About us
Shop with us
Referral forms
View basket
Search
Search
Contact us
Helping you

Helping you

Helping us

Helping us

News and Stories
Healthcare Professionals
View basket
Search
Search
Contact us
Search

Privacy policy

POLICY DERIVED BY H.R. & I.T SUB GROUP 

This policy should be read in conjunction with the Employee Handbook which can be accessed through the HR and IT Group or in the HR&IT Policy folder on the Hospice network.

1.    Introduction

Springhill Hospice is committed to protecting the privacy of everyone who uses our services: as patients and carers or as employees and volunteers; and that of anyone who supports our work through fundraising, retail or lottery activities. Please read this policy carefully, along with our terms and conditions and any other documents referred to in this policy, to understand how we collect, use and store your personal information.

Springhill Hospice is registered as a charity in England and Wales (registered charity number 701798) and we are also registered as a company limited by guarantee (company number 2325905). Our registered office address is: Broad Lane, Rochdale, OL16 4PZ. This policy covers Springhill Hospice and its subsidiary companies; Springhill Hospice (Services) Ltd and Springhill Hospice (Lottery) Ltd.

2.    Purpose of this policy

This Privacy Policy explains what personal data we may collect about you, how we use it, and the steps we take to ensure that it is kept secure. This includes, when you use this website (www.springhill.org.uk), or when you get in touch with us, for example by telephone, email or face to face interactions. We also explain your privacy rights and how the law protects you, including how we comply with the General Data Protection Regulation (GDPR) and all other related privacy laws and codes of practice issued by the Fundraising Regulator or the Information Commissioner.

Additional information may be provided on specific pages of this website, where this occurs you should also refer to those.

It is important that you ready this Privacy Policy together with any statements or fair processing notices we may provide on specific occasions when we collect or process personal data so that you are fully aware of how and why we are using your data. This Privacy Policy supplements any additional notices and is not intended to override them. 

By using our website (www.springhill.org.uk) and/or giving personal data to us you indicate that you consent to using your personal data in accordance with this Privacy Policy. 

Springhill Hospice takes data protection very seriously. We are required to adhere to the requirements of the Data Protection Act 1998, the General Data Protection Regulations 2018 (GDPR), Public Records Act 1958, Freedom of Information Act 2000, all other related privacy laws and any codes of practice issued by the Fundraising Regulator (FR) or the Information Commissioners Office (ICO). Our intention is to be compliant, user friendly and to ensure our supporters only receive the information they are interested in. Unless stated otherwise, Springhill Hospice is the data controller in respect of all data collected by us on this Website or otherwise. This means that we are responsible for full legal compliance. 

Springhill Hospice and our trading subsidiaries will never exchange or sell your information to another organisation for their own marketing purposes. We know that this is important to you, and want to reassure you that you’re always in control of how we use your personal information in regards to marketing and fundraising activities.

We do however need to collect and use your personal information for carefully considered and legitimate business purposes, which help ensure we can run Springhill efficiently, raise funds effectively and deliver our charitable services. This policy sets out how your personal data will be used, what data we collect, our legal basis for its use, along with outlining your rights in respect of personal data.

Springhill Hospice is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. If you are applying for work with us this notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR), Data Protection Act 2018 and tthe NHS Data Security Protection Toolkit. We are registered with the Data Commissioner’s Office (ICO).

3.    The personal data we collect and why

Personal data means any information about an individual from which that person can be identified. It does not include data which has been anonymised such that a person’s identity has been removed.

We collect personal data in a number of ways, and for a number of reasons. As a registered charity, our Hospice relies on the people living in its local community for support – both financially and in kind. By gathering information about our community we can fundraise more efficiently and get the right information to the right people based on what they want to see. Ultimately this means Springhill Hospice is able to continue to provide excellent care to those who are dying and to support their loved ones and carers. 

This Privacy Policy provides information about how and why we process your personal data. We will provide examples of the data, uses and organisations that we work with but please note, the lists are not exhaustive and may change from time to time. You can contact our Data Protection Officer with queries or concerns relating to the use of your personal data using the details at the bottom of this policy. 

4.    How we collect personal data

  • Information you give us. 

