Privacy policy

Scope

This Fair Processing Notice (“Notice”) describes how St Ann’s Hospice collects and uses your information.

Aims

This notice tells you what personal information St Ann’s Hospice collects about you, why we need it, how we use it and what protections are in place to keep it secure.

Key Terms

‘Personal information’ means information about you, and from which you could be identified, including information which may be protected under the privacy or data protection laws of the United Kingdom.

It is St Ann’s Hospice policy to:

  • Process your personal information fairly and in accordance with applicable laws;
  • Tell you about how we will use your personal information;
  • Only collect personal information from you when we need it for legitimate purposes, or legal reasons;
  • Ensure that your personal information is adequate, relevant and not excessive for the purpose for which we collect it;
  • Not keep your personal information for longer than we need to;
  • Keep your personal information secure, and limit the people who can access it;
  • Ensure that you know how to access your personal information and exercise your rights in relation to it, including being able to keep it accurate and up-to-date; and
  • Ensure that any third parties we share your personal information with take appropriate steps to protect it.

What personal information does St Ann’s Hospice collect from and about you?

(Please select as required). 

 Why do we need to collect and use your personal information?

(Please select as required).

Visitors to our websites

When someone visits www.sah.org.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site, to monitor and report on the effectiveness of the site and help us improve it. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

This website uses cookies to monitor browsing preferences. If you do allow cookies to be used, we collect and store only the following information about you: the name of the domain from which you access the Internet, the date and time you access our site, and the Internet address of the website from which you linked to our site. We use the information we collect to measure the number of visitors to the different sections of our site, and to help us make our site more useful to visitors.

Search engine

Our website search queries and results are logged anonymously via Google Analytics to help us improve our website and search functionality. No user-specific data is collected.

Security and performance

St Ann’s Hospice use a third party company Reason Digital to host and help maintain the security and performance of the website.

Reason Digital host the site using their hosting partner WP Engine who provide:

  • Daily back-ups of the site
  • Evercache technology: proprietary caching technology for massive scalability and speed
  • Firewall protection: multiple powerful firewalls between our data and threats

If you would like to read the Privacy Notice of WP Engine please click the link:

WP Engine – Privacy Notice

WordPress

We use a third party service, WordPress.com, to publish our website. Forms on our website collect data which is held in the back-end of the website for up to three months. We do not use this data in any other way than what the form is intended for. We do not hold any payment details.

Links to other websites

From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s). We encourage you to read the privacy statements on the other website(s) you visit.

E-newsletter

We use a third party provider, Blackbaud NetCommunity, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.

People who contact us via social media

If you send us a private or direct message via social media the message will be stored for three months. It will not be shared with any other organisations.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with NHS digital’s Records Management Code of Practice for Health and Social Care 2016. This means that information relating to a complaint will be retained for ten years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Use of data processors

Data processors are third parties who provide services to St Ann’s Hospice. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Sage Pay

St Ann’s Hospice Trading Company uses Sage Pay payment gateway services to process card payments for entries into the St Ann’s Local Lottery. When supporters utilise this payment option via the St Ann’s Hospice Lottery website the information submitted is accessible by St Ann’s Hospice Trading Company and treated in accordance with all supporter information as specified earlier in this policy. To view Sage Pay’s Privacy Policy please visit the link below:

https://www.sagepay.co.uk/policies/privacy-policy

Secure Collections

St Ann’s Hospice Trading Company uses Secure Collections direct debit services to collect and validate payment details for entries into the St Ann’s Local Lottery. When supporters sign up to a lottery membership with direct debit payments via the St Ann’s Hospice Lottery website, the information submitted is forwarded to St Ann’s Hospice Trading Company and treated in accordance with all supporter information as specified earlier in this policy. To view Secure Collections Privacy Policy please visit the link below:

https://www.securecollections.com/downloads

eBay & PayPal

St Ann’s Hospice Trading Company is a registered eBay seller. When customers purchase goods from our eBay shop the information submitted via eBay, and to PayPal as our payment processor, is accessible by St Ann’s Hospice Trading Company and treated in accordance with all supporter information as specified earlier in this policy. To view eBay and PayPal’s Privacy Policies please visit the links below:

https://pages.ebay.co.uk/help/policies/privacy-policy.html

https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Amazon

St Ann’s Hospice Trading Company sells items on Amazon. When customers purchase goods via this method, the information submitted is accessible by St Ann’s Hospice Trading Company and treated in accordance with all supporter information as specified earlier in this policy. To view Amazon’s Privacy Policy please visit the link below:

