-
Who we are?
We’re Severn Hospice, a charity that provides care and support to people in Shropshire, Telford and Mid Wales who are living with an incurable illness.
In this policy references to ‘Severn Hospice’ or to ‘we’, ‘our’ or ‘us’ are to Severn Hospice a registered charity (no. 512394) and a company limited by guarantee (company no. 1608025). Severn Hospice’s registered office is Bicton Heath, Shrewsbury, SY3 8HS. These references also include our charitable trading companies Severn Promotions Company Limited (registered company number 2973920) and Hospice Projects Limited (registered company number 2229635) –wholly owned subsidiaries of Severn Hospice which trade only to raise funds for their parent company, Severn Hospice.
-
How we collect information
We collect your information in a number of ways depending on how you interact with our services.
If you are a patient:
When you are referred to one of our services, we ensure that we are provided with enough relevent information to allow us to provide you with the care you need.
The person or organisation who refers you to us will ensure that the appropriate information is provided.
We may supplement this information with additional clinical information about you from any relevant previous hospital visits, directly from your GP or from national NHS systems, where appropriate.
As part of your ongoing care, we collect and add information to the patient record we create for you. This will either be by paper-based form completed by you or staff members or information given verbally to one of our staff members which is then added onto your patient record.
If you work or volunteer with us:
You may give us information via a website/intranet or paper-based form when applying for a role at Severn Hospice, when completing recruitment or volunteer paperwork and checks and as part of your on-going employment or volunteer role with us.
We may ask for references.
We receive information from HMRC about tax codes, national insurance and tax payments.
We also receive information from UK Government in relation to DBS checks.
If you are a supporter:
We might collect your information via our website, a paper-based form, in person or over the phone.
We might also get your information from funding websites like JustGiving if you are using these portals to fundraise for us, or have sponsored someone who is fundraising for us.
Additionally, we work closely with suppliers and partners (including, for example, sub-contractors in technical, print, payment and delivery services and professional fundraising agencies who may send out letters of appeal or who may make fundraising asks on our behalf) and may receive information about you from them.
And lastly, we do sometimes use publicly available sources (e.g. the Post Office’s National Change of Address database) just to make sure we keep your information up to date.
-
What information we collect
Severn Hospice is what’s known as the ‘controller’ of the personal information you provide to us. We will usually collect basic personal data about you such as:
Name
Postal address
Telephone number
Email address
If you are a patient, we will also collect more sensitive information such as:
Date of birth/Age
Gender
Medical conditions
Emergency contact details of a friend/relative
Details of clinical interventions
Summaries of social work support provided
Medical histories
National Insurance number
If you work or volunteer with us, we need to collect:
Bank details
Date of birth/Age
Diversity Monitoring
Medical information (where necessary)
Emergency contact details of a friend/relative
Previous employment details
Additionally, if you are a Transport volunteer we may collect, as appropriate to your role and with your agreement:
Driving license details
MOT details
Insurance details
National Insurance number
If you are interacting with the hospice as a supporter, we collect your personal information in connection with specific activities, this includes giving us donations, taking part in one of our events and signing up as a gift aider when donating goods to one of our charity shops, then we will collect
Name
Postal address
Telephone number
Email address
Sometimes, for example if you are taking part in an event, we may hold additional details such as:
Date of birth/Age
Gender
Medical conditions
Emergency contact details of a friend/relative
We will only collect this ‘sensitive personal data’ if there is a clear reason for doing so, such as participation in a strenuous event, where we need this information to ensure we provide appropriate facilities and can give support in case of emergency.
If you use our website, we may process your IP address as well as certain information regarding the device you are using, e.g., is it a desktop or mobile device and which browser you are using.
If you visit one of Severn Hospice’s buildings your image may be captured by our CCTV systems, this is to provision a safe and secure environment for the benefit of those who work at and visit us, and for the protection of our property.
-
How we use the information we collect
All the information you give us is used to make sure we have your details accurate and up to date. We use the basic information you give us to remember who you are so that you don’t have to keep repeating yourself every time you interact with us.
Depending on your relationship with us, we use your information for different purposes and in slightly different ways.
As a patient we use your information:
To provide the best possible care to you.
For legal reasons, for example: National healthcare records, activity figures
To contact your next of kin in case of emergency.
