Privacy Policy

St Ann’s is the largest charity funded hospice based in the North West of England and provides Palliative Care services to patients and families across Greater Manchester, including inpatient, outpatient and community services. To provide our services, it is necessary for us to process both personal and confidential data about our patients, staff, volunteers, donors, supporters, customers, visitors and partners.

Within the context of this policy, ‘we’, ‘us, ‘our’ refers to St Ann’s Hospice and our subsidiaries:

  • St Ann’s Hospice registered charity number: 258085
  • St Ann’s Hospice Trading Company Limited registered company number: 2538527

We are the ‘Data Controller’ of the personal data that we process and have a robust framework in place meet the requirements of the Data Protection Act 2018, UK General Data Protection Regulation and the NHS Data Security and Protection Toolkit. We are registered with the Data Commissioner’s Office (ICO) and you can find all current registrations on the ICO’s register of fee-payers:

  • St Ann’s Hospice: Z5762319
  • St Ann’s Hospice Trading Company Limited: ZA100746
  • Trustee(s) of the St Ann’s Hospice Pension Scheme: Z7906037

This is our Privacy Notice, which provides information about how and why we process your personal data. We will provide examples of the data, uses and organisations that we work with but please note, the lists are not exhaustive and may change from time to time. You can contact our Data Protection Officer with queries or concerns relating to the use of your personal data using the following contact details:

Data Protection Officer
St Ann’s Hospice,
Meadowsweet Lane (off Peel Lane),
Little Hulton,
Worsley,
M28 0FE.

Date of last review: February 2024
Telephone: 0161 702 8181
Email: dataprotectionofficer@sah.org.uk
St Ann’s Hospice Privacy Notice

PATIENTS, CLIENTS, FAMILY AND CARERS

What data do we collect?

We collect the following personal data from you, your family, friends and carers, and other health and social care providers, for example your GP, Hospital, Community teams and Local Authorities:

  • Individual Identifiers (your NHS Number)
  • Contact Details (Name, address, telephone numbers, email address)
  • Date of Birth and Age;
  • Contact Details of your Next of Kin, Family Members, Friends, Carers and other Care Providers (Name, address, telephone numbers, email address)

We also collect the following personal data, which is more sensitive in nature:

  • Data concerning your physical or mental health (for example, details about your appointments or diagnosis)
  • Data revealing your racial or ethnic origin
  • Data concerning your sex life
  • Data concerning your sexual orientation
  • Genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
  • Data revealing religious or philosophical beliefs
  • Data relating to criminal or suspected criminal offences

Why do we process your data?

St Ann’s Hospice uses your personal data for the following purposes:

  • To invite you to, and to assess suitability of our services for you and your support network;
  • To provide you and the people that care for you with our care and support services;
  • To communicate with you via post, telephone, email, text message or sometimes, video call;
  • To manage and audit our services, including both local, regional and national audits;
  • To help us identify and drive quality improvements within the Hospice’s services;
  • To conduct Patient, Family and Friends surveys;
  • To investigate queries, incidents, complaints or legal claims;
  • To protect our Hospice, patients, staff and visitors from crime and mis-conduct;
  • To invite you to take part in market research;
  • For health and social care research, and planning purposes:
    All research studies that we take part in, or recruit for will be approved by the Health Research Authority before commencing. More information about this can be found here: https://www.hra.nhs.uk/data-about-patients/
  • Your personal, confidential data will not be used for this purpose in an identifiable format if you have signed up to the National Data Opt-Out. For more information about the National Data Opt-Out, click the following link: https://digital.nhs.uk/services/national-data-opt-out
  • To provide important statistical data to our commissioners and partners for funding and management purposes.

