As a responsible charity, we value the trust you place in us when you share your personal data. It is our promise to you that we will be open and honest with you about how we use the information you’ve entrusted with us. This page describes who we are, why we collect information and how we use it. We recognise the importance of treating your data with care and we have taken steps to ensure we only use it in accordance with your wishes.
It is important to us that we are open and honest about the way we use information and we are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
Who we are
We are Birmingham St Mary’s Hospice, part of a wholly owned subsidiary called St Mary’s Hospice Ltd. We use the company name St Mary’s Hospice (Trading) Ltd for our trading activities including our retail shops and merchandise. We are registered with the Charity Commission and our registered charity number is 503456.
Data Protection Office
St Mary’s Hospice has established a Data Protection Office to ensure its compliance with Data Protection Laws. The Data Protection Office will act as The Hospice’s contact point with our patients, employees, prospective employees and other stakeholders.
St Mary’s Hospice is registered with the Information Commissioner’s Office (ICO) as a Data Controller for the processing of Personal Data (Z496953X).
The Data Protection Office can be contacted by post to The Data Protection Office, 176 Raddlebarn Road, Selly Park, Birmingham. B29 7DA. By telephone on +44 (0)121 752 8786 or email at DPO@birminghamhospice.org.uk
How do we obtain your personal data?
We collect personal information when you voluntarily submit it to us.
There are several ways that we may obtain your personal data:
- While using our fundraising services, participating in a fundraising event or campaign or when donating to one of our shops.
- When you submit an enquiry via email or a web enquiry form.
We will never acquire your contact details from private organisations nor will we sell your personal data. We may on occasion work with carefully selected organisations for the purpose of conducting market research activities, in order to gain a better understanding of our supporter demographics.
What information do we collect and how do we use it?
We only collect information about you that:
- Enables us to record your donations or purchases so that we can properly thank you and, when necessary, claim Gift Aid, specifically keeping this information as required by HMRC.
- Helps us keep in touch with you so we can let you know about the hospice and our events.
- Helps us answer your questions, queries and follow up on feedback you leave, including your contact details, if you gave them to us.
- Helps us to understand why you support our work and allows us to tailor future communications to you so we can better meet your needs.
We will process your personal data in accordance with the law, where you have either given us prior consent to do so or where we believe we have legitimate reasons for doing so.
By giving St Mary’s consent to process your personal data you will have opted in to share specific details with us and to receiving fundraising communications. We will then, from time-to-time, send you information about our work and how you can support it in accordance with your contact preferences.
However, for non-electronic communications, you do not need to give prior consent to receive these same types of fundraising communications, providing we have a legitimate reason for sending you them. We will determine whether or not we have a legitimate reason to contact you based on your prior engagement with us and your contact preferences, making sure you have not previously opted out of certain communications or complete contact from us.
What are cookies and how do we use them?
When you visit our website, our server will record your computer’s IP address (the unique numerical address given to every computer connected to the Internet) and the time and duration of your visit.
CCTV systems are installed at our hospice and our shops for the purposes of crime prevention and detection only. CCTV is only used in general areas and access to view is restricted to key individuals.
This section does not apply to website visitors and will only apply to individuals who are referred to the hospice for healthcare.
Information from your records, with your name and other personal details removed, may be used to manage health services including:
- To monitor and improve the quality of care received by patients
- To make sure that treatments and services meet the needs of local communities. (This may include sharing information with the local clinical commissioners).
- Training and educating staff
Further details about how we use and the limited circumstances under which we share your healthcare information will be given at the point of access.
How do we keep your data secure and who processes your data?
The charity is the data controller and will perform the processes above with the support of trusted partners and suppliers, who will be held to the same standards of compliance as we are ourselves.
We ensure they store the data securely and are contractually obliged to adhere to all the data regulations required by law.
Where you use a third party to provide data to us, for example, online fundraising websites such as JustGiving, will have their own data protection and privacy policies and we recommend you are aware of these before signing up.
How do we store your personal data?
All information you provide to us is stored on secure servers in secured databases.
All information stored is only used whilst you continue to be a supporter of the hospice and the data will be securely removed from our current live database, 6 years after your last donation.
Who do we share your personal information with?
We will never sell your information to other organisations or pass it on to any other website.
We may need to disclose your data if required to the police, regulatory bodies or legal advisors. We will only ever share your personal data in other circumstances if we have your explicit and informed consent.
Anonymised statistical information about training and equality monitoring is shared with public authorities who commission our services.
Personal and financial details about donations for the purpose of Gift Aid claims, audits and anti-fraud legislation are shared with HMRC.
From time to time we may use the services of suppliers based in England (e.g. for sending newsletter mailings). Under these circumstances only a minimum amount of your information will be passed to them for the purposes of providing that service. Where we engage these suppliers we make sure that they apply the same levels of protection, security and confidentiality that we apply.
How long do we keep information about you?
We only keep information for as long as we are allowed to in accordance with legislation or relevant regulations. Once we no longer need to keep your information we remove it from our systems or securely dispose of it.
Our communications with you
The communications you receive from us will vary according to the interest you have expressed in Birmingham St Mary’s Hospice (e.g. fundraising events).
By providing Birmingham St Mary’s Hospice with your contact information (address, email or telephone), you will receive the following communications:
- Keeping in touch emails, which may include fundraising and volunteering asks and opportunities.
- We may also contact you by post, in addition to the above, with relevant and timely communications on the work the charity is doing, to give you the opportunity to help us campaign and fundraise for Birmingham St Mary’s Hospice.
- We believe that by engaging with the charity, you would reasonably expect to be kept informed when opportunities arise that we feel are relevant for you.
If you wish, you may opt out of any of these services at any time by emailing firstname.lastname@example.org or calling 0121 752 8779. We will not send these communications by electronic means (email and SMS) unless you specifically give us consent to do so.
Accessing and updating your personal information and your rights
Your rights under GDPR
Your right of access
This is called the right of access and is commonly known as making a subject access request or SAR.
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You may sometimes hear it called the ‘right to be forgotten’
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our hospice tasks, or is in our legitimate interests.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Links to and from our website
Changes to this policy
All staff will be required to have yearly training on Data awareness
The Hospice is committed to treating all patients, families, carers, volunteers and staff fairly regardless of their age, disability, gender reassignment, marriage or civil partnership, pregnancy or maternity, race, religion or belief, sex or sexual orientation. Anyone who feels they have been discriminated against should raise their concern with their line manager or with the HR Department.
EQUALITY AND DIVERSITY IMPACT ASSESSMENT
An Equality and Diversity Impact Assessment has been carried out and this policy does not have an adverse impact on groups with protected characteristics.
The Data Protection Officer will carry out regular audits of good Information Governance practice and report findings to the Compliance Committee (Information Governance). The Committee is accountable to the Board and will monitor the effectiveness of this policy and carry out regular reviews of all reported breaches.
OTHER HOSPICE RELATED POLICIES / PROCEDURES
Information Governance Toolkit (Accessible via https://nww.igt.hscic.gov.uk/Home.aspx)
Information Commissioner’s Office – Privacy Guidelines (Accessible via https://ico.org.uk/)