Our privacy policy



Registered in England and Wales Company Ltd by Guarantee No. 0817973

A charity registered in England and Wales (no. 1149646).

Updated on 26th July 2022


This privacy statement provides information about the personal information that Beacon collects, and the ways in which Beacon uses that personal information. This privacy statement aims to cover all of our activities.

Beacon may change this policy at any time in line with legislative changes or changes to the policy of the organisation. Please check our website from time to time to ensure you are aware of any changes.

Beacon adheres to the Principles of the General Data Protection Regulation (GDPR).

In this policy document:

“we” or “Beacon” means Beacon;

“you” means any person(s) about whom we collect non-personal and/or personal information.


Our Privacy Principals

Beacon collects data for four main reasons:

To allow us to deliver our projects effectively to our beneficiaries in the rare disease community, and to update them on up-coming opportunities.
For administrative purposes, allowing us to comply with financial regulation, to reimburse expenses to beneficiaries, and to monitor the success of our projects in-line with the terms of existing grant agreements.
To understand the impact of rare diseases on patients, and the effect of our projects on patient groups. This allows us to improve our services and subsequently the lives of rare disease patients.
To allow us to engage directly with those individuals have raised, or are interested in raising, money for the charity.
We aim to contact you only with information that you have asked for, either by consenting to be part of our mailing lists, or by signing up for a specific project. In the latter case we will not contact you outside the life of that project without your specific consent to do otherwise. You can opt out of receiving information at any time.

We will only collect data from you that is needed to deliver our work and aim to keep that data for a limited period. We will never sell your data to a third-party organisation, and never share your information for marketing purposes. We will only pass it on to a third-party organisation where it is necessary to deliver our work (for example providing an event venue with a list of attendees). We will make it clear when we need to do this, for example, we often use third party platforms such as MailChimp and Eventbrite to help us deliver our services.

Beacon will take all reasonable care to protect your personal information through secure working practices and processes. In line with the GDPR we will provide you with a summary of information we hold about you upon request and will remove your information from our records upon request if we are not legally required to hold it.

The following information provides a detailed breakdown of all the data we collect, how we hold it and use it, and the reason behind it. If you would like to learn more about our privacy policy or our work, please contact us using data@rarebeacon.org at any time.


What information do we collect?

We collect several different types of information. In general we collect and store information about those who engage with one of Beacon’s projects. We collect this data in order to deliver the project to you (the beneficiary), to track the success of the project, to measure our impact as a charity, and to deliver financial transparency to both our funders and the charity commission. We work to secure explicit consent to contact you about any unrelated events, and to share your information with any additional party.


1. Your browsing

Lawful basis – Legitimate interest

We collect basic information about the users of our websites (namely the rarebeacon.org website and our Resources Hub). Whenever you access our websites or download information, the web server automatically records the following information: the date and time you accessed our website, how long you were on the site, your internet domain name and the internet browser you use.

Some information may be collected when you use our websites, including information such as your IP address. We also automatically receive and record information on our server logs in order to use services like Google Analytics. This information is used to help us improve our websites, to increase traffic to our sites, and raise the profile of the charity.

To make use of Google Analytics, our websites use cookies. Any YouTube videos embedded in our websites also make use of cookies. A cookie is a series of characters that is generated by our website and stored on your computer. The cookie does not collect or contain personal information about you but allows you to keep logged in and records your use of our website. The cookie does not track your movements on other websites. YouTube may collect personal data through cookies used on their website. To view their privacy policy, click here. You can adjust the settings on your computer to decline any cookies if you wish. This can be done by activating the ‘reject cookies’ setting on your computer.


2. Your contact with us

Lawful basis – Legitimate interest

If you contact us by telephone, e-mail, or by letter, we retain a record of your contact to help us respond to enquiries. We only collect this information if you provide it to us and we do not hold your information for longer than is necessary.

Beacon’s email accounts are provided by Gmail, where all email messages and addresses are stored. You can view Gmail’s privacy policy here. All emails and associated details may be retained in Gmail for a period of up to 5 years before being deleted.


