St Wilfrid's Hospice - Privacy notice
St Wilfrid's Hospice is committed to being fair, open, honest and transparent in relation to the collection, processing and sharing of your personal data - in full accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
This privacy notice covers all data collection (with the exception of data relating to applicants, employees and volunteers which is in a separate document) but includes core areas such clinical care (patients, relatives and carers), donors and fundraising and business and retail.
Your data: the personal information we collect
We will normally keep your information in an electronic format. This includes:
Personal details, such as:
- Name, home address and email address
- Telephone number
- Date of birth
- Next of kin and relevant relationships
For people referred for care: health information, including:
- Referral requests, health records and reports about your health condition
- Ethnicity, religion, disability,
- Your treatment and care including your medication
- Results of tests or investigations
- Your General Practitioner (GP) details
Financial information (where you have shared this with our fundraising team), such as:
- Your credit card or bank account details
For supporters - we collect personal data when you ask us to send you publications or newsletters, order products and services from us, make a donation to us, sign up for Gift Aid, fundraise on our behalf, or otherwise give us information. We can then ensure that we send information which matches personal interests (eg social or sporting fundraising events, campaigns and volunteering).
Our fundraising team will ask supporters for their communication preferences. We usually contact you by post, occasionally by phone and, where you have specifically agreed to this, by email.
We also collect information about your use of our website, including your Internet Protocol (IP) address, how much time you spend on the site, and what you like or view on our site.
How we use your information
We use data in many ways. A list of our reasons for processing data is shown below:
Patients, relatives and carers
|For the care and treatment of a person using our hospice care services||For the administration of all our supporters (eg donor acknowledgement, thank you letters)||To plan for our future by carrying out internal analyses, reporting and monitoring||To look into and respond to any complaint that has been raised|
|To invite people to remembrance services||To claim Gift Aid from Her Majesty’s Revenue and Customs (HMRC) where you have signed a declaration||To satisfy Charity Commission and Companies House statutory requirements||To respond to your general enquiries and messages|
|For pre/post bereavement counselling and support||For direct marketing (where you have consented) eg appeals, hospice updates and newsletters||To monitor and analyse the use of our website||To carry out appropriate governance of any accident, injury or near miss (AIMN)|
|In order to support carers||For the administration of an estate in order to obtain a legacy payment||For the administration of training and education provision||For the administration of room hire and associated bookings|
|In order to ask the bereaved to return national surveys||To log sales of donated items where Gift Aid process applies||In order to process credit notes to retail shoppers||To facilitate collection or delivery of customer goods by our retail company|
|For provision of Befriending service||For the administration of a fundraising event (event pack)||For the administration of work experience individuals||To facilitate Community Links communications|
|To comply with pandemic ‘Track & Trace’ procedures||For processing in the Hospice Lottery (eg to remind you when a subscription is due)||To facilitate administration of the Hospice choir||To provide data required in a 3rd party claim via a solicitors, where consent provided (eg Mesothelioma)|
If your information is to be collected and used for any other purposes in the future, we will tell you about it and confirm our legal basis for processing that information.
Legal Basis for processing
St Wilfrid’s Hospice processes personal information fairly by ensuring it has a legal basis to collect, hold and process that information:
In some cases an individual will have consented to the processing, such as:
- Joining the Hospice Lottery
- When submitting a Gift Aid declaration or donating items where sales will go through the Gift Aid process.
- A parent/guardian referring their child for bereavement counselling via our Seahorse service.
Sometimes it is necessary to process your data for us to comply with our legal obligations, such as:
- Sending Gift Aid information to HMRC.
- Any incidents, events, or occurrences that require notification to the Care Quality Commission (CQC).
- Statutory requirements to register Trustees with the Charity Commission or Companies House.
- Providing a dataset to NHS called the Community Services Data Set (CSDS).
