Privacy Policy

We take your privacy seriously and are committed to protecting any personal information (your personal data) you share with us or allow other organisations to give us.

This privacy notice explains what information we collect about you, how we use it, store it, including how long we retain it and with whom and for what purpose we may share it.

What personal information do we collect about you?

The information we ask you for depends on your reason for interacting with us. It is important for us to have a complete picture, to assist staff in providing appropriate treatment, care and support plans to meet your individual needs.

If you are referred to one of our clinical or therapeutic services, we collect information related to your healthcare, treatment and support.

If you are a family member, next of kin, friend or carer we may collect your contact information and record your relationship with a patient, or personal information relating to the support or care we offer you.  We will collect information from you or obtain it from other health or social care providers and we share your information with them where necessary to ensure that you receive safe and effective care and support. The information we process about you can exist in a number of formats including paper records, electronic records such as in emails or in our electronic patient health care record, ‘SystmOne’, or voice recordings from our Adviceline.  This information may include:

• Your name, address, phone number, email address, date of birth, NHS number

• The healthcare and treatment records we hold

• Your GP details (plus other healthcare professionals)

• Sensitive information, such as your sexuality, race and ethnic origins, your religion, political opinions or philosophical beliefs, and whether you have a disability, allergies or health conditions

• Incoming and outgoing voice recordings when we speak to you on the phone

• CCTV images recorded on our security systems.

How do we collect / obtain your personal information?

We usually collect information from the professional referring you to our services and other healthcare professionals involved in your care and treatment such as your GP or District Nurse. We also collect information directly from you through consultations and interactions to help us provide your care and support.  Your family, friends or carer may also provide us with your personal information if they get in touch to update us on your welfare.

We may also collect information from your GP and district nursing records through an electronic information sharing system SIDeR where appropriate.

When you are on our premises, your image may temporarily be recorded via our CCTV security system.

Why do we collect and process your personal information?

Your personal information is used for a number of purposes including:

• Information relating to diagnosis, treatment, care and support to inform plans and decisions and ensure the best possible care and support for you.  This will be shared across our multi-disciplinary teams to ensure all our health and social care professionals are up to date with your care and support needs

• Representative (next of kin, family or friend) details to keep in touch.  This is also shared with our fundraising team to enable invitation to memorial events and our spiritual care and bereavement teams to enable an offer of support to be made directly to loved ones

• For medical research and educational purposes.  This will generally be anonymised, other than where you give specific informed consent for your identity to be processed as part of the research

• For planning and improving our services

• For health, safety and security reasons.

What is our legal basis for processing your information?

We will only use your information where we have a legal basis to do so. The legal basis we rely on to process your information for clinical care purpose is ‘public task’.

Public task – Article 6 of the GDPR states ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’ we can process your information where we are carrying out a specific task in the public interest which is laid down by law. Such as, the clinical care and support we provide is in line with the NHS Act 2006 as amended by the Health and Social Care Act 2012.

We process ‘special category’ information such as health or ethnicity.  As patient being cared for by us, we make notes about your health so we can decide how best to care for you.  This purpose meets one the of processing conditions set out in Article 9.2 (h) of the GDPR which states that ‘processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards’.

Are there other legal grounds that we can process your personal information under?

While public task is our primary legal basis for processing your personal information, other legal grounds we may use to process your personal information includes:

Legitimate Interest – Article 6 of the GDPR states ‘the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests’. Such as, if you are a family member or carer, to contact you in case of urgent need or to invite you to memorial events or offer spiritual or bereavement support.  You can ask us to stop processing this information at any time.

Our use of your information must be fair and balanced to ensure we consider your rights and interests as an individual and we communicate with you about things we legitimately feel will be of interest to you. We will only use your information in a way and for a purpose you would reasonably expect in accordance with this notice.

Legal obligation- Article 6 of the GDPR states ‘the processing is necessary for you to comply with the law (not including contractual obligations), such as, under health and safety law our duty of care to you whilst you are on our premises, we ask visitors for their name at reception so we know who is on the premises in the event of an emergency.  If you have an accident we have a duty to maintain records for any legal claim.

