St Elizabeth Hospice is committed to protecting the privacy of everyone who uses our services: as patients and carers or as employees and volunteers; and that of anyone who supports our work throughout fundraising, retail or lottery activities. This statement explains what personal data we collect and process, how we collect it, whom we share it with, and why we do so. It also explains the steps we take to keep data secure.
What is personal data?
By personal data we mean any information that might allow you to be identified, such as your name, address, date of birth, credit card details, I.P. address, photo or video image or voice recording. It may also be anything that identifies you for example your NHS number or biometric data. For our patients, some of this data will be sensitive and relate to their health and wellbeing, ethnicity and religious views.
How do we collect personal data from you?
Information is given to us directly when, for example, you become a service user, register for a fundraising event, volunteer to support the charity, become an employee, or make a donation, including to our charity shops.
We will ask you to provide personal information. You may provide this on a form, during a discussion, over a web form or by other means.
The details we ask you for will be directly related to the purpose for which they are required, for example:
- A charitable donation may be given anonymously, but we would prefer to have your contact details so that we can confirm receipt and keep you informed; you will be able to choose whether or not you supply this information. Depending on your payment method we may need to record your payment details.
- As a donor, we will often ask you for more information than the bare minimum to process your donation, this may be so that we can identify you as an event entrant or it may be part of building a long-term relationship with you. Our fundraisers will be genuinely interested in how you have raised funds and why you have chosen to support St Elizabeth and may record this information so they have a record when they next contact you.
- If you are a member of staff or a volunteer more information will be required, depending on the work you do we may need to ask you for sufficient information to carry out some background checks and there is certain information that we are required to have on record.
- If you are a service user then your records may include sensitive personal data, including medical information.
Our current lawful basis for collecting personal information is contained within the General Data Protection regulation (GDPR) and the UK Data Protection Act (DPA) 2018.
When we collect personal data, the types of data we collect and the purposes for which personal data is collected.
Your information will only be collected, stored or processed where a specific purpose has been identified. This will fall into the following categories:
- If you are a patient
If you use our clinical services we will need to collect information such as your name, age, address, contact details, date of birth, gender, ethnicity, next of kin, religious beliefs, and other protected characteristics. In order to provide complete care we may also collect some information about family members and carers. If you stay on or visit our premises, such as our Inpatient Unit, we may collect your image on CCTV. It may also be necessary to take still images of you for medical purposes. If you call our OneCall Service your call will be recorded for training and quality purposes. We also receive data about our patients and their families and carers from other healthcare providers.
- Fundraising, visiting our shops, and playing our lottery
The personal information we collect about you for the purposes of our fundraising, lottery and retail activities might include your name, address, email, phone number, date of birth, I.P. address, photo or video image and financial information such as credit card details. You may appear in still images or video footage using Closed Circuit Television (CCTV) that is used on some hospice sites for security purposes.
- Volunteering with us
If you volunteer with us we will collect your name and contact details. We may also take still images of you or video footage using Closed Circuit Television (CCTV) on some hospice sites.
- Working for us
If you apply for or take a job with us, we will store your contact information, bank details, and keep records of your employment history. You may appear in still images or video footage using Closed Circuit Television (CCTV) that is used on some hospice sites for security purposes.
Using our website
If you use our website, we will store data about your internet browser, I.P. address, the timings of your visits, and a record of which pages you looked at.
Use of 'cookies'
Like many other websites, St Elizabeth Hospice website uses 'cookies'. Cookies are small files stored on your computer that allow websites to recognise you when you visit. They store data about your browsing history but will not identify you as an individual. This helps us to improve our website and deliver a better more personalised service.
By using our website and services you agree to be bound by the terms of this statement.
We take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of our website users throughout their visiting experience. This website complies with all UK legislation and requirements for user privacy. The policy will be reviewed and updated in line with any subsequent legislation.
How we use your information
We may use your information for any of the following depending on our relationship with you.
For our fundraising, retail and lottery services we may collect data in order to provide you with products and services (sometimes as part of a contract), process a donation you have made, to send you newsletters and other communications about our work or to allow you to take part in events.
We collect personal data about job applicants and employees for administrative purposes and in order to comply with employment and safeguarding legislation, such as referrals to the Disclosure and Barring Service.