For example, when you enquire about or use our services, fundraising activities, register with us, make a donation to us, ask a question about our services or otherwise provide us with your personal information.

  • Information we get from your use of our website and services.

We collect information about the services you use and how you use them, like when you visit our website or social media pages.

  • Information from third parties.

We may also receive information about you from third parties. For example, this may be from other healthcare providers or from online fundraising sites such as Just Giving, or from our lottery partner (Local Hospice Lottery). This can include information such as your name, postal address, email address, phone number, your geographic location, credit/debit card details and whether you are a tax payer so that we can claim Gift Aid.  

  • Information about other people. 

If you provide personal data to us relating to any person other than yourself, you must ensure before you do so that they understand how their personal data will be used and that you are authorised to disclose it to us, and to consent to its use on their behalf.

Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website, social media pages, supporters at our events or service users.

5.    The type of personal data we collect

We always strive to provide a clear, honest and transparent approach regarding how and when we may collect and use your personal data. 

We will only use your personal data when the law allows us to, and in accordance with this Privacy Policy. We ensure that we comply with our obligations as a charity.  We may process your personal data for more than one lawful basis, depending on the specific purpose for which we are using your data.

The type and quantity of personal data we collect and how we use it depends on why you are providing it. Occasionally we may ask for your date of birth, for example, if there is an age restriction on an event or activity you have chosen to take part in.

Special categories of data: By the nature of what we do, we may need to process ‘special categories’ of data for clinical purposes. A special category of data would include details about your race or ethnicity, sex life, sexual orientation, and information about your health and genetic data.

Springhill Hospice is a local, independent charity and we are not part of the NHS, but we do work very closely with all NHS services across Heywood, Middleton and Rochdale. Clinical information is part of the NHS records system. This allows us to share information securely with your GP and other care professionals.

6.    Consent and lawful processing of personal data

When Springhill Hospice collects and uses your personal information, we will make sure this is only done fairly and lawfully in accordance with at least one of the legal grounds available to us under the Data Protection Act 2018 and the UK General Data Protection Regulation. We may use your information to understand your needs and interests and to provide you with the best service we can. We want to have the best relationship we can with you and for you to enjoy your interactions with the Hospice.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us. 

Where we refer to legitimate interest above we have carried out a legitimate interest assessment (LIA) which we keep under review and are confident that the individual’s interests do not override those legitimate interests. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to by law such as to keep records on certain activities such as financial donations and clinical records or for HMRC audit or other legal reasons

Where we have required and obtained your consent to process your personal data, you have the right to withdraw that consent at any time. If you do, it will not affect the lawfulness of any processing for which we had consent prior to your withdrawing it.

In accordance with NHS guidance, the Hospice has an appointed Caldicott Guardian; a senior member of staff responsible for protecting patient confidentiality and enabling appropriate sharing. The sharing of sensitive personal information is strictly controlled by law. We will consult you before information about you is shared to ensure we act with your consent. If you are unable to consent for any reason, we will only share information where it is in your best interests to do so.

If you are unable to consent to the processing of your personal data for any reason, for example if you are physically or legally incapable of giving your consent we will only share your information on the basis that it is necessary in order to protect your vital interests, and it is also necessary in our legitimate interests in providing our proper care to you.

We may also process special categories of data about you if we need to assess your health needs such as to administer medicine to you or for the purposes of medical diagnosis. We would process your data in this way on the basis that it is necessary for the purposes of preventative or occupational medicine, or for medical diagnosis, as well as it being in our legitimate interests in providing our proper care to you.

7.    The data we collect

The following table provides examples of the data we may collect, use, store and transfer. It also explains the purposes for which we use different categories of personal data, and the lawful basis or bases which we believe applies to those uses. Please note, the lists are provided as an example and are not exhaustive, they may change from time to time:

Patients, loved ones and carers

 If you or a loved one are cared for or supported by Springhill Hospice, the personal and/or sensitive personal information you provide to us will be used only for the purposes of providing you with services, or training or monitoring the quality of our services.  

