St. Margaret’s Hospice takes your privacy seriously. We are committed to protecting your personal information. This policy sets out how we use the information that you provide us with in order to help further our work in providing care throughout Somerset.

Privacy policy - your data

About us:

St. Margaret’s Hospice has been at the heart of Somerset’s community for over 37 years, delivering high quality, responsive and compassionate care to patients and their families facing a life-limiting illness.

At St. Margaret's Hospice we are:

Patient centred, compassionate, respectful, brave, self-aware, informed and driven.

These values weave through everything we do

We will not sell your data to any third parties, but we may sometimes share your information with our subsidiaries, with trusted service providers and selected partners who fundraise or work on our behalf. We ensure that any third parties with access to your data are held to strict standards for data use and security.

Who we are

By St. Margaret’s Hospice (the data controller) and our subsidiaries we mean:

  • The charity, St. Margaret’s Somerset Hospice (registered charity numbers 279473);
  • St Margaret’s Hospice Retail Ltd, Company Registration Number: 7204857

Our Data protection officer can be contacted on 0845 0708910 or by emailing [email protected]

 

Your Information – what we collect and how we use it

St. Margaret’s Hospice collects information from the public in a number of different ways. For example, we ask for contact and other information when you receive any of our services or attend one of our fundraising events.

This may include information such as your name, date of birth and contact information. We use this information to help us provide and improve our services as a charity and to keep a record of our communications and care we provide.

If you use one of our services we will also collect details about any care and treatment you have received along with details about your health, including test results.

If you are a financial supporter of St. Margaret’s Hospice, by becoming a member, playing our weekly prize draw, purchasing or donating goods at one of our retail outlets, attending or sponsoring a fundraising event or donating to us, we will ask for information that enables us to administer your donation. This will normally include information such as your name, contact details such as address, email or telephone number and your payment details and Gift Aid status.

If you have given us your consent, we will contact you with information and updates on our work, products (such as events and campaigns) and how you can support us, (such as fundraising). This may be by post, email, telephone or text message, depending on your preferences. We will also continue to ask about your marketing preferences, to ensure that you are still happy to be contacted by us and by which means.

 

What the Law says about protection of personal information

The Law on Data Protection is derived from various pieces of legislation (can be found in a number of places). These include the Data Protection Act and the incoming General Data Protection Regulation (the ‘GDPR’) which will become enforceable in May 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the GDPR’s definition of processing. The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply.

The legal grounds that are most relevant to St. Margaret’s Hospice use of your personal information are:

  • Public Task
  • Legitimate Interest
  • Legal Obligation
  • Consent
  • Contract

In addition certain categories of data (such as healthcare data) require additional conditions to be met.

The two conditions for processing special category data that most apply to St. Margaret’s Hospice are

  • processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
  • scientific or historical research purposes or statistical purposes

 

How the law applies to St. Margaret’s Hospices use of personal information

St. Margaret’s Hospice will only process (use) your personal information if we have:

  • A statutory obligation to do so where we establish the ‘official authority’ to conduct the activity for which the processing is necessary.
  • A ‘Legitimate Interest’ to do so in order to support our charitable purposes. Our use will be fair and balanced and never unduly have an impact on your rights.;
  • A legal obligation to use or disclose information about you, e.g. we are required by law to retain the audit trail for any Gift Aid indefinitely.
  • Asked you and have a record of your express and recent consent for us to do so;
  • A contract with you that we can only fulfil by using your personal information, e.g. to send you an item that you have requested

In extreme situations, such as an accident or medical emergency, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

We will not unduly prioritise our interests as a charity over your interests as an individual. We will always balance our interests with your rights. We will only use personal information in a way and for a purpose that you would reasonably expect in accordance with this Policy.

St. Margaret’s Hospice will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities.

 

Legal Grounds for Processing – By Department

Patient Services

St. Margaret’s Hospice has a statutory obligation to process your data if you receive any care from our clinical services. We do so under the Official Authority of the Health and Social Care 2012 and NHS Act 2006.

As much of the data we hold on patients is classed as special category data under the new General Data Protection Regulations, we process this data for the medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

Where you have been involved in any clinical research with us or within any other health or social care organisation we process your data for scientific or historical research purposes or statistical purposes in accordance with EU member state law. However, we ensure any such processing does not violate your rights and interests as an individual.

HR and Volunteering

If you are a member of staff, volunteer or apply for a position within the organisation, St. Margaret’s Hospice has a legal obligation to process certain aspects of your data such as financial and tax information, proof of your right to work in the UK, or for disciplinary and grievance records. We will also process your data where we feel we have a legitimate interest to do so, balancing your interests against our own.

