is passed on to third parties in the following circumstances:

  • Donating money via the website: If you decide to use the online payment services provided on our website by PayPal, Apple Pay or Google Pay, your data will be passed on to those service providers or you will be directed to their websites in order for your person data to be processed – for more information, see section 2.2.2 above of this Privacy Policy.
  • Ordering a blood stem cell donor registration kit (also referred to as a “buccal swab kit”): We use trusted third party suppliers to process the data you provide via our online registration processes, in order to process your request for a buccal swab pack, where applicable, and to process your data and returned swabs. All our third party suppliers work under strict data protection and confidentiality agreements in order to ensure the highest standards of data security, processing and storage. We will share and transfer your data as a potential and actual blood stem cell donor in pseudonymised form with Anthony Nolan (registered charity in England and Wales (no 803716; www.anthonynolan.org), the National Marrow Donor Program (in the USA), ZKRD (Zentrale Knochenmarkspender Registry Deutschland) and the World Marrow Donor Association and with other DKMS entities (namely, DKMS Germany and DKMS Registry) in order that the information can be listed on the UK Stem Cell Registry and made available in the UK and internationally (including outside the EEA) to stem cell donor registries, transplant centres, search units, laboratories and other healthcare institutions for the purposing of searching for, finding and matching potential donors with patients in need of a blood stem cell transplant. Only such data will be transmitted which is relevant for the donor search. In summary, this includes a donor identification number, biological sex, date of birth, tissue typing results, the number of tissue typings conducted to date and the donor status (available or unavailable). Names, addresses or similar identifying data will not be transmitted. These registries, transplant centres and other providers are contractually required by us only to use your personal data for the agreed purposes and to prevent accidental disclosure to third parties. Authorised regulators and auditors may also have access to your data to fulfil their regulatory and safeguarding functions. In the event that you are identified as a potential match for a patient in need of a stem cell transplant, then we will contact you again to inform you about the next steps and seek your consent for the collection of additional personal and medical information and for the further processing, storage and use of the data that we hold about you.

5.2. We do not sell or rent your data to any other companies or organisations. We will under no circumstances use your e-mail address or other data without your agreement for any other purposes for which you have not given your consent.

6. How long do we save your personal data?

General overview

6.1. We will only save any personal data that you have transmitted or provided until the purpose for doing so has been fulfilled, until you revoke your consent, until you object to the data being processed or until you request the deletion of your data.

Using our website purely for informational purposes

6.2. If you use the website purely for informational purposes, we will save your data on our servers only for the duration of your visit to our website. Once you leave our website, your data will be immediately deleted.

Contacting us by email or using a contact form on the website

6.3. If you contact us by e-mail or using one of the contact forms on our website, we will delete any data recorded in this context once it is no longer necessary to save the data or will restrict processing if any statutory storage obligations exist. We check necessity on a regular basis.

Donating money

6.4. If you have used our website to donate money and we processed data to issue you with confirmation of the donation we will save your data until you revoke your consent to the data being processed or until you request the deletion of your data in accordance with the procedure described under section 8. In this case, your data will be blocked and then deleted once any statutory archiving periods have expired.

Ordering and returning a blood stem cell donor registration kit

6.5. If you have used our website to order a registration kit, we will retain your personal data in line with the retention periods set out in the table below, depending upon your personal profile, whether or not your return the buccal swab and whether or not you consent to the use of your data for alternative or additional data processing purposes.

6.6. In the event that you do not return your buccal mouth swab, we will make at least two attempts to contact you and request you return it by e-mail. More attempts may be made for potential donors in priority categories, such as young male donors or those from minority ethnic and racial backgrounds. If these attempts elicit no response, your data will be blocked, ie, you will no longer receive any messages from us, and then deleted.

