How we use your information
St Margaret’s Hospice Care takes your privacy seriously. We are committed to protecting your personal information. This policy sets out how we use the information that you provide us with in order to help further our work in providing care throughout Somerset.
St Margaret’s Hospice has been at the heart of Somerset’s community for over 37 years, delivering high quality, responsive and compassionate care to patients and their families facing a life-limiting illness.
At St Margaret's Hospice we are:
Patient centred, compassionate, respectful, brave, self-aware, informed and driven.
These values weave through everything we do
We will not sell your data to any third parties, but we may sometimes share your information with our subsidiaries, with trusted service providers and selected partners who fundraise or work on our behalf. We ensure that any third parties with access to your data are held to strict standards for data use and security.
Who we are
By St Margaret’s Hospice (the data controller) and our subsidiaries we mean:
- The charity, St Margaret’s Somerset Hospice (registered charity numbers 279473);
- St Margaret’s Hospice Retail Ltd, Company Registration Number: 7204857
Our Data protection officer can be contacted on 0845 0708910 or by emailing email@example.com
Your Information – what we collect and how we use it
St Margaret’s Hospice Care collects information from the public in a number of different ways. For example, we ask for contact and other information when you receive any of our services or attend one of our fundraising events.
This may include information such as your name, date of birth and contact information. We use this information to help us provide and improve our services as a charity and to keep a record of our communications and care we provide.
If you use one of our services we will also collect details about any care and treatment you have received along with details about your health, including test results.
If you are a financial supporter of St Margaret’s Hospice, by becoming a member, playing our weekly prize draw, purchasing or donating goods at one of our retail outlets, attending or sponsoring a fundraising event or donating to us, we will ask for information that enables us to administer your donation. This will normally include information such as your name, contact details such as address, email or telephone number and your payment details and Gift Aid status.
If you have given us your consent, we will contact you with information and updates on our work, products (such as events and campaigns) and how you can support us, (such as fundraising). This may be by post, email, telephone or text message, depending on your preferences. We will also continue to ask about your marketing preferences, to ensure that you are still happy to be contacted by us and by which means.
What the Law says about protection of personal information
The Law on Data Protection is derived from various pieces of legislation (can be found in a number of places). These include the Data Protection Act and the incoming General Data Protection Regulation (the ‘GDPR’) which will become enforceable in May 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the GDPR’s definition of processing. The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply.
The legal grounds that are most relevant to St Margaret’s Hospice use of your personal information are:
- Public Task
- Legitimate Interest
- Legal Obligation
In addition certain categories of data (such as healthcare data) require additional conditions to be met.
The two conditions for processing special category data that most apply to St Margaret’s Hospice are
- processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
- scientific or historical research purposes or statistical purposes
How the law applies to St Margaret’s Hospices use of personal information
St Margaret’s Hospice will only process (use) your personal information if we have:
- A statutory obligation to do so where we establish the ‘official authority’ to conduct the activity for which the processing is necessary.
- A ‘Legitimate Interest’ to do so in order to support our charitable purposes. Our use will be fair and balanced and never unduly have an impact on your rights.;
- A legal obligation to use or disclose information about you, e.g. we are required by law to retain the audit trail for any Gift Aid indefinitely.
- Asked you and have a record of your express and recent consent for us to do so;
- A contract with you that we can only fulfil by using your personal information, e.g. to send you an item that you have requested
In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.
We will not unduly prioritise our interests as a charity over your interests as an individual. We will always balance our interests with your rights. We will only use personal information in a way and for a purpose that you would reasonably expect in accordance with this Policy.
St Margaret’s Hospice will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities.
The General Data Protection Regulation gives you certain rights over your data and how We use it. These include the right to:
- access to the personal information We hold about you, known as a data subject access request
- object to Our processing (automated or otherwise) of your personal information
- object to your information being used for marketing purposes
- restrict the processing of your personal information
- obtain a copy of your personal data in a portable format so that you can reuse it
- rectify your personal information if you believe it is incorrect. We want to ensure that all information We hold about you is accurate and up to date so please do let Us know if anything changes, and
- request the erasure of your personal information. Please note that in certain circumstances We may need to retain your data for a specified period to comply with Our legal obligations.
If you make a request relating to any of the rights listed above, We will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.
If you wish to exercise any of these rights please contact our Data Protection Officer in writing at St Margaret's Hospice, Heron Drive, Taunton, TA1 5HA or by emailing firstname.lastname@example.org
Legal Grounds for Processing – By Department
St Margaret’s Hospice has a statutory obligation to process your data if you receive any care from our clinical services. We do so under the Official Authority of the Health and Social Care 2012 and NHS Act 2006.
As much of the data we hold on patients is classed as special category data under the new General Data Protection Regulations, we process this data for the medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems
Where you have been involved in any clinical research with us or within any other health or social care organisation we process your data for scientific or historical research purposes or statistical purposes in accordance with EU member state law. However, we ensure any such processing does not violate your rights and interests as an individual.
HR and Volunteering
If you are a member of staff, volunteer or apply for a position within the organisation, St Margaret’s Hospice has a legal obligation to process certain aspects of your data such as financial and tax information, proof of your right to work in the UK, or for disciplinary and grievance records. We will also process your data where we feel we have a legitimate interest to do so, balancing your interests against our own.