Consent – Article 6 of the GDPR states ‘the individual has given clear consent for you to process their personal data for a specific purpose’. Such as, photographs or stories are recorded for education and training or for publications with your consent. You may withdraw consent at any time.

In exceptional circumstances we may process your information when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. This includes legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or for the purpose of establishing, exercising or defending legal rights. We will always do our best to notify you of this sharing.

In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

How else do we need your information?

We also use your information to help us to provide and improve our services and protect the health of the public, this may include:

• Review the care and support we provide to ensure it is of the highest standard and quality, e.g. through clinical audit or service improvement activities, this information is anonymised where practical

• Investigate queries, complaints and legal claims, this information would not be anonymised

• Prepare statistics on our activity and performance, using anonymised information

• Undertake health research using anonymised information. Research requiring personal information would require your specific consent

• Train and educate healthcare professionals using anonymised information, unless you have given specific consent otherwise.

How long do we retain your personal information for?

A minimum of 8 years after the conclusion of treatment, support or death.

Any involvement in clinical research requires records to be retained for a minimum 15 years after the conclusion of treatment or death.

Records are removed or archived confidentially once their retention period has been met and we have made the decision that the records are no longer required. For more information, please request the Records and Document Management Policy which sets out the appropriate length of time each type of record is retained.

Removed electronic records may still exist within an organisation but will be put ‘beyond use’. Beyond use means it has been deleted from systems used by the organisation with no intent to use it again, however it may exist in some form in the electronic ether, such as IT service backups or archives.

Who do we share your personal information with and why?

Appropriate information is shared on a need-to-know  basis with external healthcare and social care professionals and providers to ensure your ongoing care and support.  These include GPs, District Nurses, hospitals, ambulance services, pharmacy service and other organisations involved in or funding your care and support, such as clinical commissioning groups, SIDeR. We have information sharing agreements or arrangements in place with these organisations to ensure your information is kept securely.

We may also share your information to:

• assure and improve the quality of care, treatment and advice

• safeguard children and vulnerable adults from harm

• assist individual’s risk management

• avoid duplication of information gathering

• investigating complaints or actual/potential legal claims

• assist teaching / staff development

• conduct research – specific to data subjects.

We will never sell or rent your information to any third party or share it with any third party for marketing purposes.

What personal information do we collect about you?

We collect and processes a range of information about you. This may include your:

• name, address and contact details, including email address and phone number, date of birth and gender
• qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation
• marital status, next of kin, dependants and emergency contacts
• nationality and entitlement to work in the UK
• medical or health conditions, including any disability for which we need to make reasonable adjustments
• equal opportunities monitoring information, including ethnic origin, sexual orientation, health and religion or belief.

Additional information for employees and volunteers may include your:

• contract terms and conditions
• remuneration, including entitlement to benefits such as pensions or insurance cover
• bank account and national insurance number
• criminal record
• schedule and attendance at work (days of work and working hours)
• periods of leave taken, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave
• disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
• performance assessments, including appraisals, performance reviews and ratings, training undertaken, performance improvement plans and related correspondence.

How do we collect / obtain your personal information?

We collect information in a variety of ways through:

• application forms or CVs
• identity documents such as your driving licence, birth certificate etc
• forms completed by you during your application and at the start or during employment or volunteer role
• correspondence with you, interviews, meetings or other assessments
• CCTV security systems operating on our premises
• Telephone recordings if your role involves providing health care and support.

In some cases we collect information about you from third parties, such as references supplied by former employers or character referees and information from criminal records checks permitted by law.

Information is stored in a range of different places, such as your personnel file, our HR management systems and in IT systems (including the email system).

Why do we collect and process your personal information?

