Privacy Policy

During the course of its activities, St. Luke’s Hospice collects, stores and processes personal information.

We process personal information about our patients and their family members, carers, or friends; about those who volunteer with us in the hospice or in our charity shops; our donors and supporters; education delegates and about prospective, current and former staff. We also collect, store and process some personal information about people in organisations with which we work closely, such as other health and social care professionals.

We recognise the need to treat personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.

Access to personal and sensitive data is controlled, and only available on a ‘need to know’ basis. All staff receive training on the principles of data protection and information security.

Data Protection laws give individuals rights in respect of the personal information that we hold about you. These are:

  1. To be informed why, where and how we use your information.
  2. To ask for access to your information.
  3. To ask for your information to be corrected if it is inaccurate or incomplete.
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.
  5. To ask us to restrict the use of your information.
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
  7. To object to how your information is used.
  8. To challenge any decisions made without human intervention (automated decision making)

Our Record Keeping policy sets out the criteria we use for data retention. We will retain personal data for the minimum period required by legislation or national guidance provided by statutory authorities. When no longer required for day to day processing, personal information will be archived, either electronically or if in hard copy, stored in a secure archive held offsite and then destroyed when the retention period has ceased.

Should you have any queries about the retention periods for personal data or on any aspect of the use of your information, please contact our Data Protection Lead, Joanne McCollum by email on [email protected], by phone on 01268 524973 or write to: Data Protection Lead, St. Luke’s Hospice, Fobbing Farm, Nethermayne, Basildon, Essex SS16 5NJ. 

Should you wish to lodge a complaint about the use of your information, details of our Comments and Complaints policy can be found on our website or please email our Director of Care and Commissioning and Caldicott Guardian, Joanne McCollum on [email protected] or call her on 01268 524973.

If you are still unhappy with the outcome of your enquiry you can write to The Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or call 01625 545700.

This privacy notice sets out in more detail how we process personal information in the following categories:

  1. Care records
  2. Employment, volunteering and training records
  3. Donor and supporter records

1. Care Records

We aim to provide you with the highest quality care. To do this, we must keep records about you and the care we provide for you.
St. Luke’s Hospice collects, stores and processes personal information about prospective, current and former patients who have been referred to the hospice for any care service provided by the hospice. We also collect, store and process personal information about prospective, current and former family members, carers or friends of patients, where these details have been provided to us for the purposes of providing care.

1.1 What types of personal data do we handle?

The personal data we process in relation to our care is provided to us both by the individual and by a third party healthcare professional who has referred the individual to us for care.

  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
  • Contact details such as names, addresses, telephone numbers, email address and emergency contact(s)
  • Medical information including physical or mental health condition, medications, previous treatments and records of care given by other health and social care organisations.

Health records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection Laws.

1.2 What is the purpose of processing this data?

The legal basis for the processing of data for these purposes is that St. Luke’s Hospice has a duty to care for its patients and is contracted to provide healthcare by the NHS. Processing this data is necessary for the provision of health and social care and the treatment of patients, and for the management of health or social care systems and services.
Information collected about you to deliver your health care is also used to assist with:

  • Making sure your care is coordinated and of a high standard.
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care.
  • Using statistical information to plan services to meet the needs of the population.
  • Preparing reports and statistics on our performance for NHS commissioners, the Care Quality Commission and other regulatory bodies.
  • Helping train staff and support research.
  • Supporting the funding of your care.
  • Reporting and investigation of complaints, claims and untoward incidents.
  • Reporting events to the appropriate authorities when we are required to do so by law.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this.

  • If the public interest is thought to be of greater importance: for example, if a serious crime has been committed; if there are risks to the public or our staff; to protect vulnerable children or adults or yourself.
  • Where we have a legal duty, for example reporting some infectious diseases, wounding by firearms and complying with court orders.
  • If we need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority) to do this.

