Privacy and Data Protection Statement

Introduction

The Norfolk Hospice Tapping House is committed to protecting your privacy. This statement explains how we collect and use the personal information you provide to us whether online or via phone, mobile, email, letter or other correspondence.  

By using our website, any of our services or providing us with any personal information we will assume you are agreeing to your information being used and disclosed in the ways described in this policy. 

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

1. Who we are?
2. Data Protection Laws
3. What personal information do we collect?
4. Where do we collect your data from?
5. How and why do we use your data?
6. More information about why we use your information for credit risk reduction and or fraud prevention
7. Credit, debit card and standing order payment information
8. Information sharing and disclosure
9. The accuracy of your information
10. Under 16s
11. Vulnerable circumstances policy
12. Storing your information
13. Our website
14. Cookies
15. Changes to the policy
16. Your rights

1. Who we are?

The Norfolk Hospice is committed to providing outstanding care for people in the local community living with life-shortening illnesses and to their carers, family and friends including bereavement support.

The support provided is tailored to the individual, encompassing their physical, psychological, social and spiritual needs in an understanding, caring and compassionate way, ensuring dignity is maintained throughout.  

Care is delivered at the Hospice in Hillington, either in the Inpatient Unit, Day Therapy Unit or via one-to-one sessions at the Hospice. Care is also provided in people’s own homes.

The current services cost over £2million per year to run; the NHS funds only 35% of this, with the majority coming from the support of local groups, businesses and individuals.

The Norfolk Hospice is registered as a charity in England and Wales (registered charity number 1062800) and we are also registered as a company limited by guarantee (company number 3185605).  

The Norfolk Hospice Tapping House
Wheatfields
Hillington
King’s Lynn
Norfolk
PE31 6BH

Call: 01485 601700 or email [email protected]

If you have any questions or queries about this Privacy and Data Protection Statement, please contact our Data Protection Officer, John Garrett, using the above address and contact details.

2. Data Protection Laws

In carrying out our day to day activities we process and store personal information relating to our supporters and we are therefore required to adhere to the requirements of the Data Protection Act 1998/General Data Protection Regulations 2018 (GDPR).

We take our responsibilities under these acts very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations. 

Personal data in our databases is only accessible by appropriately trained staff and volunteers who need to access your personal information as an essential part of their role. We employ security technology including firewalls and encryption to safeguard personal data and have procedures in place to ensure that paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.

3. What personal information do we collect?


Basic Information

This includes your name, email address, postal address, telephone numbers and date of birth.

We collect information about the donations you make including how much, when and your reasons for donating.

Information for Gift Aid

We also collect information about whether you are a UK tax payer so that we can claim Gift Aid (please rest assured we do not collect information about your actual tax payments, just whether you are a tax payer or not).

Sensitive Personal Information

We do not usually collect “sensitive personal information” about you unless there is a clear reason for doing so, such as participation in an event where we need this information to ensure we provide appropriate facilities for you.  We may collect health information if you tell us about your experiences of the Hospice (for example, if you act as a case study for us); however, we will make it clear to you when collecting this information as to what we are collecting, why and how we will use it.  

Event-specific information

We may also ask you for information for specific events. This is so that we can cater for your needs at our fundraising events and ensure events are safe and legal. For example

  • If you register to bring your Classic Car to a Car Show we will ask for your car registration number and insurance details. This is to help us identify your car at the show and ensure that the event is safe and legal.
  • If you want to come to our Winter Ball we will need to know your dietary requirements so that we can cater for you.
  • If you are running a marathon or 10km for us we will ask for your t-shirt size so that we can provide you with a Hospice running vest.

Information about volunteers

As appropriate for the volunteer role, we may ask for:

  • emergency contact information
  • contact details for referees
  • your interests, experience and relevant qualifications
  • your driving licence record
  • any previous convictions
  • your DBS
  • relevant medical conditions
  • if you have been bereaved in the past 18 months.

We collect this information so that we can give you a volunteer role suitable and support you to do this role. We also have to ensure that those we care for are safe. 

4. Where do we collect your data from?

In most cases we collect data about you when you give it to us.

We collect personal information about you when you:

  • ask about our activities
  • register with us
  • make a donation to us, either through our shops or to our fundraising department
  • volunteer
  • sign up for an event
  • engage with our social media or message boards
  • play our lottery
  • order products and services (such as publications and email newsletters)
  • or otherwise give us personal information. 

We also collect data about you from other sources such as Virgin Money Giving, Just Giving and Funeral Directors who pass on donations you make to us. We may also collect information about you from social media when you interact with us on these platforms.

In order to keep our data accurate we annually screen our database against public registers.

We may make use of profiling and screening methods to produce relevant communications and so provide a better experience for our supporters. Profiling can help us target our resources more effectively through gaining an insight into the background of our supporters and helping us to build relationships that are appropriate to their interests and capacity to give. To do this we may use additional external sources of data to increase and enhance the information we hold about you. This includes your date of birth, contact details and demographic data generated through the MOSAIC geodemographic tool. It may also include information from public registers and other publicly available sources such as Companies House, newspapers and magazines.

