Privacy Policy

St Ann’s is the largest charity funded hospice based in the North West of England and provides Palliative Care services to patients and families across Greater Manchester, including inpatient, outpatient and community services. To provide our services, it is necessary for us to process both personal and confidential information about our patients, staff, volunteers, donors, supporters, customers, visitors and partners.

Within the context of this policy, ‘we’, ‘us, ‘our’ refers to St Ann’s Hospice and our subsidiaries:

  • St Ann’s Hospice registered charity number: 947220
  • St Ann’s Hospice Trading Company Limited registered company number: 2538527

We are the Data Controller of the personal and confidential information that we process and have a robust framework in place meet the requirements of the Data Protection Act 2018, UK General Data Protection Regulation and the NHS Data Security and Protection Toolkit. We are registered with the Information Commissioner’s Office (ICO) and you can find all current registrations on the ICO’s register of fee-payers:

  • St Ann’s Hospice: Z5762319
  • St Ann’s Hospice Trading Company Limited: ZA100746
  • Trustee(s) of the St Ann’s Hospice Pension Scheme: Z7906037

This is our Privacy Notice, which provides information about how and why we process your personal and confidential information. We will also provide examples of the information, uses and organisations that we work with but please note, the lists are not exhaustive and may change from time to time. Click the relevant links below to find out more, alternatively, you can contact our Data Protection Officer using the following e-mail address: dataprotectionofficer@sah.org.uk

ST ANN’S RESPONSE TO THE COVID-19 PANDEMIC

What information do we collect?

As part of our response to the COVID-19 pandemic, we started to collect personal data through staff and volunteer risk assessments. Details of the information we process include, but are not limited to:

  • Your name and contact details e.g. address, phone number and e-mail address
  • Details of your health status and risk factors

Why do we process your information?

Your information is used to:

  • To assess risk to you and others relating to COVID-19
  • To support you in the workplace (if you are a member of staff or volunteer)
  • To help support infection prevention and control
  • To support the national effort to manage the COVID-19 pandemic

We may also use your information for other purposes:

  • To manage and audit our services
  • To provide important statistical information to commissioners and partners.
  • For research and planning purposes – to support the wider NHS in managing the pandemic.

Please note: St Ann’s will not use your sensitive/personal identifiable information unless it is absolutely essential. This means that when we are processing your information for non-direct care purposes, we will endeavour to either anonymise it which means that all personal identifiable information is removed with no possibility of tracing the information back to you in the future; or pseudonymise it which means that all personal identifiable data is replaced, and highly restricted access is applied to the pseudonymisation code.

We may share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If we receive a formal order from a court acting in their judiciary capacity
  • If there is a public health need such as preventing the spread of infectious diseases
  • If there is a safeguarding need (vulnerable adults or children)

How do we process your information lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of personal information must be done fairly, lawfully and transparently. St Ann’s will only process personal information as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon for the delivery of direct care:

  • Public Interest – to process and share personal information in response to the pandemic. This is underpinned by the Health Service (Control of Patient Information) Regulations 2002, which allows patient information to be shared in the event of a pandemic.
  • To process data in the field of Public Health/Occupational Health – to process your sensitive personal information (e.g. medical information,) in response to pandemic
  • Legal Obligation – to keep records of staff and volunteer vaccination or exemption status, in line with the Health and Social Care Act 2008 (Regulated Activities) Regulation 14, and to manage our records in line with data protection legislation and the NHSX – Records Management Code of Practice.

 

Which other organisations do we work with?

In order for St Ann’s to operate, we need to engage with other organisations for the provision of some services. All third party contracts are assessed to ensure compliance with the UK General Data Protection Regulation.  Examples of contracted services includes:

  • Occupational Health service – we will share staff and volunteer risk assessments, test results and vaccine details with Stepping Hill Occupational Health service to ensure our staff and volunteers are supported appropriately.
  • Continuous Improvement – we work with other healthcare providers e.g. the NHS to help with identifying areas for improvement and future investment.

PATIENTS & CLIENTS

What information do we collect?

