St Wilfrid's Hospice - Privacy Notice
St Wilfrid's Hospice is committed to being fair, open, honest and transparent in relation to the collection, processing and sharing of your personal data - in full accordance with the UK General Data Protection Regulation (UKGDPR) and the Data Protection Act 2018.
This privacy notice covers all data collection (with the exception of data relating to applicants, employees and volunteers which is in a separate document) but includes core areas such clinical care (patients, relatives and carers), donors and income generation (fundraising/retail).
Your data: the personal information we collect
We will normally keep your information in an electronic format. This includes:
Personal details, such as:
- Name, home address and email address
- Telephone number
- Date of birth
- Next of kin and relevant relationships
For people referred for care: health information, including:
- Referral requests, health records and reports about your health condition
- Ethnicity, religion, disability,
- Your treatment and care including your medication
- Results of tests or investigations
- Your General Practitioner (GP) details
Financial information (where you have shared this with our fundraising team), such as:
- Your credit card or bank account details
For supporters - we collect personal data when you ask us to send you publications or newsletters, order products and services from us, make a donation to us, sign up for Gift Aid, fundraise on our behalf, or otherwise give us information. We can then ensure that we send information which matches personal interests (eg social or sporting fundraising events, campaigns and volunteering).
Our fundraising team will ask supporters for their communication preferences. We usually contact you by post, occasionally by phone and, where you have specifically agreed to this, by email.
We also collect information about your use of our website, including your Internet Protocol (IP) address, how much time you spend on the site, and what you like or view on our site.
How we use your information
We use data in many ways. A list of our reasons for processing data is shown below:
|Patients, relatives and carers||Supporters||Ongoing business||Other|
|For the care and treatment of a person using our hospice care services||For the administration of all our supporters (eg donor acknowledgement, thank you letters)||To plan for our future by carrying out internal analyses, reporting and monitoring||To look into and respond to any complaint that has been raised|
|For pre/post bereavement counselling and support||To claim Gift Aid from Her Majesty’s Revenue and Customs (HMRC) where you have signed a declaration||To satisfy Charity Commission and Companies House statutory requirements||To respond to your general enquiries and messages|
|To allow families (next of kin) to know what the organisation does and how they can get involved||For direct marketing (where you have consented) eg appeals, hospice updates and newsletters||To monitor and analyse the use of our website||To carry out appropriate governance of any accident, injury or near miss (AIMN)|
|In order to support carers||For the administration of an estate in order to obtain a legacy payment||For the administration of training and education provision||For the administration of room hire and associated bookings|
|In order to ask the bereaved to return national surveys||To log sales of donated items where Gift Aid process applies||In order to process credit notes to retail shoppers||To facilitate collection or delivery of customer goods by our retail company|
|For provision of Befriending service||For the administration of a fundraising event (event pack)||For the administration of work experience individuals||To facilitate Community Links communications|
|To invite people to remembrance services||For processing in the Hospice Lottery (eg to remind you when a subscription is due)||CCTV for the purposes of crime prevention, security and public safety||To provide data required in a 3rd party claim via a solicitors, where consent provided (eg Mesothelioma)|
If your information is to be collected and used for any other purposes in the future, we will tell you about it and confirm our legal basis for processing that information.
Legal Basis for processing
St Wilfrid’s Hospice processes personal information fairly by ensuring it has a legal basis to collect, hold and process that information:
In some cases, an individual will have consented to the processing, such as:
- Joining the Hospice Lottery
- When submitting a Gift Aid declaration or donating items, where sales will go through the Gift Aid process.
- A parent/guardian referring their child for bereavement counselling via our Seahorse service.
- A patient consenting to the onward sharing of information about them to other healthcare organisations (such as their GP practice, ambulance service, community nursing and the NHS).
Sometimes it is necessary to process your data for us to comply with our legal obligations, such as:
- Sending Gift Aid information to HMRC
- Any incidents, events or occurrences that require notification to the Care Quality Commission (CQC)
- Statutory requirements to register Trustees with the Charity Commission or Companies House
- Providing legally mandated datasets to the NHS such as the Community Services Data Set (CSDS)
The hospice will process certain information under the basis of ‘legitimate interests’ in circumstances where any individual would reasonably expect us to be using their information. St Wilfrid’s Hospice will still protect your rights and interests, ensuring that processing remains lawful, fair, and necessary, without causing harm and where there is no less intrusive way to achieve the same result. Examples include:
- Providing patients/clients referred to us with safe care, treatment and support
- Making a general enquiry
- Asking us to respond to a complaint.