Your information is used for a number of purposes including to:

• Manage the recruitment process, assess and confirm a candidate’s suitability and decide to whom to offer a job
• Respond to and defend against legal claims
• Make reasonable adjustments to the recruitment process for candidates who have a disability, to carry out our obligations and exercise specific rights in relation to employment
• Run recruitment and promotion processes
• Maintain accurate and up-to-date records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights
• Operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace
• Operate and keep a record of performance and related processes, to plan for career development, and for succession planning and workforce management purposes
• Obtain occupational health advice, to ensure we comply with duties in relation to individuals with disabilities, meet obligations under health and safety law and ensure pay or other benefits are received
• Operate and keep a record of types of leave (including sickness absence, maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, ensure we comply with duties in relation to leave entitlement, to ensure pay or other benefits are received
• Ensure effective general HR and business administration
• Provide references on request for current or former employees and volunteers
• Maintain and promote equality in the workplace
• Health, safety and security purposes.

What is our legal basis for processing your information?

We will only use your information where we have a legal basis to do so.  The legal basis we rely on to process your information to enter into an employment or volunteer contract with you is ‘contract’.

Contract – Article 6 of the GDPR states ‘the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract’ such as, when you submit an application for a job, agree to undertake a volunteer role or to pay you in accordance with your contract and to administer allowances and pension entitlements.

We process ‘special category’ information, this is where ‘processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards’. Such as:

• health or medical conditions to carry out employment law obligations, if you have a disabilities and for health and safety purposes
• ethnic origin, sexual orientation, health or religion or belief, for equal opportunities monitoring.

Are there other legal grounds that we can process your personal information under?

While contact is our primary legal basis for processing your personal information, other legal grounds we may use to process your personal information includes:

Legal obligation - Article 6 of the GDPR states ‘the processing is necessary for you to comply with the law (not including contractual obligations), such as, to check an employee’s entitlement to work in the UK, deduct tax, enable you to take periods of leave and comply with health and safety laws with our duty of care whilst you are on our premises. For certain positions we have to carry out criminal records checks to ensure you are permitted to undertake the role.

Consent - Article 6 of the GDPR states ‘the individual has given clear consent for you to process their personal data for a specific purpose’. Such as, equal opportunities monitoring information. Information used for this purpose is anonymised and is collected with the express consent of the individual which can be withdrawn at any time. You can decide whether or not to provide such information and there are no consequences of failing to do so.

Legitimate Interest – Article 6 of the GDPR states ‘the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests’. Such as CCTV in the prevention and detection of crime, safeguarding staff and visitors, ensuring compliance with health and safety procedures.

In exceptional circumstances we may process your information when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. This includes legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or for the purpose of establishing, exercising or defending legal rights. We will always do our best to notify you of this sharing.

In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

What would happen if we did not collect and process your personal information?

You would not be able to undertake your role safely and efficiently and we would not be able to comply with our legal obligations if we did not collect this information.

You have some obligations under your contract to provide us with information. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide us with information in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the information may mean that you are unable to exercise your statutory rights.

How long do we retain your personal information for?

We hold your information for the duration of your employment or volunteering role.  After the end of your contract, employment information is retained for a minimum of 15 years, volunteer information is retained for minimum of 3 years after leaving and only accessed for reference request, subject access requests, or personal injury claims.

Applicant information is retained for a minimum of 6 months.

Records are removed or archived confidentially once their retention period has been met and we have made the decision that the records are no longer required. For more information please see the Records and Document Management Policy which sets out the appropriate length of time each type of record is retained.

Removed electronic records may still exist within an organisation but will be put ‘beyond use’. Beyond use means it has been deleted from systems used by the organisation with no intent to use it again, however that it may exist in some form in the electronic ether, such as IT service backups or archives.

Who do we share your personal information with and why?

Your information is shared internally on a need to know basis, including the HR and recruitment team (including payroll), your line manager, managers in the area you work, on-call managers and IT staff if access to the information is necessary for performance of their roles.

We share your information with third parties to obtain references from employers, employment background checks from third-party providers including criminal records checks from the Disclosure and Barring Service and registration of external training schemes. We may also share your information with third parties in the context of a sale of some or all of our business. In those circumstances the information will be subject to confidentiality arrangements.