We collect personal information from you and other health and social care providers, for example your GP, Hospital, Community teams and Local Authorities. When we are providing care and support, the personal information that we process includes the following:

  • Your NHS number;
  • Your full name and contact details e.g. address, phone number and e-mail address;
  • Your date of birth and age;
  • Your ethnicity;
  • Health and Social Care information, for example, your diagnosis, assessments, medications, care plans, applications and services attended;
  • Your holistic care and support needs including those of a spiritual, social and psychological nature, including assessments and services attended;
  • Information about your next of kin, close family, friends and carers;
  • Information about other professionals within your care and support team.

Why do we process your information?

St Ann’s Hospice uses your personal information for the following purposes:

  • To invite you to, and to assess suitability of our services for you and your support network;
  • To provide you and the people that care for you with our care and support services;
  • To communicate with you via post, telephone, email, text message or sometimes video call;
  • To manage and audit our services, including both local, regional and national audits.
  • To help us identify and drive quality improvements within the Hospice’s services;
  • To conduct Patient and Family surveys about our services;
  • To provide important statistical information to our commissioners and partners for funding and management purposes;
  • To investigate queries, complaints or legal claims;
  • To invite you to take part in market research;
  • For health and social care research and planning purposes. Your personal and confidential information will not be used for this purpose in an identifiable format if you have signed up to the National Data Opt-Out, unless the Confidentiality Advisory Group has issued a Section 251 Approval. For more information about the National Data Opt-Out, click the following link: https://digital.nhs.uk/services/national-data-opt-out

Health and social care data sharing:

St Ann’s Hospice shares your personal information with NHS organisations, non-NHS organisations and Local Authorities who are involved in providing health and social care to you. By sharing information in this way, we are able to work as multi-disciplinary teams to ensure that your health and social care needs are being met and you don’t need to repeat the same information to different providers.

We are also proud to be part of, and contribute to the Greater Manchester Care Record, which is a shared care record that can be accessed and used by a number of health and social care organisations across the region. More information about the Greater Manchester Care Record can be found here: https://healthinnovationmanchester.com/thegmcarerecord/

A copy of the Greater Manchester Care Record Privacy Notice can be found here: https://healthinnovationmanchester.com/the-gm-care-record-privacy/

We may also share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If we receive a formal order from a court acting in their judiciary capacity
  • If there is a public health need such as preventing the spread of infectious diseases
  • If there is a safeguarding need (vulnerable adults or children)

How do we process your information lawfully?

The Data Protection Act 2018 and the UK General Data Protection Regulation requires personal information to be processed fairly, lawfully and transparently. St Ann’s will only process your personal information as long as there is a lawful basis and it is necessary for us to do so. The following legal bases are commonly relied upon for processing patient’s and client’s personal information:

  • Public Interest, and for the Provision of Health and Social Care Services –to deliver and manage our care and support services, which are partially funded through our contract with the NHS. This also includes sharing your personal information with other health and social care providers, see the next section for more information.
  • Legal Obligation – to manage your personal records in line with Data Protection Legislation and the NHS Records Management Code of Practice.
  • Consent – when you join one to one or group video consultation sessions, or provide consent to be contacted via email or text message, also to consent to take part in research.
  • Legitimate Interest – to ask if you’d like to take part in market research.

Which other organisations do we work with?

In order for St Ann’s to operate, we need to engage with other organisations for the provision of some services. All third party contracts are assessed to ensure compliance with the UK General Data Protection Regulation.  Examples of contracted services includes:

  • Data Management – all patient health and social care records and related reporting/correspondence are managed through an electronic database called EMIS Web, which is used widely across the healthcare sector. This is the same system used by most GP practices in Greater Manchester.
  • Record Retention – Paper copies of medical records are archived securely both at the Hospice and off site. The off-site storage is managed by Restore.
  • Incident Reporting – all incidents are recorded in an electronic database called Sentinel, which is hosted by Vantage.
  • Video Consultations – we use software provided by AccuRX to hold one to one video consultations with our patients.
  • Group Video Classes – we use web-based applications to provide group video conferencing for example, FaceTime and Microsoft Teams. The third party organisations will process your personal information to provide the video conferencing services, and may collect your information for their own legitimate interests. More detail can be found in the service provider’s Privacy Notices.
  • Online Forms – we use Microsoft 365 Services to be able to provide you with electronic versions of our patient and client surveys.
  • Insurance Claims – we work with a company called DE Ford to manage insurance claims.
  • Audits – we work with other organisations who help us audit our systems to ensure that we are complying with our legal, regulatory and internal requirements. For example, the Care Quality Commission and Beevers & Struthers.
  • Continuous Improvement – we work with other healthcare providers e.g. the NHS to help with identifying areas for improvement and future investment.
  • Audio Recordings – we work with Reliance High-tech Ltd who provide our staff with a lone worker device for the health and safety of our staff.
  • Dictation – we use dictaphones and Lexacom, to record dictations.
  • IT Hardware disposal – we work with Concept Management Consulting Limited to collect, wipe and dispose of redundant IT equipment.
  • Market Research Companies.

