Privacy policy

Our privacy policy explains who we are and how we look after any information we may have
about you, how it helps us achieve our goals and why we need it. It makes clear how you
can control that information, including how we contact you, and what it means if we have to
share your information.

About us

The Type 1 Diabetes Grand Challenge is a partnership between the Steve Morgan Foundation
(SMF), Diabetes UK (DUK) and the Juvenile Diabetes Research Foundation
Limited (JDRF). The objective being to catalyse game changing momentum in type 1
diabetes research and in doing so, dramatically accelerate progress towards new treatments
and cures.

Who we are

  1. The Steve Morgan Foundation, a charity registered with the Charity Commission for
    England and Wales (with registered charity number 1087056) whose principal office is at
    The Steve Morgan Foundation, PO BOX 3517, Chester, CH1 9ET (‘SMF’);
  2. The British Diabetic Association, operating as DIABETES UK, a company registered in
    England and Wales (with company number 339181) and with the Charity Commission for
    England and Wales (with registered charity number 215199) and in Scotland (with Scottish
    charity number SC039136) whose registered office is at Wells Lawrence House, 126 Back
    Church Lane London E1 1FH (‘DUK’); and,
  3. -Juvenile Diabetes Research Foundation Limited, operating as JDRF, a company registered
    in England and Wales (with company number 02071638) and with the Charity Commission
    for England and Wales (with registered charity number 295716) and in Scotland (with
    Scottish charity number SC040123) whose registered office is at 17/18 Angel Gate, City
    Road, London, EC1V 2PT (‘JDRF’).
  4. Collectively we are the Diabetes Grand Challenge.

Diabetes UK provides and is responsible for the maintenance of the Type 1 Diabetes Grand
Challenge website. When you use this website Diabetes UK is the Data Controller.

What personal data we collect

We collect information directly from you, when you give it to us by filling in forms when
applying for research funding. When you apply for such funding the data will processed on
either the DUK or JDRF research grant management platforms depending on which
organisation is managing that particular research stream.

Information we collect directly from you

When you provide us with your information directly, we usually ask you for your name and
email address. We also ask why you have chosen to interact with us, as that helps us
understand how we can meet your needs.

When you use our website, we collect your personal information using “cookies” and other
tracking methods. There are more details on the cookies and tracking methods we use in
our Cookie Policy.

Information we collect from you on our websites, social media sites and apps

Our website, like most others, uses cookies to improve the way it works and monitor its

This includes allowing us to:

  • identify what device you used to access the site
  • how you came to our site
  • what pages you looked at or what action you took
  • what pages are most popular

How we use your data

We use the data you give us and the data we collect about you from other sources for the
following purposes:

  • To provide you with the services (e.g. research applications) and information you

Research grant applications

If you apply for a research grant it will be either be administered by Diabetes UK or JDRF
and the relevant charities privacy policy will apply.

If the research grant is administered by Diabetes UK we will use our online grant application
platform which is provided by CC Technology, a third-party supplier. We will share your data
with experts involved in the evaluation of your application and we will publish brief details
of the awards we make. Please see the terms and conditions of use of Grant Tracker, our
Grant Conditions and our Research privacy notice (PDF) for more details about how your
data is used.

If the research grant is administered by JDRF it will be managed via their online application

Information sharing required by law or regulation

Occasionally we may be legally required to share information with official agencies,
regulatory bodies, or the police to protect you or to prevent or detect a crime.
Our services are confidential. However, we may share information you give us with support
agencies or the police if a member of staff or volunteer has concerns about your own or
someone else’s safety or wellbeing. We would need to share what you tell us with someone

  • we believe your life, or someone else’s life is in danger
  • you tell us that you or someone else is being, or is at risk of being abused by another
  • it’s necessary to prevent or detect a crime
  • we are required to do so under a court order.