Additionally we will process your data to ensure our compliance with any contract we have with you or have obtained consent to do so. Examples include processing your payroll or pension data.
St Margaret’s Hospice will process your data where we have a legal obligation to do so under various acts such as under the Companies Act 2006, Finance Act 1998 and VAT Act 1994.
We will also process your data where we have collected consent to do so or have determined it is in the legitimate interests of the business. This includes administration of expenses and to process donations.
Fundraising and Retail
St Margaret’s Hospice will process your data when there is a contract in place with the data subject e.g. you sign up to our hospice weekly prize draw, purchase goods through an online store or sign up for a fundraising event.
We will also process your data where there is a legal obligation to do so such as any gift aid status under the Income Tax Act 2007We will also process your data where we feel there is a legitimate interest to do so, ensuring we do not harm your rights and freedoms as an individual. Please find more information below regarding legitimate interests.
Marketing and Communications
St Margaret’s Hospice will ask for your consent before we communicate with you for certain purposes. For example, we will only email or send you an SMS about our fundraising activities if we have an accurate record of your recent and freely given consent to do so.
You can withdraw your consent at any time by phoning 0845 345 9671 or emailing email@example.com
There are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground e.g. Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing. We commit to carrying out a balancing assessment to ensure our legitimate interest does not override your own.
What is Legitimate Interest?
Legitimate interest is a legal ground for processing that means organisations can process your personal information if:
- they have a genuine and legitimate reason for doing so
- its use does not harm your rights and interests as an individual
St Margaret’s will not prioritise our legitimate interests as a charity over your rights as an individual.
Why would we process your data under Legitimate Interest?
We aim to be clear about what information we collect, to enable you to make meaningful choices about how it is used.
When it is necessary we will contact you for administrative purposes, e.g. to contact you regarding a payment. We will also hold the minimum personal information required to support our ability to respect your preferences for communication with us.
To help you to understand when and why St Margaret’s Hospice would use Legitimate Interest to process your personal information we provide the following examples:
- To send you exciting updates about our work, campaigns, services and how you can support us, including fundraising activities and research which further the aims of St Margaret’s Hospice.
- To process your donations, fulfil online transactions and process/deliver your orders.
- To ensure our services and communications are relevant to you, we may analyse the data you have given us and add publicly available information (such as public records or social media); this may include wealth screening. This enables us to contact you in an appropriate and cost-effective way. Information we gather could include things like your interests, preferences and the level of any potential donations.
- We may contact you to ensure the contact details you have given us remain accurate and up to date. In some circumstances we may use external data lists to avoid misdirecting our communications with you, including the Telephone Preference Service and the Fundraising Preference Service.
- To improve our websites and systems, and prevent fraud when transacting on our website.
Who do we share personal data with?
We share data with a range of organisations. We will always endeavour to share the minimum amount of personal data required, even anonymising data where we possible. However, there will be some instances where personal data will need to be shared with other organisations for the purposes of caring for a patient or to meet legal obligations.
We may share personal data with the following organisations for the purposes of delivering or improving healthcare, or where there is a legal requirement for us to do so:
- Clinical commissioning groups
- Health authorities
- NHS organisations
- General practitioners (GPs)
- Child and adult safeguarding services
- Ambulance services
- Other health care providers e.g. refer you to another appropriate service
- Social services
- Education services
- Local authorities
We may also share your data with organisations that work on our behalf or supply us with services that require your data in order to deliver these services, and where we have a legal obligation to do so. Companies we work with include:
- Rapidata This company processes direct debits on our behalf
- HMRC HMRC reserves the right to inspect our Gift Aid files and claim procedures at any time
- St. Margaret’s payroll provider
- St. Margaret’s pension provider and pension Management Company
- Occupational Health provider
- Employee Assistance Programme provider
Other types of company
Printers and mailing companies: to send out mailings on our behalf. Data profiling companies: on occasions we may compare our database or sections of our database with geodemographic data. We may use this information to make decisions about the communications we send you, or the events we invite you to. Data cleansing companies: occasionally we may use an external provider to remove duplicate and incomplete records from our database. We do this to limit waste of resources and ensure our communications reach the people who want to hear from us.
How long do we retain your records?
All our records are destroyed in accordance with the St Margaret’s Hospice Records and Document Management Policy, which sets out the appropriate length of time each type of record is retained. We do not keep your records for longer than necessary.
All records are removed confidentially once their retention period has been met and St Margaret’s Hospice has made the decision that the records are no longer required. For more information please see the Records and Document Management Policy
Removed electronic records may still exist within an organisation for a maximum of 15 years but will be put ‘beyond use’. Beyond use means it has been deleted from systems used by the organisation with no intent to use it again, however that it may exist in some form in the electronic ether. Examples of this will include IT Service Backups, or Archives.
If you have completed a Gift Aid declaration, HMRC requires us to keep a record of your gift indefinitely
If you have demonstrated an interest in St Margaret’s Hospice by contacting us about one of our services or campaigns, we will hold onto your personal information for two years afterwards.
We promise not to keep your personal information any longer than necessary.
You can opt out/give or withdraw consent/change your preferences at any time
You can change your preferences with us at any time by calling us on 0845 345 9671, emailing firstname.lastname@example.org or writing to us at St Margaret’s Hospice, Heron Drive, Taunton TA1 5HA
Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law. This could include requests from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Information Commissioners office https://ico.org.uk/