STAFF, VOLUNTEERS, TRUSTEES AND CONTRACTORS

What information do we collect about you?

When you apply for a role (staff, volunteer, trustee, bank or contract) at St Ann’s, we can collect your information from a number of sources. This will depend on how you have submitted your interest in working with us.  The source of your information can be you, an online job/volunteering website that you have signed up to, your recruitment consultant or referees that you have supplied for your application. We will keep records of your application and personal information, whether successful or unsuccessful, in paper and electronic forms. Details of the information we process include, but are not limited to:

  • Name and contact details e.g. address, telephone number and e-mail
  • Education and employment history
  • References and their contact details

If your application is unsuccessful, a copy of your application and supporting information will be retained for 6 months.

If your application is successful, a copy of your application, supporting information and interview notes will be included in your HR file. At the time of job offer, we will also collect further information from you and hold it on your HR file, for example:

  • Forms of Identification
  • Proof of eligibility to work in the UK
  • Disclosure and Barring Service Checks
  • Credit and Fraud Checks
  • Occupational Health Assessments
  • Driving licence, vehicle registration and insurance documents
  • Equal Opportunities information
  • Emergency contacts
  • Bank details
  • National Insurance / Social Security Numbers
  • Pension details

At the start of your employment/service, you may be assigned user accounts that are required for your role; logs of your account details and some activities within systems will be held by St Ann’s relating to your:

  • E-mail account
  • Telephone numbers
  • Application software accounts
  • Hardware assigned

During the term of your employment/service, information will be added to your HR records relating to your attendance, occupational health, professional development, performance management and conduct (including findings from investigation/grievance/disciplinary events should they occur).

Why do we process your information?

Your information is used for administration, management and organisational purposes, for example:

  • To keep a record of your application process, including screening and interviews to assess your suitability for the role and right to work in the UK
  • To be able to contact you throughout your application and term of employment/service
  • To send your contract and other necessary correspondence
  • To provide you with access to systems that are needed for your role
  • To be able to contact someone in the case of an emergency
  • To arrange workplace rotas
  • To pay you and provide you with benefits (if applicable)
  • To record your development, training, qualifications and professional registrations
  • To review your performance against organisational objectives
  • To provide any necessary support that you may need in order to perform your role
  • To perform budgeting and other general workforce management activities
  • To conduct surveys and market research
  • To send you weekly updates and other communications about the Hospice.

We also need to process your information to ensure that we are complying with the law, for example:

  • For proof of eligibility to work in the UK
  • To ensure the safety and security of our patients, staff/volunteers and the organisation, as we are working with vulnerable individuals
  • For financial audit purposes in line with the Companies Act 2006
  • For taxation purposes
  • For insurance purposes
  • For compliance with the Equality Act 2010

We may also share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If there is a need to protect and safeguard vulnerable children and adults
  • If there is a public health need such as preventing the spread of infectious diseases
  • If we receive a formal order from a court acting in their judiciary capacity

How do we process your information lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal information must be done fairly, lawfully and transparently. St Ann’s will only process information relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to provide you with an employment contract.
  • For the assessment of your working capacity and occupational health.

Consent – to process your personal information when you apply to/and volunteer for St Ann’s Hospice, when you complete our equal opportunities forms to help us monitor compliance with the Equality Act 2010, to consent to take part in research, or to receive our weekly briefing. You have the right to withdraw consent at any time and we will stop processing your data in an identifiable format.

Legitimate Interest – to ask if you’d like to take part in market research.