Summary of DKMS retention periods

Personal Profile: Registered potential blood stem donors (up to age 61)

Nature of personal data collected, processed and stored:

  1. Contact details (name, address, email, phone)
  2. Biological sex
  3. Height and weight
  4. Medical and GP details
  5. Racial/ethnic heritage
  6. Genetic data from returned buccal swab
  7. Date of birth

Data retention periods:

Retained until the age or 61 unless:

  • consent withdrawn or request received to remove details from the stem cell register; or
  • consent subsequently for processing of personal data for fundraising/supporter purposes, in which case only data in items 1 and 2 will be kept. (See also further below.)
  • At the end of the retention period, the genetic data (item 6) stored in the swab becomes anonymised

Personal Profile: Online registrants (all ages) who never return buccal swabs

Nature of personal data collected, processed and stored:

  1. Contact details (name, address, email, phone)
  2. Biological sex
  3. Height and weight
  4. Medical and GP details
  5. Racial/ethnic heritage
  6. Date of birth

Data retention periods: Retained for 12 months post-dispatch of swab pack

Personal Profile: Fundraising supporters

Or

Registered potential blood stem cell donors who agree to become fundraising supporters after reaching the age of 61

Nature of personal data collected, processed and stored:

  1. Contact details (name, address, email, phone)
  2. Biological sex
  3. Bank details
  4. Donation/supporter history

Data retention periods: Current financial year, plus 6 years from last financial donation

Personal Profile: Ineligible donors identified during online registration process

Nature of personal data collected, processed and stored:

  1. Contact details (name, address, email, phone)
  2. Biological sex
  3. Height and weight
  4. Medical and GP details
  5. Racial/ethnic heritage
  6. Date of birth

Data retention periods: Retained for 12 months, unless consent given for alternative processing purpose, eg,fundraising

Personal Profile: Ineligible donors identified post registration, during the selection and matching process

Nature of personal data collected, processed and stored:

  1. Contact details (name, address, email, phone)
  2. Biological sex
  3. Height and weight
  4. Medical and GP details
  5. Racial/ethnic heritage
  6. Genetic data from returned buccal swab

Data retention periods: Retained for 12 months, unless consent given for alternative processing purpose, eg, fundraising

7. What information will you receive from DKMS UK?

7.1. By becoming part of the DKMS UK database of potential blood stem cell donors, you will receive essential communications related to the operation of the UK stem cell register (including information about the process or regulation of blood stem cell donation, and any changes to that process or regulation), including an annual letter/email from us, asking you to confirm your up-to-date contact details and to inform us of any personal information changes necessary to being part of our database and the register.

7.2. We believe it is important for us to remain in contact with you, particularly if you are a registered blood stem cell donor, for the following reasons. The communication specified under para 7.1 is directly linked to successful donations. When someone registers as a potential blood stem cell donor, it could be many years before they are called upon as a donor, which means there is a risk of this person forgetting about their commitment. Therefore, we keep in contact with our donors to remind them of their registration, and provide the news and information needed to increase the likelihood they are ready, available and contactable if they are called upon as a match for a patient. In the event of a stem cell donation, it is essential that the potential donor is available, as time is of the essence for the affected patient. This minimum level of contact therefore increases the possibility of giving someone a second chance of life.

7.3. Provided you have given your consent, in addition to the information specified under item 7.1, you may also receive promotional emails and mailings that contain general information regarding our activities.

7.4. If you no longer wish to receive mailings in the future, you can cancel this service at any time without providing any reason for this. To do so, please send us an e-mail with the subject “NONEWS” to nonews@dkms.org.uk or tell us this using the contact data in the imprint.

8. What rights do I have?

8.1. You have the following rights with regard to your personal data that we process:

  • Right to information
  • Right to correction or deletion
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

8.2. If you have given your consent for us to process your personal data, you can revoke this at any time. Once you have revoked this, we will no longer process your personal data. It is possible here to revoke consent for specific purposes such as receiving a newsletter.

8.3. If you wish to exercise your rights described above, please submit your request to: DKMS Foundation, Ashburnham House, Castle Row, Horticultural Place, London, W4 4JQ or by e-mail to: dataprotection@dkms.org.uk

8.4. You also have the right to lodge a complaint with the Information Commissioner’s Office about the way in which we process your personal data.

