Find out how we collect, use and look after information and what you can expect from us.
Privacy Notices
Our commitment to you
To enable us to undertake our charitable objectives, we collect and use personal information about individuals. We recognise the trust placed in us by those whose information we use.
It is important to us that we are open and honest about the way we use information and we are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
This privacy notice explains how we collect, use and look after information (known as processing) and what you can expect from us.
St Giles Hospice, together with St Giles Hospice (Promotions) Limited, St Giles Hospice Shops Limited and any and all wholly owned subsidiaries, together referred to in this policy as the “St Giles Group” are registered with the Information Commissioners Office (ICO); registration number Z6734293.
For additional information or to exercise any of your data subject rights explained below, or for further clarification, please contact the organisation’s Data Protection Officer:
Postal Address: (marked For the Attention of: Data Protection Officer) St Giles Hospice, Fisherwick Road, Whittington, Staffordshire, WS14 9LH.
Tel: 01543 432031
Email: DPO@stgileshospice.com
What is data?
Data is this instance is the information about an individual. The Data Protection Act specifically regards personal or sensitive data. There are several common words and phrases consistently used in data protection documentation. Here is a high-level definition of what they mean:
Personal Data – Information that can identify an individual, such as your name, contact data (your address, your phone number, your email), your date of birth, etc.
Sensitive Data – This data requires more security as it is more identifiable; such as health data, your race, religious beliefs, your sexual preference, any criminal history and your biometric data (such as your fingerprint or face recognition).
Data Subject – The individual the information is about.
Processing – The use of the data.
Data Controller – A data controller is an organisation, and in this instance, it is St Giles Hospice Group (us), who decides what happens with the data we are processing.
Your rights as an individual
We feel it is important that you are aware of your rights as an individual. These rights are:
- The right to be informed – you have the right to be told about how and when your personal information will be used. Our aim is that this notice, in conjunction with statements on other materials, provides a clear and transparent description of how your information will be used.
- Right of access – you have the right to request a copy of the information that we hold about you (this is also known as a ‘Subject Access Request’).
- Right of rectification – you have a right to correct any data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. You should be aware that we may be to keep certain information for a minimum period.
- Right to restriction of processing – where certain conditions apply you have the right to restrict our processing of your information.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of data processing such as direct marketing.
- Right to object to automated processing including profiling you have the right to ensure decisions about you are not automatically made by a system or technology.
For an independent review, you should register your concern with the UK Information Commissioner’s Office. Details on how to do so can be found here on their website or by calling 0303 123 1113.In the first instance you should contact us about your rights and how we use your information. You are entitled to an independent review of our actions should you have a concern or feel we have not respected your rights you can.
Collecting your information
We will obtain your data from different sources, but primarily, we will get it directly from you. Occasionally we will source it from third parties and how and when we share is dependent on how you are known to the organisation e.g.. do you donate or buy from us, are we providing care to you or a loved one or do you work for the organisation or are looking to?
Sharing your information
We understand that sharing information is often seen as something scary. Because of this perception it is important to us that whenever we share data with third parties, we perform checks to ensure that they adhere to UK and EU data protection obligations and that their data security policies are in line with ours.
We will never sell your information and we are committed to being open with you about where we legally share information, the reason why and who we share it with.
Please note that if you share personal or sensitive information through social media or third party websites, we cannot be responsible for the data processed in these platforms and it is subject to the third party’s privacy notice.
We share information for the following reasons:
- Personal and financial information for the purposes of payroll and pension management with designated suppliers.
- Personal information with professional bodies and regulators in accordance with our statutory obligations.
- Anonymised statistical information about training and equality monitoring with public authorities who commission our services.
- Personal and financial details about donations for the purpose of Gift Aid claims, audits and anti-fraud legislation with HMRC.
- Personal details with designated mailing houses for the purposes of sending printed communications.
- Email addresses with providers of social media and email marketing platforms where you have agreed to receive information from us via these channels.
- Information about the use of IT systems with technical suppliers for the purposes of support and system administration.
- Limited information about your digital identity is used to provide statistical information about the use of our IT systems including our website and social media accounts.
