Donors, fundraisers, prize draw players, education and retail customers
Last year we cared for and supported over 4,900 people across the county, thanks to the generosity of people in our community like you, who help us to raise vital funds each year. We take your privacy seriously and are committed to protecting personal information that you share with us or allow other organisations to give to us.
This Privacy Notice explains what information we collect about you primarily for fundraising purposes, how we use it, store it, including how long we retain it and with whom and for what purpose we may share it.
Who are we?
St Margaret’s Hospice Care has been at the heart of Somerset’s community for over 40 years, delivering high quality, responsive and compassionate care to patients and their families and friends facing a life-limiting illness.
We are a charity (reg. charity no. 279473), governed and regulated by the following bodies: The Fundraising Regulator, Care Quality Commission, the Charity Commission and Gambling Commission. St Margaret’s also has the following subsidiaries: St Margaret’s Hospice Retail Ltd (Company Registration Number 7204857), Hospice Funerals Trading Ltd (Company Registration Number 10953084). We are also registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z5135098.
What personal information do we collect about you?
The information we ask you for depends on your reason for interacting with us. We will need to collect relevant details so we can administer your request. For example if you:
- make a donation or set up a regular gift
- would like us to claim gift aid on your donation
- register for a fundraising or education event
- purchase goods for delivery
- play our weekly lottery prize draw or
- donate stock to one of our shops and you want us to claim gift aid.
The type of information we may collect includes your:
- title, name, address
- date of birth, gender
- email address
- phone number
- payment details including credit, debit card and bank account details
- Images captured on CCTV security systems operating on our premises.
Where appropriate we may also ask for:
- information relating to your health, for example if you are taking part in a high risk event or sharing your story of care with us; or
- why you are making a donation to us; in particular whether you are donating in memory of someone who was cared for by us and your relationship with that person.
When we collect your information for fundraising purposes, we will also explain to you that we will keep in touch by post and phone to tell you about our work and ways you can support us. We ask your permission to send marketing emails, and only contact you by email for this purpose if we have your explicit consent to do so.
If you donate goods to our shops, and want us to collect gift aid we will contact you by email or letter in line with HMRC requirements.
You can let us know if you don’t want to hear from us at any time by emailing firstname.lastname@example.org or writing to us at St Margaret’s Hospice Care, Little Tarrat Lane, Yeovil BA20 2HU.
Supporters under the age of 18
If you are a child (under 18), and have participated in a fundraising event, where there are no age restrictions, or made a donation to the hospice, you are entitled to the same rights as adult hospice supporters. We collect the same type of information about you as we do for over 18s, process it for the same reasons and hold your information in the same way. Your information is held with the consent of your parents/guardian and with your consent. Your details are kept securely with restricted access and handled with the greatest respect for privacy.
How do we collect / obtain your personal information?
We collect information in different ways:
1. You give us your information directly:
When you make a donation, register for an event or course, join our weekly prize draw, sign up to gift aid when you donate goods or book a collection, purchase merchandise or items for delivery, volunteer, or share your story with us, we will collect details that enable us to process or administer our relationship with you.
2. You give us your information indirectly:
Sometimes the information will come via an organisation working on our behalf (e.g. a professional fundraising agency), but we will be responsible for your information at all times. We may also receive information about you from event organisers like the London Marathon or online fundraising sites like JustGiving or Virgin Money Giving, but they will only pass this information on if you have given them permission to do so. You may also agree to let a friend or colleague give us your details when registering you for an event.
If you set up a standing order or direct debit, your bank or the direct debit payment processor (e.g. Rapidata) will send us enough details to be able to process or administer your donation.
Universities give us your information if you are undertaking courses with us.
3. You give us information via social media
4. Publicly available information
We may also combine data that we already have about you with information available publicly or from external sources in order to gain a better understanding of you and to improve our fundraising methods, products and services. This includes publicly available information to identify individuals who may be interested in giving major gifts to charities or organisations like ours.
Why do we collect and process your personal information?
We may contact you to tell you about news or events we believe you will be interested in based on your previous interactions with us. At the same time we want to ensure you enjoy a first class experience when dealing with us and are kept informed about how your support is having an impact.
We may use your information to:
- provide you with the services, products or information you asked for;
- update you on and process your gift aid, this can be through the retail app if you have downloaded it;
- administer your donation or support your fundraising, including processing gift aid, credit and debit card payments;
- process standing order or direct debit payments, including weekly prize draw payments;
- keep a record of your relationship with us;
- send updates about how your support is having an impact and how else you can get involved; or
- manage how you want to hear from us or how we keep in touch with you
- ensure health, safety and security on our premises.
We will contact you primarily by post or phone. We will contact you by email if you have given your permission for us to do so. You can opt out from receiving marketing information from us at any time.
What is our legal basis for processing your information?
