Privacy Policy
Isabel Hospice is a charity providing specialist palliative care and supporting services. We are committed to protecting your personal information. This privacy policy explains what we do with your personal data when you use one of our services, work or volunteer for us, donate to us, buy items in our shops or visit us either in person or on the website. This privacy policy also explains the ways you can control how your data is used.
The Privacy Policy in brief
It’s important that you read the full Privacy Notice to understand what information we hold, how we may use it, and what your rights are. Personal information is any information that can be used to identify you. Organisations are permitted to process data if they have a legal basis to do so.
- A brief summary of the policy includes that: We collect information that is either personal data (such as names, addresses, telephone numbers) or non-personal data (such as your Internet Protocol (IP) address, web pages accessed etc.)
- To ensure that we can provide the most effective care we may collect information which includes your medical history, medication, allergies.
- We also collect information about our supporters, donors, fundraisers, volunteers and employees.
- We collect information to provide services or goods, to provide information, to fundraise, for administration, research, profiling, analysis, and for the prevention/detection of crime.
- We only collect the information that we need, or that would be useful to us in our aim to provide the best possible service.
- Your information is collected, stored and protected in accordance with the Data Protection Act 1988 and UK General Data Protection Regulation. We never sell your data, and we will never share it with another company or charity for marketing purposes.
- We only share data where we are required by law, when it is needed by other health and care services to co-ordinate and deliver the care you need, or with carefully selected trusted suppliers who do work for us. All our suppliers are required by their contract to treat your data as carefully as we would, to only use it as instructed, and to allow us to check that they do this.
- Our websites use cookies – for more information check www.isabelhospice.org.uk/cookies
These are the basics but don’t forget to come back later and read the full privacy notice (below), so you have all the details you need.
Isabel Hospice Privacy Policy
Isabel Hospice promises to respect the personal information you provide to us. We wouldn’t want to use it in a way that you won’t expect, so our Privacy Notice explains how we protect your privacy and how you can control how we use your personal information.
If you have a question about how your personal information is used, please contact our Data Protection Officer, Karolyn Hallam:
Email: information.security@isabelhospice.org.uk
Phone: 01707 382500
Post: Isabel Hospice, 61 Bridge Road East, Welwyn Garden City, Herts, AL7 1JR
Who we are
In this privacy policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to
- The charity Isabel Hospice– Registered Charity number 1046826
- The company Isabel Hospice Trading Limited– Company number 02417607
Isabel Hospice Trading Limited sells a range of goods through our shop network and online. Isabel Hospice Trading enters into corporate partnership arrangements; all of its profits are passed to Isabel Hospice Charity.
As a charity, we want to provide the best care for all of our Hospice users. To do this we need to generate income and awareness, to ensure that care can continue to be provided free of charge to everyone in our community.
Patients and Service users
What data we collect and why
If you are a patient referred to us or are under the care of any of our services, including the Inpatient Unit, Community, Living Well or Family Support Services, we will collect contact information, including your personal details (name, address etc), and contact details of your next of kin and doctor. This is so we can contact the relevant people about your care and appointments, and in case of emergency. It is in our legitimate interest to be able to administer your appointments and care in an appropriate and efficient way.
We will also collect information about your medical and care history. This is to ensure you receive the best and most appropriate care, which is in both your and our legitimate interests. In matters of life or death, this information can be processed to protect your vital interests.
The majority of this information is provided by the referrer, such as your doctor or another health professional. We always check this information with you to make sure it is accurate.
The information is stored on our computerised medical records system called SystmOne. Only those who need to use your information to deliver effective and high-quality care are allowed access to it. This will include clinicians such as nurses, doctors and therapists, but also non-clinicians such as administrators, auditors and data analysts.
If there is a complaint about the care you have received whilst in our care, we may use the records to confirm the care provided.
Who we share your data with
There is a legal duty on organisations to share your information for your individual care where it is lawful to do so unless you object.
We are part of My Care Record, an approach to improving care by joining up health and care information. Health and care professionals from other services will be able to securely view information from the records we hold about you when it is needed for your care. Please see www.mycarerecord.org.uk for more information.
An example of how information is shared for your individual care is multidisciplinary teams (MDTs). An MDT is a group of health and care staff who are members of different organisations and professions (e.g. GPs, social workers, nurses), that work together to make decisions regarding the treatment of individual patients and service users. MDTs are used in both health and care settings.
Your care may at times be provided by several health and care professionals from one or more organisations through an MDT in which they will come together to discuss how best to care for you. Information will need to be shared between them so that they have the information they need to provide you with the best care.
All organisations involved in your care have a duty to ensure your information is used and shared safely.