Our staff are trained to handle your information correctly and protect your confidentiality and privacy; we do not undertake automated decision-making such as profiling.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to any other third parties. Your information is not processed overseas.

1.3 Sharing your information

Sometimes your care may be provided by members of a care team, which might include people from other organisations such as health; social care; education; or other care organisations.

We ask for your consent to share your information with other organisations in order that we can provide effective care to you. If you do not want us to do this, you have the right to ask us not to and we will discuss with you the implications this may have for your care.

We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation. If you want further information about the handling of care records and patient information, please contact the Director of Care and Commissioning and Caldicott Guardian, Joanne McCollum by phone on 01268 524973 or by email [email protected]

2. Employment, Volunteering and Training Records

St. Luke’s Hospice collects, stores and processes personal information about prospective, current and former staff, including applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience.

2.1 What types of personal data do we handle?

The personal data we process in relation to employment, volunteering and training is provided to us by individuals at the point of application for a role at St. Luke’s Hospice, or by the agency where we engage agency staff.

In order to carry out our activities and obligations as an employer we handle data in relation to:

  • Personal demographics (including gender, age, race, ethnicity, sexual orientation, religion)
  • Contact details such as names, addresses, telephone numbers and emergency contact(s)
  • Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks)
  • Bank details
  • Pension details
  • Medical information including physical or mental health condition (occupational health information)
  • Information relating to health and safety
  • Trade union membership
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment Tribunal applications, complaints, accidents, and incident details

Our staff are trained to handle your information correctly and protect your confidentiality and privacy; we do not undertake automated decision-making such as profiling.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes and it is not processed overseas.

2.2 What is the purpose of processing this data?

We have a legal basis to process this as part of your contract of employment or agreement (either permanent or temporary) or as part of our recruitment processes following data protection and employment legislation.

We process your data for the following reasons:

  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Crime prevention and prosecution of offenders, or fraudulent activity
  • Provision of education and training
  • Health administration and services

The provision of personal data is therefore part of a contractual requirement, including the fulfilment of an agreement to volunteer or be a trainee at St. Luke’s Hospice. Failing to provide the personal data required would consequently mean we would be unable to complete our recruitment processes and we could not engage you in a contract of employment.

2.3 Sharing your information

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.

There are a number of reasons why we share information. This can be due to:

  • Our obligations to comply with legislation
  • Our duty to comply any Court Orders which may be imposed
    We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.

To enable effective staff administration we share your information with some specific external organisations in order to comply with our obligations as an employer.

Further details can be provided by our Human Resources Department, who can be contacted by email [email protected] or by phone on 01268 524973

3. Supporter and Donor Records

St Luke’s Hospice, including St. Luke's Hospice Trading, collects, stores and processes personal information about prospective, current and former donors and supporters of the charity. This could relate to individuals, groups, funders and businesses, who donate, fundraise, support our charity shops, buy Hospice products and services, take part in Hospice events and include a gift in their Will.   

3.1 What personal data do we hold?

Personal data may be shared with us directly by a supporter or via a third party, for example a friend or family member who may register someone for an event, Local Hospice Lottery, JustGiving, MuchLoved or Facebook. You will be able to check any third party privacy policies on their websites or by contacting them directly.

We may also research and hold supporter information from public sources, for example corporate or group websites and Companies House.  

In order to carry out our activities in relation to donors and supporters, we handle data in relation to:

  • Contact details such as names, addresses, telephone numbers and emails.
  • Date of birth and gender (particularly in relation to registering to take part in events)
  • Bank account and credit card details where these are provided to make a regular or one-off payment. 
  • Estate and executor information in cases where a supporter has left us a gift in their Will
  • Gift Aid declarations and taxpayer status in order for us to claim Gift Aid 
  • Communication preferences
  • Any other personal information provided to us

Our staff are trained to handle your information correctly and protect your confidentiality and privacy. We do not undertake automated decision-making.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing.