We will only use your information where we have a legal basis to do so. The primary legal basis we rely on to process your information for fundraising purposes is ‘legitimate interest’.
Legitimate interest - Article 6 of the GDPR states ‘the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests’.
Our use of your information must be fair and balanced to ensure we consider your rights and interests as an individual and we communicate with you about things we legitimately feel will be of interest to you. We will only use your information in a way and for a purpose you would reasonably expect in accordance with this notice.
St Margaret’s will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities.
Are there other legal grounds that we can process your personal information under?
While legitimate interest is our primary legal basis for processing your personal information, there are other legal grounds we may use to process your personal information include:
Legal obligation – Article 6 of the GDPR states ‘the processing is necessary for you to comply with the law (not including contractual obligations), we are required to retain the audit trail for any gift aid indefinitely. Or if you have an accident at an event we have a duty to maintain records for any legal claim.
Contract – Article 6 of the GDPR states ‘the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract’ such as, you sign up to play our hospice weekly prize draw, purchase merchandise through an online store or sign up for a fundraising or education event or course.
Consent – Article 6 of the GDPR states ‘the individual has given clear consent for you to process their personal data for a specific purpose’. Such as, we will only email about our fundraising activities if we have an accurate record of your recent and freely given consent to do so. You may withdraw consent at any time.
In exceptional circumstances we may process your information when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. This includes legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or for the purpose of establishing, exercising or defending legal rights. We will always do our best to notify you of this sharing.
In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.
What would happen if we did not collect and process your personal information?
If we were unable to collect and process your personal information we would not be able to communicate with you or perform many of the functions critical to the hospice. We would be unable to:
- process donations or purchase merchandise by card;
- acknowledge your support and thank you for your donations;
- register you to participate in our events or courses;
- send you details about the hospice, our activities, progress and news in general;
- claim gift aid from supporters who would like us to; or
- deliver or collect furniture purchased or donated.
How else do we use your information?
We also use your information to enable us to run our charity effectively, helping us to provide and improve our services. We may analyse or profile supporters on our database to ensure our communications are relevant and timely. We may analyse geographic, demographic and other information such as your previous support for the hospice, to better understand your interests and preferences; this may include wealth screening.
By looking at how certain groups of supporters like to engage with us or how they have gone on to support us in different ways, we can plan and target our resources effectively and aim to grow support for the hospice. This enables us to raise sufficient funds, more cost-effectively which ultimately helps us fulfil our charitable aims.
What do we do with any personal information that is provided by third parties?
Sometimes your information may be shared with us by third parties including:
- professional fundraising agencies, such as those we use to help recruit players for our weekly prize draw;
- independent event organisers, such as the London Marathon or fundraising sites like Just Giving or Virgin Money Giving where you’ve signed up with them directly;
- direct debit payment processors like Rapidata, so we can administer your donations; or
- universities when you book a course through them.
We may also receive information about you from subcontractors acting on our behalf who provide us with technical, payment or delivery services, and from business partners, advertising networks and search/analytics providers used on our website.
Sharing your story
You may choose to tell us about your experience of St Margaret’s Hospice to help further our work. This may include you offering to share your story with the media or to support fundraising campaigns. Often this involves sharing sensitive personal information relating to your health and family life in addition to your standard contact information.
This information will be treated with strictest confidence. It will only be made public (through media work, at events, in materials promoting our fundraising work, or in documents such as our Impact Report) if you or your parent or guardian, if you are under 16, have explicitly agreed to this and completed our consent form.
How long do we retain your personal information for?
Information is retained depending on its nature and original purpose. In most cases it is kept for a minimum of seven years, if it has financial information connected with it, such as, a donation, payment for a service or direct debit mandate. If you have completed a gift aid declaration, HMRC require us to keep a record of your gift indefinitely.
Records held for fundraising activities may be kept for up to 10 years after our last communication with a donor. Holding records for longer means we can communicate with donor’s in the future about relevant campaigns such as capital appeals, which often happen decades apart. We will therefore retain your personal information for up to 10 years unless you explicitly ask us to remove it.
Education course records at degree level are retained for a minimum of seven years, all other records are retained for a minimum of two years.
Records are removed or archived confidentially once their retention period has been met and we have made the decision that the records are no longer required. This is in line with our Records and Document Management Policy which sets out the appropriate length of time each type of record is retained.
Removed electronic records may still exist within an organisation but will be put ‘beyond use’. Beyond use means it has been deleted from systems used by the organisation with no intent to use it again, however that it may exist in some form in the electronic ether, such as IT service backups or archives.
Who do we share your personal information with and why?
On occasions we may need to share your personal information with organisations that work on our behalf or supply us with services that enable us to carry out our work, and where we have a legal obligation to do so.