If you are unsure what information is being shared about you, or someone you are responsible for, you can ask health and care organisations to explain this.
We may also share your details with partners such as the Care Quality Commission (CQC) or local social care services for safeguarding purposes. In these circumstances it is a legal obligation for us to do so. The CQC’s Privacy Statement can be found here.
If you are a patient or next of kin and are already on our supporter database, we will update your record to ensure you do not receive inappropriate communications at a sensitive time. It is important to us that if our supporters are also our patients and/or their next of kin, we recognise this connection and we communicate with you in an appropriate way, or if you contact us directly, we know your relationship with the Hospice.
Those who have not previously engaged in supporting the Hospice will not be contacted for marketing purposes. If you are bereaved, as part of our support for you, we will let you know about ways to remember your loved ones, such as our Lights of Love events.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
How long we keep your data for
Personal data shall not be kept for longer than is necessary and we will:
- review the length of time we keep personal data;
- consider the purpose or purposes we hold information for in deciding whether (and for how long) to retain it;
- securely delete information that is no longer needed for this purpose or these purposes; and
- update, archive or securely delete information if it goes out of date.
Access to your information and corrections to it
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please contact the Isabel Hospice Data Protection Lead in writing at Isabel Hospice, 61 Bridge Road East, Welwyn Garden City, Hertfordshire, AL7 1JR or by email to informationsecurity@isabelhospice.org.uk.
We want to make sure that your personal information is accurate and up to date. You may ask us at any time to correct or remove information that you think is inaccurate.
National Data Opt-Out
Most of the time, anonymised data is used for audit, research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit http://www.nhs.uk/your-nhs-data-matters or call 0300 303 5678.
Donors, Supporters and Customers
We need your details so that we can contact you to:
- Manage the events that you might be taking part in
- Keep you informed of news and developments and to help you to feel connected to our cause
- Promote all the different events, campaigns and activities that we have going on
- Thank supporters and showcase the difference your donations make to the organisation and to local people
- Create standing order or direct debit payments
- Process donations
- Showcase our care services and raise awareness of the many ways we can help those living with a terminal illness
- Claim gift aid (against both monetary donations and donations made to our trading company for sale in our shops or eBay)
- Dispel myths about hospice care, encouraging more people to access our care – especially hard to reach groups
- For collection or delivery of items to donated to or purchased from our shops
- Ensure we are contacting you with relevant information
- Drive traffic to our website to find out more
- Ensure that your details are accurate and up-to-date.
We appreciate you have provided us your personal information and will respect the trust that this represents. There will be times when we will need to use and share your personal data. The law says that we must use one of the following reasons to do so:
Contract – your personal information is processed in order to fulfil a contractual or potential contractual arrangement e.g. handling the administration of a monthly direct debit
Consent – where you agree to us using your information e.g. to receive certain digital information from us.
Legitimate interest – where we use your data in a way that we believe you would expect us to because of our relationship with you e.g. to monitor and improve our services or keep you informed of upcoming fundraising events. In each case where we use your data based on our legitimate interest, we carefully balance your rights and expectations to ensure that processing is fair to you.
Legal obligation – where there is a statutory or other legal requirement to process and share the information e.g. gift aid returns.
What personal information do we hold about you?
We only ask you to supply the information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
- Your name
- Your contact details
- But we may request other information where it’s appropriate and relevant, for example:
- Your bank details
- Your reasons for supporting the Isabel Hospice, i.e. if you or a family has been in our care
- Your profession
- How you would like us to contact you
- Age or date of birth, where relevant to your participation in an event or activity
- Accessibility or medical information where relevant to your participation in an event or activity
- Details of any accident or incident you may have been involved in while on our premises or while taking part in one of our events or activities
Information about our supporters is held securely on our database Raisers Edge. We take great care in storing this information, but if you would prefer us not to, then please let us know.
Cookies
We collect anonymised information about your visits to our websites using cookies. The information is invaluable to us to improve our website and ensure you are shown relevant content. More information about how we use cookies and how you can prevent this can be found in our Cookie Policy.
Building profiles of supporters and targeting our communications
While we mainly hold and use the information you provide directly to us, we may use other sources of information about you, including data derived from the electoral roll or affluence information, where they are from publicly available sources, or where you have given your permission for your data to be shared. We use profiling and screening techniques to ensure communications are relevant and timely, to target our resources effectively, and to provide an improved experience for our supporters.
As a fundraising organisation, we undertake in-house research and from time to time engage specialist agencies such as Prospecting for Gold to gather information about supporters from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives.
We may also carry out wealth screening to fast track the research using our trusted third party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. This may include people connected to our current major supporters, trustees or other lead volunteers. We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations.