5. How and why do we use your data?

Where we have your consent we will use your data

  • to send you direct marketing e.g. our annual In Touch newsletter, our Light up a Life appeal or our regular monthly newsletter. This may be via email, postal mail, SMS or telephone depending on what consent you have given us
  • to provide you with the services, products or information you have requested
  • to invite you to participate in surveys or research.

We have a legal obligation to use your data

  • to claim GiftAid (this involves sharing your information with HMRC)
  • for the purposes of credit risk reduction or fraud prevention (regrettably some people target charities for illegal purposes such as money laundering and, quite rightly, we are required to monitor financial activity and report suspected fraud to the appropriate authorities). See below for more information about this.

It is in our legitimate interest to use your data

  • to process any donation(s) we may receive from you
  • for administration purposes 
  • for internal record keeping, such as the management of feedback or complaints 
  • to analyse and improve the services we offer
  • to check on your preferences from time to time to ensure they are up to date
  • to make contact with you for administrative purposes for example to ask you about Gift Aid or your Lottery account.
  • to send you direct marketing about ways in in which you have supported the Hospice previously and where you have not specifically told us not to contact you. For example, if you made a donation to our Light up a Life appeal, we will send it to you unless you tell us not to.
  • to contact you if you have received services from us about other services which may help you.

We do this because we believe it is necessary for our legitimate interests because our supporters are very important to The Norfolk Hospice and all of our supporters deserve to have the information concerning their support recorded accurately and for it to be used to keep a proper account of the dealings we have with the public and to keep the public fully informed about the work of the Hospice where requested.

We use your data to fulfill a contract e.g.

  • to send you the items you have ordered through our shop 
  • if you play our lottery or enter a raffle or competition.

We may also send you service communications via e-mail, text or social posting, for example when you create a fundraising page on our website, place an order for goods or services, or if you have made a donation online or by text.

We will not use your information for marketing purposes if you have asked us not to. However, we will retain your details on a suppression list to help ensure we do not continue to contact you for marketing purposes.

If we were to merge with another charity or restructure, we may share your personal details with other entities involved in the merger/restructure for that purpose but we would give you full information before doing so.

6. More information about why we use your information for credit risk reduction and or fraud prevention

To comply with our obligations as a charity we take reasonable and appropriate steps to know who our donors are, particularly where significant sums are being donated.  This means that we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support whether that is from an individual or organisation.  This will help to give assurance that the donation is not from an inappropriate source and to safeguard our reputation.  This does not mean that we will question every donation, or that we will research lots of personal and other details about every donor.  Any information we do collect for this purpose will only consist of what is necessary for us to meet these requirements and will be processed in line with your rights.

Your information may be used to ensure that The Norfolk Hospice complies with the Fundraising Regulator’s Code of Fundraising Practice, which stipulates that we must take steps to assess and manage risks to our work and reputation with regard to certain levels of donation. More details can be found at www.fundraisingregulator.org.uk.

7. Credit, debit card and standing order payment information

If you are making a payment to us we may also collect your bank account details and credit/debit card details.  

We do not store your credit or debit card details at all following the completion of your transaction.  

All card details and validation codes are securely destroyed once the payment or donation has been processed.  Only those staff authorised to process payments will be able to see your card details.  

If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.  

If you set up a standing order with us, either to make a donation or play our lottery, we will ask for your bank account details. These will be sent to your bank. They will be stored securely at the Hospice.

To process ‘one off’ payments made through our website we use a third party called Stripe Payments Europe Ltd (“Stripe”).  Stripe may use, retain and disclose your personal information and credit or debit card details for this purpose and as set out in their privacy policy, including transferring your data outside of the European Economic Area (EEA).  Where such transfer occurs, Stripe ensures your data is adequately protected under UK data protection law. https://stripe.com/gb/privacy

To process regular payments made through our website we use a third party called GoCardless Limited. GoCardless Limited may use, retain and disclose your personal information and credit or debit card details for this purpose and as set out in their privacy policy, including transferring your data outside of the European Economic Area (EEA).  Where such transfer occurs, GoCardless Limited ensures your data is adequately protected under UK data protection law. https://gocardless.com/legal/privacy/

To process payments made over the phone or via direct mail we use a third party called Worldpay (UK) Limited.  Worldpay (UK) Limited may use, retain and disclose your personal information as set out in their privacy policy, including transferring your data outside of the European Economic Area (EEA).  Where such transfer occurs, Worldpay (UK) Limited ensure your data is adequately protected under UK data protection law. http://www.worldpay.com/uk/privacy-policy

8. Information sharing and disclosure

We will not sell or swap your information with any third party.