3. Beacon mailing lists

Beacon has two types of mailing lists. Our two periodic mailing lists are open for anyone to join, and all require your consent for us to contact you and hold your data. We also use short term project specific mailing lists – these allow us to provide information about a specific project to those involved with it. If you sign up for a project we will add you to one of these lists in order to fulfil our obligation to you, but will not contact you about other work, or hold your data longer than necessary. Specific details about any project mailing lists are provided when we describe the use of data for those projects below.

Periodic mailing lists

Lawful basis – Consent

We hold contact details for Beacon’s monthly newsletter mailing list and our community mailing list. Beacon’s mailing lists are administered through MailChimp, who store the name and email address of all individuals on the mailing list and track information on engagement with the messages sent. MailChimp’s privacy policy can be viewed here. Beacon holds a digital copy of all mailing lists on our own server, including records of consent.

Only individuals who specifically opt in to receive a mailing list, either through our sign up forms or a specific question within event and project registration, will receive messages and have their details stored. You may choose to stop receiving either mailing list at any time through a link provided at the end of all mailing list emails, as part of any event registration process, or by contacting us at data@rarebeacon.org.


4. Your attendance of Beacon events

Lawful basis – Legitimate Interest / contract and Consent

We collect information about delegates at Beacon events. This information is collected directly by Eventbrite (whose privacy policy you can view here) through which we administer all of our events. Data collected may include your name, contact details (email, phone number and address), employer, job role, dietary requirements, and accessibility requirements. Beacon holds a digital copy of these details on our own server allowing us to monitor the impact of our work. If a ticket requires payment, payment information will be collected by Eventbrite but no bank details will be collected or held by Beacon.

Beacon directly accesses delegate details only to administer the event, and to deliver information about the event that you are attending unless you provide explicit permission for your data to be used in other ways. Beacon sends emails to update registered attendees about the event using the Eventbrite platform. Contact details are not transferred to MailChimp for the creation of a new mailing list. Your details will only be added to MailChimp if you explicitly opt to join one of our periodic mailing lists when you register for an event.

Beacon will also notify all event attendees of an event when any post-event materials are made available our Resources Hub. These notifications will be delivered via email, in the same manner as pre-event messages. In order to access these materials, you will need to register for Beacon’s Resources Hub (see 5b. Registration and registered user Hub use)


We produce delegate lists for some of our events, which are available to any individual attending the event (and by extension the organisations they represent). We will secure your direct consent before adding your details to these delegate lists.

After the event we will keep your data for a year, until that financial year’s accounts are complete, or until the expiry of the project specific grant (whichever comes last). This allows us to effectively measure the impact of our work and to accurately report to our grant givers (though no personal data is shared with them). After this only data that is useful for assessing event attendance will be retained – this does not include contact details.


5. The Resources Hub

    The Resources Hub (or Hub) is a website run and maintained by Beacon and any third-party contractors we nominate to provide technical support. The website is a Word Press website and makes use of the Learn Dash plug in for educational resources.

    A. General use

    Lawful basis – Legitimate Interest

    As a Beacon website, we collect data about the use of the Resources Hub in the manner outlined in section 1. Your browsing.


    B. Registration and registered user Hub use

    Lawful basis – Consent

    At launch all Resources Hub content is accessed via a personalised Resources Hub account. Anyone is able to create their own user account in order to access all of the materials on the platform. By registering for the Resources Hub you consent to our Privacy Policy and our Terms and Conditions.

    Why do I need to register?

    The Resources Hub is a complex project, which requires significant funding and time invested in it to deliver. It is therefore crucial that we are able to understand the use of the platform, so that we can measure the impact of our work. This is vital in both improving the platform and in convincing funders (and potential funders) of its value to the community. By registering for the Resources Hub you consent to Beacon collecting data on your Hub usage in order for Beacon to monitor its impact. You can also gain access to any specific event materials tied to our in-person trainings that you attended.