- Inviting people to remembrance services
- Holding contact details (and their relationship) to a patient under our care eg next of kin
- Holding contact details of those sponsoring a fundraiser on our behalf
- Sending you direct marketing in relation to donations and fundraising events in cases where you have supported us previously and are happy to continue receiving communications from us.
- To allow families/next of kin to know what the organisation does and how they can get involved.
- CCTV security
- Room hire booking
- Requesting some form of training or education
The hospice will carry out a Legitimate Interest Assessment (LIA) for cases where legitimate interest is being used as the basis for processing information.
Note that for our patients, processing of their special category health data is also covered under the provisions of the General Data Protection Regulation: Article 9(2)h “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”.
Vital Interests: To protect the vital interest of patients, at times patient records may need to be viewed using this legal basis. Vital interests generally only apply to matters of life and death. St Wilfrids may access records in someone’s vital interests in extreme circumstances such as emergency clinical care.
Are you required to provide data and what happens if you don’t?
For donors, you are not required to provide personal data to us. However, if you don’t provide personal data this may affect our ability to provide the services you request. For example, we may not be able to receive a donation from you if you do not provide your payment information and we would be unable to claim the potential addition of Gift Aid funding.
If you register to receive services from our clinical teams then we have to obtain personal information from you in order for us to deliver safe care and treatment.
Further processing of your data
Internally, patient data used for the care and treatment of a service user will be anonymised, aggregated and reported regularly (monthly, quarterly, annually) for analysis and planning of services. This will not identify individuals.
When you give us your personal information in connection with making a donation we will also use this information, apart from your financial information, for internal reporting and analysis.
We also engage third parties to provide us with data that helps us understand how we can provide the best experience for our supporters, how to best connect with them, and to give us insight so that we can provide supporters with information about topics which may be of interest. For example, we use a postcode profile classification system and may look at events that you have taken part in, sporting interests and information from trade directories and public records to create a profile of your interests and preferences. This information may be added to your supporter record accordingly. To opt out of profiling – please contact us at email@example.com
Data sharing and transfer
Fundraising is essential to our organisation’s survival. To help us fundraise more efficiently (leaving us with more time and resources for the important work we do), we engage third parties to improve our address data e.g. to identify missing postcodes or to correct partial addresses.
We will never sell, rent, or trade your personal data.
The details of those joining the Hospice Lottery are shared with Local Hospice Lottery Ltd (who run the lottery on our behalf.)
Donors making Gift Aid declarations will have their details passed to HMRC in order for us to claim these funds.
Those making a regular donation will have the details of their standing order passed to our bank.
In order to satisfy statutory requirements of the Charity Commission and Companies House the hospice will pass on details of Trustees and Company Directors.
The Care Quality Commission (CQC) has powers under the Health and Social Care Act 2008 to access and use information necessary for them to carry out their functions as a regulator. As such they may use legal powers to access information rather than consent.
For patients requiring medical supplies or equipment, their contact details may be passed to the suppliers.
In terms of ongoing direct patient care, if appropriate, it may be necessary to share information with organisations who provide care to ensure you continue to get the care and treatment you need. We may share information with your GP, District Nurse, NHS hospital or community teams, Adult Social Care, Ambulance Services, Continuing Healthcare and Community Care agencies.
Your information in our electronic patient record system may be accessed securely on a need-to-know basis by organisations such as your GP practice, NHS hospital, community services such as district nursing, or by other local hospices, under a new Information Sharing Agreement. This enables joined-up, faster access to information for all those involved in your care and ensures best use of collective resources to support you. Please note that you do have the right to ‘opt-out’ of your data being shared in this way, in which case your record can be flagged to prevent this. If you wish you can speak to a member of staff or email us at firstname.lastname@example.org stating that you would like your electronic patient record to be flagged to prevent electronic data sharing with other organisations.
Data Sharing and the National Data Opt-Out
Additionally, your data may be shared between healthcare organisations for other legitimate purposes including but not limited to: Planning and service development; sharing of unique identifiers such as NHS numbers; learning from outcome measures, care pathways, research, finance and invoicing.