We also share your information with third parties that process information on our behalf, in connection with payroll, provision of benefits (such as pension, child care, cycle to work) and occupational health services. We may also make your personal data available to those who provide products or services (such as advisers and payroll administrators). We have sharing agreements or arrangements in place with these organisations to ensure your information is kept securely.’

We share your information where we have a statutory obligation such as, HMRC for tax purposes, Office of National Statistics (ONS) require staff data, Companies House require Trustee details.

Each year we care for around 5,000 people across the county, thanks to the generosity of people in our community like you, who help us to raise vital funds each year. We take your privacy seriously and are committed to protecting personal information that you share with us or allow other organisations to give to us.

This Privacy Notice explains what information we collect about you primarily for fundraising purposes, how we use it, store it, including how long we retain it and with whom and for what purpose we may share it.

What personal information do we collect about you?

The information we ask you for depends on your reason for interacting with us.  We will need to collect relevant details so we can administer your request. For example if you:

• make a donation or set up a regular gift

• would like us to claim gift aid on your donation

• register for a fundraising or education event

• purchase goods for delivery

• play our weekly lottery prize draw or

• donate stock to one of our shops and you want us to claim Gift Aid.

The type of information we may collect includes your:

• title, name, address

• date of birth, gender

• email address

• phone number

• payment details including credit, debit card and bank account details

• Images captured on CCTV security systems operating on our premises.

Where appropriate we may also ask for:

• information relating to your health, for example if you are taking part in a high-risk event or sharing your story of care with us; or

• why you are making a donation to us; in particular whether you are donating in memory of someone who was cared for by us and your relationship with that person.

When we collect your information for fundraising purposes, we will also explain to you that we will keep in touch by post and phone to tell you about our work and ways you can support us. We ask your permission to send marketing emails, and only contact you by email for this purpose if we have your explicit consent to do so.

If you donate goods to our shops, and want us to collect Gift Aid we will contact you by email or letter in line with HMRC requirements.

You can let us know if you don’t want to hear from us at any time by emailing [email protected] or writing to us at St Margaret’s Hospice Care, Little Tarrat Lane, Yeovil BA20 2HU.

Supporters under the age of 18

If you are a child (under 18), and have participated in a fundraising event, where there are no age restrictions, or made a donation to the hospice, you are entitled to the same rights as adult hospice supporters. We collect the same type of information about you as we do for over 18s, process it for the same reasons and hold your information in the same way. Your information is held with the consent of your parents/guardian and with your consent. Your details are kept securely with restricted access and handled with the greatest respect for privacy.

How do we collect / obtain your personal information?

We collect information in different ways:

1. You give us your information directly:

When you make a donation, register for an event or course, join our Weekly Prize Draw, sign up to Gift Aid when you donate goods or book a collection, purchase merchandise or items for delivery, volunteer, or share your story with us, we will collect details that enable us to process or administer our relationship with you.

If you register for an event or sign up for a newsletter via our website, the details you submit are collected directly by us and not a third party website provider.  We may also collect some details about you via cookies on our website. Please see our ‘cookies and web privacy policy’ for further details.

2. You give us your information indirectly:

Sometimes the information will come via an organisation working on our behalf (e.g. a professional fundraising agency), but we will be responsible for your information at all times. We may also receive information about you from event organisers like the London Marathon or online fundraising sites like JustGiving or Enthuse, but they will only pass this information on if you have given them permission to do so. You may also agree to let a friend or colleague give us your details when registering you for an event.

If you set up a standing order or direct debit, your bank or the direct debit payment processor (e.g. Rapidata) will send us enough details to be able to process or administer your donation.

Universities give us your information if you are undertaking courses with us.

3. You give us information via social media

We also use social media platforms such as, but not limited to Facebook, TikTok and Instagram. Companies like these use cookies within their systems which may, depending on your privacy settings, allow us to access some information from your accounts, such as, when you publicly tag us in an event photo.

4. Publicly available information

We may also combine data that we already have about you with information available publicly or from external sources in order to gain a better understanding of you and to improve our fundraising methods, products and services. This includes publicly available information to identify individuals who may be interested in giving major gifts to charities or organisations like ours.