 Springhill Hospice will not disclose your personal information to any third party without your consent, except to professional bodies, or otherwise as required by law, regulation or codes of practice. If you are receiving care as a patient we may need to disclose information to other healthcare professionals and organisations involved in your care, but will only do so with your consent.  If you are referred to one of our clinical services we will collect data from you and may also receive it from other healthcare providers.

We collect the following personal data from you, your loved ones and carers, and other health and social care providers, for example your GP, Hospital, Community teams and Local Authorities:

  • Individual Identifiers (your NHS Number)
  • Contact Details (Name, address, telephone numbers, email address)
  • Date of Birth and Age;
  • Contact Details of your Next of Kin, your loved ones, carers and other Care Providers (Name, address, telephone numbers, email address)

 We also collect the following personal data, which is more sensitive in nature:

  • Data concerning your physical or mental health (for example, details about your appointments or diagnosis)
  • Data revealing your racial or ethnic origin
  • Data concerning your sex life
  • Data concerning your sexual orientation
  • Genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
  • Data revealing religious or philosophical beliefs
  • Data relating to criminal or suspected criminal offences

We use your personal data for the following purposes:

  • To invite you to, and to assess suitability of our services for you and your loved ones/carers;
  • To provide you and the people that care for you with our care and support services;
  • To communicate with you via post, telephone, email, text message or sometimes, video call;
  • To manage and audit our services, including internal and external local, regional and national audits;
  • To help us identify and drive quality improvements within the Hospice’s services;
  • To conduct feedback surveys;
  • To investigate queries, incidents, complaints or legal claims;
  • To protect our Hospice, patients, staff and visitors from crime and mis-conduct;
  • To provide important statistical data to our commissioners and partners for funding and management purposes.

 

How we process your data lawfully

  • Public Interest, and for the Provision of Health and Social Care Services –to deliver and manage our care and support services, which are partially funded through our contract with the NHS.
  • Public Interest, and for Archiving, Research and Statistical Purposes – to perform research using health and social care data.
  • Consent – when you join one to one or group video consultation sessions, provide consent to be contacted via email or text message or consent to take part in research.
  • Legal Obligation – to manage your personal records in line with Data Protection Legislation and the NHS Records Management Code of Practice.

Students, placements and course attendees

When you apply to attend a course or placement at Springhill Hospice, we can collect your data from a number of sources. This will depend on how you have submitted your interest in the courses or placements that we offer

The source of your data can be you, your organisation, education provider or referees that you have supplied for your application. We may also collect your data from external sources on a direct marketing business to business basis for education and training purposes to promote our workshops. We will keep records of your application and personal data in either paper or electronic forms. Details of the data we process include, but are not limited to:

  • Name and contact details e.g. address, telephone number and e-mail
  • Contact details for people within your education services or employment
  • Employment and Education History
  • References and their contact details
  • Disclosure and Barring Service Checks
  • Medical questionnaire
  • Emergency contacts
  • Medical questionnaire
  • Emergency contacts 

We use your personal data for the following purposes:

Your data is used for administration, management and organisational purposes, for example:

  • To keep a record of your attendance and provide you with certificates and course evaluation material;
  • To be able to contact you throughout the course or placement;
  • To be able to contact someone in the case of an emergency;
  • To record your development, training, qualifications and professional registrations; and
  • To provide any necessary support that you may need in order to access and complete the course or placement.

We also need to process your data to ensure that we are complying with our legal obligations as an organisation, for example:

  • To ensure the safety and security of our patients, staff/volunteers and the organisation, as we are working with vulnerable individuals.

We may also share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If there is a need to protect and safeguard vulnerable children and adults;
  • If there is a public health need such as preventing the spread of infectious diseases; or
  • If we receive a formal order from a court acting in their judiciary capacity. 

How we process your data lawfully

  • Contract – to provide you with a placement or course.
  • For the assessment of your working capacity and occupational health.
  • Legal Obligation – to ensure compliance with the Safeguarding Vulnerable Groups Act 2006,

 

Donors, supporters and shoppers

We collect and keep records of your personal data when you ask about our activities, take part in our events/campaigns, make donations, shop with us and sign up to our newsletters and updates.

