Privacy Notice and Security Policy
This policy applies to our website, use of emails, phone and text messages for marketing purposes, and any other methods we use for collecting information. It covers what we collect and why, what we do with the information, what we will not do with the information, and what rights you have.
What is personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address.
The policy in brief
It is important that you read the full policy to understand what information we hold, how we may use it, and what your rights are – but if you do not have time to read it all now, here is a brief summary:
- We collect information that is either personal data (as outlined above) or non-personal data (such as IP addresses, pages accessed etc).
- We collect information about the patients and families we care for, supporters, volunteers and employees.
- We collect information to provide services or goods, to provide information, to fundraise for essential work, to employ staff, for administration, profiling, analysis, and for the prevention/detection of crime.
- We only collect the information that we need or that would be useful to us in our quest to provide the best possible service.
- We do our very best to keep personal information secure, wherever we collect personal data online.
- We never sell your data and we will never share it with another company or charity for marketing purposes.
- We only share data where we are required by law or with carefully selected partners who do work for us. All our partners are required to treat your data as carefully as we would, to only use it as instructed, and to allow us to check that they do this.
What information do we collect and why?
We will only ever collect the information we need – including data that will be useful to help improve our services. We collect two kinds of information:
- personal information such as name, postal address, phone number, email address, date of birth or information about your reason for using the hospice’s services if you are a patient or client.
- non-personal information such as IP addresses (the location of the computer on the internet), pages accessed and files downloaded. This helps us to determine how many people use our sites, how many people visit on a regular basis, and how popular our pages are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our service.
We collect this information in connection with specific activities, such as newsletter requests, feedback, donations, competition entries etc. The information is either needed to fulfil your request or to enable us to provide you with a more personalised service.
What do we do with the information?
We will use the information you provide to:
- provide legitimate medical and support services
- fulfil your requests – such as applications, donations, competition entries, participation in campaigns and provision of information
- process sales transactions, donations, or other payments and verify financial transactions
- identify visitors and contributors
- record any contact we have with you
- prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf
- communicate with our supporters and customers
- if you have agreed to it, provide you with information that we think may be of interest to you.
Sensitive Personal Information
Sensitive personal information is sometimes referred to as ‘special categories of personal data’ or ‘sensitive personal data’. The Hospice may from time to time need to process sensitive personal information. We will only process sensitive personal information if we have a lawful basis for doing so, e.g. it is necessary for the performance of the employment contract, to comply with the Hospice’s legal obligations or for the purposes of the organisation’s legitimate interests; and one of the special conditions for processing sensitive personal information applies, e.g.:
- the data subject has given has given explicit consent;
- the processing is necessary for the purposes of exercising the employment law rights or obligations of the Company or the data subject;
- the processing is necessary to protect the data subject’s vital interests, and the data subject is physically incapable of giving consent;
- processing relates to personal data which are manifestly made public by the data subject;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for reasons of substantial public interest
Using your information for marketing
If we are holding your details on our Fundraising database in May 2018 we will write to tell you that we are doing so and give you the option to opt out. If we do not hear from you, we will continue to hold your details. We may write to you to keep you informed of the valuable work we are doing. If you do not wish to receive communications in this way you can opt out by phoning 01527 871051, emailing firstname.lastname@example.org or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.
We will only send you marketing information by phone, text or email if you have given us specific ‘opt-in’ consent to do so and have agreed that we can communicate with you in this way. If you do not wish to receive communications in this way you can opt out by phoning 01527 871051, emailing email@example.com or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.
As of 25 May 2018, only those people who have opted in will receive these electronic communications. If you want to receive this information but have not opted in, you can do so by phoning 01527 871051, emailing firstname.lastname@example.org or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.
Sharing your information
We will only share your information if:
- We are required to do so to provide the medical or support services you require
- We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
- We believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or websites
We are working with carefully-selected partners that carry out work on our behalf. These partners may include NHS services and related support services, mailing houses, marketing agencies and IT specialists. The kind of work we may ask them to do includes sending postal mail, emails and text messages and processing card payments. We only choose partners we can trust. We will only pass personal data to them if they have agreed to:
- abide by the requirements of the Data Protection Act and General Data Protection Regulation
- treat your information as carefully as we do
- only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation)
- allow us to carry out checks to ensure they are doing all these things.
Storing your information
Information is stored by us on computers located in the UK. We may transfer the information to other offices and to other reputable third party organisations as explained above – they may be situated inside or outside the European Economic Area. We may also store information in paper files.
We place a great importance on the security of all personally identifiable information associated with our patients, clients, staff, supporters, customers and users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. For example, only authorised personnel are authorised to access user information and we use secure methods to encrypt financial and personal information. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this.
Unfortunately, the transmission of data across the internet is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
We will keep your information only for as long as we need it to: meet statutory requirements, provide you with the services or information you have required, to administer your relationship with us, or to ensure we do not communicate with people that have asked us not to. When we no longer need information we will always dispose of it securely, using specialist companies if necessary to do this work for us.
What we don’t do with your information
We never sell or share your information to other organisations to use for their own purposes.
The Data Protection Act gives you certain rights over your data and how we use it. These include:
- the right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- the right to prevent your data being used for direct marketing
- the right of access to a copy of the information we hold about you (known as a subject access request)
If you wish to exercise any of these rights please The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.
For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at ico.org.uk.
What are ‘cookies’?
Do I have to agree to cookies?
If you prefer not to accept a cookie, you can navigate the website like a normal user. You can switch off cookies in your web browser if they do not want to be tracked.
Where can I get more information?
Further information about cookies can be found at on the ICO website www.ico.org.uk
Some of the services we offer are aimed specifically at children (for example our Bereavement Support Services) and to deliver these services safely it is necessary for us to collect data and store it on our database. Before we collect data from anyone under 18 we will always obtain the permission of a parent or guardian before registering with us.
It is our policy not to request donations from children under 18.
Links to third party websites
Social media sites
If you have any questions about this policy or how We use data please contact the Data Protection Officer at email@example.com or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.