  • Legal Obligation –
    • To ensure all staff are eligible to work in the UK in line with the Home Office Code of Practice on Preventing Illegal Working 2019
    • To ensure compliance with the Safeguarding Vulnerable Groups Act 2006
    • To ensure compliance with the Income Tax Act 2007
    • To ensure compliance with the Companies Act 2006
    • To ensure compliance with the Equality Act 2010
    • To manage your personal records in line with the NHSX – Records Management Code of Practice and the Data Protection Act 2018 and UK General Data Protection Regulation.

Which other organisations do we work with?

In order for St Ann’s to operate, we need to engage with other organisations for the provision of some services. All third party contracts are assessed to ensure compliance with the UK General Data Protection Regulation. Examples of contracted services includes:

  • HR Services – the cloud-based Access Select HR database is used to store personal information, manage annual leave and attendance.
  • Occupational Health Services – we work with Stepping Hill Hospital for Occupational Health services to ensure that our staff are happy, healthy and supported in the work place.
  • Interpreter services – we will work with independent interpreter services when required.
  • Payroll and other payments –Microsoft Business Central and Sage Payroll is used to process your monthly payments.
  • Life Insurance – Broadstone and Champain help us to find the best Life Insurance products on the market for our staff. They will also share your data with the insurance providers.
  • Pensions – we work with other organisations to enrol you in pension schemes for example, Scottish Widows, NHS pension and Broadstone.
  • Training – we work with a learning provider for mandatory training called Nimble. Staff also access NHS mandatory training through an online database called Moodle.
  • Staff Conduct Checks – we work with the Disclosure and Barring Service during the recruitment process for the assessment of applicants. The hospice renews the checks every 3 years for staff and volunteers.
  • Insurance Claims – we work with a company called PIB Insurance Brokers to manage insurance claims.
  • Audits – we work with other organisations who help us audit our systems to ensure that we are complying with our legal, regulatory and internal requirements. For example, Beevers & Struthers.
  • Financial Auditing – Deloitte perform annual financial audits, which include auditing Payroll accounts.
  • Employment Services – we sometimes work with ACAS to resolve disciplinary, grievance or other employment related disputes.
  • Incident Reporting – all incidents are recorded in an electronic database called Sentinel, which is hosted by Vantage.
  • Remote Working – we work with other organisations to provide you with the ability to work remotely, for example, Microsoft Office 365 (Outlook, SharePoint, OneDrive and Teams) and M247 (our internet provider who enables remote access via software called FortiClient).  When you work remotely from home, the third party organisations will process personal information to provide the services, and may collect your information for their own legitimate interests (for example, your IP address). More detail can be found in the service provider’s Privacy Notices.
  • Health and Safety – we work with Reliance High-tech Ltd to provide relevant staff members with a lone worker device.
  • Cycle to Work Scheme – we work with CycleScheme to provide staff with a cycle to work package.
  • Market Research Companies
  • Bulk Communications Services, for example Mail Chimp.

STUDENTS, PLACEMENTS AND COURSE ATTENDEES

What information do we collect about you?

When you apply to attend a course or placement at St Ann’s, we can collect your information from a number of sources. This will depend on how you have submitted your interest in the courses or placements that we offer.  The source of your information can be you, your organisation, school or referees that you have supplied for your application. We may also collect your information from external sources on a direct marketing business to business basis for education and training purposes to promote our workshops. We will keep records of your application and personal information in either paper or electronic forms. Details of the information we process include, but are not limited to:

  • Name and contact details e.g. address, telephone number and e-mail
  • Contact details for people within your education services or employment
  • Employment and Education information
  • References and their contact details
  • Disclosure and Barring Service Checks
  • Medical questionnaire
  • Emergency contacts

Why do we process your information?

Your information is used for administration, management and organisational purposes, for example:

  • To keep a record of your attendance and provide you with certificates and course evaluation material
  • To be able to contact you throughout the course or placement
  • To be able to contact someone in the case of an emergency
  • To record your development, training, qualifications and professional registrations
  • To provide any necessary support that you may need in order to access and complete the course or placement

We also need to process your information to ensure that we are complying with our legal obligations as an organisation, for example:

  • To ensure the safety and security of our patients, staff/volunteers and the organisation, as we are working with vulnerable individuals

We may also share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If there is a need to protect and safeguard vulnerable children and adults
  • If there is a public health need such as preventing the spread of infectious diseases
  • If we receive a formal order from a court acting in their judiciary capacity

How do we process your information lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal information must be done fairly, lawfully and transparently. St Ann’s will only process information relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to provide you with a placement or course.
  • For the assessment of your working capacity and occupational health.

