THE HOSPICE CHARITY PARTNERSHIP PRIVACY NOTICE
The Hospice Charity Partnership is committed to protecting your privacy. This statement explains how we collect and use the personal information you provide to us, whether online or by phone, mobile, email, letter or other correspondence.
By using our website, any of our services, or providing us with any personal information, we will assume you are agreeing to your information being used and disclosed in the ways described in this policy.
1. Data Protection Act/General Data Protection Regulation
In carrying out our day-to-day activities we process and store personal information relating to our supporters and are therefore required to adhere to the requirements of the Data Protection Act 2018/General Data Protection Regulation 2018 (GDPR). We take our responsibilities under these acts very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations.
2. What personal information do we collect?
Our lawful basis for the collection of clinical data is public task.
Article 9(1) of EU GDPR states that processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
However Article 9(2h) states that the above shall not apply if processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care, or treatment or the management of health or social care systems, and services on the basis of Union or Member State law, or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
The Hospice Charity Partnership keep records about your health and any treatment and care you receive. This helps to ensure that you receive the best possible care. Records we hold include:
- Basic details about you such as address, date of birth and next of kin.
- Contact we have had with you.
- Notes and reports about your health and any treatment and care you have received.
- Results of any investigations such as X-rays and tests.
- Relevant information from other health professionals or those who care for you and know you well.
- Information, as a patient, you may have supplied us with.
The Hospice Charity Partnership relies on legitimate interest to contact you with matters of a non-marketing nature; for example managing Gift Aid, management of regular giving payments or lottery membership, thanking for support, to maintain accuracy and keep the information we hold on our secure database up to date, to answer your questions, queries or requests, for financial analysis and trend performance, profiling and segmentation purposes to satisfy our business and strategic objectives including wealth profiling.
We may collect personal information about you when you take part in one of our fundraising events or challenges, make a donation, play our lottery or raffles, sign up to Gift Aid in our charity shops, apply to work or volunteer with us, or use our website. Our lawful basis for this data is legitimate interest.
Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address, landline telephone number, mobile telephone number, bank account details, credit/debit card details (this information is stored on Stripe) and whether you are a UK tax payer so that we can claim Gift Aid (please rest assured we do not collect information about your actual tax payments, just whether you are a tax payer).
We collect personal information about you when you ask about our activities, register with us (for example, registering to receive charity communications), make a donation to us, volunteer, register for an event, engage with us via social media , play our lottery, order products and services (such as merchandise and email newsletters), or otherwise give us personal information.
If you do nothing other than read pages or download information from our website, we may gather information about this use, such as which pages are most visited and which events or activities are of most interest. This information can be used to help us improve our website and services, and ensure we provide you with the most relevant information and best service. Wherever possible, the information we use for this purpose will be aggregated or anonymised i.e. it will not identify you as an individual visitor to our website. More information can be found in the section below entitled ‘Our Website’.
We do not usually collect sensitive personal information about you unless there is a clear reason for doing so, such as participation in an event where we need this information to ensure we provide appropriate facilities for you. We may collect health information if you tell us about your experiences of the hospice (for example, if you act as a case study for us); however, we will make it clear to you when collecting this information what we are collecting, why and how we will use it.
If you are a patient then the leaflet ‘How we use your information’ will apply as well as this statement.
What is wealth profiling?
The Hospice Charity Partnership is extremely grateful for donations of any size. A large quantity of our income comes from our wonderful community of supporters; from bake sales, to participation in fundraising events, gifts to our appeals, or in memory of loved ones, gifts from companies or Trusts and Foundations, customers at our retail shops, lottery members and gifts in wills. All of this support enables us to keep providing the support we deliver to families in our area.
Some people are in the fortunate position of being able to make large gifts and are kind enough to consider doing so. It is important for us to be able to identify which of our supporters might be able to help in this way and to develop a personal relationship with them in a way which suits the supporter.
As a fundraising organisation, we may occasionally undertake in-house research and from time to time engage specialist agencies such as Prospecting for Gold to gather information about you from publicly available sources, for example, Companies House, the electoral register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers and news archives.
We may also carry out wealth screening to fast track the research using our trusted third party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. We also use publicly available sources to carry out due diligence on donors in line with our charity’s Gift Acceptance Policy and to meet money laundering regulations.
This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you.
We believe that supporting charities is rewarding for donors and that it is important that we make people aware of opportunities to help fund the work of The Hospice Charity Partnership. Acknowledging the benefit to both supporters and the charity of such philanthropic relationships we are proud to ask for larger sums in the right way, and at the right time, from those who we identify and who then indicate that they may wish to help us with big gifts.
We pride ourselves on protecting your data and therefore advise that your data will not be shared with any third parties. In order to protect our supporters, no public acknowledgement will be disclosed if any large gifts are given (e.g. publishing people’s names etc. unless consent has been given for us to do so).
3. Credit and debit card payment information
If you use your credit/debit card to donate to us, buy something or make a booking online, we pass your credit/debit card details securely to our payment processing partners, Stripe, as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard and do not store the details on our website or our database.