Health and Social Care Data Sharing

St Ann’s Hospice shares your personal data with NHS organisations, non-NHS organisations and Local Authorities who are involved in providing health and social care to you. By sharing data in this way, we are able to work as multi-disciplinary teams to ensure that your health and social care needs are being met and you don’t need to repeat the same information to different providers. Examples of organisations that we routinely share data with are:

  • NHS England
  • Greater Manchester Integrated Care Board
  • Northern Care Alliance NHS Foundation Trust
  • Manchester NHS Foundation Trust
  • Stockport NHS Foundation Trust
  • The Christie NHS Foundation Trust
  • General Practitioners (GPs)
  • Community Pharmacies
  • Salford, Trafford, Manchester and Stockport Councils
  • Research organisations (e.g. Universities)

We are also proud to be part of, and contribute to the Greater Manchester Care Record, which is a shared care record that can be accessed and used by a number of health and social care organisations across the region. More data about the Greater Manchester Care Record can be found here: https://healthinnovationmanchester.com/thegmcarerecord/

A copy of the Greater Manchester Care Record Privacy Notice can be found here: https://healthinnovationmanchester.com/the-gm-care-record-privacy/

We may also share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If we receive a formal order from a court acting in their judiciary capacity;
  • If there is a public health need such as preventing the spread of infectious diseases;
  • If there is a safeguarding need (vulnerable adults or children); and
  • If we receive a request from an organisation with statutory investigative powers, for example, the Care Quality Commission, the General Medical Council (and other professional bodies), the National Audit Office or the Health Service Ombudsman.

How do we process your data lawfully?

The Data Protection Act 2018 and the UK General Data Protection Regulation requires personal data to be processed fairly, lawfully and transparently. St Ann’s will only process your personal data as long as there is a lawful basis and it is necessary for us to do so. The following legal bases are commonly relied upon for processing patient’s and client’s personal data:

  • Public Interest, and for the Provision of Health and Social Care Services –to deliver and manage our care and support services, which are partially funded through our contract with the NHS.
  • Public Interest, and for Archiving, Research and Statistical Purposes – to perform research using health and social care data.
  • Consent – when you join one to one or group video consultation sessions, provide consent to be contacted via email or text message or consent to take part in research.
  • Legitimate Interest – to ask if you’d like to take part in market research.
  • Legal Obligation – to manage your personal records in line with Data Protection Legislation and the NHS Records Management Code of Practice.

Which other organisations do we work with?

We engage with other organisations for the provision of the below services. As part of the service, the other organisations process your personal data on our behalf:

  • IT, Communications and Data Management
  • Confidential Archive and Waste Management
  • Interpreters
  • Insurance Companies
  • External Auditors
  • Lone Worker Services
  • Market Research Services

All third-party contracts are assessed to ensure compliance with the UK General Data Protection Regulation, and we always try to work with accredited organisations.

STAFF, VOLUNTEERS, TRUSTEES AND CONTRACTORS

What data do we collect about you?

When you apply for a role (staff, volunteer, trustee, bank or contract) at St Ann’s, we can collect your data from a number of sources. This will depend on how you have submitted your interest in working with us. The source of your data can be you, an online job/volunteering website that you have signed up to, your recruitment consultant or referees that you have supplied for your application. We will keep records of your application and personal data, whether successful or unsuccessful, in paper and electronic forms. Details of the data we process include, but are not limited to:

  • Name and contact details e.g. address, telephone number and e-mail
  • Education and employment history
  • References and their contact details

If your application is unsuccessful, a copy of your application and supporting data will be retained for 6 months. If your application is successful, a copy of your application, supporting data and interview notes will be included in your HR file. At the time of job offer, we will also collect further data from you and hold it on your HR file, for example:

  • Forms of Identification
  • Proof of eligibility to work in the UK
  • Disclosure and Barring Service Checks
  • Credit and Fraud Checks
  • Occupational Health Assessments
  • Driving licence, vehicle registration and insurance documents
  • Equal Opportunities data
  • Emergency contacts
  • Bank details
  • National Insurance / Social Security Numbers
  • Pension details

At the start of your employment/service, you may be assigned user accounts that are required for your role; logs of your account details and some activities within systems will be held by St Ann’s relating to your:

  • E-mail account
  • Telephone numbers
  • Application software accounts
  • Hardware assigned
  • Activities that you have performed within our systems (e.g. name, time and date of log in, log out, if you create, amend or delete any records etc.)

