As a responsible charity, we value the trust you place in us when you share your personal data. It is our promise to you that we will be open and honest with you about how we use the information you’ve entrusted with us. This page describes who we are, why we collect information and how we use it. We recognise the importance of treating your data with care and we have taken steps to ensure we only use it in accordance with your wishes.
It is important to us that we are open and honest about the way we use information and we are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
Who we are
We are Birmingham St Mary’s Hospice, part of a wholly owned subsidiary called St Mary’s Hospice Ltd. We use the company name St Mary’s Hospice (Trading) Ltd for our trading activities including our retail shops and merchandise. We are registered with the Charity Commission and our registered charity number is 503456.
Data Protection Office
St Mary’s Hospice has established a Data Protection Office to ensure its compliance with Data Protection Laws. The Data Protection Office will act as The Hospice’s contact point with our patients, employees, prospective employees and other stakeholders.
St Mary’s Hospice is registered with the Information Commissioner’s Office (ICO) as a Data Controller for the processing of Personal Data (Z496953X).
The Data Protection Office can be contacted by post to The Data Protection Office, 176 Raddlebarn Road, Selly Park, Birmingham. B29 7DA. By telephone on 07970 039 658 or email at DPO@birminghamhospice.org.uk
How do we obtain your personal data?
Information you give us directly
We collect personal information when you voluntarily submit it to us.
There are several ways that we may obtain your personal data:
- While using our fundraising services, participating in a fundraising event or campaign or when donating to one of our shops.
- When you submit an enquiry via email or a web enquiry form.
We will never acquire your contact details from private organisations nor will we sell your personal data. We may on occasion work with carefully selected organisations for the purpose of conducting market research activities, in order to gain a better understanding of our supporter demographics.
Information you give us indirectly
Your information may be shared with us by third parties which may include:
Independent event organisers, for example The London Marathon or Fundraising sites such as JustGiving or Facebook.
Professional subcontractors acting on our behalf who provide us with technical, payment or delivery services such as secure online payment processing.
When you visit this website
We, like many organisations automatically collect the following information:
Technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the services we offer.
Information about your visit to this website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).
We collect and use your personal information by using cookies on our website – more information on cookies can be found under the ‘What are cookies and how do we use them? section below.
When you interact with us on social media platforms such as Facebook and Twitter we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.
What information do we collect and how do we use it?
We only collect information about you that:
- Enables us to record your donations or purchases so that we can properly thank you and, when necessary, claim Gift Aid, specifically keeping this information as required by HMRC.
- Helps us keep in touch with you so we can let you know about the hospice and our events.
- Helps us answer your questions, queries and follow up on feedback you leave, including your contact details, if you gave them to us.
- Helps us to understand why you support our work and allows us to tailor future communications to you so we can better meet your needs.
The personal information we collect, store and use might include:
- Your name and contact details (including postal address, email address and telephone number).
- Your date of birth.
- Information about your activities on our website and about the device used to access it, for instance your IP address and geographical location.
- Your bank or credit card details. If you make a donation online or make a purchase, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
- Information as to whether you are a UK taxpayer so we can claim gift aid; and any other personal information shared with us.
We will process your personal data in accordance with the law, where you have either given us prior consent to do so or where we believe we have legitimate reasons for doing so.
In order to protect our clinically vulnerable patients and ensure the safety of our staff, volunteers and visitors, we collate information about COVID-19 vaccination status. Data is not shared at an individual level but we collate statistics as part of our reporting requirements to Hospice UK and NHS Clinical Commissioning Groups (CCGs).
By giving St Mary’s consent to process your personal data you will have opted in to share specific details with us and to receiving fundraising communications. We will then, from time-to-time, send you information about our work and how you can support it in accordance with your contact preferences.
However, for non-electronic communications, you do not need to give prior consent to receive these same types of fundraising communications, providing we have a legitimate reason for sending you them. We will determine whether or not we have a legitimate reason to contact you based on your prior engagement with us and your contact preferences, making sure you have not previously opted out of certain communications or complete contact from us.
What are cookies and how do we use them?
When you visit our website, our server will record your computer’s IP address (the unique numerical address given to every computer connected to the Internet) and the time and duration of your visit.
CCTV systems are installed at our hospice and our shops for the purposes of crime prevention and detection only. CCTV is only used in general areas and access to view is restricted to key individuals.
This section does not apply to website visitors and will only apply to individuals who are referred to the hospice for healthcare.
Information from your records, with your name and other personal details removed, may be used to manage health services including:
- To monitor and improve the quality of care received by patients
- To make sure that treatments and services meet the needs of local communities. (This may include sharing information with the local clinical commissioners).
- Training and educating staff
Further details about how we use and the limited circumstances under which we share your healthcare information will be given at the point of access.
How do we keep your data secure and who processes your data?
The charity is the data controller and will perform the processes above with the support of trusted partners and suppliers, who will be held to the same standards of compliance as we are ourselves.