This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you. These activities allow us to understand the background of people who support us and help us to make appropriate requests.
When building a supporter profile, we may analyse geographic, demographic and other information relating to you to better understand your interests and preferences in order to contact you with the most relevant communications.
If you do not want us to carry out this type of profiling, then please let us know.
How we use your personal information for marketing and fundraising
We only use your personal information for marketing where you have given us permission to do so, or you have provided permission to other organisations to allow us to market to you, for example, via Facebook or JustGiving.
Like all organisations we rely on marketing to help support the work we do and by using the information you provide to us we are able to contact you with specific marketing messages that we feel will be appropriate to you. Depending on the permission you have given us or another organisation this may be by post, email, telephone, SMS or social media.
We understand that our supporter’s circumstances change and you can easily withdraw the permissions you have given us, at any time either by using our contact details in this policy or by using the methods we tell you about in our communications e.g. using the ‘unsubscribe’ link on our emails.
Sharing your story or photographs
Stories of people who have used or are using our services help us to raise awareness of Isabel Hospice services. If you choose to support us by getting involved in publicity work, including photographic, video or written content, we will obtain consent from you. Once we have held your photograph and/or case study for two years, we will not use them in new publications or documents without renewing your consent. Photographs taken at our fundraising events will be used for up to five years.
You can withdraw your consent at any time by emailing marketing@isabelhospice.org.uk
Isabel Hospice Community Groups
We have a number of community groups, who are committees of volunteers who fundraise for the Hospice within their local community. They may do this by running events, raffles and having stalls at local fetes and fairs. Although they operate independently, they work in partnership with the Hospice, receive our training and comply with all the data protection laws as well as our own policies. Any data they capture for fundraising purposes is securely shared with us at the Hospice – where it falls under the same protection as all other supporter data.
Local Hospice Lottery
We run our lottery in partnership with Local Hospice Lottery Ltd. Local Hospice Lottery Ltd is a private limited company with registered company number 03226004 and registered address Farleigh Hospice, North Court Road, Broomfield, Chelmsford, Essex, CM1 7FH.
If you play the Local Hospice Lottery, you will be given the choice to share your data with the Hospice you support. Your name, address and marketing preferences are shared with us securely on a monthly basis, and stored on our database. Your data will be treated in line with all other supporters as detailed in this policy. If you cease your contract with Local Hospice Lottery, your data will be shared once again so we can keep our database up to date.
Please visit the Local Hospice Lottery for their full privacy policy – https://www.localhospicelottery.org/hospices/isabel-hospice/
We do not share or sell your data to any other charity or company for marketing purposes. However, there are some situations where we use trusted suppliers to help us with administration of the services you have asked us to supply to you for example:
- Mailing houses to despatch our newsletters, appeals and raffles or invitations for our events and fundraising materials
- Agencies who handle your donations on our behalf or administer your online conference and event bookings
- Companies who deliver bespoke events for us (e.g. our bespoke overseas challenges) or who organise events in which we purchase charity places (e.g. the London Marathon)
- Companies who help us campaign on your behalf, for example to lobby your local MP
- Website hosting companies which we use to administer our website content
A database company who support us in keeping all our records in order
- As and when required we will share accident and incident information with the Health and Safety Executive, our insurers and our solicitors.
We also use trusted suppliers to help us with marketing:
- Email service providers to send our emails and manage your marketing permissions
- Mailing houses to send out marketing by post
- Telemarketing agencies to contact you by phone or SMS
- An organisation which helps us keep your information accurate and up to date.
Some of our suppliers may operate outside the European Economic Area (EEA). This requires us to ensure they provide an adequate level of protection in accordance with UK data protection law, for example the EU-US Privacy Shield Framework. By submitting your personal information to us you agree to this transfer, storing or processing at locations outside the EEA.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required by the police, the courts or for other legal reasons.
How we keep your personal information up to date
Isabel Hospice has a legal obligation under data protection legislation to keep the personal information it collects accurate and up to date. Among other things, it helps us ensure that we do not contact you with inappropriate information and marketing messages and also prevents us from wasting valuable funds on print and postage.
We keep your information accurate as follows:
- By giving you the opportunity at any time to contact us to correct or change your information.
- By screening your name and postal address information against Royal Mail’s National Change of Address File: where you have given your permission to Royal Mail, we can either update our records with your new address or note you have moved so we don’t send anything to your old address.
- By using information publicly available to us.
- If you contact our us may ask you to confirm certain details.
- When we receive undelivered mail or email.
Changing your preferences
You can opt out of your data being used for profiling. However, this may mean that you stop receiving relevant marketing communications from us or they become more generic and less relevant to you as they are no longer based on your interests in our cause. If you do wish to opt out please contact the supporter care team using the information in this policy.
