Peace Hospice Care (PHC) takes your privacy extremely seriously. This policy sets out how we collect and process any personal data you may provide to us when you use our services as a hospice, sign up to charity events or become a donor, and when you use our website https://www.peacehospicecare.org.uk/.
This policy applies where PHC (referred to as “we”, “us” or “our” in this privacy notice) identify as the data controller and where we are responsible for your personal data.
PHC has appointed a Data Protection Officer, who will be responsible for privacy matters and the protection of personal data we hold as an organisation, their details are below:
Name: Darren Kewley
Email address: email@example.com
Telephone number: 01923 330 330
PHC is registered in England and Wales registration number 02604892, our registered office is Peace Hospice Care, Peace Drive, Watford, Herts, WD17 3PH.
If you are unhappy with the way we collect or process your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) who are the UK’s supervisory authority for data protection.
Complaints and concerns can be lodged with the ICO via this link: https://ico.org.uk/concerns/
We kindly ask that before any complaints are lodged with the ICO, that you contact us first to try and resolve any issues you may have.
Personal information we may collect from you and process includes:
- Identity and contact info – such as your name, date of birth, address, email addresses, phone numbers and photographs
- Payment data – credit card or direct debit details when you become a donor to our organisation
- Health information – such as your NHS number, details in relation to your medical history, medical notes and information from carers and third-party healthcare providers
- Next of kin information (with their consent)
- Your gender, ethnicity, race and religion
- Cookies and IP address information when you use our website
Special Category Data
Under the General Data Protection Regulation/Data Protection Act (2018), special category data is data which includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
PHC does collect sensitive personal data as part of our hospice and care services. Our lawful purposes and conditions for obtaining and processing this data are set out in section 5.
How do we use your personal data?
We will only use your personal data for the following reasons:
- To provide you with the care and treatment services we offer as a hospice
- To liaise with other healthcare professionals and organisations regarding your treatment or ongoing care
- To keep your next-of-kin informed regarding your care
- To improve the quality of our services and charity
- To inform donors and potential donors of Peace Hospice Care news, events and fundraising efforts
- To sign you up for any events we may be organising
To on-board volunteers
- Defending a claim if we need your information to defend a legal claim against us by you or by another party
We obtain your personal data via a number of ways:
- From relevant healthcare agencies, organisations and professionals
- From yourself or your next-of-kin when you are referred to the hospice for your care
- Via paper and online forms when you sign up to be a supporter or volunteer, sign up to our digital marketing or to attend one of our events
- When you use our website https://www.peacehospicecare.org.uk/
We have identified that we will use your information for the following reasons:
- With your explicit consent
- In order to protect your vital interests
- In the performance of a contract (such as with NHS England)
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
We have identified that we will use special category data under the following conditions:
- With your explicit consent
- In order to protect your vital interest
- Where it is necessary for reasons of public interest in the areas of public health
Where we rely on consent as a lawful purpose for processing your personal data, you have the right to withdraw consent (where legally applicable) at any time by contacting our Data Protection Officer.
We may need to share your information with third parties in order to provide you with our services or to help us raise funds for our charity, these third parties include:
- The National Health Service (NHS)
- Healthcare professionals (such as doctors, consultants and nurses)
- Pharmacists and other third-party organisations involved in your care
- Any other person involved in providing services relating to your direct general healthcare, including mental health professionals, other charities or non-NHS health care professionals
- Local authorities, Commissioners, Clinical Commissioning Groups and the Care Quality Commission
- Organisations such as the Police, solicitors, courts and insurance companies for the purposes of complying with the law.
- Services providers who host our website and systems
- Payment card providers who handle transactions on our behalf (for donors)
- Third-party marketing organisations we work with when you sign-up to our marketing as a charity
PHC uses an electronic system called SystmOne to record and share patient information. This system allows the sharing of electronic records across different healthcare services such as GPs, community teams, hospital services and social care. SystmOne is facilitated by NHS England and your records may be shared with other professionals and organisations involved in your direct healthcare.
Where we do share your information with third parties, PHC ensures that the highest levels of data protection are in place in accordance with the law. Third parties with whom we share data are only permitted to process this data for the specified purposes we stipulate with them via agreements and contracts.
We do not sell your information onto third parties.
Where possible, we ensure that your data is stored within the European Economic Area (EEA), however some of our storage locations and service providers may be hosted outside of the EEA. When we do need to transfer your personal data out of the EEA, we ensure one of the following safeguards are in place to provide a similar level of security of your data:
- Your personal data has been transferred to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission; or
- The hosting environment we use has specific contracts, codes of conduct or certification mechanisms in-place which have been approved by the European Commission; or
- Where we transfer data to the United States, we ensure our providers are certified as part of the EU-US Privacy Shield programme.
If none of these safeguards are available, we will only transfer your data with your explicit consent – which can be removed at any time by contacting us.
Please contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Your personal information will be retained in accordance with our data retention policy which categorises all of the data assets held by us and specifies the appropriate retention period for each data asset.
These periods are based on the requirements to keep the data for as long as necessary to fulfil the purpose for which it was collected, to meet any legal requirements or to satisfy any reporting, accounting or contractual needs.
Please contact our Data Protection Officer if you would like further information on our retention periods.
Under the General Data Protection Regulation/Data Protection Act (2018), you have certain rights regarding your personal data, these include the right to:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Withdraw consent
You may exercise any of these rights by raising a subject access request with us. You can do this by contacting our Data Protection Officer.
We will not charge you for making a request and we will make all reasonable efforts to respond to you within 30 days. Sometimes it may take longer than 30 days to gather all the information we may hold on you, in this situation we will keep you updated at all times.
You can instruct us at any time to stop processing your personal data for the purposes of marketing.
We may refuse your request or withhold any personal information that you request if there is an overriding legal reason for us to do so.
PHC takes the security of your information extremely seriously. In order to protect your data, we implement a risk-based approach to adopt the strongest organisational and technical controls in order to protect the confidentiality, integrity and availability of your data.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
The cookies we use:
Forms related cookies:
When you submit data to us through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
Site preferences cookies:
In order to provide you with a great experience on our websites, we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences, we need to set cookies so that this information can be recalled whenever you interact with a page to meet your preferences.
Third Party Cookies
This site uses Google Analytics, which is an analytics solution on the web, for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. We might also use Google Analytics, which is a similar service, to ensure we have the best information possible to improve our service.
For more information on Google Analytics cookies, see their official web page.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
Most browsers allow you to refuse to accept cookies and to delete cookies. The method for doing so differs with each browser, the following guides for the most common internet browsers detail the processes for doing this:
- https://support.google.com/chrome/answer/95647?hl=en (Google Chrome)
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Mozilla Firefox)
- https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer)
- https://support.apple.com/kb/PH21411 (Safari)
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Microsoft Edge)
Blocking cookies may impact your experience on our website as you may not be able to make full use of the features on it.
If you would like this notice in another format (for example: audio, large print, braille) please contact our Data Protection Officer via the email address above).