    The registration process

    As part of the registration process, we will collect a series of basic information that will be held on the platform. This will be retained as long as your account exists. This includes username (specifically your email address); password; name; background (patient group, healthcare professional, industry); patient group name (if applicable); rare disease area; your prior involvement with Beacon; your location; and how you heard about the Hub. This information helps us understand our userbase, and improve the service offered through the Resources Hub. Beacon may retain an independent list of Resources Hub Users on its own internal servers.

    Upon registration you will gain access to all publicly available training material. Some content on the Hub is restricted, based on the requirements of our trainers or collaborators. In general, content relating to workshops, the patient group mentoring programme, and masterclasses will be restricted, while webinars, conferences, and e-learning courses are publicly available. However, restriction of all materials is determined on a case by case basis.

    Accessing restricted materials

    As noted in section 4. Your attendance of Beacon events, all event attendees will be notified via email once any post-event resources are available, including those that are hosted on the Hub. If these materials are restricted, you will be able to access them using a dedicated code. Codes will be distributed via email to any eligible individuals for any content which is limited – normally live event attendees. The access code will allow registered Hub users to access that material within their Resources Hub accounts. You will need to consent to use the Hub in order to access any restricted material. 

    Eligibility for restricted content

    Eligibility for limited content will be determined on an event by event basis. This will be partly dependent on the needs of our trainers and collaborators. In general, our workshop related Hub content will be limited, and those individuals who attended the event live will be eligible to access it. There may however be cases where other members of the organisation are eligible to access that content, and we will confirm this at the time. 

    Granting access to incorrectly restricted content

    If you do not have a code for content for you which you believe you are eligible, you can contact Beacon directly. Upon receipt of these enquiries, Beacon will examine our records on event attendance or registration (held outside of the Hub) to confirm your eligibility.

    Resources Hub Usage

    We collect information on how each logged in user of the Resources Hub uses the website. We use the UsersInsights WordPress plug-in to facilitate this data collection and monitoring. You can find out more about his plug-in here. In particular, we monitor course popularity, use frequency, and results of any embedded quizzes. This information will be stored on the Resources Hub, and is associated with your user account.

    Resources Hub Feedback

    Throughout the Resources Hub, there are a series of feedback forms and questionnaires designed to help users share their experience of the Hub with Beacon. Any of your responses to these forms are stored in the Resources Hub, and are associated with your user account. This means your responses are identifiable.

    How will Beacon use this data?

    Our use of Resource Hub usage and feedback data is summarised below: 

    1. Any data sorted on the hub will help to improve your experience of the hub as a user by tracking your progress, highlighting courses of interest, and recording scores in in-built quizzes.
    2. Data stored in the hub will help you access exclusive event content.
    3. This data is assessed to help us improve the design of the website itself, to increase the accessibility of the content hosted on the site, to develop improved content, and to identify the most useful resources for our community.
    4. We will use this data to assess the impact of the Resources Hub on the rare disease patient group community. We collate usage statistics of all Hub users to compile summary statistics to share with our funders, to highlight impact, and to promote our work. Individual usage statistics will not be used in an identifiable way within such reports in any circumstances.
    5. Beacon staff are able to access records of your personal usage of the hub or personal responses to in-built questionnaires; however, in the majority of circumstances we will not access this data, and such access it outside of our usual processes. Our interest is in the aggregated data – that is the usage of each course, resource, or page – rather than the behaviour of individual users.
    6. We will not sell your personal usage data, or share it with any third-parties not listed here.
    7. We will not share personal usage data with our funders.
    8. We do not allow any third parties (excluding those contracted to support in the website hosting, maintenance, and design), including funders, to directly access this data.


    C. Life of your account

    Resources Hub user data will be retained as long as the account is active. If a user has not accessed the Resources Hub for a period greater than one year, but no longer than three, they will be contacted directly and given the option to retain their account. If this option is not taken, the account, and all associated data will be deleted.

    You have the right at anytime to request the information held about your account in the Resources Hub. You also have the right to request its deletion. In these circumstances Beacon will delete all personal data tied to your account; however, we will retain some anonymised summary data on Hub use to allow us to complete our reporting requirements to funders.

