Caring for People in Harrow & Brent

Privacy Policy

This Privacy Policy sets out the data processing practices about information that St Luke’s Hospice and staff responsible for your care and treatment may hold about you, the way in which this information may be used and your rights.

Please note that all data thus captured will be used and held in accordance with the requirements of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

UK GDPR requires every organisation that processes personal information to be registered with the Information Commissioner’s Office. Our registration number is Z5329161.

Legal basis for processing data

Data protection law sets out that each piece of personal information must have a legal basis. These bases are found in the UK GDPR 2018 and other UK data protection legislation. The bases are as follows

Consent

To use your information we must ask you for your consent to be used for the specified reason. Once consent is freely given you can withdraw consent at any time. If you wish to withdraw consent please email the Compliance Officer at infogovernance@stlukes-hospice.org

Legal obligation

We have a basis to process your personal information in order to comply with a common law. For example when signing up to Gift Aid we would need to submit the claim to HRMC and this would mean processing your data for this purpose.

Contract

We can use your personal information where we are entering into a contract or performing obligations under that contract. For example an individual applies to work for us.

Legitimate interest

In certain situations we can use your personal information where there is a reasonable purpose to process your data and it does not impact your rights, freedom or interests.

How do we collect information about you?

The information we collect about you is obtained from those involved in your care and treatment for example hospitals and community and also information supplied by yourself. This data we collect would likely include personal data and sensitive data about you.

Sometimes we obtain information about you from:

  • other health care providers
  • credit reference agencies
  • debt collection agencies
  • government agencies such as HMRC or the Home Office

There are situations where you may give us your information for example signing up to volunteer or an event, making a donation, gift aiding donations, using our services or any other communication with us.

We collect information from visitors to this website through the use of online forms, email hyperlinks and every time you email us your details. We also collect information about the transactions you undertake through the PayPal site, including details of payment cards used. We collect additional information automatically about your visit to our website. Please see our cookies policy for more details.

How do we use personal information?

We process personal information collected for the purposes of:

  • treatment and care
  • tests or assessments
  • medical examinations
  • providing and personalising our services
  • dealing with your inquiries and requests
  • fundraising
  • maintaining information as a reference tool or general resource
  • processing Gift Aid
  • providing reservation or booking services
  • carrying out market research campaigns
  • providing you with information about products and services
  • applying for a job or volunteering position
  • for Health and Safety of all i.e. Track and Trace
  • safeguarding of staff and volunteers

We may use your contact details to contact you in advance of your appointment for reasons relating to your care or treatment. If you have provided us with a telephone number or email address we may send you reminds of your appointments via text message or email.

We will send you information according to the preferences you submitted via our data capture form. If you would like to change these preferences at any point, please email The Hospice at infogovernance@stlukes-hospice.org. Alternatively, you can also write to us at St Luke’s Hospice, Kenton Grange, Kenton Road, Harrow Middlesex, HA3 0YG.

Who do we share information with?

For healthcare purposes different care providers hold and share information about you to provide safe and effective care. Information is shared for direct care purposes. There may be situations where we are required to share information but this will only be shared if we have a legal basis.

As well as our health care team we may share your information with other organisations such as regulatory bodies for example the CQC and CCG but only when we have a legal basis or with your consent.

Your information may be shared with those providing us with IT systems for example, incident reporting systems, electronic prescribing and clinical systems. In each instance we would share information as long as it is relevant and necessary.

Your consent

By providing us with your personal data, you consent to the collection and use of any information you provide in accordance with the above purposes and this privacy statement.

UK GDPR recognises that certain categories of personal information are more sensitive. These are known as special categories of data and cover health information race and religious beliefs – this list is not exhaustive.  We are likely to hold personal data about you and this may include special category data.

We only collect sensitive data where necessary for example in cases for direct care purposes or where there is a statutory requirement.

You also consent to our transferring your information to countries or jurisdictions which may not provide the same level of data protection as the UK, if necessary for any of the above purposes. We will not transfer information to countries outside of the UK unless there is a reason to do so. If we do make such a transfer, we will, if appropriate, put in place a contract to ensure your information is properly protected. 

If you do not want us to use your information then let us know by emailing infogovernance@stlukes-hospice.org

Your rights

Under the General Data Protection Regulation, which came into force on May 25th, 2018, you have the following rights:

  • The right to access your personal information
  • The right to edit and update your personal information
  • The right to request to have your personal information deleted
  • The right to restrict processing of your personal information
  • The right to object processing of your personal information
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
  • The right to lodge a complaint with a supervisory authority

To address your rights as listed above please contact our Information Governance team at infogovernance@stlukes-hospice.org.

Protecting your information

We have security procedures, rules and technical measures in place to protect your data. These include

  • Completing the NHS Digital Data Security & Protection Toolkit which provides assurance that we are meeting standards on handling client/patient data.
  • Abiding by our Data Protection Policies
  • Staff completing induction Information Governance training
  • Carrying out spot checks
  • Changing passwords regularly
  • IT is managed by a third party company who ensure data is protected and secure

Retention

In order to ensure records are kept for the correct retention period, we follow the NHS Records Management Code of Practice 2021.Other departmental records including fundraising, employee records and finance are all held for a period of up to 7 years.

Donor and Supporter Records

St Luke’s Hospice as the Data Controller of your personal data collects, stores and processes personal information about prospective, current and former donors and supporters of the charity under the UK General Data Protection Regulation (UK GDPR).