During the term of your employment/service, information will be added to your HR records relating to your attendance, occupational health, professional development, performance management and conduct (including findings from investigation/grievance/disciplinary events should they occur).

Why do we process your data?

Your data is used for administration, management and organisational purposes, for example:

  • To keep a record of your application process, including screening and interviews to assess your suitability for the role and right to work in the UK;
  • To be able to contact you throughout your application and term of employment/service;
  • To send your contract and other necessary correspondence;
  • To provide you with access to systems that are needed for your role;
  • To be able to contact someone in the case of an emergency;
  • To arrange workplace rotas;
  • To pay you and provide you with benefits (if applicable);
  • To record your development, training, qualifications and professional registrations;
  • To review your performance against organisational objectives;
  • To provide any necessary support that you may need in order to perform your role;
  • To perform budgeting and other general workforce management activities;
  • To protect our Hospice, patients, staff and visitors from crime and mis-conduct; and
  • To conduct surveys and market research.

We also need to process your data to ensure that we are complying with the law, for example:

  • For proof of eligibility to work in the UK;
  • To ensure the safety and security of our patients, staff/volunteers and the organisation, as we are working with vulnerable individuals;
  • For financial audit purposes in line with the Companies Act 2006;
  • For taxation purposes;
  • For insurance purposes; and
  • For compliance with the Equality Act 2010.

We may also share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If there is a need to protect and safeguard vulnerable children and adults;
  • If there is a public health need such as preventing the spread of infectious diseases; or
  • If we receive a formal order from a court acting in their judiciary capacity.

How do we process your data lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal data must be done fairly, lawfully and transparently. St Ann’s will only process data relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to provide you with an employment contract.
  • For the assessment of your working capacity and occupational health.
  • Consent – to process your personal data when you apply to/and volunteer for St Ann’s Hospice or when you complete our equal opportunities forms to help us monitor compliance with the Equality Act 2010, also to consent to take part in research. You have the right to withdraw consent at any time and we will stop processing your data in an identifiable format.
  • Legal Obligation –
    o To ensure all staff are eligible to work in the UK in line with the Home Office Code of Practice on Preventing Illegal Working 2019
    o To ensure compliance with the Safeguarding Vulnerable Groups Act 2006
    o To ensure compliance with the Income Tax Act 2007
    o To ensure compliance with the Companies Act 2006
    o To ensure compliance with the Equality Act 2010
    o To manage your personal records in line with the NHSX – Records Management Code of Practice and the Data Protection Act 2018 and UK General Data Protection Regulation.
    o Legitimate Interest – to ask if you’d like to take part in market research.

Which other organisations do we work with?

We engage with other organisations for the provision of the below services. As part of the service, the other organisations process your personal data on our behalf:

  • IT, Communications and Data Management
  • Disclosure and Barring Service
  • Occupational Health
  • Interpreters
  • Payroll and Payment Services
  • Life Insurance Services
  • Pension Providers
  • Training Providers
  • Insurance Services
  • External Auditors
  • Employment Services (to support with disciplinary, grievance or other employment related disputes)
  • Lone Worker Services
  • Benefits Service Providers (e.g. Cycle to work scheme)
  • Market Research Services.

All third-party contracts are assessed to ensure compliance with the UK General Data Protection Regulation, and we always try to work with accredited organisations.

STUDENTS, PLACEMENTS AND COURSE ATTENDEES

What data do we collect about you?

When you apply to attend a course or placement at St Ann’s, we can collect your data from a number of sources. This will depend on how you have submitted your interest in the courses or placements that we offer. The source of your data can be you, your organisation, school or referees that you have supplied for your application. We may also collect your data from external sources on a direct marketing business to business basis for education and training purposes to promote our workshops. We will keep records of your application and personal data in either paper or electronic forms. Details of the data we process include, but are not limited to:

  • Name and contact details e.g. address, telephone number and e-mail
  • Contact details for people within your education services or employment
  • Employment and Education History
  • References and their contact details
  • Disclosure and Barring Service Checks
  • Medical questionnaire
  • Emergency contacts

Why do we process your data?