Why do we collect and process your personal information?

We may contact you to tell you about news or events we believe you will be interested in based on your previous interactions with us. At the same time we want to ensure you enjoy a first class experience when dealing with us and are kept informed about how your support is having an impact.

We may use your information to:

• provide you with the services, products or information you asked for;

• update you on and process your gift aid, this can be through the retail app if you have downloaded it;

• administer your donation or support your fundraising, including processing gift aid, credit and debit card payments;

• process standing order or direct debit payments, including weekly prize draw payments;

• keep a record of your relationship with us;

• send updates about how your support is having an impact and how else you can get involved; or

• manage how you want to hear from us or how we keep in touch with you

• ensure health, safety and security on our premises.

We will contact you primarily by post or phone. We will contact you by email if you have given your permission for us to do so. You can opt out from receiving marketing information from us at any time.

What is our legal basis for processing your information?

We will only use your information where we have a legal basis to do so. The primary legal basis we rely on to process your information for fundraising purposes is ‘legitimate interest’.

Legitimate interest – Article 6 of the GDPR states ‘the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests’.

Our use of your information must be fair and balanced to ensure we consider your rights and interests as an individual and we communicate with you about things we legitimately feel will be of interest to you. We will only use your information in a way and for a purpose you would reasonably expect in accordance with this notice.

St Margaret’s will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities.

Are there other legal grounds that we can process your personal information under?

While legitimate interest is our primary legal basis for processing your personal information, there are other legal grounds we may use to process your personal information include:

Legal obligation – Article 6 of the GDPR states ‘the processing is necessary for you to comply with the law (not including contractual obligations), we are required to retain the audit trail for any gift aid indefinitely. Or if you have an accident at an event we have a duty to maintain records for any legal claim.

Contract – Article 6 of the GDPR states ‘the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract’ such as, you sign up to play our hospice weekly prize draw, purchase merchandise through an online store or sign up for a fundraising or education event or course.

Consent – Article 6 of the GDPR states ‘the individual has given clear consent for you to process their personal data for a specific purpose’.  Such as, we will only email about our fundraising activities if we have an accurate record of your recent and freely given consent to do so. You may withdraw consent at any time.

In exceptional circumstances we may process your information when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so. This includes legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or for the purpose of establishing, exercising or defending legal rights. We will always do our best to notify you of this sharing.

In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

What would happen if we did not collect and process your personal information?

If we were unable to collect and process your personal information we would not be able to communicate with you or perform many of the functions critical to the hospice. We would be unable to:

• process donations or purchase merchandise by card;

• acknowledge your support and thank you for your donations;

• register you to participate in our events or courses;

• send you details about the hospice, our activities, progress and news in general;

• claim gift aid from supporters who would like us to; or

• deliver or collect furniture purchased or donated.

How else do we use your information?

We also use your information to enable us to run our charity effectively, helping us to provide and improve our services. We may analyse or profile supporters on our database to ensure our communications are relevant and timely. We may analyse geographic, demographic and other information such as your previous support for the hospice, to better understand your interests and preferences; this may include wealth screening.

By looking at how certain groups of supporters like to engage with us or how they have gone on to support us in different ways, we can plan and target our resources effectively and aim to grow support for the hospice. This enables us to raise sufficient funds, more cost-effectively which ultimately helps us fulfil our charitable aims.

What do we do with any personal information that is provided by third parties?

Sometimes your information may be shared with us by third parties including:

• professional fundraising agencies, such as those we use to help recruit players for our Weekly Prize Draw;

• independent event organisers, such as the London Marathon or fundraising sites like Just Giving, or Enthuse where you’ve signed up with them directly;

• direct debit payment processors like Rapidata, so we can administer your donations; or

• universities when you book a course through them.

We may also receive information about you from subcontractors acting on our behalf who provide us with technical, payment or delivery services, and from business partners, advertising networks and search/analytics providers used on our website.