https://services.amazon.co.uk/standards/privacy-notice.html

Everyday Hero

When supporters use Everyday Hero to assist with their fundraising, the information submitted is forwarded to St Ann’s Hospice. It is treated in accordance with all supporter information as specified earlier in this policy.  To view Everyday Hero’s Privacy Policy please visit the link below:

https://everydayhero.com/uk/terms/privacy

Just Giving

When supporters use Just Giving to assist with their fundraising the information submitted is forwarded to St Ann’s Hospice and treated in accordance with all supporter information as specified earlier in this policy.  To view Just Giving’s Privacy Policy please visit the link below:

https://www.justgiving.com/info/privacy

Virgin Money Giving

When supporters use Virgin Money Giving to assist with their fundraising the information submitted is forwarded to St Ann’s Hospice and treated in accordance with all supporter information as specified earlier in this policy.  To view Virgin Money Giving’s Privacy Policy please visit the link below:

https://uk.virginmoneygiving.com/giving/terms/privacy-policy.jsp

Much Loved

When supporters use Much Loved to assist with their fundraising the information submitted is forwarded to St Ann’s Hospice and treated in accordance with all supporter information as specified earlier in this policy.  To view Much Loved’s Privacy Policy please visit the link below:

https://www.muchloved.com/gateway/privacy-policy/

Wodehouse Direct Ltd

St Ann’s Hospice uses Wodehouse direct to distribute the Friends newsletter.  To fulfil this contract St Ann’s shares the name, address and donor number of Friends recipients with Wodehouse Direct Ltd.  This information is not used by Wodehouse Direct Ltd for any other purpose and is not passed to any third parties. To view Wodehouse Direct’s Privacy Policy please visit the link below:

https://whd.azurewebsites.net/DocumentControl/WodehousePrivacyPolicy_2018.pdf

121 Direct Mail

St Ann’s Hospice uses 121 Direct Mail to distribute the St Ann’s ‘Forget Me Not’ appeal.  To fulfil this contract St Ann’s shares the name, address and donor number of recipients with 121 Direct Mail.  This information is not used by 121 Direct Mail for any other purpose and is not passed to any third parties. To view 121 Direct Mail’s Privacy Policy please visit the link below:

http://www.121directmail.co.uk/index.php?page=privacy-policy

CMS Direct Mail

St Ann’s Hospice uses CMS Direct Mail to distribute the St Ann’s ‘Light Up A Life’ appeal.  To fulfil this contract St Ann’s shares the name, address and donor number of recipients with CMS Direct Mail.  This information is not used by CMS Direct Mail for any other purpose and is not passed to any third parties. To view CMS Direct Mail Privacy Policy please visit the link below:

https://www.cmsdirectmail.co.uk/wp-content/uploads/Fair-Processing-Policy.pdf

In addition to the long term contractors above St Ann’s Hospice may from time to time use other third party contractors to deliver fundraising services.  In each case a robust Data Protection contract will be in place and the contractor will be subject to the GDPR legislation.

CCTV

The hospice operates CCTV systems in some of our locations used by members of the public. The purpose of this CCTV is for the safety and security. In locations that have CCTV there are signs displayed notifying you that CCTV is in operation.

St Ann’s Hospice will not release CCTV images to any third parties unless required to do so by law.

You have the right to see CCTV images of yourself and be provided with a copy subject to certain criteria.

How do we protect your personal information?

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal information. Only those staff with a genuine ‘Need to Know’ will have access to your personal information.

We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any personal information we hold on computer systems is not accessed by anyone it shouldn’t be.

When we use third party organisations to process information on our behalf we ask them to demonstrate their compliance with our security requirements, and any instructions we may give them and their compliance with relevant data protection legislation throughout the time that they are delivering a service to the hospice. These organisations take their instructions from us and their obligations with regard to what information they process and what they can do with it are agreed in the contracts we have with them.

How long do we retain your personal information?

In accordance with GDPR St Ann’s Hospice adheres to the priniciple that data ‘Shall not be kept for any longer than is necessary’. All information held by St Ann’s Hospice is retained in accordance with NHS Guidelines on ‘Records Management’ which can be found at the link.

Records Management Retention Policy

Your rights

Under the General Data Protection Regulation (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you.  This includes access to information held about you.

If you have any questions about the personal information that we hold about you please seek advice from a senior member of the management team.

You are also legally entitled to make a Subject Access Request further details of which can be found in St Ann’s Hospice ‘Policy for Subject Access Request’ which can be found at the link.

Policy for Subject Access Request

How to contact us

If you want to request any further information about our privacy policy you can e-mail or write to:

E-mail: enquiries@sah.org.uk

Postal:

St Ann’s Hospice,

St Ann’s Road North,

Heald Green,

Cheadle,

Cheshire,

SK8 3SZ

Tel: 0161 437 8136