Your information is only collected for the purposes of administering your support and communicating with you about our work and ways you can support the Hospice. We will not sell sold your data to other organisations for marketing purposes. Our Donor Charter sets out in more detail the standards we adhere to in fundraising.

We always try to work with organisations which operate within the European Economic Area (EEA). Where we could in the future workwith a supplier operating outside the EEA, we will ensure they provide an appropriate level of protection. This is called an “adequacy decision”, and is guaranteed by schemes such as the Privacy Shield framework. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA. If you want more information about the non-EEA suppliers we use, please contact our Fundraising team at [email protected] or via our switchboard 01268 524973.

3.2 What is the purpose of processing this data?

In accordance with the UK General Data Protection Regulations 2018, we use personal data to: 

  • Provide requested information, services and products. 
  • Administer your support, including processing Gift Aid 
  • Communicate with you in relation to your support, queries or complaints
  • Develop a better understanding of our supporters and identify potential new supporters
  • Undertake fraud prevention and money laundering checks
  • Meet our legal and regulatory obligations 

We may use your data based on having received your specific consent to do so. For example if you make a donation to us online and select that you would like to hear about other ways you can support us by email, we may contact you by email with details of fundraising events and campaigns you may be interested in. You can change your preferences at any time by emailing [email protected] or calling 01268 524973

We may use your data on a legal basis in order to fulfil our legal and regulatory obligations or to fulfil a contract, for example when you order fundraising materials from us or make a purchase.  

We may also use your data on the basis of legitimate interest, where we feel it is fair and reasonably necessary, for example: to send donation acknowledgement communications and sharing personal data between relevant teams within the Hospice and our partners to keep our records up to date. 

For marketing communications with supporters, we ask for your explicit consent to contact you by email or text and legitimate interest for direct mail and communications by phone. 

You may withdraw your consent for us to process your data at any time. Should you wish to withdraw your consent, please contact our Fundraising team at [email protected] or 01268 524973.

If you wish to withdraw your consent to our processing your data in respect of Gift Aid donations in our shops, please contact our Retail team on 01268 522741.

3.3 Sharing your information

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. In order to process your information and donations to the highest possible standards, we will sometimes need to give other organisations access to your data. Examples include fundraising suppliers, database storage and mailing houses, who may process data on our behalf.

There are a number of reasons why we share information. This can be due to:

  • Our obligations to comply with legislation
  • Our duty to comply any Court Orders which may be imposed
  • To detect and prevent crime or fraud
  • To comply with requests from other bodies that inspect and manage public funds
  • To process Gift Aid claims

3.4 Website and Cookies

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are used to give the owners of the website information about the visitors. Information such as what time of day they are coming to the website, and how long they spend on there. You can find out more about cookies used on this website on our Cookies Policy

Google Analytics

These cookies collect information about the way visitors access the information on our website. We use that information to make improvements and produce statistics such as the number of visitors to the site and the most popular pages being viewed. The cookies collect information anonymously. More information on privacy and security from Google.

If you would like to learn more about cookies, how they are used, which ones are on your computer and how to remove them, visit: www.allaboutcookies.org

You can also choose to opt out of Google Analytics tracking your website activity. To do this, visit: http://tools.google.com/dlpage/gaoptout

Use of Your Information

The information we collect is used for our own use in developing our website and services – we may use the information for the following purposes:

  • To provide you with information relating to our website, St. Luke’s Hospice events or our services that you request from us.
  • To provide you with information on other St. Luke’s Hospice products that we feel may be of interest to you.
  • To meet our contractual obligations to you.
  • To notify you about any changes to our website, including improvements, and service or product changes that may affect our website.

If you are an existing supporter or service user, we may contact you with information about new events services similar to those that you have expressed an interest in previously via our website.

Our website provider

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources.

Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in this privacy policy.
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights as detailed in this privacy policy.

Published:

Updated:

Author:

Share this page
Manage Cookie Preferences