Privacy and Data Protection Statement

The Norfolk Hospice Tapping House is committed to protecting your privacy. This statement explains how we collect and use the personal information you provide to us whether online or via phone, mobile, email, letter or other correspondence.  

By using our website, any of our services, or providing us with any personal information we will assume you are agreeing to your information being used and disclosed in the ways described in this policy. 

  1. Who we are?

The Norfolk Hospice is committed to providing outstanding care for people in the local community living with life-shortening illnesses and to their carers, family, and friends including bereavement support.

The support provided is tailored to the individual, encompassing their physical, psychological, social and spiritual needs in an understanding, caring and compassionate way, ensuring dignity is maintained throughout.  

Care is delivered at the Hospice’s purpose built facility in Hillington, either in the Inpatient Unit, Day Therapy Unit or via one-to-one sessions at the Hospice. Care is also provided in people’s own homes.

Care is always provided without charge. The current services cost over £2million per year to run; the NHS funds only 35% of this, with the majority coming from the support of local groups, businesses, and individuals.

The Norfolk Hospice is registered as a charity in England and Wales (registered charity number 1062800) and we are also registered as a company limited by guarantee (company number 3185605).  

  1. Data Protection Act

In carrying out our day to day activities we process and store personal information relating to our supporters and we are therefore required to adhere to the requirements of the Data Protection Act 1998/General Data Protection Regulations 2018 (GDPR). We take our responsibilities under these acts very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations. 

See the section below on information about your rights.

  1. What personal information do we collect?

Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address, telephone number, mobile telephone number, fax number, bank account details, credit/debit card details and whether you are a UK tax payer so that we can claim Gift Aid (please rest assured we do not collect information about your actual tax payments, just whether you are a tax payer). We collect personal information about you when you ask about our activities, register with us (for example, registering on a discussion board or for a publication), make a donation to us, volunteer, register for an event, engage with our social media or message boards, play our lottery, order products and services (such as publications and email newsletters), or otherwise give us personal information. 

If you do nothing other than read pages or download information from our website, we may gather information about this use, such as which pages are most visited and which events or activities are of most interest.  This information can be used to help us improve our website and services and ensure we provide you with the best service.  Wherever possible, the information we use for this purpose will be aggregated or anonymised i.e. it will not identify you as an individual visitor to our website.  More information can be found in the section below entitled “Our Website”. 

We do not usually collect “sensitive personal information” about you unless there is a clear reason for doing so, such as participation in an event where we need this information to ensure we provide appropriate facilities for you.  We may collect health information if you tell us about your experiences of the hospice (for example, if you act as a case study for us); however, we will make it clear to you when collecting this information as to what we are collecting, why and how we will use it.  

If you are a patient then the leaflet ‘How we use your Health Records’ will apply as well as this statement.

  1. Credit, Debit card payment information

We do not store your credit or debit card details at all, following the completion of your transaction.  All card details and validation codes are securely destroyed once the payment or donation has been processed.  Only those staff authorised to process payments will be able to see your card details.  If we receive an e-mail containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.  

To process ‘one off’ payments made through our website we use a third party called Stripe Payments Europe Ltd (“Stripe”).  Stripe may use, retain and disclose your personal information and credit card details for this purpose and as set out in their privacy policy, including transferring your data outside of the European Economic Area (EEA).  Where such transfer occurs, Stripe ensures your data is adequately protected under UK data protection law. https://stripe.com/gb/privacy

To process regular payments made through our website we use a third party called GoCardless Limited. GoCardless Limited may use, retain and disclose your personal information and credit card details for this purpose and as set out in their privacy policy, including transferring your data outside of the European Economic Area (EEA).  Where such transfer occurs, GoCardless Limited ensures your data is adequately protected under UK data protection law. https://gocardless.com/legal/privacy/

To process payments made over the phone or via direct mail we use a third party called Worldpay (UK) Limited.  Worldpay (UK) Limited may use, retain and disclose your personal information as set out in their privacy policy, including transferring your data outside of the European Economic Area (EEA).  Where such transfer occurs, Worldpay (UK) Limited ensure your data is adequately protected under UK data protection law. http://www.worldpay.com/uk/privacy-policy

  1. Why do we collect and how do we use your information?

We may collect your personal information for a number of reasons, such as:

  • to provide you with the services, products or information you have requested; 
  • to process any donation(s) we may receive from you;
  • to ask you to help us raise money or donate money to our charity
  • to provide you with information about our work or our activities
  • to send you the items you have ordered through our shop; 
  • to invite you to participate in surveys or research;
  • for administration purposes e.g. we may contact you about a donation you have made or event you have expressed an interest in or registered for; 
  • for internal record keeping, such as the management of feedback or complaints; 
  • to analyse and improve the services we offer; 
  • to provide you with details of any prizes you win in our lottery or raffles;
  • to check on your preferences from time to time to ensure they are up to date
  • where it is required or authorised by law; and
  • assessing your personal information for the purposes of credit risk reduction or fraud prevention (regrettably, some people target charities for illegal purposes such as money laundering and, quite rightly, we are required to monitor financial activity and report suspected fraud to the appropriate authorities).

We may contact you for marketing purposes by mail, e-mail, telephone, mobile telephone, text or social messaging; in some cases, this will require getting your permission. We may also send you service communications via e-mail, text or social posting, for example where you place an order for goods or services on our website, or if you have made a donation by text. 

To comply with our obligations as a charity, we must take reasonable and appropriate steps to know who our donors are, particularly where significant sums are being donated.  This means that we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support whether that is from an individual or organisation.  This will help to give assurance that the donation is not from an inappropriate source and to safeguard our reputation.  This does not mean that we will question every donation, nor that we will research lots of personal and other details about every donor.  Any information we do collect for this purpose will only consist of what is necessary for us to meet these requirements and will be processed in line with your rights. See section 14 below for information about your rights. 

It is your choice on the type of communications and information you receive about our charity and the ways in which you can get involved. You can change your mind at any time by contacting us at The Norfolk Hospice Tapping House, Wheatfields, Hillington, King’s Lynn, Norfolk, PE31 6BH. Email: [email protected] or calling 01485 601700.

We will not use your information for marketing purposes if you have asked us not to. However, we will retain your details on a suppression list to help ensure we do not continue to contact you. 

Your information may be used to ensure that The Norfolk Hospice complies with the Fundraising Regulator’s Code of Fundraising Practice, which stipulates that we must take steps to assess and manage risks to our work and reputation with regard to certain levels of donation. More details can be found at www.fundraisingregulator.org.uk.

We may make use of profiling and screening methods to produce relevant communications and so provide a better experience for our supporters. Profiling can help us target our resources more effectively through gaining an insight into the background of our supporters and helping us to build relationships that are appropriate to their interests and capacity to give.

To do this we may use additional external sources of data to increase and enhance the information we hold about you. This may include obtaining details of changes of address, date of birth, telephone numbers and other contact details, information related to your wealth, and consumption and demographic data generated through the MOSAIC geodemographic tool. It may also include information from public registers and other publicly available sources such as Companies House, newspapers and magazines.

If we were to merge with another charity or restructure, we may share your personal details with other entities involved in the merger/restructure for that purpose.

  1. Information sharing and disclosure

We will not sell or swap your information with any third party.

We may share your information with our data processors. These are trusted partner organisations that work with us in connection with our charitable purposes; and other entities that act as fundraisers for us, sell our products or provide us with information and marketing (subject to your communication preferences and our internal policies and procedures). All our trusted partners are required to comply with data protection laws and our high standards and are only allowed to process your information in strict compliance with our instructions. We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance.

We may disclose your personal information to third parties if we are required to do so through a legal obligation (for example to the police or a government body); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation. 

We do not share your information for any other purposes.

Certain third party organisations collect data on our behalf as well as for their own use. We may receive your personal details from third party organisations for our marketing purposes where you have consented for this information to be shared.

  1. The accuracy of your information

We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible. 

  1. Under 16s

If you are aged 16 or under and would like to participate in an event, make a donation or get involved with us, please make sure that you have your parent/guardian’s permission before giving us your personal information. When we collect information about a child or young person, we will make it clear as to the reasons for collecting this information and how it will be used. 

  1. Vulnerable circumstances policy

We recognise the importance of protecting our vulnerable supporters and follow the guidance issued by the Institute of Fundraising on treating donors fairly. We believe this helps to support our staff and fundraisers who come into contact with supporters in providing high-quality customer care, ensuring anyone donating to the Charity is in a position to make a free and informed decision. Access the Institute of Fundraising’s website - for more guidance.

  1. Storing your information

Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers are located in a country outside the EU. These countries may not have similar data protection laws to the UK however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy. 