To keep your information up to date and accurate.
As a relative of a patient that we have cared for we use your information:
To allow you to engage with our various support and bereavement services.
To invite you to attend memorial services in memory of loved ones.
As a staff member or volunteer we use your information:
For administration purposes (to manage and fulfil your contract with Severn Hospice).
For holding records that we are legally required to keep, for example National Insurance, Gender Pay Gap reporting or HMRC requirements
To contact your next of kin in case of emergency.
To ask for support at events or with other fundraising activities
To keep your information up to date and accurate.
To demonstrate compliance with government mandates
As a supporter of the hospice, we may use information held about you in the following ways:
To take a payment from you (for example, if you have purchased an item from us online, if you have booked a place on one of our events, if you have made a donation using your debit/credit card, if you have signed up to our lottery)
To claim Gift Aid from the government if you have signed up to the scheme with us
To code and record transactions against your supporter record on our databases so that we can keep a record of the financial support you have given us (e.g. dates and values of donations).
To keep a note of your preferences on what and how you want to engage with us. This includes keeping a record of all those supporters who have notified us they do not want any contact from us.
To analyse the personal information, we collect to create a profile of your interests and preferences so we can better understand our supporters and make appropriate requests to our supporters who may be able and willing to give more than they already do.
For administration purposes (for example, we may contact you to provide a receipt for a donation you have made, to send out materials for an event you have registered for, to process an order you have placed, to chase sponsorship payment, or notify you of details relating to your lottery subscription including sending out prizes).
If you have registered for our Retail Gift Aid scheme, we are legally required to email or write to you if we make a claim.
To contact your next of kin in case of emergency if you are taking part in a Severn Hospice event
To raise funds (for example we may send you information about how you can support us, for example, by purchasing raffle tickets, donating to an appeal or volunteering with us) or upgrade your support for Severn Hospice (for example, by changing payment method or donation amount).
To provide you with information about our work and activities, and to keep you up to date with how your support is helping our patients and those closest to them.
-
Will you be contacted for marketing purposes?
No information given to our medical services, of you or your family members, will be processed in order to send you marketing materials.
Relatives of patients cared for by Severn Hospice will be invited to free of charge memorial services to celebrate their loved ones. Unless they have previously requested not to be contacted for this reason.
Please note, if you also interact with the Hospice as a supporter, you may receive marketing information via that channel.
Keeping in touch with our supporters is really important to us because it means, together, we can help more local people with incurable illnesses. Occasionally we like to keep our supporters posted with our news, appeals and ways they can support our work.
Sometimes, with your explicit consent, we will contact you using your email address to provide you with information about our work and/or ways you can support us.
Where you have provided your postal address, we may send you information about our work and/or ways you can support us by post unless you have told us that you do not wish to receive such information in this way.
We will only contact you for marketing purposes by telephone if you have not opted out from receiving such communications. We screen against the Telephone Preference Service (sometimes known as TPS) and if you are listed, we will not contact you in this way.
We rely on the legitimate interest legal basis for some of our processing for marketing purposes. This applies to the following:
Where you are an existing supporter and we are contacting you by post and/or telephone about our news, appeals and other ways you can support our work.
We consider that we have a legitimate interest in continuing to contact you by post and/or telephone once you have provided your details and there is no overriding prejudice to you or your rights by our use of the data in this way and for these purposes subject always to our carrying out appropriate checks with the relevant preference services.
-
Sharing your information
We will treat your information with the utmost care and will never sell or rent your personal information to other organisations.
As a patient we will only share your information where it is appropriate and necessary to provide you with, or further your existing patient care.
As a member of staff we are legally obliged to share certain pieces of infromation, for example to allow us to perform DBS checks or when sending payroll information to HMRC.
As a supporter we may share your information with selected third parties such as suppliers including professional fundraisers, printers and mailing houses and sub-contractors for the performance of any contract we enter into with them or you. We require such suppliers and any third party that processes data on our behalf to sign a legally binding contract that requires them to hold in the strictest confidence any and all Severn Hospice information they deal with and confirms their compliance with data protection regulations.
Images captured from our CCTV Systems will only be shared with police forces, in relation to the investigation of a crime, or where a legitimate subject access request has been received.