Your data is used for administration, management and organisational purposes, for example:

  • To keep a record of your attendance and provide you with certificates and course evaluation material;
  • To be able to contact you throughout the course or placement;
  • To be able to contact someone in the case of an emergency;
  • To record your development, training, qualifications and professional registrations; and
  • To provide any necessary support that you may need in order to access and complete the course or placement.

We also need to process your data to ensure that we are complying with our legal obligations as an organisation, for example:

  • To ensure the safety and security of our patients, staff/volunteers and the organisation, as we are working with vulnerable individuals.

We may also share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If there is a need to protect and safeguard vulnerable children and adults;
  • If there is a public health need such as preventing the spread of infectious diseases; or
  • If we receive a formal order from a court acting in their judiciary capacity.

How do we process your data lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal data must be done fairly, lawfully and transparently. St Ann’s will only process data relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to provide you with a placement or course.
  • For the assessment of your working capacity and occupational health.
  • Legal Obligation – to ensure compliance with the Safeguarding Vulnerable Groups Act 2006,

Which other organisations do we work with?

We engage with other organisations for the provision of the below services. As part of the service, the other organisations process your personal data on our behalf:

  • IT, Communications and Data Management Services
  • External Training Providers
  • Event Booking Service Providers
  • Market Research Services

All third-party contracts are assessed to ensure compliance with the UK General Data Protection Regulation, and we always try to work with accredited organisations.

ENQUIRERS, DONORS AND SUPPORTERS

What data do we collect about you?

We collect your personal data when you ask about our activities, take part in our events, make donations and sign up to our newsletters and updates. We also use third party organisations to collect data about prospective and existing supporters from publicly available sources of data (for example, the internet, Companies House and rich lists), which we then add to our records. We keep records of your personal data in paper and electronic forms. Details of the data we process include, but are not limited to:

  • Name, address, telephone number, email address, age and gender
  • Dietary Requirements (if applicable)
  • Payment data and donation history
  • Records of consent and correspondence between you and St Ann’s
  • Records of activities attended, fundraising behaviours and wealth identifiers
  • Photographs, quotes, or video footage when you have taken part in our events
  • Whether you are a patient of St Ann’s if you to choose to share this when donating, and if you have any links to other supporters.

Please note: St Ann’s will collect children’s data with the consent of a parent or guardian and will only correspond with the parent or guardian. The data of children will not be shared and we do not correspond with children under the age of 18.

Why do we process your data?

The data that you provide is used to our fundraising activities:

  • To manage the fundraising event or campaign;
  • To keep a record of who has signed up to our events;
  • To provide relevant data and resources to participants;
  • To provide a safe environment for our events to take place; and
  • To process income from the events.

We may also process your data for purposes that are not linked to specific fundraising events:

To track your activities to build a profile of interests and fundraising behaviours – this helps us to send specific updates and asks to you. Sometimes this may also involve enhancing our records using publicly available sources of data to:

  • Identify our most popular events;
  • Understand our revenue generation streams;
  • Forecast for future campaigns;
  • Identify and build profiles on supporters who may be able to make or support a transformational donation to the hospice.

The research allows us to make a personal and relevant approach to selected supporters, saving the charity time and money and reducing the risk of intrusive or irrelevant communications.

St Ann’s Hospice relies almost entirely on donations from the general public, and we strive to fundraise in the most efficient way we can. To aid this, we will occasionally use third party organisations to carry out research on a specially selected group of supporters who may be able to make or influence a large donation to the hospice.

This is a process widely known as Wealth Screening. Data will be gathered from publicly available sources, like Companies House and published rich lists, about employment, past philanthropic giving and visible assets, and added to the data we already hold. We only use reputable organisations to undertake this research who have demonstrated compliance with data protection law and are registered with the ICO. We will not use data we believe has not been lawfully, fairly or ethically obtained, and we do not use data sources which have not been made public. This data will then be used to make a personal and considered approach to certain individuals related to their interests, their past support of the hospice and their inferred ability and willingness to make or influence a transformational gift to the hospice.