We keep records of your personal data in paper and electronic forms. Details of the data we process include, but are not limited to:

  • Name, address, telephone number, email address, age and gender
  • Gift Aid and tax status
  • Dietary requirements and date of birth (if applicable)
  • Payment data and donation history
  • Records of consent and correspondence between you and Springhill Hospice
  • Records of activities attended, fundraising behaviours and wealth identifiers
  • Photographs, quotes, or video footage when you have taken part in our events
  • Whether you would like to share your story about why you support Springhill if you to choose to share this when donating, and if you have any links to other supporters.

Please note: Springhill Hospice will collect children’s data with the consent of a parent or guardian and will only correspond with the parent or guardian. The data of children will not be shared and we do not correspond with children under the age of 18.

Where it is appropriate we may also ask you for:

  • Information relating to your health, for example if you are taking part in a high risk event such as a skydive
  • How you heard about the Hospice, specific event or activity
  • Why you have chosen to support Springhill Hospice. We understand that you may not wish to share this with us and we only want you to respond if you are comfortable sharing this information
  • Your bank or credit card details. Where these are used for a single transaction they are destroyed after use. If you use your credit or debit card to donate to us, or buy something online, we pass your card details securely to our payment-processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard and don’t store the details on our website or databases.

 

 

We use your personal data for the following purposes:

The data that you provide is used:

  • To process income and donations;
  • To claim Gift Aid on your donations or from the sale of your donated goods from HMRC, with your consent;
  • To provide a transparent audit trail for income received;
  • To ensure compliance with the Fundraising Regulator;
  • To enter you into a raffle;
  • To manage the fundraising event or campaign;
  • To keep a record of who has signed up to our events;
  • To provide relevant data and resources to participants;
  • To provide a safe environment for our events to take place; 
  • To sell and deliver items from our charity shops;
  • To collect items that you have kindly donated;
  • To keep current and potential supporters informed about our income generation activities by sending direct marketing by post, telephone call, text or email;
  • Where you have provided consent, we may use photographs, videos and quotes of/from you to publicise the Hospice and our activities;
  • To keep donation data to benchmark our performance against other charities;
  • To keep our records accurate and up to date.

We may share your data with other organisations when we are required to do so by law, for example:

  • If we are sent a request from the Police under the Crime and Disorder Act 1998;
  • If there is a need to protect and safeguard vulnerable children and adults; or
  • If we receive a formal order from a court acting in their judiciary capacity.

We may also process your data for purposes that are not linked to specific fundraising events:

  • To track your activities to build a profile of interests and fundraising/shopping behaviours – this helps us to send specific updates and asks to you. Sometimes this may also involve enhancing our records using publicly available sources of data to:
  • Identify our most popular fundraising activities;
  • Understand our income generation streams;
  • Forecast for future campaigns;
  • Identify and build profiles on supporters who may be able to make or support a transformational donation to the Hospice.

The research allows us to make a personal and relevant approach to selected supporters, saving the charity time and money and reducing the risk of intrusive or irrelevant communications.

How we process your data lawfully

  • Contract – to process your data in order to perform our contract with you, for example when you sign up to our fundraising events or donate.
  • Legitimate interest – to process your data to support the income generating activities of the organisation, for example:
  • When we generate profiles to help us target specific groups of supporters;
  • When we send direct marketing to you via post or telephone;
  • When we share your details with Springhill Hospice Services (Retail) Company;

 You have the right to object to this type of processing and we will stop immediately.

  • Consent – to send you direct marketing via electronic means (email and text) in line with the Privacy and Electronic Communications Regulations.

You have the right to withdraw consent from this type of processing at and we will stop immediately.

  • Legal obligation – to comply with the law, for example when we keep a record of donations and Gift Aid for the purpose of financial audit in line with The Companies Act 2006 and HMRC requirements.

 

If you visit a Springhill Hospice site

When you visit any of Springhill Hospice’s sites as a member of staff, volunteer, trustee, patient, contractor, client, student or guest/visitor you will be required to sign in to register your attendance. The personal data that we will collect will include:

  • Name
  • Car registration
  • CCTV video recordings*

 *We install and operate CCTV around our Hospice buildings and our shops. We may record CCTV images of people entering, approaching, passing or otherwise within the vicinity of any of our premises. These are areas that are used by staff or areas that are used by members of the public. There are notices displayed to inform you of the recording. 

