Privacy Notice - Isabel Hospice

Privacy Notice

This Privacy Notice sets out how Isabel Hospice aims to repay the trust you have shown by sharing your personal data with the charity.

Privacy Policy

Isabel Hospice is a charity providing specialist palliative care and supporting services.  We are committed to protecting your personal information. This privacy policy explains what we do with your personal data when you use one of our services, work or volunteer for us, donate to us, buy items in our shops or visit us either in person or on the website. This privacy policy also explains the ways you can control how your data is used.

The Privacy Policy in brief

It’s important that you read the full Privacy Notice to understand what information we hold, how we may use it, and what your rights are. Personal information is any information that can be used to identify you. Organisations are permitted to process data if they have a legal basis to do so.

  • A brief summary of the policy includes that: We collect information that is either personal data (such as names, addresses, telephone numbers) or non-personal data (such as your Internet Protocol (IP) address, web pages accessed etc.)
  • To ensure that we can provide the most effective care we may collect information which includes your medical history, medication, allergies.
  • We also collect information about our supporters, donors, fundraisers, volunteers and employees.
  • We collect information to provide services or goods, to provide information, to fundraise, for administration, research, profiling, analysis, and for the prevention/detection of crime.
  • We only collect the information that we need, or that would be useful to us in our aim to provide the best possible service.
  •  Your information is collected, stored and protected in accordance with the Data Protection Act 1988 and UK General Data Protection Regulation. We never sell your data, and we will never share it with another company or charity for marketing purposes.
  • We only share data where we are required by law, when it is needed by other health and care services to co-ordinate and deliver the care you need, or with carefully selected trusted suppliers who do work for us. All our suppliers are required by their contract to treat your data as carefully as we would, to only use it as instructed, and to allow us to check that they do this.
  • Our websites use cookies – for more information check www.isabelhospice.org.uk/cookies

 

These are the basics but don’t forget to come back later and read the full privacy notice (below), so you have all the details you need.

Isabel Hospice Privacy Policy

Isabel Hospice promises to respect the personal information you provide to us. We wouldn’t want to use it in a way that you won’t expect, so our Privacy Notice explains how we protect your privacy and how you can control how we use your personal information.

Who we are

In this privacy policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to

  • The charity Isabel Hospice– Registered Charity number 1046826
  • The company Isabel Hospice Trading Limited– Company number 02417607

 

Isabel Hospice Trading Limited sells a range of goods through our shop network and online. Isabel Hospice Trading enters into corporate partnership arrangements; all of its profits are passed to Isabel Hospice Charity.

As a charity, we want to provide the best care for all of our Hospice users. To do this we need to generate income and awareness, to ensure that care can continue to be provided free of charge to everyone in our community.

Patients and Service users

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons:

  • you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care
  • you have sought funding for continuing health care or personal health budget support
  • you have applied for a job with us or work for us
  • you have signed up to our newsletter/patient participation group
  • you have made a complaint

 

We also receive personal information about you indirectly from others, in the following scenarios:

  • from other health and care organisations involved in your care so that we can provide you with care
  • from family members or carers to support your care

What information do we collect?

Personal information

We currently collect and use the following personal information:

  • personal identifiers and contacts (for example, name, contact details, NHS number)
  • photographic identity (photo ID) (for example, photographs of staff for ID badges or our website)

 

More sensitive information

We process the following more sensitive data (including special category data):

  • data concerning physical or mental health (for example, details about your appointments or diagnosis)
  • data revealing racial or ethnic origin
  • data concerning a person’s sex life
  • data concerning a person’s sexual orientation
  • biometric data (where used for identification purposes)
  • data revealing religious or philosophical beliefs
  • data relating to criminal or suspected criminal offence

 

Who do we share information with?

We are part of My Care Record, an approach to improving care by joining up health and care information. Health and care professionals from other services will be able to securely view information from the records we hold about you when it is needed for your care. Please see https://www.mycarerecord.org.uk/ for more information.

An example of how information is shared for your individual care is multidisciplinary teams (MDTs).  An MDT is a group of health and care staff who are members of different organisations and professions (e.g. GPs, social workers, nurses), that work together to make decisions regarding the treatment of individual patients and service users. MDTs are used in both health and care settings.