 Legal Obligation – to ensure compliance with the Safeguarding Vulnerable Groups Act 2006

Which other organisations do we work with?

In order for St Ann’s to operate, we need to engage with other organisations for the provision of some of our training and development services. All third party contracts are assessed to ensure compliance with the General Data Protection Regulations. Examples of contracted services includes:

  • Online training modules – we work with a learning provider for training called Nimble. Staff also access NHS mandatory training through an online database called Moodle.
  • Online interactive training courses – we work with Zoom to provide you with some training courses remotely.
  • External training – we work with other organisations who provide training in areas that we are unable to deliver in house.
  • Incident Reporting – all incidents are recorded in an electronic database called Sentinel, which is hosted by Vantage.
  • Course bookings – we work with Eventbrite for you to book your place onto a course.
  • Market Research Companies.

ENQUIRERS, DONORS AND SUPPORTERS

What information do we collect about you?

We collect your personal information when you ask about our activities, take part in our events, make donations and sign up to our newsletters and updates. We also use third party organisations to collect information about prospective and existing supporters from publicly available sources of information (for example, the internet, Companies House and rich lists), which we then add to our records. We keep records of your personal information in paper and electronic forms. Details of the information we process include, but are not limited to:

  • Name, address, telephone number, email address, age and gender
  • Dietary Requirements (if applicable)
  • Payment information and donation history
  • Records of consent and correspondence between you and St Ann’s
  • Records of activities attended, fundraising behaviours and wealth identifiers
  • Photographs, quotes, or video footage when you have taken part in our events
  • Whether you are a patient of St Ann’s if you to choose to share this when making a donation, and if you have any links to other supporters.

Please note: St Ann’s will collect children’s data with the consent of a parent or guardian and will only correspond with the parent or guardian. The information of children will not be shared and we do not correspond with children under the age of 18.

Why do we process your information?

The information that you provide is used to our fundraising activities:

  • To manage the fundraising event or campaign
  • To keep a record of who has signed up to our events
  • To provide relevant information and resources to participants
  • To provide a safe environment for our events to take place
  • To process income from the events

We may also process your information for purposes that are not linked to specific fundraising activities:

  • To track your activities to build a profile of interests and fundraising behaviours – this helps us to send specific updates and asks to you
  • To research our supporters to identify those who may be able to give or influence transformational gifts for the hospice.

St Ann’s Hospice relies almost entirely on donations from the general public, and we strive to fundraise in the most efficient way we can. To aid this, we will occasionally use third party organisations to carry out research on a specially selected group of supporters who may be able to make or influence a large donation to the hospice. This is a process widely known as wealth screening. Information will be gathered from publicly available sources, like Companies House and published rich lists, about employment, past philanthropic giving and visible assets, and added to the data we already hold. We only use reputable organisations to undertake this research who have demonstrated compliance with data protection law and are registered with the ICO. We will not use information we believe has not been lawfully, fairly or ethically obtained, and we do not use information sources which have not been made public. This information will then be used to make a personal and considered approach to certain individuals related to their interests, their past support of the hospice and their inferred ability and willingness to make or influence a transformational gift to the hospice. This is undertaken under St Ann’s Hospice’s legitimate interest, and supporters can opt out of this processing by contacting supporter@sah.org.uk or calling 0161 498 3631.

  • To keep current and potential supporters informed about our fundraising activities by sending direct marketing
  • Where you have provided consent, we may use photographs, videos and quotes of/from you to publicise the Hospice and our activities
  • To claim gift aid on donations from the HMRC with your consent
  • To provide a transparent audit trail for income received in line with the Fundraising Regulations for the receipt of income
  • To keep supporter information relating to gift aid for audit purposes with your consent
  • To keep donation information to benchmark our performance against other charities.
  • To conduct surveys and market research.