We do not store your credit or debit card details anywhere following the completion of your transaction.
In addition to using Stripe, PayPal may also be used to processes some credit card transactions. All card details and validation codes are entered directly into Paypal via the charity website or during a telephone card transaction. Only those staff authorised to process payments will enter your card details.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
4. Why do we collect and how do we use your information?
We may collect your personal information for a number of reasons, such as:
- To provide you with the services, products or information you have requested.
- To process any donation(s) we may receive from you.
- To ask you to help us raise money or donate money to our organisation.
- To provide you with information about our work or our activities.
- To send you the items you have ordered through our shop.
- To invite you to participate in surveys or research.
- For administration purposes e.g. we may contact you about a donation you have made or event you have expressed an interest in or registered for.
- For internal record keeping, such as the management of feedback or complaints.
- To analyse and improve the services we offer.
- To provide you with details of any prizes you win in our lottery or raffles.
- To check on your preferences from time to time to ensure they are up to date.
- Where it is required or authorised by law and,
- Assessing your personal information for the purposes of credit risk reduction or fraud prevention (regrettably, some people target charities for illegal purposes such as money laundering and, quite rightly, we are required to monitor financial activity and report suspected fraud to the appropriate authorities).
For the purposes of crime prevention and detection only, CCTV systems are installed at both of our hospice sites and our shops. CCTV is only used in general areas and access to view is restricted to key individuals.
We may contact you for marketing purposes by postal mail, email, landline telephone, mobile telephone, text or social messaging; in some cases, this will require seeking your permission. We may also send you service communications via email, text or social posting, for example where you place an order for goods or services on our website or if you have made a donation by text.
To comply with our obligations as an organisation, we must take reasonable and appropriate steps to know who our donors are, particularly where significant sums are being donated. This means that we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support whether that is from an individual or organisation. This will help to give assurance that the donation is not from an inappropriate source and to safeguard our reputation. This does not mean that we will question every donation nor that we will research lots of personal and other details about every donor. Any information we do collect for this purpose will only consist of what is necessary for us to meet these requirements and will be processed in line with your rights. See Section 13 below for information about your rights.
It is your choice about the type of communications and information you receive about our organisation and the ways in which you can get involved. You can change your mind at any time by contacting The Hospice Charity Partnership.
We will not use your information for marketing purposes if you have asked us not to. However, we will retain your details on a suppression list to help ensure we do not continue to contact you.
Your information may be used to ensure that The Hospice Charity Partnership complies with the Fundraising Regulator’s Code of Fundraising Practice which stipulates that we must take steps to assess and manage risks to our work and reputation with regard to certain levels of donation. More details can be found at www.fundraisingregulator.org.uk
5. Information sharing and disclosure
We will not sell or swap your information with any third party.
We may share your information with our data processors. These are trusted partner organisations that work with us in connection with our charitable purposes and other entities that act as fundraisers for us, sell our products or provide us with information and marketing (subject to your communication preferences and our internal policies and procedures). All our trusted partners are required to comply with data protection laws and our high standards, and are only allowed to process your information in strict compliance with our instructions. We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance.
We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example to the police or a government body) to enable us to enforce or apply our terms and conditions or rights under an agreement, or to protect us, for example, in the case of suspected fraud or defamation.
We do not share your information for any other purposes.
Certain third-party organisations collect data on our behalf as well as for their own use. We may receive your personal details from third-party organisations for our marketing purposes where you have consented for this information to be shared.
6. The accuracy of your information
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible.
7. Under 16s
If you are aged 16 or under and would like to participate in an event, make a donation or get involved with us, please make sure that you have your parent/guardian’s permission before giving us your personal information. When we collect information about a child or young person, we will make clear the reasons for collecting this information and how it will be used.
8. Vulnerable circumstances
We recognise the importance of protecting our vulnerable supporters and follow the guidance issued by the Institute of Fundraising on treating donors fairly. We believe this helps to support our staff and fundraisers who come into contact with supporters in providing high-quality customer care and in ensuring anyone donating to the organisation is in a position to make a free and informed decision. Access the Institute of Fundraising’s website for more guidance: www.ciof.org.uk
9. Storing your information
We will keep your information for as long as required to enable us to operate our services but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
The Hospice Charity Partnership follow the NHS Digital Records Management Code of Practice for Health and Social Care 2021.
10. Our websites
For all areas of our websites which collect personal information we use a secure server. Although we cannot 100 per cent guarantee the security of any information you transmit to us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.
With cookies, the information we collect and share is anonymous and does not personally identify you. It does not contain your name, address, telephone number or email address.
What is a cookie? A cookie is a small file of letters and numbers that we may put on your computer or mobile device when you access our website. These cookies allow us to distinguish you from other users of the website helping us to provide you with a good experience when you browse the website and also allow us to improve our site. For example, they will tell us whether you have visited our site before or whether you are a new visitor.
12. Your rights
You have the right:
- To ask us to stop processing your personal data and, if it’s not necessary for the purpose you provided it to us (e.g. processing your donation or registering you for an event), we will do so.
