Privacy Policy
This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it. To find out more about our Privacy Notice, please read the relevant sections below:
• WHO WE ARE
Hospiscare provides a range of palliative care and end-of-life services to people within Exeter, Mid and East Devon. The hospice is a charity and we are registered with the Fundraising Regulator, Information Commissioner’s Office, Care Quality Commission and the Charity Commission.
If you have any questions about your personal data, please contact us via:
The Data Protection Officer
Hospiscare, Searle House, Dryden Road, Exeter, EX2 5JJ
The hospice is registered with the Information Commissioner’s Office (ICO) process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z4946024
• WHY WE COLLECT PERSONAL INFORMATION ABOUT YOU AND WHAT IS OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION?
We may process your personal information for our legitimate business interests. Legitimate interests enables us to run our charity effectively, process and manage your support for us, understand you better and to send you news and information about our work, fundraising activities and events. It can also apply to processing that is in your interests as well.
When we process your personal information for our legitimate interests we make sure to consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws. Our legitimate business interests do not automatically override yours and we will not use your information for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted by law.
• WHAT PERSONAL INFORMATION DO WE NEED TO COLLECT ABOUT YOU AND HOW DO WE OBTAIN IT?
When you make a donation to us, register for an event, join our lottery, offer to volunteer or support us in any other way we will always ask for your full name and address details so that we can process the interaction with you. We will also ask you how you would prefer us to contact you.
On occasion, when it is appropriate, we may also ask you for further information such as:
• Your phone number
• Your email address
• Your date of birth
• Why you are making a donation to us; in particular whether you are donating in memory of someone and your relationship with that person
• Your interests and activities
We store some information of our interactions with you, including: records of your communications with us;
• donation and gift aid information;
• bank details if you set up a standing order
• Information you may provide onto our website such as date of birth or reason for donating;
• Any other information you choose to share with us such as your relationship to other supporters or patients.
We collect information in different ways:
1. You give us your data directly:
When you make a donation, register for an event, join our lottery, sign up to Gift Aid when you donate goods to one of our shops, volunteer, or share your story with us we will collect details that enable us to process or administer our relationship with you.
2. You give us your data indirectly:
When you use online fundraising sites such as Justgiving or Virgin Money Giving, you may agree to them sending us your details so we can contact you to say thank you. If you register for an event or sign up for a newsletter via our website, the details you submit are collected on our behalf by our website provider. If you set up a standing order or direct debit, your bank will send us enough details to be able to process or administer your donations. You may agree to let a friend or colleague give us your details when registering for an event.
We may also collect some details about you via cookies on our website: the cookies we use directly are as follows:
Cookie Name: _ga
Use: This cookie is used by Google Analytics, a third party application (provided by Google) that we use to understand how visitors use our site. You can learn more about this cookie and what Google has to say about it, and others, by logging on to:
https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
When you use our website, we use tools like Google Analytics to collect information such as your IP address, the browser you use (e.g. Internet Explorer, Google Chrome etc.), domain names, the time of day you accessed the website and referring website addresses. This information helps improve our online services, ensures security and helps protect against fraud. It also assists with diagnosing online problems with our website.
Cookie Name: notice
Use: This cookie is used to remember whether or not you have closed the notice which appears at the top of your browser to inform you of the use of cookies on this site. Once set, it is saved on your computer for 45 days or until you delete your cookies.
Name: PHPSESSID
Use: This cookie is used to distinguish you from other users of the site. It is deleted as soon as you leave our website.
We also use social media platforms such as Facebook and Twitter. Companies like these use cookies within their systems which may, depending on your privacy settings, allow us to access some information from your accounts.
• WHAT DO WE DO WITH YOUR PERSONAL INFORMATION?
We use your personal data for a number of purposes including the following:
• To keep a record of donations you make to Hospiscare, actions you take, and our communications with you;
• To process credit and debit card donations you make;
• To process standing order or direct debit payments you make;
• To claim gift aid on your donations;
• To process your lottery draw entries;
• To process your purchase of merchandise from our online shop;
• To send you marketing information about our work and fundraising activities;
• To process your entry for Hospiscare events, manage your participation and communicate with you about it;
• To support community-based fundraising you might be taking part in;
• To ensure we do not send unwanted information if you have informed us you do not want to be contacted;
• To comply with applicable law and regulations.
• WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?
Hospiscare promises never to sell or rent your data to any third party, or share it with any third party for marketing purposes. Hospiscare combines data collected from shop gift aiders and lottery players into its main database of supporters.
We do share your data with organisations that work on our behalf or supply us with services that require your data in order to deliver these services. These include:
FUNDRAISING AND RETAIL:
• Blackbaud Hosting Services
The fundraising department uses a database system called Raiser’s Edge which is supplied to us by Blackbaud, Inc. Your data is stored in Boston, Massachusetts, USA. Blackbaud complies with the EU-U.S. Privacy Shield Framework as set by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Blackbaud Merchant Services (BBMS) is a subsidiary of Blackbaud, Inc which processes online donations and event registration fees on our behalf. Your bank account and payment card details are not stored in our database.