We may also share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If there is a need to protect and safeguard vulnerable children and adults
  • If we receive a formal order from a court acting in their judiciary capacity

How do we process your information lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal information must be done fairly, lawfully and transparently. St Ann’s will only process information relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to process your information in order to perform our contract with you, for example when you sign up to our fundraising events or make a donation.
  • Legitimate interest – to process your data to support the fundraising activities of the organisation, for example:
    • When we perform research using publicly available sources of information and record the results on our database
    • When we generate profiles to help us target specific groups of supporters
    • When we send direct marketing via post or telephone.
    • Share your details with the St Ann’s Hospice Trading Company for direct marketing purposes.
    • To ask if you’d like to take part in market research.

You have the right to object to this type of processing and we will stop immediately.

  • Consent – to send you direct marketing via electronic means in line with Privacy and Electronic Communications Regulation.

You have the right to withdraw consent from this type of processing at and we will stop immediately.

  • Legal obligation – to comply with the law, for example when we keep a record of donations and Gift Aid for the purpose of financial audit in line with The Companies Act 2006 and HMRC requirements.

Which other organisations do we work with?

In order for St Ann’s to operate, we need to engage with other organisations for the provision of some services. All third party contracts are assessed to ensure compliance with the UK General Data Protection Regulation. Examples of contracted services includes:

  • Event Sign-up – we work with organisations to advertise/market our fundraising activities and provide registration facilities.
  • Event Management – we work with organisations who help us to put on a variety of fundraising events; examples include Great Adventure Challenges, Great Run Company and Manchester Half Marathon.
  • Virtual Events – we work with organisations who help us provide online fundraising events like quizzes, for example Zoom.
  • Fundraising Data and Relationship Management – all donor/supporter data is hosted by Blackbaud who provide us with our database, online forms and some payment services.
  • Mailing and Marketing – we use mailing houses to distribute our event registration packs, Friends Newsletter and other communications, for example Wodehouse and 121 Direct Mail. We also use e-mail marketing systems for example, Blackbaud, Online Express and Mailchimp, Brandwin, and On Agency and printing companies who make materials for promotional and other purposes, for example Prontaprint, Minuteman, and PrintOn.
  • Running Appeals – we work with organisations who provide us with resources for collection tins and online dedications/donations, for example Facebook Donate, Thyngs, Visufund, Just Giving, Give Panel and Accord Legal Services.
  • Payment Processing – we work with organisations to process payments for donations for example, PayPal, Stripe, Liberty Pay, AIB Merchant Services, Sage Pay, Corvid Paygate, iZettle and Secure Collections
  • Market Research Companies.
  • Other Research – we work with organisations to analyse and enhance the personal information of our supporters using publicly available sources of information for example, Impact Fundraising and Factary. In some cases, the information may be entered into specialist software systems that will perform statistical analysis to help us:
    • Identify our most popular events
    • Understand our revenue generation streams
    • Forecast for future campaigns
    • Identify and build profiles on supporters who may be able to make or support a transformational donation to the hospice. The research allows us to make a personal and relevant approach to selected supporters, saving the charity time and money and reducing the risk of intrusive or irrelevant communications.

Please note: Some of the organisations that we work with will process your data outside of the UK. More information can be found in the ‘TRANSFERING YOUR INFORMATION OUTSIDE OF THE UK’ section of this privacy notice.

LOTTERY MEMBERS AND TRADING COMPANY CUSTOMERS

What information do we collect about you?

We collect your personal information when join our lottery and buy items from our shops or online platforms. We will keep records of your personal information in paper and electronic forms. Details of the information we process include, but are not limited to:

  • Name, address, telephone number, email address, date of birth
  • Payment information
  • Records of consent and correspondence between you and St Ann’s

Why do we process your information?

The information that you provide is used to provide you with goods and services:

  • To enter you into our Lottery draw
  • To sell and deliver items from our online sales and charity shops
  • To collect items that you have kindly donated
  • To process income from your lottery membership and purchases

We may also process your information for purposes that are not linked to good and services:

  • To provide a transparent audit trail for income received
  • To claim gift aid on income received from the HMRC with your consent
  • To ensure compliance with the Gambling Commission
  • To keep a log of customer preferences to help us understand specific interests and trends in monies raised
  • To keep current and potential supporters informed about new goods and services by direct marketing
  • To conduct surveys and market research.