    Please note that ownership of an active account requires consent for data collection, storage, and processing as outlined in this policy.


    6. The Student Voice Prize – Essay Competition

    Lawful basis – Legitimate interest and Consent

    We collect information about entrants into Beacon and Medics4RareDiseases (M4RD) annual essay competition, The Student Voice Prize, through our entry forms. This includes name, email address, university of study, course, and address. These forms are stored on Beacon’s servers and are not shared with any party other than our partner M4RD. This information is collected to monitor the impact and reach of the competition, and for the purposes of contacting entrants about the competition and its results. We collect explicit consent to approach entrants with other opportunities relating to their entry, or for them to join one of our mailing lists, or those of M4RD.

    All essays are judged anonymously and none of your information is seen by The Student Voice Prize judges. Winner’s information is shared with our partner’s at BioMed Central and M4RD in order to ensure the delivery of prizes, namely article publication. Entrant’s details are deleted after a year, or until that financial year’s accounts are complete (whichever comes last).

    We also collect information about patient groups and students who which to take part in our patient group pairing scheme for the Student Voice Prize, through our pairing forms. For the patient group this includes name, condition represented, name of key contact, email address of contact, position of contact, experience of contact, and disease summary. For the student this includes name, university, question being answered, and area of interest. These forms are stored on Beacon’s servers and are not shared with any party other than our partner M4RD. This information is collected to allow pairing of students and patient groups.


    7. Webinars

    Lawful basis – Legitimate interest

    We collect basic information about people who sign up to Beacon’s webinars through Eventbrite, including name, affiliation, and email address. This information is collected only for the purposes of contacting attendees about the webinar and to collect feedback, unless explicit permission is given for other uses. Beacon holds a digital copy of this information on our own server, allowing us to monitor the impact of our work. Attendees details are retained for a year after the project end, or until that financial year’s accounts are complete (whichever comes last).


    8. Patient Group Mentoring

    Lawful basis – Legitimate interest and Consent

    We collect a range of information about both mentees and mentors who take part in our peer mentoring programme. This includes, name, organisational affiliation, phone number, email address, and biographical information pertinent to your role on the mentoring programme. This information is collected to allow us to make the best possible pairings for the scheme, to help deliver the most beneficial training, and to track the impact of our work. When joining the programme we will ask for your consent to share contact information with other members of the patient group mentoring programme. We will not share your information with other parties without your explicit consent.

    While you are active on the patient group mentoring programme, we may add you to a mailing list administered through MailChimp, in order easily update you about the programme. MailChimp’s privacy policy can be viewed here.

    We will retain your information for up to three years after your involvement in the programme, as it relies on the establishment of a network of active and interested rare disease patient groups and mentors who are willing to learn and support one another. We may contact you directly during this period to ask for you professional assistance as part of the ongoing peer mentoring programme. You will not be contacted through a mailing list during this time, and your details will not be held in a peer mentoring MailChimp list if you are not active in the programme.


    9. Fundraising

    Lawful basis – Legitimate interest and Consent

    We collect the personal information of individuals who take up charity places for Beacon’s fundraising charity events, or who are actively fundraising for Beacon. This is collected to allow effective registration, to support you in your fundraising efforts, and to monitor success. We will not contact you about other things without your explicit permission.

    Beacon uses Wonderful, PayPal Giving, and Give As You live Donate to administer its online donations. All three collect and holds information on fundraisers and donors to fulfil this role. You can view Wonderful’s privacy policy here. You can view PayPal’s privacy policy here. You can view Give As You Live Donate’s privacy policy here. We also use Give As You Live Shopping which provides some information donors – this is governed by the same privacy policy. Beacon has access to this fundraising information which is used and stored for accounting purposes, and to assess the impact of our fundraising promotion. We will not contact a donor or fundraiser without your explicit permission.


    10. Focus groups and research projects

    Lawful basis – Consent

    If you volunteer to take part in one of our research projects, with your consent we will store your contact information and any recordings (for example, recordings of interviews or focus groups) along with written notes from the recordings. We will not identify individuals within any resultant publications without securing explicit consent first.