We may share your information with our data processors. These are trusted partner organisations that work with us in connection with our charitable purposes and other entities that act as fundraisers for us, sell our products or provide us with information and marketing (subject to your communication preferences and our internal policies and procedures). All our trusted partners are required to comply with data protection laws and our high standards and are only allowed to process your information in strict compliance with our instructions. We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance.

Currently the third parties we work with are:

  • Raising IT who provide and help manage our website
  • Whittington Moor who design and print our direct mail
  • Mail Chimp and Smart Messenger who provide us with the email software which allows us to send our monthly newsletter
  • One Post who process and dispatch our direct mail
  • Quality Health who help us process large volumes of data
  • UK Skydive who run our Hospice skydives
  • LFS who help us to run our lottery
  • Spark and Zoom who we use to contact our retail gift aid supporters
  • E-Productive who help us to claim our retail gift aid donations

We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example to the police or a government body) to enable us to enforce or apply our terms and conditions or rights under an agreement or to protect us, for example, in the case of suspected fraud or defamation. 

We do not share your information with any other third party for any other purposes.

9. The accuracy of your information

We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible. 

10. Under 16s

If you are aged 16 or under and would like to participate in an event, make a donation or get involved with us, we must ensure that we have your parent/guardian’s permission before receiving your personal information.

When we collect information about a child or young person we will make it clear why we are collecting this information and how it will be used. 

11. Vulnerable circumstances policy

We recognise the importance of protecting our vulnerable supporters and follow the guidance issued by the Institute of Fundraising on treating donors fairly. We believe this helps to support our staff and fundraisers who come into contact with supporters in providing high-quality customer care, ensuring anyone donating to the Charity is in a position to make a free and informed decision. Access the Institute of Fundraising’s website for more guidance.

12. Storing your information

We take great care to ensure that your data is kept secure at all times. Data is only accessible to appropriately trained staff and volunteers. 

Although most of the information we store and process stays within the UK some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers are located in a country outside the EU. These countries may not have similar data protection laws to the UK, however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy. 

We will keep your information for as long as required to enable us to operate our services but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time. 

13. Our website

For all areas of our website which collect personal information we use a secure server. Although we cannot 100 per cent guarantee the security of any information you transmit to us we enforce strict procedures and security features to protect your information and prevent unauthorised access. 

Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking sites including but not limited to Twitter and Facebook. We may also include content from sites such as these on our website, however, we would advise that we do not have any control over the privacy practices of these other sites. You should make sure when you leave our site that you have read and understood that site’s privacy policy in addition to our own.

14. Cookies

The Norfolk Hospice Tapping House uses “cookies” to help track and monitor the usage of our website. We use Google Analytics for our web analytics. 

With cookies, the information we collect and share is anonymous and does not personally identify you. It does not contain your name, address, telephone number or email address.

What is a cookie?  A cookie is a small file of letters and numbers that we may put on your computer or mobile device when you access our website.  These cookies allow us to distinguish you from other users of the website helping us to provide you with a good experience when you browse our website and also allow us to improve our site. For example, they will tell us whether you have visited our site before or whether you are a new visitor.

Access the All About Cookies website - to find out more about cookies and how you can disable.

15. Changes to the policy

This policy replaces all previous versions and is correct as of March 2018. We will regularly review and update this Privacy and Data Protection Statement and will update, modify, add or remove sections at our discretion.  Any changes will be notified to you either via e-mail or through an announcement on our website and your continued use of our website, any of our services and/or the continued provision of personal information after we have posted the changes to these terms will be taken to mean you are in agreement with those changes. 

16. Your rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, these are the right to:

  • fair processing of information and transparency over how we use your personal information
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • require us to correct any mistakes in your information which we hold 
  • ask us to remove your personal information concerning you in certain situations (please note that we are only able to do this if you have not made a gift aidable donation to us in the last 7 years and do not play our lottery or actively volunteer).
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal affects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email, call or write to us using the information provided below
  • let us have enough information to identify you
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates

If you wish to find out more about these rights, or obtain a copy of the information we hold about you, please contact us by calling 01485 601700, emailing [email protected] or writing to us at The Norfolk Hospice, Wheatfields, Hillington, King’s Lynn, Norfolk, PE31 6BH

If you have any concerns or complaints about how we are handling your data please do not hesitate to get in touch. You can also contact the Information Commissioner’s Office and can find information on how to do this at www.ico.org.uk.

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisor authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone [0303 123 1113].

17. How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.  The supervisor authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone [0303 123 1113].

18. Changes to this privacy notice

This privacy notice was published on 6th March 2018 and last updated on 8th May 2018.

19. How to contact us

If you wish to find out more about these rights, or obtain a copy of the information we hold about you, please contact us at:

The Norfolk Hospice Tapping House
Wheatfields
Hillington
King’s Lynn
Norfolk
PE31 6BH

Call: 01485 601700 or email [email protected]

If you have any questions or queries about this Privacy and Data Protection Statement, please contact our Data Protection Officer, John Garrett, using the above address and contact details.

20. Do you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).