Additionally we will process your data to ensure our compliance with any contract we have with you or have obtained consent to do so. Examples include processing your payroll or pension data.

Finance

St. Margaret’s Hospice will process your data where we have a legal obligation to do so under various acts such as under the Companies Act 2006, Finance Act 1998 and VAT Act 1994.

We will also process your data where we have collected consent to do so or have determined it is in the legitimate interests of the business. This includes administration of expenses and to process donations.

Fundraising and Retail

St. Margaret’s Hospice will process your data when there is a contract in place with the data subject e.g. you sign up to our hospice weekly prize draw, purchase goods through an online store or sign up for a fundraising event.

We will also process your data where there is a legal obligation to do so such as any gift aid status under the Income Tax Act 2007We will also process your data where we feel there is a legitimate interest to do so, ensuring we do not harm your rights and freedoms as an individual. Please find more information below regarding legitimate interests.

Marketing and Communications

St. Margaret’s Hospice will ask for your consent before we communicate with you for certain purposes. For example, we will only email or send you an SMS about our fundraising activities if we have an accurate record of your recent and freely given consent to do so.

You can withdraw your consent at any time by phoning 0845 345 9671 or emailing [email protected]

There are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground e.g. Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing. We commit to carrying out a balancing assessment to ensure our legitimate interest does not override your own.

What is Legitimate Interest?

Legitimate interest is a legal ground for processing that means organisations can process your personal information if:

  • they have a genuine and legitimate reason for doing so
  • its use does not harm your rights and interests as an individual

St. Margaret’s will not prioritise our legitimate interests as a charity over your rights as an individual.

Why would we process your data under Legitimate Interest?

We aim to be clear about what information we collect, to enable you to make meaningful choices about how it is used.

When it is necessary we will contact you for administrative purposes, e.g. to contact you regarding a payment. We will also hold the minimum personal information required to support our ability to respect your preferences for communication with us.

To help you to understand when and why St. Margaret’s Hospice would use Legitimate Interest to process your personal information we provide the following examples:

  • To send you exciting updates about our work, campaigns, services and how you can support us, including fundraising activities and research which further the aims of St. Margaret’s Hospice.
  • To process your donations, fulfil online transactions and process/deliver your orders.
  • To ensure our services and communications are relevant to you, we may analyse the data you have given us and add publicly available information (such as public records or social media); this may include wealth screening. This enables us to contact you in an appropriate and cost-effective way. Information we gather could include things like your interests, preferences and the level of any potential donations.
  • We may contact you to ensure the contact details you have given us remain accurate and up to date. In some circumstances we may use external data lists to avoid misdirecting our communications with you, including the Telephone Preference Service and the Fundraising Preference Service.
  • To improve our websites and systems, and prevent fraud when transacting on our website.

Who do we share personal data with?

We share data with a range of organisations. We will always endeavour to share the minimum amount of personal data required, even anonymising data where we possible. However, there will be some instances where personal data will need to be shared with other organisations for the purposes of caring for a patient or to meet legal obligations.

We may share personal data with the following organisations for the purposes of delivering or improving healthcare, or where there is a legal requirement for us to do so:

  • Clinical commissioning groups
  • Health authorities
  • NHS organisations
  • General practitioners (GPs)
  • Child and adult safeguarding services
  • Ambulance services
  • Other health care providers e.g. refer you to another appropriate service
  • Social services
  • Education services
  • Local authorities
  • Police

We may also share your data with organisations that work on our behalf or supply us with services that require your data in order to deliver these services, and where we have a legal obligation to do so. Companies we work with include:

  • Rapidata This company processes direct debits on our behalf
  • HMRC HMRC reserves the right to inspect our Gift Aid files and claim procedures at any time
  • St. Margaret’s payroll provider
  • St. Margaret’s pension provider and pension Management Company
  • Occupational Health provider
  • Employee Assistance Programme provider

Other types of company

Printers and mailing companies: to send out mailings on our behalf. Data profiling companies: on occasions we may compare our database or sections of our database with geodemographic data. We may use this information to make decisions about the communications we send you, or the events we invite you to. Data cleansing companies: occasionally we may use an external provider to remove duplicate and incomplete records from our database. We do this to limit waste of resources and ensure our communications reach the people who want to hear from us.

How long do we retain your records?

All our records are destroyed in accordance with the St. Margaret’s Hospice Records and Document Management Policy, which sets out the appropriate length of time each type of record is retained. We do not keep your records for longer than necessary.