We use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our supporters and patients. Profiling also allows us to target our resources effectively, which we are consistently told is a key priority for our connections. We do this because it allows us to understand our community and helps us to make appropriate requests to those who may be able and willing to give more than they already do or to promote services to those who may benefit from them. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would Funds that without which we would not be able to continue to care for our community.
When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your needs, interests and preferences so that we can contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you, for example addresses, listed Directorships or typical earnings in a given area.
Visiting our website or any of our locations
What data do we collect?
Whilst navigating our website or visiting our sites we may collect the following data:
- Identity and contact data including your name, address, email address, date of birth, photo or video image or phone number
- Technical data such as your IP address, browser type and version, geographic location, operating system and other information about the devices you use to access our website
- Interaction data which may include the content of enquiries made via our contact form, details of registrations for events or responses to surveys/feedback requests
- Usage data which may include information about how you use our website, products or services
Why do we collect this data?
- In order to process an enquiry you may have about our organisation, we may use your personal data to respond to you
- To improve our website experience we may use your personal data to make improvements based on your usage and technical data
- To ensure we adhere to the Health and Safety obligations whilst at our locations
- To enter into a contract or to take specific steps before entering into a contract (in the case of suppliers or partnerships)
- To provide security at our locations
How long do we store this data for?
We only keep information for as long as we are allowed to in accordance with other legislation or relevant regulations. Once we no longer need to keep your information, we remove it from our systems or securely dispose of it as a minimum each year. Unless you fall into the remaining categories of donors, patients and their loved ones or volunteers, employees or job applicants we will store the information as follows:
- Closed Circuit Television (CCTV) images and digital identifiers of Wi-Fi users are kept for 90 days
- Anonymised statistical information about website visitors is kept in accordance with Google’s Analytics data privacy and security policy for analytical purposes
Donating to us
What data do we collect?
The personal data we collect about you for the purposes of our fundraising, lottery and retail activities can include:
- Identity and contact data including your name, address, email address, date of birth, photo or video image or phone number
- Technical data such as your IP address, browser type and version, geographic location, operating system and other information about the devices you use to access our website
- Health data
- Criminal data
- Financial data
- social media profiles
We do not collect ‘sensitive personal data’ about our donors unless there is a legitimate reason for this (e.g. if you participate in an event and we need health data to conduct a risk assessment).
Why do we collect this data?
Any personal data we process in relation to our income generation is done so in accordance with data protection laws in the UK and EU and would normally be collected from yourself. Where we haven’t obtained your prior written consent, we have a legitimate reason to process the data. Any data which has not been collected directly from yourself will have been collected in line with the relevant legislation.
You may appear in still images or video footage using CCTV that is used on our hospice sites and shops for security purposes.
Without your consent we would be unable to:
- inform you of how you have helped us to provide support in the community
- promote any future events, challenges or special offers
- to thank you for supporting us
- to provide you with further communications about our activities
How long do we keep this data for?
- Supporter records are kept for seven years after the date of the last donation
- Details about legacies we receive are kept for 12 years and details about legacy pledges are kept indefinitely
- CCTV images and digital identifiers of Wi-Fi users are kept for 90 days
- Anonymised statistical information about website visitors is kept in accordance with Google’s Analytics data privacy and security policy for analytical purposes
Clinical services
For details of the processing activities of the individuals that we care for and their families, please refer to our Care Privacy Statement.
Staff, volunteers and job applicants
What data do we collect?
During the recruitment process we will collect the following data:
- Identity and contact data including your name, address, email address, date of birth, photo or video image or phone number
- Technical data such as your IP address, browser type and version, geographic location, operating system and other information about the devices you use to access our website
- Health data
- Criminal data
- Financial data
- Capability data such as employment history, training and qualifications
Why do we collect this data?
It is necessary for us to process personal data of job applicants, volunteers and employees in order to identify the individual for the purposes of recruitment. Our legal obligations as an employer means we need to maintain information of our employees to adhere to the terms of employment and of both our employees and volunteers to ensure the health and safety of individuals on our premises or using our services.
How long do we keep this data for?