We collect personal data from our volunteers for administrative purposes and to comply with safeguarding legislation, such as referrals to the Disclosure and Barring Service.
When we collect data from patients and their families and carers, we do so in order to provide care to them and protect their wellbeing. We also collect and store it for the purposes of audit, quality control, and incident reporting.
We process information for certain legitimate business purposes which include some or all of the following:
• Where the processing enables us to embrace, modify, personalise or otherwise improve our services/communications for the benefit of our customers.
• To identify and prevent fraud
• To enhance the security of our network and information systems
• To better understand how people interact with our website
• To provide postal communications which we think will be of interest to you
• To determine the effectiveness of campaigns and events
Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to processing and also access to your information if you wish by emailing firstname.lastname@example.org.
Who has access to your information?
We will never sell or swap your details with third parties. We may share data you provide with trusted third parties, subcontractors, our regulators, and with law enforcement authorities if necessary. We may share patient data with other healthcare providers with the patient’s consent. We may sometimes also be legally required to share it with local authorities and our regulator, the Care Quality Commission.
We currently do not share identifiable personal information from your healthcare records with external organisations for the purposes of research or service planning. If we ever sought to do so, you would be given the opportunity to opt-out of sharing your data, in keeping with the NHS Digital National Data Opt-Out scheme.
Your consent is important
For direct marketing communications we collect data only with your explicit consent, which you may withdraw at any time. We will enable you to record your preferences using tick boxes at various points when we communicate with you.
On correspondence requesting consent from you we will ask what types of communication you would like. Please see below further detail on what you would expect to receive for each type of communication:
Fundraising and Events
- Requests for financial support through mailings such as in memory appeals.
• Updates on new and existing fundraising initiatives.
• Information on a selection of hospice organised events i.e. Midnight Walk etc.
• Information on places in challenge events i.e. London Marathon, bespoke walks and bike rides etc.
Hospice Lottery and Raffles
- Information regarding the St Elizabeth Hospice Lottery.
• Raffle tickets for the hospice raffle.
- Volunteering information including current vacancies.
- Information about various hospice services both existing and new developments.
• Newsletter mailings i.e. time magazine and any interim updates from the hospice.
- Information about various retail activities
Accessing and updating your information
We care about the accuracy of the information we hold about you. If you believe any information about you is incorrect or out of date, please contact us.
Volunteering: 01473 707939 or email - email@example.com
For patients, please contact our OneCall team on 0800 5670111
At St Elizabeth Hospice we take your security and privacy seriously. When we collect your personal information we use a variety of technical processes to prevent unauthorised access including firewalls, digital surveillance, and encryption.
All staff have contractual obligations of confidentiality, enforceable through disciplinary procedures. All staff will receive appropriate training on confidentiality of information and staff who have regular access to personal confidential data will have received additional specialist training.
Any sensitive information you send to us (such as credit card details) will be encrypted. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Your rights, including right of access
You have a right to have your privacy respected and your data protected. The law gives you access to the personal information we hold about you, if you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date and well managed.
You can choose who can contact you and how. You can change your mind at any time. You can control if and how we contact you, for example by e-mail or phone. We must give you the opportunity to change our mind about the choices you have made. This helps to give you options and keep you in control.
You can request to have a copy of your medical records that we hold for you. Such requests should be made in writing to the Chief Executive Officer, 565 Foxhall Road, Ipswich IP3 8LX, or via e-mail to firstname.lastname@example.org, as outlined in our policy for access to medical records. There is no charge for this service.
If you are 16 or under
In some circumstances we may need to know if you are aged 16 or under and may refuse certain services, products or events unless we have your parent/guardian’s permission.
Your right to lodge a complaint with a supervisory authority
If you believe that we breached your privacy in any way, we urge you in the first instance to contact our Data Protection Officer.
If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office at the address below:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate)
01625 545 745 (national rate)
Changes to this policy
For the purposes of Data Protection Laws, the Data Controller is: St Elizabeth Hospice (Charity No. 289154), a charity that supports people with incurable illness in the East Suffolk area. Our registered office address is:
565 Foxhall Road, Ipswich, Suffolk, IP3 8LX
Company number: 01794927
If you have any questions about this privacy statement or our privacy and data processing in general, please contact our Data Protection Office email@example.com or 01473 727776 or write to us at the address above.
For patient privacy concerns the address is firstname.lastname@example.org