We may also share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If there is a need to protect and safeguard vulnerable children and adults
  • If we receive a formal order from a court acting in their judiciary capacity

How do we process your information lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal information must be done fairly, lawfully and transparently. St Ann’s will only process information relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Contract – to process your information in order to perform our contract with you, for example when you sign up to our lottery or buy goods/services from us.
  • Legal obligation – to comply with the law, for example when we keep a record of donations and Gift Aid for the purpose of financial audit in line with The Companies Act 2006.
  • Consent – to apply for Gift Aid against your donations or send you electronic direct marketing. You are able to withdraw consent at any time and we will stop immediately.

 Legitimate interest – to send you direct marketing by post of telephone, or to ask if you’d like to take part in market research. You are able to object to this at any time and we will stop immediately.

Which other organisations do we work with?

In order for St Ann’s to operate, we need to engage with other organisations for the provision of some services. All third party contracts are assessed to ensure compliance with the UK General Data Protection Regulation. Examples of contracted services includes:

  • Lottery Sign-up – we work with organisations to advertise/market our goods and services, and provide registration facilities, for example LPS, SEC and Integrated Promotions.
  • Data Management – Lottery memberships and the draw are managed through an electronic database called Combase, which used by a number of charitable organisations.
  • Online Trading – we work with eBay, Amazon, Vinted, Depop, Discogs, Facebook Shop and Instagram Shopping to sell goods for income generation.
  • Delivery of goods – we work with Evri to deliver goods to you.
  • Trading in our shops – we use a till system called Chariot to process and record sales.
  • Payment Processing – we work with organisations to process payments for example, PayPal, Stripe, Liberty Pay, AIB Merchant Services, Sage Pay, Corvid Paygate, Secure Collections and World Pay (a copy of their privacy notice can be found here: Worldpay-Privacy-Notice-English.pdf (fisglobal.com)).
  • Market Research Companies.

WHEN YOU COME TO ST ANN’S PREMISES

What information do we collect about you?

When you come to any of the St Ann’s sites as a member of staff, volunteer, trustee, contractor, client, student/trainee or guest/visitor you will be required to complete a signing in book to register your attendance. Personal information that we will collect will include:

  • Name
  • Car registration
  • CCTV video recordings*

*We operate CCTV systems in areas that are used by staff (for example in our pharmacy areas) and areas that are used by members of the public, there are notices displayed to inform the subjects of the recording.

Why do we process your information?

The information that you provide is used for ensuring the safety and security of our patients, staff, volunteers, visitors and property, and to facilitate the detection and prevention of crime.

How do we process your information lawfully?

In the Data Protection Act 2018 and the UK General Data Protection Regulation, processing of your personal information must be done fairly, lawfully and transparently. St Ann’s will only process information relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Legitimate interest –
    • To help us ensure the safety of our patients, staff, volunteers, visitors and property, and to facilitate the detection and prevention of crime.

Which other organisations do we work with?

We may share your information with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998
  • If we receive a formal order from a court acting in their judiciary capacity
  • If there is a need to protect and safeguard vulnerable children and adults

You have the right to see CCTV images of yourself and be provided with a copy subject to certain criteria. We will not release images of other people to you. If you are involved in an incident whilst on our premises, we will record details of the incident in an electronic database called Sentinel, which is hosted by Vantage.

VISITORS TO OUR WEBSITE OR SOCIAL MEDIA SITES

What information do we collect about you?

In order for us to provide a high quality website and social media service, St Ann’s needs to collect and process personal information about you, for example:

  • Cookies – the name of the domain from which you access the Internet, the date and time you access our site, and the Internet address of the website from which you linked to our site
  • Your name and contact details, and other persons involved in queries/correspondence that you raise with us
  • Your name and contact details, and other persons involved in complaints that you raise with us

Why do we process your information?

We will use your information to provide a relevant and efficient web and social media service:

  • Cookies measure the number of visits to the different sections of our site, and to help us make our site more useful to visitors. Guidance for managing cookies through your browser can be found at the following website: https://www.aboutcookies.org/
  • To correspond with you relating to your query or complaint

How do we process your information lawfully?

In the Data Protection Act 2018 and the General Data Protection Regulations, processing of your personal information must be done fairly, lawfully and transparently. St Ann’s will only process information relating to you as long as there is a lawful basis in line with the legislation and it is necessary for us to do so. The following legal bases are commonly relied upon:

  • Legitimate interest –
    • To process your data to ensure our website functions properly and to help us improve our website and social media sites
    • To respond to your queries or complaints

Which other organisations do we work with?