The hospice will process certain information under the basis of ‘legitimate interests’ in circumstances where any individual would reasonably expect us to be using their information. St Wilfrid’s Hospice will still protect your rights and interests, ensuring that processing remains lawful, fair, and necessary, without causing harm and where there is no less intrusive way to achieve the same result. Examples include:
- Providing patients/clients with safe care, treatment and support
- Making a general enquiry
- Asking us to respond to a complaint
- Inviting people to remembrance services
- Holding contact details (and their relationship) to a patient under our care eg next of kin
- Holding contact details of those sponsoring a fundraiser on our behalf
- Sending you direct marketing in relation to donations and fundraising events in cases where you have supported us previously and are happy to continue receiving communications from us.
- CCTV security
- Room hire booking
- Requesting some form of training or education
- Contacting choir members when activities resume.
The hospice will carry out a Legitimate Interest Assessment (LIA) for cases where legitimate interest is being used as the basis for processing information.
Are you required to provide data and what happens if you don’t?
For donors, you are not required to provide personal data to us. If you don’t provide personal data, this may affect our ability to provide the services you request. For example, we may not be able to receive a donation from you if you do not provide your payment information and we would be unable to claim the potential addition of Gift Aid funding.
If you register to receive services from our Clinical Teams, then we have to obtain personal information from you in order for us to deliver safe care and treatment.
Further processing of your data
When you give us your personal information in connection with making a donation we will also use this information, apart from your financial information, for internal reporting and analysis.
Internally, patient data used for the care and treatment of a service user will be anonymised, aggregated and reported regularly (monthly, quarterly, annually) for analysis and planning of services. This will not identify individuals.
St Wilfrid’s Hospice is compliant with the ‘National Data opt-out’ in that we do not share any data beyond a patient’s direct care, unless legally required to do so, for example supplying patient data to the NHS as part of the mandatory Community Services Data Set (CSDS) submission. Providers are legally required to submit full returns of CSDS data, as the Data Provision Notice (DPN) issued under section 259 (10) of the Health and Social Care Act 2012 sets aside the common law duty of confidence in respect of this data.
Patients however do have a right to set a national data opt-out preference to prevent their data being used for purposes beyond their direct care and treatment. Where an opt-out is received from a patient (or their parent or guardian in the case of a child), NHS Digital will exclude the relevant records from any onward dissemination of the data. As such, any patient not wishing to let their data to be used for secondary purposes ( eg research or planning) can ‘opt-out’ either via their GP or directly via www.nhs.uk/your-nhs-data-matters/manage-your-choice/ on the NHS website.
If sent to the NHS, data for patients who opt-out are included in aggregate counts for publications etc, but any extracts that go to 3rd party customers (e.g. for research etc) are matched against their national opt-out database, and any records that match the NHS Number of opted out patients are stripped from the extracts. For further explanation of this initiative patients can be view the NHS guidance at https://digital.nhs.uk/services/national-data-opt-out.
You can also make or change a choice for yourself by phone, email or post or for someone else by email or post: https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/other-ways-to-manage-your-choice/
We also engage third parties to provide us with data that helps us understand how we can provide the best experience for our supporters, how to best connect with them, and to give us insight so that we can provide supporters with information about topics that may be of interest. For example, we use a postcode profile classification system and may look at events that you have taken part in, sporting interests and information from trade directories and public records to create a profile of your interests and preferences. This information may be added to your supporter record accordingly.
To opt-out of profiling – please contact us.
Data sharing and transfer
Fundraising is essential to our organisation’s survival. To help us fundraise more efficiently (leaving us with more time and resources for the important work we do), we engage third parties to improve our address data e.g. to identify missing postcodes or to correct partial addresses.
We will never sell, rent, or trade your personal data.
The details of those joining the Hospice Lottery are shared with Local Hospice Lottery Ltd (who run the lottery on our behalf.)
Donors making Gift Aid declarations will have their details passed to HMRC in order for us to claim these funds.
Those making a regular donation will have the details of their standing order passed to our bank.
In terms of ongoing direct patient care, if appropriate, it may be necessary to share information with organisations who provide care to ensure you continue to get the care and treatment you need. We will share information with your GP, District Nurse, NHS hospital or community teams, Adult Social Care, Continuing Healthcare and Community Care agencies.