Contact details for the St Luke’s Hospice Senior Information Risk Owner (SIRO)

St Luke’s Hospice
Kenton Grange
385 Kenton Road
Harrow HA3 0YG

Telephone: 0208 382 8000

Email:  infogovernance@stlukes-hospice.org

Types of personal data handled

We hold personal data provided by individuals when they support the Hospice, this support may be through a fundraising donation, Gift Aid on the sale of donated goods sold in one of our charity shops, in memory giving or when you notify us that you are leaving a gift in your will.

In order to carry out our activities in relation to donors and supporters, we process data relating to:

  • Contact details such as names, addresses, telephone numbers and email addresses
  • Date of birth (required for age-restricted fundraising events)
  • Bank account and credit card information
  • Estate information for management of will gifts
  • Donation amounts
  • Communications to and with St Luke’s Hospice
  • Publicly available information regarding your interests and philanthropic capacity

We do not routinely collect sensitive information, e.g. health and medical information unless we have a clear reason for doing so, for example you are participating in an event where we need this information to ensure your health and wellbeing during participation, such as a sponsored walk or fun run.

Purpose of processing data

In order to process your data, we have to identify what our legal basis is to do so. We have a legal basis to process data for the following activities on the basis of your explicit consent to provide us with this information. You may withdraw your consent to process this data at any time by notifying us at the contact details provided above.

We process your data for the following reasons:

  • Fundraising activities, soliciting donations and support in kind
  • Marketing and communication preferences about St Luke’s Hospice including events
  • Securing your consent for the donation of Gift Aid to the hospice
  • Data on the access and use of our website and social media platforms

In some circumstances we can use your personal data if it is in our legitimate interest to do so under article 6 (1) (f) of the GDPR, provided that we have told you what that legitimate interest is.

We process your data for the following reasons:

Research and Profiling analysis to inform our decisions and target our resources effectively. This sort of profiling can include us using information such as your age, where you live, your job, directorships, your financial circumstances, philanthropic interests, networks and any previous donations you have made. We may use this information to make decisions about the communications that we send you, or the events to which we invite you. We also use this information to help us determine whether and in what ways you might be interested in getting involved in our other fundraising activities.

If you wish to withdraw your consent to our processing of your data, please contact infogovernance@stlukes-hospice.org, this includes if you wish to withdraw your consent in the respect of Gift Aid

Sharing information

Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place.  

On occasion we may use a trusted third party provider to compare our database, sections of our database or individual records, to geodemographic data or other publicly available information sources as part of our research and profiling analysis.

We also use trusted third parties to facilitate postal or email fundraising or marketing campaigns, supporting our fundraising and marketing activities

These third parties are contracted to operate under the same technical and organisational measures that we have in place.

There are a number of other reasons why we share information, generally due to some kind of legal or regulatory obligation such as:

  • To comply with legislation such as HMRC for Gift Aid records
  • To comply with any court orders which may be imposed
  •  
  • To share information with other bodies that inspect and manage public funds

If you wish to withdraw your consent to the sharing of your data, please contact our fundraising team at infogovernance@stlukes-hospice.org

Keeping your data secure

We take appropriate technical and organisational measures to protect your data, including:

  • Secure storage of data on password protected database
  • Restricted access to authorised staff only
  • Regular data protection training for all Hospice staff and volunteers
  • Use of secure payment platforms

Changes to this policy

As part of our regular reviews of our data practices, we may update this policy. When we do, we will notify you via our website https://www.stlukes-hospice.org/

Contact Us

To contact us about this policy or your data rights, please direct your enquiries to:

infogovernance@stlukes-hospice.org

Marketing

Please note that your information may be used to send you details of those products or services that we offer that we have identified as likely to be of interest to you. 

If at any point you would like to opt-out of receiving communications from us or would like to change the channels (such as email or post) that we use to contact you, please contact us at info@stlukes-hospice.org or telephone 020 8382 8000.

Google Analytics

This site uses Google Analytics (www.google.com/intl/en_uk/analytics) to allow us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. The cookie contains no personally identifiable information, but it does use your computer’s IP address to determine where in the world you are accessing the site from and to track your page visits within the site.

Meta Pixel

Our website contains a piece of code called Meta Pixel which is also known as the Facebook Pixel. This cookie collects data about the way in which you interact with the website. This information is used to understand visitor behaviour further to ensure content displayed is more relevant to you.

This cookie may capture information such as:

  • How you reached our website
  • Your IP address including geographical information
  • Browser type, versions and plugins
  • Links you have clicked on and length of time on website
  • Videos and content viewed, shared and liked
  • Adverts you saw and clicked on
  • Information on forms completed on the website
  • Whether you follow our social media page

Misuse of our website

We do not guarantee that our site will be secure or free from bugs or viruses.

You are responsible for configuring your information technology, computer programs and platform in order to access our site. You should use your own virus protection software.

You must not misuse our site by knowingly introducing viruses, Trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of-service attack.

By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.

Other websites

Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.

If you have any requests concerning your personal information or any queries with regard to these practices please contact our Compliance Officer at infogovernance@stlukes-hospice.org.

The right to complain to the Information Commissioner’s Office

If you are unhappy with the way we have dealt with a request or if you think we have not complied with our legal obligations you have the right to complain to the Information Commissioner’s Office.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number)

Website: https://ico.org.uk

Email: casework@ico.org.uk

Amendments

Please note that this Privacy Policy is reviewed on a regular basis and was last reviewed in January 2022.

Sign up to our newsletter

  • This field is for validation purposes and should be left unchanged.

By giving us your email address, you’re giving us permission to email you about our work

Website by Agency For Good