You should check any privacy policy provided to you where you give your information to a third party. When we receive your information, we will treat it in the same way we would if we had collected it directly ourselves.

Sharing your story

You may choose to tell us about your experience of St Margaret’s Hospice to help further our work. This may include you offering to share your story with the media or to support fundraising campaigns. Often this involves sharing sensitive personal information relating to your health and family life in addition to your standard contact information.

This information will be treated with strictest confidence. It will only be made public (through media work, at events, in materials promoting our fundraising work, on our website or in documents such as our Annual Report) if you or your parent or guardian, if you are under 16, have explicitly agreed to this and completed our consent form.

How long do we retain your personal information for?

Information is retained depending on its nature and original purpose. In most cases it is kept for a minimum of seven years, if it has financial information connected with it, such as, a donation, payment for a service or direct debit mandate. If you have completed a gift aid declaration, HMRC require us to keep a record of your gift indefinitely.

Records held for fundraising activities may be kept for up to 10 years after our last communication with a donor. Holding records for longer means we can communicate with donors in the future about relevant campaigns such as capital appeals, which often happen decades apart. We will therefore retain your personal information for up to 10 years unless you explicitly ask us to remove it.

Education course records at degree level are retained for a minimum of seven years, all other records are retained for a minimum of two years.

Records are removed or archived confidentially once their retention period has been met and we have made the decision that the records are no longer required. This is in line with our Records and Document Management Policy which sets out the appropriate length of time each type of record is retained.

Removed electronic records may still exist within an organisation but will be put ‘beyond use’. Beyond use means it has been deleted from systems used by the organisation with no intent to use it again, however that it may exist in some form in the electronic ether, such as IT service backups or archives.

Who do we share your personal information with and why?

On occasions we may need to share your personal information with organisations that work on our behalf or supply us with services that enable us to carry out our work, and where we have a legal obligation to do so.

When we run an event in partnership with another organisation we may need to share your details with them. You will always be informed if this is the case when you register for the event. Where we need to use third party organisations to facilitate our business operations or process personal information on our behalf, such as a mailing house or a printer. Companies we work with will have appropriate sharing documents or agreements in place. Companies include but may not be limited to:

• Access – processes direct debits on our behalf

• HMRC – reserves the right to inspect our gift aid files and claim procedures

• Engage and Connect – employ Weekly Prize Draw and regular giving fundraisers on our behalf

• Beacon– provides the software for our fundraising database

• Eproductive – provides the software for our retail database, runs our retail app, and supports our gift aid processing

• A to B logistics and Instore – deliver goods purchased from our shops

• Combase – Weekly Prize Draw players’ information is stored securely on St Margaret’s own server using password protected lottery management software (Combase) for the purpose of maintaining players’ records and running the draws. Lotteries are age restricted, therefore, to comply with the Gambling Commission’s licence conditions, we require your date of birth to verify your age

• Professional fundraisers – such as Ethicall who undertake occasional marketing and fulfilment activities on our behalf

• Dotdigital – email mailing platform.

If you submit your personal details to us via our website your information is stored on our secure servers. If you donate via our website, your bank account and payment card details are not stored on our websites, but are processed and stored by the following payment providers: Stripe for debit/credit cards and Rapididata for direct debits.

We sometimes use information screening companies to make sure that we do not contact people inappropriately. These companies may use information from publicly available sources to fulfil their services (such as death records) as well as checking against opt out services such as the Telephone Preference Service and Fundraising Preference Service.

On occasions we also use data profiling companies to compare our database or sections of our database with geodemographic information. We may use this information to make decisions about the communications we send to donors or the events we invite them to. Occasionally we may use data cleansing companies to remove duplicate and incomplete records from our database. We do this to limit waste of resources, ensure our communications reach the people who want to hear from us and maintain the accuracy of our data. We may occasionally also share information with telemarketing agencies for outbound fundraising and stewardship calling.

We have information processing agreements or arrangements in place with all of these companies to ensure your information is kept securely, not sold to others and is deleted as soon as the processing activity is finished.

We will never sell or rent your information to any third party or share it with any third party for marketing purposes.