Your care may at times be provided by several health and care professionals from one or more organisations through an MDT in which they will come together to discuss how best to care for you. Information will need to be shared between them so that they have the information they need to provide you with the best care.

We may also share information with the following types of organisations:

  • third party data processors (such as IT systems suppliers)
  • planners of health and care services (such as Integrated Care Boards)

 

In some circumstances we are legally obliged to share information. This includes:

 

  • when required by NHS England to develop national IT and data services
  • when registering births and deaths
  • when reporting some infectious diseases
  • when a court orders us to do so
  • where a public inquiry requires the information

 

We will also share information if the public good outweighs your right to confidentiality. This could include:

  • where a serious crime has been committed
  • where there are serious risks to the public or staff
  • to protect children or vulnerable adults

 

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.

If you are a patient or next of kin and are already on our supporter database, we will update your record to ensure you do not receive inappropriate communications at a sensitive time. It is important to us that if our supporters are also our patients and/or their next of kin, we recognise this connection and we communicate with you in an appropriate way, or if you contact us directly, we know your relationship with the Hospice.

Those who have not previously engaged in supporting the Hospice will not be contacted for marketing purposes. If you are bereaved, as part of our support for you, we will let you know about ways to remember your loved ones, such as our Lights of Love events.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

(a) We have your consent – this must be freely given, specific, informed and unambiguous.

(b) We have a contractual obligation – between a person and a service, such as a service user and privately funded care home.

(c) We have a legal obligation – the law requires us to do this, for example where NHS England or the courts use their powers to require the data. See this list for the most likely laws that apply when using and sharing information in health and care.

(e) We need it to perform a public task – a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake particular activities by law. See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We have a legitimate interest – for example, a private care provider making attempts to resolve an outstanding debt for one of its service users.

More sensitive data

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

(b) We need it for employment, social security and social protection reasons (if authorised by law). See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We need for a legal claim or the courts require it.

(g) There is a substantial public interest (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(h) To provide and manage health or social care (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(i) To manage public health (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(j) For Archiving, research and statistics (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
  • we have a legal requirement to collect, share and use the data
  • for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service

 

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:

  • securely dispose of your information by shredding paper records, or wiping hard drives to legal standards of destruction.
  • archive your information

 

National Data Opt-Out

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

 

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit https://www.nhs.uk/your-nhs-data-matters/

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Donors, Supporters and Customers

We need your details so that we can contact you to:

  • Manage the events that you might be taking part in
  • Keep you informed of news and developments and to help you to feel connected to our cause
  • Promote all the different events, campaigns and activities that we have going on
  • Thank supporters and showcase the difference your donations make to the organisation and to local people
  • Create standing order or direct debit payments
  • Process donations
  • Showcase our care services and raise awareness of the many ways we can help those living with a terminal illness
  • Claim gift aid (against both monetary donations and donations made to our trading company for sale in our shops or eBay)
  • Dispel myths about hospice care, encouraging more people to access our care – especially hard to reach groups
  • For collection or delivery of items to donated to or purchased from our shops
  • Ensure we are contacting you with relevant information
  • Drive traffic to our website to find out more
  • Ensure that your details are accurate and up-to-date.

 

We appreciate you have provided us your personal information and will respect the trust that this represents. There will be times when we will need to use and share your personal data. The law says that we must use one of the following reasons to do so:

Contract – your personal information is processed in order to fulfil a contractual or potential contractual arrangement e.g. handling the administration of a monthly direct debit

Consent – where you agree to us using your information e.g. to receive certain digital information from us.

Legitimate interest – where we use your data in a way that we believe you would expect us to because of our relationship with you e.g. to monitor and improve our services or keep you informed of upcoming fundraising events. In each case where we use your data based on our legitimate interest, we carefully balance your rights and expectations to ensure that processing is fair to you.

Legal obligation – where there is a statutory or other legal requirement to process and share the information e.g. gift aid returns.

What personal information do we hold about you?