This is undertaken under St Ann’s Hospice’s legitimate interest, and supporters can opt out of this processing by contacting supporter@sah.org.uk or calling 0161 498 3631.

  • To keep current and potential supporters informed about our fundraising activities by sending direct marketing by post, telephone call, text or email;
  • Where you have provided consent, we may use photographs, videos and quotes of/from you to publicise the Hospice and our activities;
  • To claim gift aid on donations from the HMRC with your consent;
  • To provide a transparent audit trail for income received in line with the Fundraising Regulations for the receipt of income;
  • To keep donation data to benchmark our performance against other charities;
  • To conduct surveys and market research; and
  • To keep our records accurate and up to date.

We may share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If there is a need to protect and safeguard vulnerable children and adults; or
  • If we receive a formal order from a court acting in their judiciary capacity.

How do we process your data lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal data must be done fairly, lawfully and transparently. St Ann’s will only process data relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to process your data in order to perform our contract with you, for example when you sign up to our fundraising events or donate.
  • Legitimate interest – to process your data to support the fundraising activities of the organisation, for example:

When we generate profiles to help us target specific groups of supporters;

When we perform research using publicly available sources of data and record the results on our database;

When we send direct marketing to you via post or telephone;

When we share your details with St Ann’s Hospice Trading Company;

To ask if you’d like to take part in market research.

You have the right to object to this type of processing and we will stop immediately.

  • Consent – to send you direct marketing via electronic means (email and text) in line with the Privacy and Electronic Communications Regulations.

You have the right to withdraw consent from this type of processing at and we will stop immediately.

  • Legal obligation – to comply with the law, for example when we keep a record of donations and Gift Aid for the purpose of financial audit in line with The Companies Act 2006 and HMRC requirements.

Which other organisations do we work with?

We engage with other organisations for the provision of the below services. As part of the service, the other organisations process your personal data on our behalf:

  • IT, Communications and Data Management
  • Event Sign-up/Management Services
  • Payment Service Providers
  • Mailing and Marketing Services
  • Social Media Services
  • Market Research Services
  • Data Cleansing Services
  • Supporter Research and Analytics Services

All third-party contracts are assessed to ensure compliance with the UK General Data Protection Regulation, and we always try to work with accredited organisations.

St Ann’s Hospice Trading Company is a subsidiary of St Ann’s Hospice. If you are a supporter, we will share your personal data with the Trading Company. This helps us to maintain an accurate history of our supporter’s activities and also share news, updates and marketing regarding both Hospice and Trading Company activities.
Please note: Some of the organisations that we work with will process your data outside of the UK. More data can be found in the ‘TRANSFERING YOUR DATA OUTSIDE OF THE UK’ section of this privacy notice.

LOTTERY MEMBERS AND TRADING COMPANY CUSTOMERS

What data do we collect about you?

We collect your personal data when join our lottery, take part in our raffles and buy items from our shops or online platforms. We also use third party marketing service providers to help us to recruit new lottery supporters using their contact lists. We will keep records of your personal data in paper and electronic forms.

Details of the data we process include, but are not limited to:

  • Name, address, telephone number, email address, date of birth
  • Payment data
  • Gift aid and tax status
  • Records of consent and correspondence between you and St Ann’s

Why do we process your data?

Your personal data is used to provide you with the following goods and services:

  • To recruit new lottery players through door to door or telesales canvasing;
  • To enter you into our Lottery draw;
  • To enter you into one of our Raffles;
  • To sell and deliver items from our online sales and charity shops;
  • To collect items that you have kindly donated; and
  • To process payments for your lottery membership, raffle entries and purchases.

We may also process your data for purposes that are not linked to specific good and services:

  • To provide a transparent audit trail for the income received;
  • To claim gift aid on income received from the HMRC, with your consent;
  • To ensure compliance with the Gambling Commission Regulations;
  • To keep a log of customer preferences to help us understand specific interests and trends in monies raised;
  • To keep current and potential supporters informed about new goods and services by direct marketing; and
  • To conduct surveys and market research.
    We may also share your data with other organisations when we are required to do so by law, for example:
  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If there is a need to protect and safeguard vulnerable children and adults; or
  • If we receive a formal order from a court acting in their judiciary capacity.