In order for St Ann’s to operate our website, we need to engage with other organisations for the provision of:

  • Website Publishing – we use an organisation called WordPress to publish the content of our website.
  • Website and Social Media Monitoring – we work with Google Analytics, Twitter and Facebook Analytics, and Buffer to collect standard user and internet log information and details of visitor behaviour patterns. You cannot be identified from this information.
  • Website Maintenance – we work with Reason Digital to maintain the website; this includes:
    • Daily back-ups of the site
    • Ever-cache technology: proprietary caching technology for massive scalability and speed
    • Firewall protection: multiple powerful firewalls between our data and threats

Please note: From time to time our website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s). We encourage you to read the privacy statements on the other website(s) you visit.

TRANSFERING YOUR INFORMATION OUTSIDE OF THE UK

St Ann’s Hospice stores some personal data on the Microsoft Office 365 platform, which is hosted in the European Economic Area. St Ann’s Hospice also uses other third party organisations to help with some of our fundraising and marketing services. Some of the providers will transfer your personal data to countries outside of the UK, mainly to the EU and USA, but this could be worldwide. Examples of this include:

  • When you sign up to an event through Online Express
  • When you pay St Ann’s Hospice through the online Stripe or Merchant Service platforms
  • When you attend a Zoom video conference call
  • When we send direct marketing or other Hospice communications via email through Mail Chimp or Blackbaud Services

If your information is to be processed outside of the UK, it will only be processed once we have confirmation that the recipient is subject to equivalent data protection legislation, and that your information will remain secure.  Additionally, there will always be a Data Processing Contract (including Standard Contract Clauses for restricted transfers) in place, which will specify what the data is to be used for. If you would like to see evidence of the agreements, please forward an email to dataprotectionofficer@sah.org.uk.

HOW LONG WILL ST ANN’S RETAIN YOUR INFORMATION?

At St Ann’s we will only retain your information for as long as we need it. We have three records management policies in place that are read alongside each other:

  • Records Management Policy based on the NHSX – Records Management Code of Practice.
  • Fundraising Data Policy (standard retention period is 10 years from the last point of contact)
  • Policy for the Management of Employee Records (standard retention period is 6 years from the end of your employment contract)

YOUR RIGHTS

Under the Data Protection Act 2018 and the UK GDPR, you have the following rights relating to your personal information:

  • Right to Access (Subject Access Request / Access to Health Records)
  • Right to Rectification
  • Right to Erasure (Right to be forgotten)
  • Right to Object
  • Right to Restrict Processing
  • Right to Data Portability
  • Right not to be subject to automated decision making including profiling

* Please note: not all rights apply to the personal data that we process about you. An example of this could be when you would like to have your records erased, but they have been collected in order to meet a legal obligation, or if you request access to records that would cause serious physical or mental harm to you or others.

CONTACTING ST ANN’S TO EXERCISE YOUR RIGHTS, OR FOR FURTHER INFORMATION:

If you would like to exercise any of your rights or you would like further information relating to data protection, please contact:

Data Protection Officer
St Ann’s Hospice
St Ann’s Road North
Heald Green
Stockport
SK8 3SZ

Telephone: 0161 702 5414

Email: dataprotectionofficer@sah.org.uk

Website: https://www.sah.org.uk

COMPLAINTS

If you have contacted St Ann’s with concerns but are not happy with the response, you are able to lodge a complaint by calling or writing to the Chief Executive. The Chief Executive will then deal with your concerns as a formal complaint.

Chief Executive
St Ann’s Hospice
St Ann’s Road North
Heald Green
Cheadle
SK8 3SZ

Telephone: 0161 498 3634 or 0161 498 3635

Website: https://www.sah.org.uk/about-us/complaints-procedure/

THE INFORMATION COMMISSIONER’S OFFICE

The supervisory authority for data protection in the United Kingdom is the Information Commissioner’s Office (ICO). If you would like to see our registration with the ICO, enter the following registration codes into the website:

  • Z5762319 for our Hospice processing activities
  • ZA100746 for our Trading Company processing activities

If you would like further information relating to data protection or would like to lodge a complaint, you have the right to contact the ICO at the following address:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

Email: casework@ico.org.uk

Website: www.ico.org.uk