Privacy Policy
This Privacy Policy sets out the data processing practices about information that St Luke’s Hospice and staff responsible for your care and treatment may hold about you, the way in which this information may be used and your rights.
Please note that all data thus captured will be used and held in accordance with the requirements of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
UK GDPR requires every organisation that processes personal information to be registered with the Information Commissioner’s Office. Our registration number is Z5329161.
Legal basis for processing data
Data protection law sets out that each piece of personal information must have a legal basis. These bases are found in the UK GDPR 2018 and other UK data protection legislation. The bases are as follows
Consent
To use your information we must ask you for your consent to be used for the specified reason. Once consent is freely given you can withdraw consent at any time. If you wish to withdraw consent please email the Compliance Officer at infogovernance@stlukes-hospice.org
Legal obligation
We have a basis to process your personal information in order to comply with a common law. For example when signing up to Gift Aid we would need to submit the claim to HRMC and this would mean processing your data for this purpose.
Contract
We can use your personal information where we are entering into a contract or performing obligations under that contract. For example an individual applies to work for us.
Legitimate interest
In certain situations we can use your personal information where there is a reasonable purpose to process your data and it does not impact your rights, freedom or interests.
How do we collect information about you?
The information we collect about you is obtained from those involved in your care and treatment for example hospitals and community and also information supplied by yourself. This data we collect would likely include personal data and sensitive data about you.
Sometimes we obtain information about you from:
- other health care providers
- credit reference agencies
- debt collection agencies
- government agencies such as HMRC or the Home Office
There are situations where you may give us your information for example signing up to volunteer or an event, making a donation, gift aiding donations, using our services or any other communication with us.
We collect information from visitors to this website through the use of online forms, email hyperlinks and every time you email us your details. We also collect information about the transactions you undertake through the PayPal site, including details of payment cards used. We collect additional information automatically about your visit to our website. Please see our cookies policy for more details.
How do we use personal information?
We process personal information collected for the purposes of:
- treatment and care
- tests or assessments
- medical examinations
- providing and personalising our services
- dealing with your inquiries and requests
- fundraising
- maintaining information as a reference tool or general resource
- processing Gift Aid
- providing reservation or booking services
- carrying out market research campaigns
- providing you with information about products and services
- applying for a job or volunteering position
- for Health and Safety of all i.e. Track and Trace
- safeguarding of staff and volunteers
We may use your contact details to contact you in advance of your appointment for reasons relating to your care or treatment. If you have provided us with a telephone number or email address we may send you reminds of your appointments via text message or email.
We will send you information according to the preferences you submitted via our data capture form. If you would like to change these preferences at any point, please email The Hospice at infogovernance@stlukes-hospice.org. Alternatively, you can also write to us at St Luke’s Hospice, Kenton Grange, Kenton Road, Harrow Middlesex, HA3 0YG.
Who do we share information with?
For healthcare purposes different care providers hold and share information about you to provide safe and effective care. Information is shared for direct care purposes. There may be situations where we are required to share information but this will only be shared if we have a legal basis.
As well as our health care team we may share your information with other organisations such as regulatory bodies for example the CQC and CCG but only when we have a legal basis or with your consent.
Your information may be shared with those providing us with IT systems for example, incident reporting systems, electronic prescribing and clinical systems. In each instance we would share information as long as it is relevant and necessary.
Your consent
By providing us with your personal data, you consent to the collection and use of any information you provide in accordance with the above purposes and this privacy statement.
UK GDPR recognises that certain categories of personal information are more sensitive. These are known as special categories of data and cover health information race and religious beliefs – this list is not exhaustive. We are likely to hold personal data about you and this may include special category data.
We only collect sensitive data where necessary for example in cases for direct care purposes or where there is a statutory requirement.
You also consent to our transferring your information to countries or jurisdictions which may not provide the same level of data protection as the UK, if necessary for any of the above purposes. We will not transfer information to countries outside of the UK unless there is a reason to do so. If we do make such a transfer, we will, if appropriate, put in place a contract to ensure your information is properly protected.
If you do not want us to use your information then let us know by emailing infogovernance@stlukes-hospice.org
Your rights
Under the General Data Protection Regulation, which came into force on May 25th, 2018, you have the following rights:
- The right to access your personal information
- The right to edit and update your personal information
- The right to request to have your personal information deleted
- The right to restrict processing of your personal information
- The right to object processing of your personal information
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
- The right to lodge a complaint with a supervisory authority
To address your rights as listed above please contact our Information Governance team at infogovernance@stlukes-hospice.org.
Protecting your information
We have security procedures, rules and technical measures in place to protect your data. These include
- Completing the NHS Digital Data Security & Protection Toolkit which provides assurance that we are meeting standards on handling client/patient data.
- Abiding by our Data Protection Policies
- Staff completing induction Information Governance training
- Carrying out spot checks
- Changing passwords regularly
- IT is managed by a third party company who ensure data is protected and secure
Retention
In order to ensure records are kept for the correct retention period, we follow the NHS Records Management Code of Practice 2021.Other departmental records including fundraising, employee records and finance are all held for a period of up to 7 years.
Marketing
Please note that your information may be used to send you details of those products or services that we offer that we have identified as likely to be of interest to you.
If at any point you would like to opt-out of receiving communications from us or would like to change the channels (such as email or post) that we use to contact you, please contact us at info@stlukes-hospice.org or telephone 020 8382 8000.
Google Analytics
This site uses Google Analytics (www.google.com/intl/en_uk/analytics) to allow us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. The cookie contains no personally identifiable information, but it does use your computer’s IP address to determine where in the world you are accessing the site from and to track your page visits within the site.
Meta Pixel
Our website contains a piece of code called Meta Pixel which is also known as the Facebook Pixel. This cookie collects data about the way in which you interact with the website. This information is used to understand visitor behaviour further to ensure content displayed is more relevant to you.
This cookie may capture information such as:
- How you reached our website
- Your IP address including geographical information
- Browser type, versions and plugins
- Links you have clicked on and length of time on website
- Videos and content viewed, shared and liked
- Adverts you saw and clicked on
- Information on forms completed on the website
- Whether you follow our social media page
Misuse of our website
We do not guarantee that our site will be secure or free from bugs or viruses.
You are responsible for configuring your information technology, computer programs and platform in order to access our site. You should use your own virus protection software.
You must not misuse our site by knowingly introducing viruses, Trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of-service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
Other websites
Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
If you have any requests concerning your personal information or any queries with regard to these practices please contact our Compliance Officer at infogovernance@stlukes-hospice.org.
The right to complain to the Information Commissioner’s Office
If you are unhappy with the way we have dealt with a request or if you think we have not complied with our legal obligations you have the right to complain to the Information Commissioner’s Office.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number)
Website: https://ico.org.uk
Email: casework@ico.org.uk
Amendments
Please note that this Privacy Policy is reviewed on a regular basis and was last reviewed in January 2022.