How do we process your data lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal data must be done fairly, lawfully and transparently. St Ann’s will only process data relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to process your data in order to perform our contract with you, for example when you sign up to our lottery, take part in our raffle or buy goods/services from us.
  • Legal obligation – to comply with the law, for example when we keep a record of donations and Gift Aid for the purpose of financial audit in line with the Companies Act 2006.
  • Consent – to apply for Gift Aid against your donations or send you electronic direct marketing. You are able to withdraw consent at any time and we will stop immediately.
  • Legitimate interest – to recruit new lottery members through telesales campaigns, to send you direct marketing by post of telephone, or to ask if you’d like to take part in market research. You are able to object to this at any time and we will stop immediately.

Which other organisations do we work with?

We engage with other organisations for the provision of the below services. As part of the service, the other organisations process your personal data on our behalf:

  • IT, Communications and Data Management Services
  • Lottery Recruitment Services (door to door and telesales companies)
  • Online Trading/Gambling Services
  • Payment Service Providers
  • Delivery Services
  • Market Research Companies

All third-party contracts are assessed to ensure compliance with the UK General Data Protection Regulation, and we always try to work with accredited organisations.

St Ann’s Hospice Trading Company is a subsidiary of St Ann’s Hospice. If you are a lottery member, raffle player or customer, we will share your personal data with the main Hospice. This helps us to maintain an accurate history of our supporter’s activities and also share news, updates and marketing regarding both Hospice and Trading Company activities.

WHEN YOU COME TO ST ANN’S PREMISES

What data do we collect about you?

When you come to any of the St Ann’s sites as a member of staff, volunteer, trustee, contractor, client, student/trainee or guest/visitor you will be required to complete a signing in book to register your attendance. Personal data that we will collect will include:

  • Name
  • Car registration
  • CCTV video recordings*
    *We operate CCTV systems in areas that are used by staff (for example in our pharmacy areas) and areas that are used by members of the public, there are notices displayed to inform you of the recording.

Why do we process your data?

The data that you provide is used for ensuring the safety and security of our patients, staff, volunteers, visitors and property, and to facilitate the detection and prevention of crime and misconduct.

How do we process your data lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal data must be done fairly, lawfully and transparently. St Ann’s will only process data relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Legitimate interest – To help us ensure the safety of our patients, staff, volunteers, visitors and property, and to facilitate the detection and prevention of crime or misconduct.

Which other organisations do we work with?

We may share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If we receive a formal order from a court acting in their judiciary capacity; or
  • If there is a need to protect and safeguard vulnerable children and adults.

You have the right to see CCTV images of yourself and be provided with a copy subject to certain criteria. We will not release images of other people to you, or you to others, without their/your consent.

VISITORS TO OUR WEBSITE OR SOCIAL MEDIA SITES

What data do we collect about you?

In order for us to provide a high-quality website and social media service, St Ann’s needs to collect and process personal data about you, for example:

  • Cookies – the name of the domain from which you access the Internet, the date and time you access our site, and the Internet address of the website from which you linked to our site.
  • Your name and contact details, and other persons involved in queries/correspondence that you raise with us
  • Your name and contact details, and other persons involved in complaints that you raise with us.

Why do we process your data?

We will use your data to provide a relevant and efficient web and social media service:

  • Cookies measure the number of visits to the different sections of our site, and to help us make our site more useful to visitors. More information can be found in our Cookie Policy and guidance for managing cookies through your browser can be found at the following website: https://www.aboutcookies.org/
  • To present you with relevant advertising
  • To correspond with you relating to your query or complaint, which has been submitted through our website forms.

How do we process your data lawfully?