You are welcome to contact us at any time to change your communications preferences. Any email or postal marketing we send will include information on how you can change your communication preferences or cease communication from the Hospice. If you request to receive no further information from us, we will also keep your personal data on our database so that we can always ensure that you do not receive any unwanted communication.
How we keep your personal information safe
We take our obligations to keep your personal data safe and secure very seriously.
Within Isabel Hospice, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members and our nominated volunteers are only allowed access to your personal data if they have been sufficiently trained in data handling. We have specific technical controls in place to restrict access and these are monitored regularly. Our website is also monitored and protected to prevent it from unauthorised access.
All personal data sent to our trusted suppliers is encrypted. In all cases we require these companies to comply strictly with our instructions and they are not allowed to use your information for their own business purposes. We also require these companies to have sufficient organisational and technical measures in place to ensure the security of your data.
How long we keep your personal information
We keep your personal information in line with our data retention policy.
- In certain circumstances we have a statutory obligation to keep your personal information for a set period of time (normally six-seven years) and this mainly concerns financial information regarding your donations or Gift Aid contributions.
- How you can find out about the information we hold about you
- You have the right to request a copy of the information that we hold about you.
If you would like a copy of some or all of your personal information, please email or write to us using the contact details in this policy – we do not apply a charge for providing you with this information.
If we do hold information about you we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be shared with
- Let you have a concise and clear copy of the information
We want to make sure that your personal information is accurate and up to date and we will be happy to correct or remove information you think is inaccurate.
Your individual rights
Under data protection regulations, you have rights over how your personal information is used by others.
Right to access: You have the right to access the personal information we hold about you. If you wish to see it, you can submit a request to our Data Protection Lead who will respond within one month. Depending on the nature of your request, we may need to seek further clarification from you or gain confirmation of your identity before the information can be provided.
Right to rectification: If the information we hold about you contains errors, you have the right for it to be corrected. We have measures in place to keep our information updated, but if you notice anything wrong with the information we are using, please let us know and we will update it as soon as we can.
Right to erasure: You have the right to request we erase the information we hold about you from our records if you think it is no longer required. Where possible, we will always comply with a request for erasure, however in many cases it will not be possible to erase all information about you, because there may be legal or contractual reasons why we need to keep certain details. If any of your details cannot be erased, we will tell you and explain the reasons.
Right to restriction: If you think your personal information is being used for things it shouldn’t be, you have the right to request we stop using it that way. As with erasure, there may be legal or contractual obligations why we need to continue using information in particular ways.
Right to portability: There may be times when you want a particular portion of the information we hold about you to be moved or made portable. You have a right to receive information you have provided to us in a structured, commonly used and machine-readable format. This right only applies when the information has been collected and used on the basis of consent or a contract.
Right to objection: You have the right to object to us collecting and using your information when it is being done on the basis of legitimate interests, or for direct marketing, or research or for the purposes of direct care. Any objections will be considered and complied with, unless there is a lawful exemption.
You can object to your record being shared between services. To do this, speak to the person delivering care to you at each organisation such as your GP, specialist or social worker.
- It is important to understand that not allowing access to your information may affect the quality of the care you receive.
- Only health and social care professionals involved in your care are allowed to access your information. These people are viewing your record to give you the best quality care they can.
- In many situations it is necessary to share information between services to deliver care. However, it may be possible to request that specific or sensitive information is not made available.
- There may also be some situations where information still needs to be made available. For example, if there is a serious concern about an individual’s safety
We will endeavour to inform you about your rights and uphold them at all times. If you believe we have infringed your rights, we encourage you to contact our Data Protection Lead who will work with you to resolve the matter in a way that satisfies both you and the law. If for any reason you are unable to resolve the matter with us, you can escalate your concerns to the Information Commissioner’s Office, who is the UK’s independent authority responsible for upholding information rights in the public interest.
What to do if you have a query
If you have a query regarding your data, please contact our Data Protection Officer, Karolyn Hallam by writing to:
Data Protection Officer, Isabel Hospice, 61 Bridge Road East, Welwyn Garden City, AL7 1JR.
or sending an email to informationsecurity@isabelhospice.org.uk.
If you are not satisfied with the way your query was handled, you can refer your complaint to UK Information Commissioner’s Office at https://ico.org.uk/concerns/.
Links to other websites
We link our website directly to other sites, including sites that provide information, services, resources and fundraising opportunities that are not directly associated with us. This privacy notice does not cover the links within our site linking to other websites and organisations. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy policy
This Privacy Notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the Isabel Hospice’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed using the contact details in this policy.
We keep our privacy notice under regular review. This privacy notice was last updated on: 26th January 2023.