We will keep your information for as long as required to enable us to operate our services but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time. 

  1. Our website

Our websites use cookies to help them work well and to track information about how people are using them. More information on cookies can be found below. 

For all areas of our website which collect personal information, we use a secure server. Although we cannot 100 per cent guarantee the security of any information you transmit to us, we enforce strict procedures and security features to protect your information and prevent unauthorised access. 

Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking sites including but not limited to Twitter and Facebook. We may also include content from sites such as these on our website, however, would advise that we do not have any control over the privacy practices of these other sites. You should make sure when you leave our site that you have read and understood that site’s privacy policy in addition to our own.

  1. Cookies

The Norfolk Hospice Tapping House uses “cookies” to help track and monitor the usage of our website. We use Google Analytics for our web analytics. 

With cookies, the information we collect and share is anonymous and does not personally identify you. It does not contain your name, address, telephone number, or email address.

What is a cookie?  A cookie is a small file of letters and numbers that we may put on your computer or mobile device when you access our website.  These cookies allow us to distinguish you from other users of the website helping us to provide you with a good experience when you browse our website and also allow us to improve our site. For example, they will tell us whether you have visited our site before or whether you are a new visitor.

Access the All About Cookies website - to find out more about cookies and how you can disable.

  1. Changes to the policy

This policy replaces all previous versions and is correct as of July 2017. We will regularly review and update this Privacy and Data Protection Statement and will update, modify, add or remove sections at our discretion.  Any changes will be notified to you either via e-mail or through an announcement on our website and your continued use of our website, any of our services and/or the continued provision of personal information after we have posted the changes to these terms will be taken to mean you are in agreement with those changes. 

  1. Your rights

You have the right to:

  • request a copy of the information we hold about you;
  • update or amend the information we hold about you if it is wrong;
  • change your communication preferences at any time;
  • ask us to remove your personal information from our records;
  • object to the processing of your information for marketing purposes; or
  • raise a concern or complaint about the way in which your information is being used.

If you wish to find out more about these rights or obtain a copy of the information we hold about you, please contact us at:

The Norfolk Hospice Tapping House
Wheatfields
Hillington
King’s Lynn
Norfolk
PE31 6BH

Call: 01485 601700 or email [email protected]

  1. Privacy queries

If you have any questions or queries about this Privacy and Data Protection Statement, please contact our Data Protection Officer using the above address and contact details. 

Your medical and personal information

The Norfolk Hospice takes seriously the need for confidentiality and safeguarding of personal information and the vitally important aspect of trust in a professional caring relationship. We also recognise the importance of sharing medical information about people in our care in order to prevent harm caused by not sharing information appropriately with other health and social care professionals. The information you give us may be recorded on both computer and paper records - and with your permission, we share that information with the following - according to each person's individual situation, for the purposes of their direct care:

  • General Practitioners(GPs)
  • Community Nursing and Integrated Care Teams
  • Macmillan Nurses
  • Colleagues at the NHS Hospital
  • Norfolk County Council
  • Mental Health Services
  • Hospice Volunteers(information given to volunteers is on a strict 'need to know basis' - to ensure your safety and theirs)

All members of staff employed by these bodies are bound by legislation and by the common law duty of confidentiality which means that information that you provide to us must be held in confidence and not shared with anyone else unless:

  • They are legally obliged to disclose the information to another organisation or person
  • You provide consent to share the information with anyone else
  • Protocols are in place permitting partners to share information about you to support any intervention or service you provide

You should tell us if you would prefer us not to share your information.

Your medical information may also be used to support clinical audit, education or other work aimed to monitor the quality of care provided. However, all personal identifiers are removed to ensure confidentially and anonymity. We also keep the contact details of bereaved family members so that we can send a card when someone has died - and so we can invite these to memorial or other events in the future. Tell us if you would like to opt out of this further support and contact.

We are happy to give you copies of all written communications to GPs or others. Please tell us if you would like this. Your personal data will be held in secure conditions for eight years. Under the Data Protection Act (1998) you have the right to request a copy of your information. Speak to a member of staff if you would like to do this.

The Norfolk Hospice is committed to data protection and we have safeguards in place to ensure your information is properly looked after in line with current legislation, NHS codes of practice and professional codes of conduct.

If you have any concerns regarding the use of your medical or personal information or for any further information please speak to a member of the clinical team.

This page was last updated on 28th July 2017