We use your personal data for the following purposes:

The data that you provide is used for ensuring the safety and security of our premises, our patients, staff, volunteers, and visitors. It also allows us to facilitate the detection and prevention of crime and misconduct. 

How we process your data lawfully

  • Legitimate interest – to help us to ensure the safety and security of our premises, our patients, staff, volunteers, and visitors. It also allows us to facilitate the detection and prevention of crime and misconduct.

We may share your data with other organisations where we are required to do so by law, for example;

  • if we are sent a request from the Policy under the Crime and Disorder Act 1998
  • if we receive a formal order from a court acting in their judiciary capacity
  • If there is a need to protect and safeguard vulnerable children and adults

 We retain CCTV recordings for 14 days. We may retain the recording beyond 14 days if they are required for any legitimate internal or external investigations or as a result of a request for the images. Only a limited number of staff can access CCTV recordings and they are kept secure on our own network and servers. You have a right to make a Subject Access Request for any CCTV images of yourself that we still hold. Requests should be directed to the address below including sufficient information to identify you and assist us in finding your images on our systems. 

1- Disclosing your personal data

Springhill Hospice has never, and will never, sell your personal information However, in order to provide our products and services there may, occasionally, be legitimate situations where we appoint other organisations to carry out some of the processing activities on our behalf. This may include sharing data with trusted third parties, subcontractors, our regulators and with law enforcement authorities. Examples of this may include: 

  • IT management
  • Interpreters
  • Our insurance providers
  • Our external auditors
  • Lone worker services
  • Payroll and payment services
  • Pension providers
  • Training providers
  • Our external HR Advisor (relating to staff and volunteer data)
  • Benefits service provider (eg Cycle to work scheme)
  • Payment service providers
  • Printing companies and mailing houses
  • Data cleansing company to ensure that the information we hold is up to date
  • Our Lottery partner – Local Hospice Lottery 
  • HMRC 
  • The Gambling Commission if required by them to do so
  • The Care Quality Commission if required by them to do so
  • Your former employers to obtain references for you (relating to recruitment data)
  • With employment background check providers, including the Disclosure and Barring Service to obtain necessary criminal record checks (relating to recruitment data) 

         In these circumstances, we will ensure that your personal data is properly protected and that it is only used in accordance with this Privacy Policy and our instructions. All our trusted partners are required to comply with data protection laws and our high standards. 

 We may share patient data with other healthcare providers with the patient’s consent. We may also be legally required to share it with local authorities and our regulator, the Care Quality Commission. Consent for this by patients can be withdrawn at any time.

 We use third party electronic payment providers such as Stripe and PayPal to administer some transactions. They have their own privacy policies and we encourage you to read them

 On very rare occasion, we may be required to disclose your details to the police, regulatory bodies or legal advisors or to comply with a court order or a legal obligation. In these circumstances we would be careful to only provide information that we are required to provide.

 2- How we might contact you

We may need to contact you for various reasons and in a number of different ways. 

 If you are a patient or service user, we may contact you with important information regarding your care or support available to you, in the way you have requested.

 If you are the next of kin of a patient, we may contact you in the event of the death of a patient with further information on our services, for example, to offer bereavement support. 

 If you have given consent to receive direct marketing via email or text message, or there is legitimate interest to contact you via telephone or post, we may use your data, including your identity and contact data, technical data and marketing and communications data, to contact you with further information about Springhill Hospice, our work, fundraising requests and any news or upcoming events. We need to do so in order to support Hospice needs.

 Where relying on legitimate interests as the legal basis for doing so, we carry out and keep under review a legitimate interests assessment to ensure that your rights are not outweighed by those interests. We will not send you such communications if we know you are a child.  

 Email communications may contain tracking beacons/tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.

 We will usually try to tailor the communications we send to you so that they are relevant and in line with the preference options you have chosen which form part of the personal profile we will create for you.