Right to object to processing – information pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data based on Art. 6 (1) (f) GDPR (data processing based on “legitimate interest”). If you object, we will longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

9. Storage of IP addresses and cookies

9.1. In addition to the data specified above, we use cookies to make our website available to you. Cookies are small text files that are saved on your hard disk, assigned to the browser that you use, and which supply certain information (see below for details) to the party that set the cookie (in this case, to us). Cookies cannot execute any programs or transfer viruses to your computer. They serve to make the website as a whole more user-friendly and more effective.

9.2. We use cookies to make our website available to you with its technical functions (essential cookies). In addition, we use cookies for the purpose of web analysis (non-essential cookies). The legal basis for the use of essential cookies that are necessary for the operation of the website is “legitimate interest” under Art. 6 (1) (f) GDPR. In the case of non-essential cookies, the legal basis is your “consent” under Art. 6 (1) (a) GDPR.

9.3. You can configure your browser settings according to your preferences and, for example, refuse to accept non-essential cookies or all cookies. Moreover, you can prevent or restrict the installation of cookies through the relevant settings of your internet browser. You can also delete previously stored cookies at any time. However, the steps and measures that are necessary to do so depend on the specific internet browser that you use. If you have any questions, therefore, please refer to the help function or documentation for your internet browser or contact the corresponding manufacturer for support. If no consent is given in the “privacy settings” pop-up (or if it is revoked via the “Consent Management” link in the footer), only cookies that store this block decision are set.

9.4. We use “local storage” and “session storage” as alternatives to cookies that are integrated in the browser. The web storage stores the data securely in the user’s browser and does not transmit it unencrypted over the internet.

9.4.1. Local storage: The scope includes all browser windows/tabs and is cleared only by JavaScript or with the browser cache.

9.4.2. Session storage: The scope includes an individual browser window/tab and is automatically cleared when the browser window is closed.

10. Processing of your user data by web analysis tools and online marketing services Piwik

PRO Analytics Suite

10.1. On our website, we use the Piwik PRO Analytics Suite (“Piwik PRO”) consent management tool from the company Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany.

10.2. The consent management tool includes a graphical user interface element called a “pop-up” to prompt for privacy settings. The “privacy settings” pop-up actively asks for your permission when you first visit our site to allow us to collect analytical data about your user behavior. Similarly, you can use the privacy settings pop-up to decide for yourself whether external content is displayed to you on our site. Consent to cookies, analytics, tag manager, social embeds and YouTube can be activated and deactivated at any time via the “consent management” link in the footer of this website.

10.3. Each permission can be activated and deactivated individually. All of the following points are dependent on the user granting this consent. If no consent is given in the “privacy settings” pop-up or revoked via the “consent management” link in the footer, only cookies that store this block decision are set. The use of the consent management tool is based on our legitimate interest in a responsive design of our website, according to Art. 6 (1) f GDPR. For more information, please see Piwik PRO’s privacy policy.

10.4. As mentioned in para 10.1, we use the analysis program Piwik PRO Analytics Suite, the software for which is used to collect data that enables us to tailor the design of our website to user requirements and to statistically evaluate the flow of visitors for marketing and optimisation purposes. Pseudonymous usage profiles are also created in this context. Cookies are used for these purposes, which are stored on your computer and which enable a pseudonymous analysis of your use of our website. The IP address is immediately truncated after collection and prior to storage. Piwik PRO Marketing Suite Cloud is hosted on Microsoft Azure in Germany.

10.5. Piwik PRO always analyses the use of our website in anonymised form. If the user consents to Analytics, the analysis of the use of our website is aggregated pseudonymously. This makes it possible, for example, to identify returning users and perform more precise analyses.

10.6. You can specify in the “privacy settings” pop-up and subsequently in the footer via the “consent management” link whether you consent to us using Piwik PRO in the manner described. If you choose not to do so, a Piwik PRO deactivation cookie will be deposited on your end device (“opt-out” cookie). Please note that your browser must accept cookies in order for this cookie to be deposited. If you delete the deactivation cookie, you may have to opt-out again.