We only ask you to supply the information that we need in order to provide the service you have requested. We will normally ask you to provide us with:

  • Your name
  • Your contact details
  • But we may request other information where it’s appropriate and relevant, for example:
  • Your bank details
  • Your reasons for supporting the Isabel Hospice, i.e. if you or a family has been in our care
  • Your profession
  • How you would like us to contact you
  • Age or date of birth, where relevant to your participation in an event or activity
  • Accessibility or medical information where relevant to your participation in an event or activity
  • Details of any accident or incident you may have been involved in while on our premises or while taking part in one of our events or activities

Information about our supporters is held securely on our database Raisers Edge. We take great care in storing this information, but if you would prefer us not to, then please let us know.

Cookies

We collect anonymised information about your visits to our websites using cookies. The information is invaluable to us to improve our website and ensure you are shown relevant content. More information about how we use cookies and how you can prevent this can be found in our Cookie Policy.

Building profiles of supporters and targeting our communications

While we mainly hold and use the information you provide directly to us, we may use other sources of information about you, including data derived from the electoral roll or affluence information, where they are from publicly available sources, or where you have given your permission for your data to be shared. We use profiling and screening techniques to ensure communications are relevant and timely, to target our resources effectively, and to provide an improved experience for our supporters.

As a fundraising organisation, we undertake in-house research and from time to time engage specialist agencies such as Prospecting for Gold to gather information about supporters from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives.

We may also carry out wealth screening to fast track the research using our trusted third party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. This may include people connected to our current major supporters, trustees or other lead volunteers. We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations.

This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you. These activities allow us to understand the background of people who support us and help us to make appropriate requests.

When building a supporter profile, we may analyse geographic, demographic and other information relating to you to better understand your interests and preferences in order to contact you with the most relevant communications.

If you do not want us to carry out this type of profiling, then please let us know.

How we use your personal information for marketing and fundraising

We only use your personal information for marketing where you have given us permission to do so, or you have provided permission to other organisations to allow us to market to you, for example, via Facebook or JustGiving.

Like all organisations we rely on marketing to help support the work we do and by using the information you provide to us we are able to contact you with specific marketing messages that we feel will be appropriate to you. Depending on the permission you have given us or another organisation this may be by post, email, telephone, SMS or social media.

We understand that our supporter’s circumstances change and you can easily withdraw the permissions you have given us, at any time either by using our contact details in this policy or by using the methods we tell you about in our communications e.g. using the ‘unsubscribe’ link on our emails.

Sharing your story or photographs

Stories of people who have used or are using our services help us to raise awareness of Isabel Hospice services. If you choose to support us by getting involved in publicity work, including photographic, video or written content, we will obtain consent from you. Once we have held your photograph and/or case study for two years, we will not use them in new publications or documents without renewing your consent. Photographs taken at our fundraising events will be used for up to five years.

You can withdraw your consent at any time by emailing marketing@isabelhospice.org.uk

 

Isabel Hospice Community Groups

We have a number of community groups, who are committees of volunteers who fundraise for the Hospice within their local community. They may do this by running events, raffles and having stalls at local fetes and fairs. Although they operate independently, they work in partnership with the Hospice, receive our training and comply with all the data protection laws as well as our own policies. Any data they capture for fundraising purposes is securely shared with us at the Hospice – where it falls under the same protection as all other supporter data.

Local Hospice Lottery

We run our lottery in partnership with Local Hospice Lottery Ltd. Local Hospice Lottery Ltd is a private limited company with registered company number 03226004 and registered address Farleigh Hospice, North Court Road, Broomfield, Chelmsford, Essex, CM1 7FH.

If you play the Local Hospice Lottery, you will be given the choice to share your data with the Hospice you support. Your name, address and marketing preferences are shared with us securely on a monthly basis, and stored on our database. Your data will be treated in line with all other supporters as detailed in this policy. If you cease your contract with Local Hospice Lottery, your data will be shared once again so we can keep our database up to date.