 3 - Your Choice – preferences, subscribe and unsubscribe

It is always your choice as to whether you want to receive information about our work, how we raise funds and the ways you can get involved. You can change your preferences at any time by using the ‘your communication preferences’ form on the Springhill Hospice website, contacting us using the ‘how to contact us’ details below, or by following the instructions with each communication you receive. Please note it may take up to one month for your changes to be implemented and for communications to start or cease. 

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we will retain your details on a suppression list to help ensure that we do not continue to contact you.

 4 - Updating and correcting personal data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.  We will seek to update consent from supporters on our Fundraising Database at a minimum of every 36 months. Consent from patients and their loved ones will be sought and updated at each point of admission. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible.

 Where appropriate, in order to save the Hospice money, we may use data cleansing services to update us on people who have moved home or who have died. If you have registered a change of address with the Post Office’s National Change of Address database, we will update your details through this mechanism. Similarly for relevant activity, if you use the Fundraising Preference Service to withdraw consent to receiving direct marketing from us, we will amend our records accordingly. 

 You may update or correct your personal data by visiting www.springhill.org.uk/contact-us/communication-preferences or by contacting us at the address below, asking us to update your details. Please include your name, address, and/or email address when you contact us as this helps us to ensure that we accept amends from only the correct person. 

 If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorised to provide that information to us. You must also ensure that you have that person’s consent to pass on their details and make them aware of this Privacy Policy. 

 5 - Under 16s

Springhill Hospice is committed to protecting the privacy of the young people that engage with us. Some of our activities are targeted at families, particularly fundraising events. If you are under 16, please let us know when you sign up for events and ensure that you have the consent of a parent or guardian before giving us your details. We will ensure that your information is only used for the purposes it has been provided and in some circumstances may refuse certain services, products or events. 

6 - Vulnerable Supporters

Springhill Hospice is committed to protecting our vulnerable supporters and follow the guidance issued by the Fundraising Regulator regarding treating our donors fairly. We believe this helps to support our staff and volunteers who come into contact with supporters in providing high-quality customer care, ensuring anyone donating to Springhill Hospice is in a position to make a free and informed decision.

7 - How do we protect your data?

At Springhill Hospice we take the security of personal data and privacy seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. 

 We employ security technology, including firewalls and encryption to safeguard personal data and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.

Personal data held on our databases is only accessible by appropriately trained staff and volunteers who need to access your personal data as an essential part of their role.

 We only use third party service providers where we are satisfied that the security they provide for your personal data is at least as stringent as we use ourselves. They will only process your personal data on our instructions, for specified purposes, and are subject to a duty of confidentiality. 

 If we were to experience a data breach, this would be reported through our internal reporting system in line with our Incident/Accident Policy and where appropriate reported to the relevant supervisory authority within 72 hours of us becoming aware of the breach.

 Our website uses a HTTP/SSL secure certificate to ensure any information you send to us will be encrypted. Non sensitive details (such as your email address, etc.) are transmitted normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us and you do so at your own risk. 

8 - IT security

Our network is managed by Myson Pages. Appropriate firewalls and virus protection software have been installed with the assurance that these are safe, secure and conform to HSCN code of connectivity.

 All Springhill Hospice staff have a Microsoft office365 emails accounts (ending in @springhill.org.uk) and those staff whom work directly with patient care also have a standard NHSmail accounts (ending in @nhs.net).  The NHSmail is used for a secure national email service which enables the safe and secure exchange of sensitive and patient identifiable information within the NHS and with local/central government such as gov.uk, pnn.police.uk.

 Personal data stored in our database is only accessible by appropriately trained staff and volunteers who need to access, your personal data as an essential part of their role. All access is tracked through individual login credentials.  

 We only use third party service providers where we are satisfied that the security they provide for your personal data is at least as stringent as we use ourselves.

 If you are using our website

If you use our website we will store data about your internet browser, IP address, the timings of your visit and a record of which pages you looked at.

IP Address - In order to understand how users use the Springhill Hospice website and our services, we may collect your Internet Protocol addresses (also known as IP addresses). Your IP address is a unique address that computer devices (such as PCs, tablets and smartphones) use to identify themselves and in order to communicate with other devices in the network.

Cookies – Springhill Hospice uses “cookies” to help track and monitor the usage of our website. With cookies, the information we collect and share is anonymous and does not personally identify you. It does not contain your name, address, telephone number or email address. 