10.7. If a corresponding consent has been given, the processing is based exclusively on “consent” under Art. 6 (1) (a) GDPR. For more information, please see Piwik PRO’s privacy policy.

Piwik Tag Manager

10.8. We also use Piwik PRO Tag Manager on our website. This service allows website tags to be managed via an interface. Piwik PRO Tag Manager does not set any cookies, only tags, and does not collect any personal data. The service triggers other tags, which in turn may collect data. A tag is only triggered if the user has consented to this beforehand. If the user does not grant specific permissions in the “privacy settings” pop-up, the corresponding tags will not be triggered. Tags that do not process personal data are always loaded. However, Piwik PRO Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will apply to all analysis tags implemented with Piwik PRO Tag Manager. For more information, please see Piwik PRO privacy policy.

AddSearch search function

10.9. The results from the search box on our website are made available by the web service of AddSearch Oy, Töölönkatu 4, FI-00100 Helsinki, Finland (“AddSearch”). When you actively use the search box on our website, a data transfer to AddSearch takes place. Only the search terms you enter and your IP address are transmitted.

10.10. In the context of the use of AddSearch, AddSearch uses “Amazon Web Services (AWS)”, based in the USA, as an order processor. Accordingly, some data processing may also take place outside the EU or the EEA. To the extent that AWS thereby transfers your personal data to the USA, we will take precautions to protect your personal data in the best possible way, among other things by using standard contractual clauses from the EU Commission (under Art. 46 (2) (c) GDPR). For more information about standard contractual clauses regarding the transfer of personal data to processors outside the EU or EEA, please visit the European Commission’s page on Standard Contractual Clauses.

10.11. The transfer of your personal data for these purposes is based on our legitimate interest in providing you with the search function, pursuant to Art. 6 (1) (f) GDPR. Information is not transmitted until at least three characters have been entered in the search. No data will be sent to AddSearch prior to this. For information, please see AddSearch’s privacy policy.

Amazon Web Services: Hosting

10.12. For hosting the database and web content on our website, we use the Amazon Web Services (“AWS”) service provided by Amazon Web Services, Inc. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018, as well as PCI DSS Level 1. We only have strictly limited access rights and the data is automatically encrypted.

10.13. For technical reasons, infrastructure maintenance may be carried out by AWS subcontractors from the USA. Accordingly, some data processing may also take place outside the EU or the EEA. To the extent that AWS thereby transfers your personal data to the USA, we will take precautions to protect your personal data in the best possible way, among other things by using standard contractual clauses of the EU Commission (Art. 46 (2) (c) GDPR). For more information about standard contractual clauses for the transfer of personal data to processors outside the EU or EEA, please visit the European Commission’s page on Standard Contractual Clauses.

10.14. The transmission of your personal data for these purposes is based on our legitimate interest in being able to provide you with the technical infrastructure of our website, in particular web servers, databases and the sending of emails, pursuant to Art. 6 (1) (f) GDPR. For more information about AWS and privacy, please see AWS Privacy Notice and their page on GDPR compliance when using AWS services.

Amazon CloudFront

10.15. As part of the web hosting with AWS, we use technologies provided by AWS or by the Amazon CloudFront content delivery network (“CDN”). A CDN makes extensive media files available via a regionally distributed server network in order to conserve its own server resources. Before the website loads in your web browser, we use Amazon CloudFront to build SSL encryption to the website and to build other security features to protect against harmful influences from the World Wide Web.

10.16. Amazon CloudFront relies on JavaScript code, so you can prevent it from running altogether by disabling JavaScript in your browser settings or installing a JavaScript blocker. Please note that our website may then not be displayed correctly. During this process, your IP address and other data are transmitted to Amazon CloudFront. The legal basis for this is our “legitimate interest” in ensuring the accessibility of our website, Art. 6 (1) (f) GDPR. For more information, please refer to the AWS Privacy Notice. To prevent the execution of the Amazon CloudFront – Content Delivery Network (CDN) JavaScript code altogether, you can install a JavaScript blocker.