Please visit the Local Hospice Lottery for their full privacy policy – https://www.localhospicelottery.org/hospices/isabel-hospice/

We do not share or sell your data to any other charity or company for marketing purposes. However, there are some situations where we use trusted suppliers to help us with administration of the services you have asked us to supply to you for example:

  • Mailing houses to despatch our newsletters, appeals and raffles or invitations for our events and fundraising materials
  • Agencies who handle your donations on our behalf or administer your online conference and event bookings
  • Companies who deliver bespoke events for us (e.g. our bespoke overseas challenges) or who organise events in which we purchase charity places (e.g. the London Marathon)
  • Companies who help us campaign on your behalf, for example to lobby your local MP
  • Website hosting companies which we use to administer our website content

 

A database company who support us in keeping all our records in order

  • As and when required we will share accident and incident information with the Health and Safety Executive, our insurers and our solicitors.

 

We also use trusted suppliers to help us with marketing:

  • Email service providers to send our emails and manage your marketing permissions
  • Mailing houses to send out marketing by post
  • Telemarketing agencies to contact you by phone or SMS
  • An organisation which helps us keep your information accurate and up to date

 

Some of our suppliers may operate outside the European Economic Area (EEA). This requires us to ensure they provide an adequate level of protection in accordance with UK data protection law, for example the EU-US Privacy Shield Framework. By submitting your personal information to us you agree to this transfer, storing or processing at locations outside the EEA.

Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required by the police, the courts or for other legal reasons.

How we keep your personal information up to date

Isabel Hospice has a legal obligation under data protection legislation to keep the personal information it collects accurate and up to date. Among other things, it helps us ensure that we do not contact you with inappropriate information and marketing messages and also prevents us from wasting valuable funds on print and postage.

We keep your information accurate as follows:

  • By giving you the opportunity at any time to contact us to correct or change your information.
  • By screening your name and postal address information against Royal Mail’s National Change of Address File: where you have given your permission to Royal Mail, we can either update our records with your new address or note you have moved so we don’t send anything to your old address.
  • By using information publicly available to us.
  • If you contact our us may ask you to confirm certain details.
  • When we receive undelivered mail or email.

 

Changing your preferences

You can opt out of your data being used for profiling. However, this may mean that you stop receiving relevant marketing communications from us or they become more generic and less relevant to you as they are no longer based on your interests in our cause. If you do wish to opt out please contact the supporter care team using the information in this policy.

You are welcome to contact us at any time to change your communications preferences. Any email or postal marketing we send will include information on how you can change your communication preferences or cease communication from the Hospice. If you request to receive no further information from us, we will also keep your personal data on our database so that we can always ensure that you do not receive any unwanted communication.

How we keep your personal information safe

We take our obligations to keep your personal data safe and secure very seriously.

Within Isabel Hospice, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members and our nominated volunteers are only allowed access to your personal data if they have been sufficiently trained in data handling. We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected to prevent it from unauthorised access.

All personal data sent to our trusted suppliers is encrypted. In all cases we require these companies to comply strictly with our instructions and they are not allowed to use your information for their own business purposes. We also require these companies to have sufficient organisational and technical measures in place to ensure the security of your data.

How long we keep your personal information

We keep your personal information in line with our data retention policy.

  • In certain circumstances we have a statutory obligation to keep your personal information for a set period of time (normally six-seven years) and this mainly concerns financial information regarding your donations or Gift Aid contributions.
  • How you can find out about the information we hold about you
  • You have the right to request a copy of the information that we hold about you.

 

If you would like a copy of some or all of your personal information, please email or write to us using the contact details in this policy – we do not apply a charge for providing you with this information.

If we do hold information about you we will:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it could be shared with
  • Let you have a concise and clear copy of the information

 

We want to make sure that your personal information is accurate and up to date and we will be happy to correct or remove information you think is inaccurate.

Your individual rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information (known as a subject access request).

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Links to other websites

We link our website directly to other sites, including sites that provide information, services, resources and fundraising opportunities that are not directly associated with us. This privacy notice does not cover the links within our site linking to other websites and organisations. We encourage you to read the privacy statements on the other websites you visit.

What to do if you have a query

If you have a query regarding your data, please contact our Data Protection Officer, Karolyn Hallam by writing to:

Data Protection Officer, Isabel Hospice, 99 Bridge Road East, Welwyn Garden City, AL7 1GD.

Or sending an email to informationsecurity@isabelhospice.org.uk.

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

Helpline number: 0303 123 1113

ICO website: https://ico.org.uk/

 

Date of last review

This privacy notice was last updated on February 2025 and will be due further review in February 2026.