The cookies we use are Google Analytics, CMS Analytics Data, cookieNotice, pxRatio, MetaPixel and basketID, which are essential for parts of the site to operate.

 What is a cookie? A cookie is a small file of letters and numbers that we may put on your computer or mobile device when you access our website. These cookies allow us to distinguish you from other users of the website, helping us to provide you with a good experience when you browse our website and also to allow us to improve our site. For example, they will tell us whether you have visited our site before or whether you are a new visitor. Access www.allaboutcookies.org to find out more about cookies and how you can disable them. 

 By using the Springhill Hospice website and/or giving personal data to us you indicate that you consent to us using your personal data in accordance with this Privacy Policy.

 Links to other websites - The Springhill Hospice website may include links to other sites, not owned or managed by us. These links are provided for your convenience. We are only responsible for our privacy practices and our security. We recommend that you check the privacy and security policies and procedures of each and every other website that you visit and each organisation that holds your personal data.

 9 - How long we keep your information

 We will normally keep your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. 

  To determine the appropriate retention period for personal data we consider the requirements of the Hospice and the services provided along with the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and the applicable legal requirements.

In some circumstances we may anonymise personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further policy to you. 

Everyone who has supported the Hospice in some way will hear from us at least once a year. Please see below explanations on how and if you will receive direct marketing from us.

Emails and text messages

The Data Protection Act 2018 (“DPA”) and the Privacy and Electronic Communications Regulations (EC Directive) Regulations 2003 (“PECR”), we cannot send direct marketing information to you via text or email without your specific consent to use these channels, even if you’ve supplied your email address or mobile number to us in the past. Therefore, we will obtain your express consent before proceeding to send you direct marketing

Post and telephone marketing

It is not a legal requirement that we obtain explicit consent to contact you with direct marketing information via traditional mail or over the telephone if you have supplied us with your contact details. We will only contact you about something which is relevant to how you’ve contacted us or supported us in the past.

We will always provide details in our communications of how you can opt out. 

We do not currently transfer personal data outside of the United Kingdom or the European Economic Area. If this changes and we do need to transfer your personal data to other territories, we will take appropriate steps to ensure that it is protected in accordance with this Privacy Policy and applicable privacy laws. 

Recruitment data

If your application for employment is unsuccessful, Springhill Hospice will hold your data on file for six months after the end of the relevant recruitment process, in accordance with our retention policy. If you agree to allow Springhill Hospice to keep your personal data on file your data will be held on file for a further 6 months for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in our Staff Privacy Policy. 

10 - Your rights  

Where Springhill Hospice is using your personal information on the basis of your consent, you have a number of legal rights in respect of your personal data. These may include: 

  • Access: Request access to your data.
  • Correction: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data under certain conditions.
  • Restriction: Request restriction of data processing.
  • Objection: Object to processing based on legitimate interests.
  • Data portability: Request transfer of your data to another organisation.
  • Complaints: see section ‘How to lodge a complaint’ below for more details.

Exercising your rights

Please contact the Hospice’s Data Protection Officer if you wish to exercise any of your rights. 

 You will not have to pay a fee to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request is considered unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. 

 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask you to clarify your request to speed up our response.

 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests, in which case we will keep you updated.

 11 - How to contact us

If you have any questions regarding our Privacy Policy please contact us:

Data Protection Officer 

Springhill Hospice

Broad Lane  

OL16 4PZ  

Tel: 01706 649920

12 - How to lodge a complaint

If you believe that we have breached your privacy in any way, we urge you in the first instance to contact our Data Protection Officer. All complaints, whether made verbally or in writing, must be brought to the attention of the Chief Executive as per company policy.  If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 Tel: 0303 123 1113

Website: https://ico.org.uk 

 13 - Changes to this Privacy Policy

Privacy laws and practices are constantly developing and we aim to meet high standards. Our policies and procedures are, therefore, under continual review. We may, from time to time, amend or update security and privacy policies.  

We will ensure our website has our most up to date policy and suggest that you check this page periodically to review our latest version.

1 item added to the basket

X