    11. Expense claims

    Lawful basis – Administration

    In the event that Beacon reimburses expenses for an individual attending or assisting with an event or project, we will collect personal data in order to process such payments. We will securely store this information in order to meet the needs of our accounting processes.


    12. Social media

    Beacon is active on Facebook, LinkedIn, Twitter, Instagram and YouTube. Beacon does not collect data from these social media sources, though we will endeavour to answer messages directed to us through these sources. All messages sent to Beacon in this regard are governed by the privacy policies of the chosen platform.


    13. Our staff and volunteers

    Lawful basis – Administration

    We hold personal information about our staff, trustees, advisory board members and volunteers. We also hold information on recent job and volunteer applicants.


    How long do we keep your information?

    We keep your information for as long as is necessary to deliver any associated projects effectively for you and track our charity impact. This will normally amount to at least one year, but specific guidelines for each of our projects can be found above. In many cases our funding agreements will require that we retain documentation relating to project finances, attendance, and delivery for a period of five years. Your data will be retained securely in such situations to meet the obligations of our funders and good financial practice.


    Your rights

    You may ask us to destroy any personal information that we hold on you so that you receive no further information or contact from us. In this circumstance, if you are currently registered for an event or project we will contact you to confirm your wish to continue involvement, and if so remove your data subsequent to completion of the programme. If you have taken part in a research project, your research information will be kept for 3 years or as otherwise detailed to you in the project information sheet, after the end of the project then destroyed securely.

    You may ask to have a copy of the information we hold about you and/or your organisation and to amend, update, add to or delete it at any time. Should you wish to restrict the use of your personal information, please contact us by email at data@rarebeacon.org or in writing at the address supplied on the Beacon website.


    Who has access to your information?

    Our members of staff have access to your personal information. If you provide information through involvement with a specific event or project, that information will also be shared with any organisations that are listed as a project collaborator or co-organiser. Note, a project sponsor or funder is not considered a collaborator and would not receive data through these means. Finally, some information may be shared with event venues to ensure that your needs are met on the day.

    As detailed above, we may use third parties to provide services on our behalf, including MailChimp, Eventbrite, and Virgin Money Giving. Those parties only collect and hold the information they need to deliver the service, though data is held in accordance with their own privacy policies.

    If you have taken part in a research project, we will not tell anyone you have taken part and we will not share your information with any third party without your consent. Any collaborators with access to your information will be explicitly named when you give your consent.

    We may disclose personal information if we receive a complaint about any content you have posted or transmitted to or from one of our sites, if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of Beacon, any child or vulnerable adult, our staff, any visitor or third party. Except as indicated above we will not use or transfer this data to any third parties without your explicit consent permission.



    We publish information leaflets, reports and newsletters for our subscribers and those that interact with Beacon. From time to time these will contain personal information about our beneficiary patient groups, patients, or collaborators. We never publish any information or an explicitly identified image without clear consent from those concerned. We might use quotes from your research information in academic publications and conferences but will always ask your permission if anything in the quotation is identifiable.


    Can you access the information we hold about you?

    Yes, you have the right to access information stored about you by Beacon. You need to write to us at the address below or email us at data@rarebeacon.org. We will then provide you with the following information:

    • What personal data is stored
    • The purposes for which your data is being processed
    • Who has access to your data


    What security measures do we have?

    We have implemented technology and policies to protect your privacy from unauthorised access and improper use and will review these measures on a regular basis. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur, we shall endeavour to prevent this.


    Links to other websites

    Beacon’s websites may contain links to selected websites which we feel may be of interest. Please note that once you use one of these links to leave our website, we do not have any control over that other website. Please exercise caution and refer to their privacy policy and/or terms & conditions of use as we cannot be held responsible for the protection or privacy of any information you provide to a third party.


    Any questions about privacy?

    If you have any questions or concerns about how we protect your personal information, please contact us.





    Beacon c/o AdviceHub
    66 Devonshire Road
    CB1 2BL


    +44 (0) 1223 865888