For patients requiring medical supplies or equipment, their contact details may be passed to the suppliers.
In order to satisfy statutory requirements of the Charity Commission and Companies House, the hospice will pass on details of Trustees and Company Directors.
The Care Quality Commission (CQC) has powers under the Health and Social Care Act 2008 to access and use information necessary for them to carry out their functions as a regulator. As such they may use legal powers to access information rather than consent.
Holding and protecting your data
Everyone working at St Wilfrid’s Hospice has a legal and professional duty to keep information about you confidential. We follow strict guidelines about how information is collected, stored and shared.
Your information is further protected by St Wilfrid’s Hospice’s compliance with the requirements of the:
- Data Protection Act (2018) / General Data Protection Regulation (GDPR)
- Regulators Code of Fundraising Practice (2016)
- Care Quality Commission
Patient confidentiality is monitored by our Caldicott Guardian, a senior clinician who ensures St Wilfrid’s Hospice protects patients’ right to confidentiality.
Patient data is stored securely onsite, managed by our IT support company, Weald IT
Our donor/supporter data is managed at a hosted data centre in the EU(Amsterdam) by Blackbaud, the world’s largest cloud software company supporting non-profit organisations. Blackbaud, Inc. is the parent company of Blackbaud Europe Ltd.. The terms and policy referring specifically to the relationship between Blackbaud and St Wilfrid’s Hospice’s, where Blackbaud is the data processor, can be found under the Business Solutions Agreement, with further specific detail under the Hosting Services agreement: https://www.blackbaud.com/terms
How long do we hold your data for?
We will follow national guidance or best practice and retention periods will vary according to the nature of the record.
Record retention periods are:
- Patient records where they have received
- A blood transfusion under our care - 30 years
- Patient records - 8 years
- Finance records - 7 years
- Declarations of Gift Aid transactions - 6 years
- Legacy letters or copies of wills - 14 years
- Duty rosters - 4 years
- Any incidents, events of occurrences that require - 3 Years notification to the CQC
- Donation letters/event forms/raffle tickets etc - 7 years
- Customer details for collection/delivery by retail team- 3 months
As an individual, you have the following rights:
Right of Access - Declare that we have your data. Give you a copy of your data.
Right to Rectify - Correct your data.
Right of Erasure - Delete your data.
Right to Restrict Processing - Stop processing your data, but not delete.
Right of Portability - Give you your data in a common, machine readable format.
Right to Object - to direct marketing, to processing for scientific, historical research or statistics, to processing based on legitimate interests or public interest.
Right not to be Profiled - Not be subject to a decision based on automated processing.
Right to Withdraw Consent - if we rely on consent as the legal basis for processing.
Right to Complain - to the Information Commissioners Office or the Fundraising Preference Service
What should I do if I have concerns?
If you have any questions or concerns about how we use your personal information, please contact us via email at firstname.lastname@example.org or via telephone on 01323 434200.
Please note that patient related enquiries should be via email to email@example.com
Subject access requests (for access to personal data) can be made to Colin Twomey – Registered Manager. Completion of a request form is required as per Appendix 1 of the Subject Access Policy & Procedure.
While St Wilfrid’s Hospice is not currently required to appoint a legally defined role of Data Protection Officer, we continue to demonstrate our strong commitment to data protection, security and confidentiality with the following key IG roles in place:
Dr David Barclay – Caldicott Guardian
David Scott-Ralphs – Senior Information Risk Officer (SIRO )
Steve Clarke – IG Lead
For specific queries in relation to any donor and fundraising data concerns, you can write to Caroline Stevens - Database and Supporter Development Manager at the address below, by email to firstname.lastname@example.org, or by calling 01323 434220.
Database and Supporter Development Manager, St Wilfrid’s Hospice, 1 Broadwater Way, Eastbourne, East Sussex BN22 9PZ
For queries relating to our trading company, you can email to email@example.com
Changes to this information notice
Our privacy notices are reviewed a minimum of every 2 years and updated when there is a known change to our systems or processes.
This information notice was last updated January 2022.