In the Data Protection Act 2018 and the General Data Protection Regulation, processing of your personal data must be done fairly, lawfully and transparently. St Ann’s will only process data relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Consent – To process cookie data for Analytics and Advertising/Marketing purposes. More information for managing cookies through your browser can be found at the following website: https://www.aboutcookies.org
  • Legitimate interest –
  • To process your data to ensure our website functions properly and to help us improve our website and social media sites; and
  • To respond to your queries or complaints.

Which other organisations do we work with?

In order for St Ann’s to operate our website, we need to engage with other organisations for the provision of:

  • Website Service Providers (Designers, Application Providers and Website Hosting)
  • Social Media Providers
  • Website and Social Media Analytics Services

Please note: From time to time our website may also include links to other websites. These links are provided for your convenience to provide further data. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s). We encourage you to read the privacy statements on the other website(s) you visit.

TRANSFERING DATA OUTSIDE OF THE UK

Some of our service providers transfer your personal data to countries outside of the United Kingdom, mainly to countries within the European Economic Area and United States of America, although this could be worldwide. If we, or any of our service providers transfer your personal data to a recipient based in a jurisdiction outside of the United Kingdom, which is not subject to a UK Adequacy Decision, we will endeavour to implement one of the following safeguards:

  • International Data Transfer Risk Assessment and UK International Data Transfer Agreement, or equivalent
  • Binding Corporate Rules
  • US:UK Data Privacy Framework

If you would like to see evidence of the safeguards, please contact our Data Protection Officer, using the contact details at the top of the Privacy policy

HOW LONG WILL ST ANN’S RETAIN YOUR DATA?

At St Ann’s we will only retain your data for as long as we need it. We have three records management policies in place that are read alongside each other:
o Health and Social Care Records are retained in line with the NHSX – Records Management Code of Practice 2021: https://transform.england.nhs.uk/media/documents/NHSX_Records_Management_CoP_V7.pdf

Staff Records are retained in line with our internal Hospice policy:

  • Standard retention period is 6 years from the end of the contract or agreement.
  • Fundraising Records are retained in line with our internal Hospice policy:
  • We will archive records after 3 years of inactivity, as it is felt that direct marketing to individuals after this period is no longer appropriate.
  • The standard retention period is 10 years from the last point of contact, although this may be longer where the individual is a legacy supporter.

When we no longer need to retain your personal data, we will securely delete/destroy it following local procedures. This may include cross-cut shredding, permanently wiping data from our systems or sending it to a confidential waste/asset management company that is accredited to BS-EN-15713.

YOUR RIGHTS

Under the Data Protection Act 2018 and the UK GDPR, you have the following rights relating to your personal data:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

* Please note: not all rights apply to the personal data that we process about you. An example of this could be when you would like to have your records erased, but they have been collected in order to meet a legal obligation, or if you request access to records that would cause serious physical or mental harm to you or others.

CONTACTING ST ANN’S TO EXERCISE YOUR RIGHTS, OR FOR FURTHER DATA:

If you would like to exercise any of your rights or you would like further data relating to data protection, please contact:
Data Protection Officer
St Ann’s Hospice,
Meadowsweet Lane (off Peel Lane),
Little Hulton,
Worsley,
M28 0FE.
Telephone: 0161 702 8181
Email: dataprotectionofficer@sah.org.uk
Website: https://www.sah.org.uk

COMPLAINTS

If you have contacted St Ann’s with concerns but are not happy with the response, you are able to lodge a complaint by calling or writing to the Chief Executive. The Chief Executive will then deal with your concerns as a formal complaint.

Chief Executive St Ann’s Hospice, St Ann’s Road North Heald Green Cheadle SK8 3SZ Telephone: 0161 498 3634 or 0161 498 3635
Website: www.sah.org.uk/about-us/complaints-procedure/

THE INFORMATION COMMISSIONER’S OFFICE

The supervisory authority for data protection in the United Kingdom is the Information Commissioner’s Office (ICO). If you would like further information relating to data protection or would like to lodge a complaint, you have the right to contact the ICO at the following address:
The Information Commissioner’s Office, Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk
Website: www.ico.org.uk