- Job applicant data is stored for 6 months
- Staff records are kept for 6 years following termination of the employment
- Volunteer records are kept for 6 years following the last recorded volunteer shift
- CCTV images and digital identifiers of Wi-Fi users are kept for 90 days
- Anonymised statistical information about website visitors is kept in accordance with Google’s Analytics data privacy and security policy for analytical purposes
Notification of changes
This statement may change from time to time, for example, if the law around information changes or for operational purposes. We advise you to visit this page regularly to keep up to date with any changes.
October 2024
Introduction
At St Giles it is important to us that as part of looking after you or your loved ones we also look after what we know about you. This notice is to help you understand, how and why your information is used and what we do with it.
It also explains the decisions you can take about your own information.
Our full privacy notice is available here, which covers how we look after your data in other areas of the organisation, e.g. visiting our premises.
Why do we need your information?
Your information is an important part of providing you with the right support. It helps us understand you as an individual and what you need. It also helps us to look after your family.
We use your information in the following ways:
- To provide you and your family with the care and support you need.
- To help us check that we looking after everyone properly and safely.
- To help run our services and improve what we do.
- To provide you with details about activities and events we offer for families.
- To help us access funding for your care.
- To help us promote St Giles as a charity
We also operate a CCTV system at the Hospices for the purposes of Crime Prevention and Detection. CCTV is only used in general areas and access to view is restricted to key individuals.
The Choices You Can Make
The information you tell us is yours and you have rights under the law to:
- Request to see / have a copy of the information we hold about you.
- To have any inaccurate information corrected.
- To decide in some circumstances what we can use your information for.
You can decide if we can use your information to:
- Send you information about activities, services and events for families
- Use your information to help us promote St Giles Hospice.
- Understand the service needs of the community
- Look at how we run & improve our services
We need your permission to use your information in these ways, and we will always ask your permission first. At any time you can change your mind and there is no limit on how often you do this.
How we look after your information
We value the information you share with us and it is important that we look after it properly and safely, especially where we might share it with other individuals or organisations. We protect your information in the following ways:
- Only keep it in secure IT systems or locked records rooms.
- Train all our staff and volunteers on how to look after your information.
- Only keep it for as long as we are allowed to, and securely destroy it at the end of that time.
- Only share it appropriately
How long do you keep my information for?
We will keep your information according to our Record Retention Log which is based off The Record Management Code of Practice.
Records Management Code of Practice – NHS Transformation Directorate (transform.england.nhs.uk) sets out what people working with or in NHS organisations in England need to do to manage records correctly. It is based on current legal requirements and professional best practice.
Who do you share my information with?
We share your information with 3 groups of people:
- Health and social care professionals such as your GP, Hospital consultant or social worker who are involved in your care. It is important that we do this to ensure that everyone looking after you has correct and up to date information about you.
- Health and social care commissioners who fund part of our services. They often require information as part of monitoring the services we provide. Wherever possible we use anonymised information for this purpose.
- The Care Quality Commission and other organisations as part of any regulatory inspection as required by law.
- Where we have a statutory duty to share information, for example with His Majesty’s Coroner and Multi- Agency Safeguarding Hubs
National Data Opt Out
Patients have the right to opt out of their personal confidential information being used for other purposes beyond their direct care:
- Providing local services and running the NHS and social care.
- Supporting research and improving treatment and care
More information can be found at www.nhs.uk/you-nhs-data-matters
Should we receive a request we would ensure the National Data Opt Out requirements are assessed and met before any disclosure was made.
Who can I speak to about my information?
You can speak to any member of the care team about your information and you can also speak to our Caldicott Guardian who is responsible for dealing with more complex issues.
You can contact our Caldicott Guardian by either emailing caldicott.guardian@stgileshospice.com or writing to us at the address below.
Postal Address: (marked For the Attention of: Caldicott Guardian) St Giles Hospice, Fisherwick Road, Whittington, Staffordshire, WS14 9LH.
You are also entitled an independent review of our actions should you have a concern or feel we have not respected your rights as an individual. If you feel this is the case you can contact the Information Commissioners Office. Details on how to do so can be found here on their website https://ico.org.uk/concerns or by calling 0303 123 1113.
Notification of Changes
This statement may change from time to time, for example, if the law around information changes or for operational purposes. We advise you to visit this page regularly to keep up to date with any changes.
October 2024