St Wilfrid’s Hospice is legally mandated to send the NHS certain datasets, for example supplying patient data to the NHS as part of the mandatory Community Services Data Set (CSDS) submission. Providers are legally required to submit full returns of CSDS data, as the Data Provision Notice (DPN) issued under section 259 (10) of the Health and Social Care Act 2012 sets aside the common law duty of confidence in respect of this data.
Patients have the right to prevent their data being used for purposes beyond their direct care and treatment. Where an opt-out is received from a patient (or their parent or guardian in the case of a child), NHS Digital will exclude the relevant records from any onward dissemination of the data. As such, any patient not wishing to let their data to be used for secondary purposes ( eg research or planning) can ‘opt-out’ either via their GP practice or directly via www.nhs.uk/your-nhs-data-matters/manage-your-choice/ on the NHS website.
If sent to the NHS, data for patients who opt-out are included in aggregate counts for publications etc, but any extracts that go to 3rd party customers (e.g. for research etc) are matched against their national opt-out database, and any records that match the NHS Number of opted out patients are stripped from the extracts. For further explanation of this initiative patients can be view the NHS guidance at https://digital.nhs.uk/services/national-data-opt-out.You can also make or change a choice for yourself by phone, email or post or for someone else by email or post:
Holding and protecting your data
Everyone working at St Wilfrid’s Hospice has a legal and professional duty to keep information about you confidential. We follow strict guidelines about how information is collected, stored and shared.
Your information is further protected by St Wilfrid’s Hospice’s compliance with the requirements of the:
- Data Protection Act (2018) / UK General Data Protection Regulation (UKGDPR)
- Regulators Code of Fundraising Practice (2016)
- Care Quality Commission
Patient confidentiality is monitored by our Caldicott Guardian, a senior clinician who ensures St Wilfrid’s Hospice protects patients’ right to confidentiality.
Patient data in our new electronic patient record system is stored securely in UK based datacentres.
Our donor/supporter data is managed at a hosted datacentre in the EU(Amsterdam) by Blackbaud, the world’s largest cloud software company supporting non-profit organisations. Blackbaud, Inc. is the parent company of Blackbaud Europe Ltd. The terms and policy referring specifically to the relationship between Blackbaud and St Wilfrid’s Hospice’s, where Blackbaud is the data processor, can be found under the Business Solutions Agreement, with further specific detail under the Hosting Services agreement: https://www.blackbaud.com/terms
How long do we hold your data for?
We will follow national guidance or best practice and retention periods will vary according to the nature of the record.
Record retention periods are:
As an individual you have the following rights:
Right of Access - Declare that we have your data. Give you a copy of your data.
Right to Rectify - Correct your data.
Right of Erasure - Delete your data.
Right to Restrict Processing - Stop processing your data, but not delete.
Right of Portability - Give you your data in a common, machine readable format.
Right to Object - to direct marketing, to processing for scientific, historical research or statistics, to processing based on legitimate interests or public interest.
Right not to be Profiled - Not be subject to a decision based on automated processing.
Right to Withdraw Consent – if we rely on consent as the legal basis for processing.
Right to Complain - to the Information Commissioners Office or the Fundraising Preference Service
What should I do if I have concerns?
If you have any non-patient related questions or concerns about how we use your personal information please contact us via email to Hospice@stwhospice.org or via telephone ( 01323 434200 ). Note that patient related enquiries should be via email to email@example.com
Subject Access requests ( for access to personal data) can be made to Tara Schrikker – Registered Manager / Associate Director for Quality & Governance. Completion of a request form is required as per Appendix 1 of the Subject Access Policy & Procedure.
Whilst St Wilfrid’s Hospice is not currently required to appoint a legally defined role of Data Protection Officer, we continue to demonstrate our strong commitment to data protection, security and confidentiality with the following key IG roles in place:
Dr David Barclay – Caldicott Guardian
Darren Mackenzie – Senior Information Risk Owner (SIRO)
Steve Clarke – IG Lead
For specific queries in relation to any donor and fundraising data concerns, you can write to Caroline Stevens - Database and Supporter Development Manager at the address below, by email to firstname.lastname@example.org, or by calling 01323 434220.
Database and Supporter Development Manager, St Wilfrid’s Hospice, 1 Broadwater Way, Eastbourne, East Sussex BN22 9PZ
For queries relating to our trading company you can email to email@example.com
Changes to this information notice
Our privacy notices are reviewed a minimum of every 2 years and updated when there is a known change to our systems or processes. This information notice was last updated April 2023.