All records are removed confidentially once their retention period has been met and St. Margaret’s Hospice has made the decision that the records are no longer required. For more information please see the Records and Document Management Policy

Removed electronic records may still exist within an organisation for a maximum of 15 years but will be put ‘beyond use’. Beyond use means it has been deleted from systems used by the organisation with no intent to use it again, however that it may exist in some form in the electronic ether. Examples of this will include IT Service Backups, or Archives.

If you have completed a Gift Aid declaration, HMRC requires us to keep a record of your gift indefinitely

If you have demonstrated an interest in St. Margaret’s Hospice by contacting us about one of our services or campaigns, we will hold onto your personal information for two years afterwards.

We promise not to keep your personal information any longer than necessary.

You can opt out/give or withdraw consent/change your preferences at any time

You can change your preferences with us at any time by calling us on 0845 345 9671, emailing [email protected] or writing to us at St. Margaret’s Hospice, Heron Drive, Taunton TA1 5HA

Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law. This could include requests from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.

If you believe your privacy rights have been violated, you may file a complaint with us or with the Information Commissioners office https://ico.org.uk/

 

Cookies and Web Privacy

We at St. Margaret’s Hospice guarantee our commitment to respecting and protecting your online privacy.

This includes your need and your right to know what we do with the personal information you share with us. It also guides our company's policies regarding the management of this data, including how the information is collected, processed, and for what purposes.

"St. Margaret’s Hospice": refers to the web pages. By accessing this website you are consenting to the way information is collected and used, as described within this Privacy Policy. In return, St. Margaret’s Hospice gives the commitment that we will use the personal data you provide only in ways that are compatible with the following Privacy Policy.

Cookies

About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

 

Cookies that we use

We use cookies for the following purposes:

(a)   authentication - we use cookies to identify you when you visit our website and as you navigate our website (cookies used for this purpose are identify cookies);

(b)   status - we use cookies to help us to determine if you are logged into our website (cookies used for this purpose are identify cookies);

(c)   personalisation - we use cookies to store information about your preferences and to personalise the website for you (cookies used for this purpose are identify cookies);

(d)   security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally (cookies used for this purpose are identify cookies);

(e)   advertising - we use cookies to help us to display advertisements that will be relevant to you (cookies used for this purpose are identify cookies);

(f)   analysis - we use cookies to help us to analyse the use and performance of our website and services (cookies used for this purpose are identify cookies); and

(g)   cookie consent - we use cookies [to store your preferences in relation to the use of cookies more generally (cookies used for this purpose are identify cookies).

 

Cookies used by our service providers

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/. The relevant cookies are identify cookies.

The analytics cookies used by our website have the following names: [_ga, _gid, _gat, __utma, __utmt, __utmb, __utmc, __utmz and __utmv].

 

Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a)   https://support.google.com/chrome/answer/95647?hl=en (Chrome);

(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

(c)   http://www.opera.com/help/tutorials/security/cookies/ (Opera);

(d)   https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e)   https://support.apple.com/kb/PH21411 (Safari); and

(f)   https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

Blocking all cookies will have a negative impact upon the usability of many websites.

If you block cookies, you will not be able to use all the features on our website.

 

Emails

Some emails that we send you have no tracking in at all. Other emails we send we can track, at an individual level, whether the user has opened and clicked on the email. We do not use this information at a personal level, rather we use it to understand open and click rates on our emails to try and improve them. If you want to be sure that none of your email activity is tracked then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every email we send.

 

Web Security

Financial transactions made online to St. Margaret’s Hospice using this site are secure. No one can access your credit card details via the internet.

How our website works

When you have completed your donation or sponsorship, your web browser will be connected directly to our secure server. You can see that the connection is secure by looking at the padlock or key icon in the bottom left hand corner of your browser. Your browser may also alert you to the fact that you are connecting to a secure server, and if so, it will also tell you when you are closing the secure connection once you have donated. This is for your information only.

Our secure server communicates with your browser using SSL (Secure Sockets Layer) protocols, so that all your personal information, including credit card number and your name and address, is encrypted. This process takes the words and figures you enter, and converts them into bits of code that are then securely transmitted over the internet.

 

Information

Please note that all material on this website is the copyright of St. Margaret’s Hospice or third parties. You may print any St. Margaret’s Hospice information leaflets on this site for your personal use, private study or for teaching purposes in schools colleges or universities. However, the material cannot be adapted for use in any other publication, used for profit or used in any way that will bring the charity into disrepute.

This information was last updated in May 2018. From time to time, we will make changes to the information on this page. The amended information will apply from the date it is posted on the site and will govern the way in which we collect and use personal information from then on.