Transfers outside the European Economic Area

Our work is based in the UK and we store the data we hold within the European Economic
Area (where you have the same level of protection for your data as in the UK). However, a
few of our suppliers may store their data outside the European Economic Area. We will only
transfer your data to them if we are confident that your data will be adequately protected,
for example if they have signed up to the US’s Privacy Shield, which guarantees the rights of
European Union citizens, or if we have a contract with them that says they will meet EEA
data processing standards.

How long we keep your information

As diabetes is a long-term, chronic condition, we know that your needs for support and your
relationship with us will change over time. We will normally keep your personal information
only for as long as necessary.

We normally keep your details on our supporter database while we have an ongoing
relationship with you. If we haven’t heard from you for seven years, we will archive your
data, which means we won’t use it any more unless you decide to restart your relationship
with us.

How we keep your information securely

We guard against unauthorised access to our systems by reviewing our information
collection, storage and processing practices, including physical security measures. We
restrict access to personal information to employees, contractors and third parties who
need to know that information to process it for us and put in place contracts which require
them to keep it confidential. We regularly assess the security of our systems. If we need to
transfer data to or from third parties, we will always use a secure method to do so.

Our legal basis for processing data

Organisations that collect personal data need to have a lawful basis for doing so. The law
sets out six ways to process personal data (plus extra conditions for processing sensitive
personal data). Five of these are relevant to the types of processing that we carry out.

This includes information that is processed on the basis of:

  • A person’s consent (for example to send you direct marketing by e-mail or SMS)
  • Diabetes UK’s legitimate interests (please see below for more information)
  • A contractual relationship (for example to provide you with goods or services that
    you have bought from us, or when you agree to participate in user experience research)
  • Processing that is necessary for meeting legal obligations (for example to process a
    Gift Aid declaration and carrying out due diligence on large donations), and
  • In rare cases, to protect someone’s life.

Personal data may be legally collected and used if it is necessary for a legitimate interest of
the organisation using the data, as long as its use is fair and doesn’t adversely impact the
rights of the individual concerned.

We will always consider if it is fair and balanced to use your personal information and if it is
within your reasonable expectations. We will balance your rights and our legitimate
interests to make sure that we use your personal information in ways that are not unduly
intrusive or unfair.

Our legitimate interests

  • Achieving our charitable aims –These include providing support and advice to people
    living with diabetes and its related complications and for those who care for them,
    increasing the understanding of diabetes, educating healthcare professionals and the
    general public and promoting research into the causes, prevention and cure of diabetes and
    publishing the results of research.
  • Administration and operational management – This includes running the charity,
    legal and financial reporting and meeting legal requirements, responding to your enquiries,
    providing information and our support, research, surveys, events management, the
    administration of volunteers and employment and recruitment requirements.
  • Fundraising and campaigning This includes running campaigns and donations,
    sending and making direct marketing by post and phone, analysing data to make sure our
    work is effective and maintaining a list of people who don’t want to hear from us.

If you would like more information on our uses of legitimate interests or to change our use
of your personal data, please get in touch with us using the details in the “Contact us”
section below.

Your rights

You’re in control of your data and the way we use it.

You can ask us for a copy of the information we hold about you at any time by contacting us
at the details below. We will generally supply any information you ask for within 30 days

unless it is a particularly complex request. We will not charge you for this information other
than in exceptional circumstances. We may ask you for proof of identity as we need to be
sure we are only releasing your personal data to you.

You can also ask us at any time:

  • to amend your data
  • to stop using your data for a particular purpose, if you’ve changed your mind about it
  • to limit the way we use your data
  • to stop using your data for direct marketing (for example fundraising and
    campaigning appeals)
  • to stop analysing your data to understand our supporters better or
  • to delete your data.

We will do our best to follow your requests as long as we’re able to do so
If you have any complaints about the way we collect and manage your data, please let us
know so we can address them. We have appointed a Data Protection Officer to oversee the
way we manage personal data. They can be contacted at If you’re
unhappy with the way we respond to any complaint, you also have the right to complain to
the Information Commissioner’s Office which regulates the use of personal data in the UK at You can also contact the Fundraising Regulator which
regulates fundraising charities at