-
How we keep your data safe and who has access to it
At Severn Hospice we are committed to respecting and protecting your privacy, any information you provide to us is stored securely with strict procedures, technical and physical security features in place to try to prevent unauthorised access.
All staff receive regular data security training and all contracts, including staff, volunteers, suppliers and software venders, have data security clauses contained within them.
All our security is regularly tested and audited, however no service can be completely secure, if you have any concerns or questions about our security then please do not get in touch
If you have questions about our security, please email security@severnhospice.org.uk or call 01743 236565
-
How long do we keep your information for?
We are committed to maintaining the security and privacy of your medical records in compliance with all applicable laws and NHS and Social Care regulations.
We keep your personal information for as long as is necessary and in accordance with all legal information, taxation and accounting rules and regulations.
Please see the table below to see how long we will keep your personal information for:
Category of personal information we hold |
Retention criteria |
Employee records, covering contracts, references, all data collected. |
This will be disposed of 6 years after the end of your employment |
Volunteer records, covering contracts, references, all data collected. |
1 year after your last contact with us. |
Medical records |
Our medical database allows access to the relevant staff to your medical records for a specific period as required by your care and data protection regulations. We use an integrated patient records system at Severn Hospice, as such we employ stringent security measures to make them inaccessible, once the retention period has elapsed.If a record is accessed when the patient has been discharged for less that 4 weeks from a Hospice service an internal alert is triggered prompting a review.If a record is accessed after 4 weeks of the discharge, a privacy warning is triggered, which is again prompts a review, however the user accessing the record must then enter an acceptable and auditable reason for accessing the record before they are able to continue. |
Supporter records with financial or legacy information attached i.e., donations, gift aid, lottery members, event participants, sponsorship, purchases etc. We will keep your record for up to 7 years after your last contact/interaction with us. |
7 years |
Supporter records with no financial or legacy information attached. We will keep your record for up to 3 years since your last contact/interaction with us. |
3 years |
Sensitive information captured for event participants i.e., medical conditions, emergency contact and next of kin details. We will keep sensitive information for up to 3 months after it is used for the purpose for which it was collected. |
3 months |
Organisation’s including community groups, businesses, trusts etc. where we have a named contact who uses their personal contact details as a c/o for the organisation. We will keep the data until we are notified the individual is no longer the point of contact for the organisation. Once we are notified, we will delete the person’s data. |
Until we are informed of a change |
-
What are my rights?
You are in control of your personal information. You have the right to:
Request a copy of your information that we hold about you
Ask us to correct any information that is wrong
Have your information deleted or to request that we only use it for certain purposes
Change your mind and ask us to stop using your information. For example, unsubscribing from any marketing emails
Please bear in mind, sometimes we might not be able to help. There are some things that we cannot delete as we have to keep them for legal reasons. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can always complain to the Information Commissioner’s Office (ICO).
-
National Data Opt-Out (only applies to patients)
At Severn Hospice we are compliant with the national data opt out. This is where you can stop your confidential patient information being used for research and planning. To find out how to make your choice please go to the following website – https://www.nhs.uk/your-nhs-data-matters/
If you’re happy with your confidential patient information being used for research and planning, you do not need to do anything.
Any choice you make will not impact your individual care.
-
How to contact us
If you would like to talk through anything in our privacy policy or find out more about your rights under data privacy laws, please contact us using the details below:
Email:
Write to us:
Please address your envelope to: FAO Information Governance, Severn Hospice, Bicton Heath, Shrewsbury, SY3 8HS
Please include your name, address, and if applicable any reference number given on all correspondence and a contact telephone number so that we can get back in touch with you easily.
Telephone:
01743 236565
Please ask to speak to our data protection officer, Ben Graham, our phone lines are open Monday to Thursday from 9am to 5pm, Friday 9am to 4pm. Outside of these hours if you leave a message and a contact number and someone will return your call on the next working day
Or if you would like to obtain a copy of the information we hold about you, please us this online form.
If you want to complain about how we have handled your personal data, please contact us directly in the first instance, you can do this using the online form here. We work very hard to ensure all data security practices are efficient and effective as possible and want to know if anything has not met this high standard. However, if you are still not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain directly to the Information Commissioner’s Office (ICO)