Amazon Smile

10.17. If you access Amazon Smile via a link on our website, shop at Amazon Smile and select DKMS as your organisation, we will receive 0.5% of your purchase amount as a donation. There are no additional costs involved, as the donation is made directly from Amazon to DKMS Foundation. After you leave our website and go to Amazon Smile, we do not receive or process any personal data about you. For more information about Amazon’s use of data, please see Amazon’s Privacy Notice.

11. What social media plug-ins do we use?

11.1. We use social media plug-ins from various social networks on our website. If you access a specific page on our website that contains such a plug-in, your browser establishes a direct connection with the servers of the social networks after you have given your permission in the “privacy settings” pop-up to display external content on our site. The content of the plug-in is transmitted directly to your browser by the social networks and integrated into the website by the browser. By making a selection in the “privacy settings” pop-up, you decide which external content is displayed on our website and you can change this setting at any time by clicking on the “consent management” link in the website footer.

11.2. The integration of the plug-ins informs the social networks that you have accessed the corresponding page on our website. If you are logged in to one or more social networks, the social networks in question can assign the visit to your account. If you interact with the plug-ins, for example by clicking the “Like” button or sending a tweet, the corresponding information is transmitted from your browser directly to, eg, Facebook and Twitter and stored there.

11.3. We are not responsible for the services of third-party providers whose offers are linked on our website, such as Twitter or Facebook. These third-party providers are not able to associate the IP addresses with other personal data collected via the DKMS website. More information on data collection by third-party providers can be found on the respective websites of these providers.

11.4. We are currently using the following social media plug-ins: Facebook, Twitter and Instagram. We make it possible for you to communicate directly with the provider of the plug-in via the corresponding social media share button. The plug-in provider is only notified that you have accessed the corresponding page of our website if you click on the highlighted field and thereby activate it. The data mentioned in para 2.1 of this Privacy Policy will also be transmitted. In the case of Facebook, the IP address is anonymised immediately in the UK after it has been recorded, according to the respective provider. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box. Please also note the following in relation to social media plug-ins:

11.4.1. We have no control over the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing or the retention periods. We also have no information on the deletion of the collected data by the plug-in provider.

11.4.2. The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or the customised design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The legal basis for the use of the plug-ins is our legitimate interest in giving you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user, Art. 6 (1) (f) GDPR.

11.4.3. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly associated with your account at the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this prevents association with your profile at the plug-in provider.

11.4.4. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers disclosed below. There you will also find further information about your respective rights and privacy settings. 11.4.5. Addresses of the respective plug-in providers and links to their privacy policies:

  • Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA: Data Policy.
  • Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA: Privacy Policy.
  • Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland: Privacy Policy.

12. How are YouTube videos integrated?

12.1. We have integrated YouTube videos into our website, which are stored on the YouTube page of DKMS and can be played back directly on our website. YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

12.2. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The data mentioned in para 2.1 of this Privacy Policy will also be transmitted. This occurs regardless of whether you have a YouTube user account that you are logged in to or not. If you are logged in to Google, your data is directly assigned to your account. If you do not want data to be assigned to your YouTube profile, you have to log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the customised design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the processing of your personal data, whereby you must direct the objection to YouTube and Google.

12.3 By integrating YouTube, we improve our offer and can make it more interesting for you as a user. The legal basis for the integration is our legitimate interest according to Art. 6 (1) (f) GDPR.

12.4 For more information on the purpose and scope of data collection and processing by YouTube, please see Google’s Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy. Please note that we have no control over how and for how long YouTube and Google retain this data. Google’s Privacy Policy provides information about the collection, processing and use of personal data by YouTube and Google.

13. Questions and comments

If you have any questions regarding this Website Privacy Notice, please contact our data protection officer at dataprotection@dkms.org.uk.

An updated version of this page is available.