• Nisyst
The Retail department uses a system called Nisyst to store all data from customers who have signed up to the retail Gift Aid scheme. This data is stored in Liverpool with Nirvana Intelligent Systems Ltd.
• Rapidata
This company processes direct debits on our behalf.
• HMRC
HMRC reserves the right to inspect our gift aid files and claim procedures at any time.
• Other types of company:
Printers and mailing companies that send out mailings on behalf of the fundraising, lottery or retail departments and telemarketing companies making fundraising calls on behalf of Hospiscare. We have data processing agreements in place with these companies to ensure your data is kept securely, not sold to others and is deleted as soon as the processing activity is finished. We may also need to share your data with individuals or companies organising events on our behalf.
Data profiling companies - on occasion we compare our database, sections of our database or individual records, to geodemographic data or other publicly available information sources. We may use this information to make decisions about the communications that we send you, or the events to which we invite you.
• Automated decision making:
We use data screening companies to make sure that we do not contact people inappropriately. These companies may use information from publicly available sources to fulfil their services (such as death records) as well as checking against opt out services such as TPS (Telephone Preference Service), MPS (Mailing Preference Service) and FPS (Fundraising Preference Service). We also make automated decisions within Hospiscare because we give you the opportunity to tell us what you would like to hear about. If you have told us you only wish to hear about certain aspects of our work and activities, we will automatically deselect you from hearing about the aspects you have not selected.
• Hospiscare Website:
The London-based firm Fat Beehive hosts the Hospiscare website. If you submit your personal details to us via our website your data will be stored on secure servers based in the UK. If you donate via our website, your bank account and payment card details are not stored on our websites, but are processed and stored by the payment providers:
Rapidata (Direct Debits)
Sagepay (debit/credit cards)
Hospiscare will store your name, address, and other details that you submitted, for identification and administrative purposes.
LOTTERY:
• Lottery data collection
Lottery players’ data is stored securely on Hospiscare’s own server using a password protected lottery application (Combase) and is only accessible by Lottery administration personnel for the purpose of running the draws. Your name address and contact details will also be stored on Hospiscare’s main database; Raiser’s Edge (Blackbaud Hosting Services).
Lotteries are age restricted, therefore, to comply with the Gambling Commission’s licence conditions, we require your date of birth to verify your age.
• Lottery and face-to-face fundraising canvassers
Lottery canvassers are self-employed and work under contract with Hospiscare. They use password protected tablets to capture your data which is encrypted before being transmitted to the hosting providers, Ideal Host. Ideal Host delete data after 180 days.
Your data is auto-deleted from the tablet after transmission preventing unauthorised access by the canvasser or in the event of the tablet being lost.
Hospiscare has password protected access to your data from Ideal Host for the purpose of creating the lottery or direct debit account.
• Lottery Websites
When you join the lottery or buy tickets via the lottery websites your name, address and contact information is stored securely using SSL encryption on the host (One.com).
Your bank account and payment card details are not stored on our websites, but are processed and stored by the payment providers:
- Rapidata (Direct Debits)
- Stripe (debit/credit cards)
• HOW WE MAINTAIN YOUR RECORDS
Information is retained in secure electronic and paper records and access is restricted to only those who need to know.
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we hold your information in strict confidence and allow others access only on a ‘need to know’ basis. We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2016, as explained above. In addition, everyone working for Hospiscare complies with the Common Law Duty of Confidentiality and various national and professional standards and requirements.
We have a duty to:
• maintain full and accurate records of the information we hold on you;
• keep records about you confidential and secure;
• provide information in a format that is accessible to you.
Use of Email - Some services in the hospice provide the option to communicate with supporters via email. Please be aware that the hospice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.
• WHAT ARE YOUR RIGHTS?
The Data Protection Act 2018 gives you certain rights, including the right to:
• Request to access the personal data we hold about you.
• Request the correction of inaccurate or incomplete information recorded in our records, subject to certain safeguards;
• Request that your information be deleted or removed where there is no need for us to continue processing it. However if you have made a donation we will need to keep your data for six years, but so far as possible, we will anonymise your record for the remainder of this period.
• You have the right to withdraw your consent to receive marketing and/or information materials from us at any time.
Withdrawing your consent to marketing communications does not mean that we will never contact you. We may need to talk to you about administrative matters in order to process a transaction or for another business reason. However, we recommend that if you wish to stop any further marketing contact from us, you opt-out of consent to contact. We will then move your details to a ‘suppression list’ which we will check against to make sure that we do not accidentally send marketing to you again in the future.
• Ask us to restrict the use of your information where appropriate;
• Ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information;
• To object to how your information is used;
• To challenge any decisions made without human intervention (automated decision making)
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
DATA PROTECTION OFFICER
Hospiscare employs a Data Protection Officer. Please contact:
Head of Information Governance
Hospiscare, Searle House, Dryden Road, Exeter, EX2 5JJ
Or via
[email protected]
INFORMATION COMMISSIONER'S OFFICE
The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection legislation. https://ico.org.uk/. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Website: https://ico.org.uk/
Email:
[email protected]