When we run an event in partnership with another organisation we may need to share your details with them. You will always be informed if this is the case when you register for the event. Where we need to use third party organisations to facilitate our business operations or process personal information on our behalf, such as a mailing house or a printer. Companies we work with will have appropriate sharing documents or agreements in place. Companies include but may not be limited to:
- Access – processes direct debits on our behalf
- HMRC – reserves the right to inspect our gift aid files and claim procedures
- Engage and Connect – employ weekly prize draw and regular giving fundraisers on our behalf
- Donorflex – provides the software for our fundraising database
- Eproductive – provides the software for our retail database, runs our retail app, and supports our gift aid processing
- A to B logistics and Instore – deliver goods purchased from our shops
- Combase – weekly prize draw players’ information is stored securely on St Margaret’s own server using password protected lottery management software (Combase) for the purpose of maintaining players’ records and running the draws. Lotteries are age restricted, therefore, to comply with the Gambling Commission’s licence conditions, we require your date of birth to verify your age
- Professional fundraisers – such as Ethicall who undertake occasional marketing and fulfilment activities on our behalf
- Dotdigital – email mailing platform
If you submit your personal details to us via our website your information is stored on our secure servers. If you donate via our website, your bank account and payment card details are not stored on our websites, but are processed and stored by the following payment providers: Stripe for debit/credit cards and Rapididata for direct debits.
We sometimes use information screening companies to make sure that we do not contact people inappropriately. These companies may use information from publicly available sources to fulfil their services (such as death records) as well as checking against opt out services such as the Telephone Preference Service and Fundraising Preference Service.
On occasions we also use data profiling companies to compare our database or sections of our database with geodemographic information. We may use this information to make decisions about the communications we send to donors or the events we invite them to. Occasionally we may use data cleansing companies to remove duplicate and incomplete records from our database. We do this to limit waste of resources, ensure our communications reach the people who want to hear from us and maintain the accuracy of our data. We may occasionally also share information with telemarketing agencies for outbound fundraising and stewardship calling.
We have information processing agreements or arrangements in place with all of these companies to ensure your information is kept securely, not sold to others and is deleted as soon as the processing activity is finished.
We will never sell or rent your information to any third party or share it with any third party for marketing purposes.
How do we maintain your records?
We hold and process your information in accordance with the Data Protection Act 2018. In addition, everyone working for St Margaret’s Hospice Care comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.
We take the security of your information seriously. We have internal policies and controls in place to ensure your information is not lost, accidentally destroyed, misused or disclosed, and is only accessed by individuals in the performance of their duties.
Information is retained in secure electronic and paper records and access is restricted to only those who need to know.
Use of email or messaging service - Some services provide the option to communicate via email or messaging service. Please be aware that the hospice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.
What are your rights?
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 give you certain rights over your information and how we use it. This includes:
- the right to be informed about the information we hold about you
- the right to have access to the information we hold on you, known as a data subject access request
- the right to request the correction of inaccurate or incomplete information in our records
- the right to restrict our processing of your personal information in certain circumstances.
- the right to request that your information be deleted or removed where there is no need for us to continue processing it in certain circumstances (we may need to retain your information for a specified period to comply with our legal obligations)
- the right to obtain a copy of your personal information in a portable format so you can reuse it in certain circumstances
- the right to object to your information being used in certain circumstances, such as, for marketing purposes.
We will consider each request in accordance with all applicable Data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature. All requests will be actioned and completed at the latest within one calendar month of receipt. Where a request is noted as complex, then this period may be extended by up to a further two calendar months. If this is the case we will inform you within the first month that this has been determined and the basis on which the decision has been made.
You can change your marketing preferences at any time by calling us on 01935 709485, emailing email@example.com or writing to us at St Margaret’s Hospice Care, Little Tarrat Lane, Yeovil BA20 2HU.
You can also opt out/give or withdraw consent to receiving email communications by contacting us using the details above or if you have a website account login here.
Please note that if you donate goods to our shops, and want us to collect gift aid, we will need to contact you by email, in line with HMRC guidelines and or requirements.
Withdrawing your consent to marketing communications does not mean we will never contact you. We may need to talk to you about administrative matters in order to process a transaction or for another business or legal reason. However, we recommend that if you wish to stop any further marketing contact from us, you let us know that you do not want to hear from us. We want to ensure all information we hold about you is accurate and up to date so please do let us know if anything changes.
How can I raise a complaint, exercise a right or ask a question on how my information is used
Please contact us if you have any questions about this privacy notice or the information we hold about you. Contact our Data Protection Officer via firstname.lastname@example.org or call 01823 333822, or write to St Margaret's Hospice, Heron Drive, Taunton, TA1 5HA.
If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter.
How to contact the Information Commissioners Office?
The Information Commissioner’s Office (ICO) is the body that regulates organisations, including charities under Data Protection legislation.
If you believe your privacy rights have been violated, you may file a complaint with us. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law you can complain to the ICO at:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national)