We ensure they store the data securely and are contractually obliged to adhere to all the data regulations required by law.
Where you use a third party to provide data to us, for example, online fundraising websites such as JustGiving, will have their own data protection and privacy policies and we recommend you are aware of these before signing up.
How do we store your personal data?
All information you provide to us is stored on secure servers in secured databases.
All information stored is only used whilst you continue to be a supporter of the hospice and the data will be securely removed from our current live database, 6 years after your last donation.
Who do we share your personal information with?
We will never sell your information to other organisations or pass it on to any other website.
We may need to disclose your data if required to the police, regulatory bodies or legal advisors. We will only ever share your personal data in other circumstances if we have your explicit and informed consent.
Anonymised statistical information about training and equality monitoring is shared with public authorities who commission our services.
Personal and financial details about donations for the purpose of Gift Aid claims, audits and anti-fraud legislation are shared with HMRC.
From time to time we may use the services of suppliers based in England (e.g. for sending newsletter mailings). Under these circumstances only a minimum amount of your information will be passed to them for the purposes of providing that service. Where we engage these suppliers we make sure that they apply the same levels of protection, security and confidentiality that we apply.
Facebook have tags on some pages of our website which allows them to collect information about pages you’ve visited on our website, they will then serve you advertising on Facebook based on this information.
We share with Facebook the email addresses of people who have registered to take part in one of our major fundraising events, such as Chocolate 5K, Enchanted Walk and Ride the Reservoir for example. The emails are used by Facebook to define a type of audience, and then Facebook will serve adverts to people that match that type of audience – but not (necessarily) the people in the original email file. We do this to increase registrations to our events and to raise more funds to ensure we can keep our care free of charge to patients.
- Custom Audiences
If you register to take part in an event or wish for us to contact you through email, we may send your email address to Facebook who will serve you content relevant to your original interest for example if you signed up to a challenge event last year you may see information about upcoming challenge events.
- Saved Audiences
We use Facebook Saved Audiences to remember which supporters on Facebook are most likely to respond to our fundraising, campaigning and marketing requests.
Google Analytics does not collect any personal information such as your name, address or contact details. All the information collected is anonymous.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on your computer. Although these cookies are not essential to the core function of the website, they are useful in enabling the Hospice to raise money through the website and to spend our supporter’s money more effectively by making informed decisions on how best to improve our website.
For more information on how to stop Google Analytics across all websites you access please visit https://tools.google.com/dlpage/gaoptout?hl=en
How long do we keep information about you?
We only keep information for as long as we are allowed to in accordance with legislation or relevant regulations. Once we no longer need to keep your information we remove it from our systems or securely dispose of it.
Our communications with you
The communications you receive from us will vary according to the interest you have expressed in Birmingham St Mary’s Hospice (e.g. fundraising events).
By providing Birmingham St Mary’s Hospice with your contact information (address, email or telephone), you will receive the following communications:
- Keeping in touch emails, which may include fundraising and volunteering asks and opportunities.
- We may also contact you by post, in addition to the above, with relevant and timely communications on the work the charity is doing, to give you the opportunity to help us campaign and fundraise for Birmingham St Mary’s Hospice.
- We believe that by engaging with the charity, you would reasonably expect to be kept informed when opportunities arise that we feel are relevant for you.
If you wish, you may opt out of any of these services at any time by emailing firstname.lastname@example.org or calling 0121 752 8779. We will not send these communications by electronic means (email and SMS) unless you specifically give us consent to do so.
Accessing and updating your personal information and your rights
Your rights under GDPR
Your right of access
This is called the right of access and is commonly known as making a subject access request or SAR.
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You may sometimes hear it called the ‘right to be forgotten’
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our hospice tasks, or is in our legitimate interests.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Links to and from our website
Changes to this policy
All staff will be required to have yearly training on Data awareness
The Hospice is committed to treating all patients, families, carers, volunteers and staff fairly regardless of their age, disability, gender reassignment, marriage or civil partnership, pregnancy or maternity, race, religion or belief, sex or sexual orientation. Anyone who feels they have been discriminated against should raise their concern with their line manager or with the HR Department.
EQUALITY AND DIVERSITY IMPACT ASSESSMENT
An Equality and Diversity Impact Assessment has been carried out and this policy does not have an adverse impact on groups with protected characteristics.
The Data Protection Officer will carry out regular audits of good Information Governance practice and report findings to the Compliance Committee (Information Governance). The Committee is accountable to the Board and will monitor the effectiveness of this policy and carry out regular reviews of all reported breaches.
OTHER HOSPICE RELATED POLICIES / PROCEDURES
Information Governance Toolkit (Accessible via https://nww.igt.hscic.gov.uk/Home.aspx)
Information Commissioner’s Office – Privacy Guidelines (Accessible via https://ico.org.uk/)