- To ask for a copy of the personal information we hold about you. We will provide this information within one month of receipt of the request. For complex or numerous requests this period may be extended by up to a further two months. If this is the case we will inform you within one month of receipt of the request as to why the extension is necessary. A fee may be charged for excessive or repetitive requests or further copies of the same information.
- To ask us to delete/remove all information we hold about you. In some circumstances we can refuse to carry out this request – e.g. if we require your data in order to fulfil a legal obligation (e.g. Gift Aid) or if the data is processed to exercise the right of freedom of expression and information (e.g. safeguarding or complaints). If this is the case we will advise you as to why we cannot comply with your request.
- To block/suppress the processing of your personal data. In these circumstances we are permitted to store your data but stop any further processing/use of it.
- Update or amend the information we hold about you if it is wrong.
- Change your communication preferences at any time.
- Raise a concern or complaint about the way in which your information is being used.
If you wish to find out more about these rights, or obtain a copy of the information we hold about you, please contact us at:
John Taylor Hospice
Birmingham St Mary’s Hospice
Data Protection Officer
76 Grange Road
Call: 0121 465 2000
Data Protection Officer
176 Raddlebarn Road
Call: 0121 472 1191
13. Privacy queries
If you have any questions or queries about this Privacy and Data Protection Statement, please contact our Data Protection Officer using the above address and contact details.
Facebook has tags on some pages of our website which allows them to collect information about pages you’ve visited on our website, they will then serve you advertising on Facebook based on this information.
We share with Facebook the email addresses of people who have registered to take part in one of our major fundraising events, such as Chocolate 5K, Enchanted Walk and Ride the Reservoir for example. The emails are used by Facebook to define a type of audience, and then Facebook will serve adverts to people that match that type of audience – but not (necessarily) the people in the original email file. We do this to increase registrations to our events and to raise more funds to ensure we can keep our care free of charge for patients.
If you register to take part in an event, or wish for us to contact you through email, we may send your email address to Facebook who will serve you content relevant to your original interest for example if you signed up to a challenge event last year you may see information about upcoming challenge events.
We use Facebook Saved Audiences to remember which supporters on Facebook are most likely to respond to our fundraising, campaigning and marketing requests.
Google Analytics does not collect any personal information such as your name, address or contact details. All the information collected is anonymous.
We use Google Analytics to analyse the use of our websites. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on your computer. Although these cookies are not essential to the core function of the website, they are useful in enabling the charity to raise money through the website and to spend our supporters’ money more effectively by making informed decisions on how best to improve our website.
For more information about how to stop Google Analytics across all websites you access please visit https://tools.google.com/dlpage/gaoptout?hl=en
15. Your medical and personal information
The Hospice Charity Partnership takes seriously the need for confidentiality and safeguarding of personal information and the vitally important aspect of trust in a professional caring relationship. We also recognise the importance of sharing medical information about people in our care in order to prevent harm caused by not sharing information appropriately with other health and social care professionals. The information you give us may be recorded on both computer and paper records and we share your information with authorised health professionals following an accepted referral, for the purposes of delivering safe, high-quality care. These will include (list not exhaustive):
- General Practitioners (GPs)
- Community Nursing and Integrated Care Teams
- Macmillan nurses
- Colleagues at NHS hospitals
- Birmingham City Council
- Mental health services
- Charity volunteers (information given to volunteers is on a strict ‘need to know basis’ to ensure your safety and theirs)
All members of staff employed by these bodies are bound by legislation and by the Common Law Duty of Confidentiality which means that information that you provide to us must be held in confidence and not shared with anyone else unless:
- They are legally obliged to disclose the information to another organisation or person.
- You provide consent to share the information with anyone else.
- Protocols are in place permitting partners to share information about you to support any intervention or service you provide.
You should tell us if you would prefer us not to share your information.
Your medical information may also be used to support clinical audit, education or other work aimed to monitor the quality of care provided. However, all personal identifiers are removed to ensure confidentially and anonymity. We also keep the contact details of bereaved family members so that we can send a card when someone has died – and so we can invite them to memorial or other events in the future. Tell us if you would like to opt out of this further support and contact.
We are happy to give you copies of all written communications to GPs or others. Please tell us if you would like this. Your personal data will be held in secure conditions for eight years. Under the Data Protection Act and General Data Protection Regulation you have the right to request a copy of your information. Speak to a member of staff if you would like to do this.
The Hospice Charity Partnership is committed to data protection and we have safeguards in place to ensure your information is properly looked after in line with current legislation, NHS codes of practice and professional codes of conduct.
If you have any concerns regarding the use of your medical or personal information, or for any further information, please speak to a member of the clinical team.
In accordance with NHS guidance, The Hospice Charity Partnership has an appointed Caldicott Guardian; a senior member of staff responsible for protecting patient confidentiality and enabling appropriate sharing. The sharing of sensitive personal information is strictly controlled by law. We will consult you before information about you is shared to ensure we act with your consent. If you are unable to consent for any reason, we will only share information where it is in your best interests to do so.