Privacy Policy

Privacy Notice and Security Policy

This policy applies to our website, use of emails, phone and text messages for marketing purposes, and any other methods we use for collecting information. It covers what we collect and why, what we do with the information, what we will not do with the information, and what rights you have.

What is personal data?

Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address.

The policy in brief

It is important that you read the full policy to understand what information we hold, how we may use it, and what your rights are – but if you do not have time to read it all now, here is a brief summary:

  • We collect information that is either personal data (as outlined above) or non-personal data (such as IP addresses, pages accessed etc).
  • We collect information about the patients and families we care for, supporters, volunteers and employees.
  • We collect information to provide services or goods, to provide information, to fundraise for essential work, to employ staff, for administration, profiling, analysis, and for the prevention/detection of crime.
  • We only collect the information that we need or that would be useful to us in our quest to provide the best possible service.
  • We do our very best to keep personal information secure, wherever we collect personal data online.
  • We never sell your data and we will never share it with another company or charity for marketing purposes.
  • We only share data where we are required by law or with carefully selected partners who do work for us. All our partners are required to treat your data as carefully as we would, to only use it as instructed, and to allow us to check that they do this.

What information do we collect and why?

We will only ever collect the information we need – including data that will be useful to help improve our services. We collect two kinds of information:

  • personal information such as name, postal address, phone number, email address, date of birth or information about your reason for using the hospice’s services if you are a patient or client.
  • non-personal information such as IP addresses (the location of the computer on the internet), pages accessed and files downloaded. This helps us to determine how many people use our sites, how many people visit on a regular basis, and how popular our pages are. This information doesn’t tell us anything about who you are or where you live. It simply allows us to monitor and improve our service.

We collect this information in connection with specific activities, such as newsletter requests, feedback, donations, competition entries etc. The information is either needed to fulfil your request or to enable us to provide you with a more personalised service.

We may also use cookies on our website (please see below).

What do we do with the information?

We will use the information you provide to:

  • provide legitimate medical and support services
  • fulfil your requests – such as applications, donations, competition entries, participation in campaigns and provision of information
  • process sales transactions, donations, or other payments and verify financial transactions
  • identify visitors and contributors
  • record any contact we have with you
  • prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf
  • communicate with our supporters and customers
  • if you have agreed to it, provide you with information that we think may be of interest to you.

Sensitive Personal Information

Sensitive personal information is sometimes referred to as ‘special categories of personal data’ or ‘sensitive personal data’.  The Hospice may from time to time need to process sensitive personal information. We will only process sensitive personal information if we have a lawful basis for doing so, e.g. it is necessary for the performance of the employment contract, to comply with the Hospice’s legal obligations or for the purposes of the organisation’s legitimate interests; and one of the special conditions for processing sensitive personal information applies, e.g.:

  1. the data subject has given has given explicit consent;
  2. the processing is necessary for the purposes of exercising the employment law rights or obligations of the Company or the data subject;
  3. the processing is necessary to protect the data subject’s vital interests, and the data subject is physically incapable of giving consent;
  4. processing relates to personal data which are manifestly made public by the data subject;
  5. the processing is necessary for the establishment, exercise or defence of legal claims; or
  6. the processing is necessary for reasons of substantial public interest

Using your information for marketing

If we are holding your details on our Fundraising database in May 2018 we will write to tell you that we are doing so and give you the option to opt out.  If we do not hear from you, we will continue to hold your details.  We may write to you to keep you informed of the valuable work we are doing.  If you do not wish to receive communications in this way you can opt out by phoning 01527 871051, emailing or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.

We will only send you marketing information by phone, text or email if you have given us specific ‘opt-in’ consent to do so and have agreed that we can communicate with you in this way.  If you do not wish to receive communications in this way you can opt out by phoning 01527 871051, emailing or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.

As of 25 May 2018, only those people who have opted in will receive these electronic communications. If you want to receive this information but have not opted in, you can do so by phoning 01527 871051, emailing or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.

Sharing your information

We will only share your information if:

  • We are required to do so to provide the medical or support services you require
  • We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
  • We believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or websites

We are working with carefully-selected partners that carry out work on our behalf. These partners may include NHS services and related support services, mailing houses, marketing agencies and IT specialists. The kind of work we may ask them to do includes sending postal mail, emails and text messages and processing card payments. We only choose partners we can trust. We will only pass personal data to them if they have agreed to:

  • abide by the requirements of the Data Protection Act and General Data Protection Regulation
  • treat your information as carefully as we do
  • only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation)
  • allow us to carry out checks to ensure they are doing all these things.

Storing your information

Information is stored by us on computers located in the UK. We may transfer the information to other offices and to other reputable third party organisations as explained above – they may be situated inside or outside the European Economic Area. We may also store information in paper files.

We place a great importance on the security of all personally identifiable information associated with our patients, clients, staff, supporters, customers and users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. For example, only authorised personnel are authorised to access user information and we use secure methods to encrypt financial and personal information. While we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to try to prevent this.

Unfortunately, the transmission of data across the internet is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.

We will keep your information only for as long as we need it to: meet statutory requirements, provide you with the services or information you have required, to administer your relationship with us, or to ensure we do not communicate with people that have asked us not to. When we no longer need information we will always dispose of it securely, using specialist companies if necessary to do this work for us.

What we don’t do with your information

We never sell or share your information to other organisations to use for their own purposes.

Your rights

The Data Protection Act gives you certain rights over your data and how we use it. These include:

  • the right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
  • the right to prevent your data being used for direct marketing
  • the right of access to a copy of the information we hold about you (known as a subject access request)

If you wish to exercise any of these rights please The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.

For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at


What are ‘cookies’?

In simple terms a cookie is a small piece of information sent from our website to your computer to help us recognise it quickly. We use cookies to help improve the offering and deliver a better service to each visitor. Any information gathered through the use of cookies is compiled on an aggregate, anonymous basis.

Do I have to agree to cookies?

If you prefer not to accept a cookie, you can navigate the website like a normal user. You can switch off cookies in your web browser if they do not want to be tracked.

Where can I get more information?

Further information about cookies can be found at on the ICO website

Children’s data

Some of the services we offer are aimed specifically at children (for example our Bereavement Support Services) and to deliver these services safely it is necessary for us to collect data and store it on our database. Before we collect data from anyone under 18 we will always obtain the permission of a parent or guardian before registering with us.

It is our policy not to request donations from children under 18.

Links to third party websites

Our websites contain links to third party websites that we believe may be of interest to our website visitors. This privacy policy only governs our websites and we are not responsible for the privacy policies that govern third party websites even where we have provided links to them. If you use any link on our website we recommend you read the privacy policy of that website before sharing any personal or financial data.

Social media sites

We operate a number of social media pages (including Facebook and Twitter). Although this policy covers how we will use any data collected from those pages it does not cover how the providers of social media websites will use your information. Please ensure you read the privacy policy of the social media website before sharing data and make use of the privacy settings and reporting mechanisms to control how your data is used.


If you have any questions about this policy or how We use data please contact the Data Protection Officer at or writing to The Data Protection Officer, Primrose Hospice, St Godwald’s Road, Bromsgrove, B60 3BW.

If you would like to download a copy of this Privacy Policy please click here.