1. Who we are?

We’re Severn Hospice, a charity that provides care and support to people in Shropshire, Telford and Mid Wales who are living with an incurable illness.

In this policy references to ‘Severn Hospice’ or to ‘we’, ‘our’ or ‘us’ are to Severn Hospice a registered charity (no. 512394) and a company limited by guarantee (company no. 1608025). Severn Hospice’s registered office is Bicton Heath, Shrewsbury, SY3 8HS. These references also include our charitable trading companies Severn Promotions Company Limited (registered company number 2973920) and Hospice Projects Limited (registered company number 2229635) –wholly owned subsidiaries of Severn Hospice which trade only to raise funds for their parent company, Severn Hospice.


2. How we collect information

We collect your information in a number of ways depending on how you interact with our services.

If you are a patient:

When you are referred to one of our services, we ensure that we are provided with enough relevant information to allow us to provide you with the care you need.

The person or organisation who refers you to us will ensure that the appropriate information is provided.

We may supplement this information with additional clinical information about you from any relevant previous hospital visits, directly from your GP or from national NHS systems, where appropriate.

As part of your ongoing care, we collect and add information to the patient record we create for you. This will either be by paper-based form completed by you or staff members or information given verbally to one of our staff members which is then added onto your patient record.

If you work or volunteer with us:

You may give us information via a website/intranet or paper-based form when applying for a role at Severn Hospice, when completing recruitment or volunteer paperwork and checks and as part of your on-going employment or volunteer role with us.

We may ask for references.

We receive information from HMRC about tax codes, national insurance and tax payments.

We also receive information from UK Government in relation to DBS checks.

If you are a supporter:

We might collect your information via our website, a paper-based form, in person or over the phone.

We might also get your information from funding websites like JustGiving if you are using these portals to fundraise for us, or have sponsored someone who is fundraising for us.

Additionally, we work closely with suppliers and partners (including, for example, sub-contractors in technical, print, payment and delivery services and professional fundraising agencies who may send out letters of appeal or who may make fundraising asks on our behalf) and may receive information about you from them.

On some occasions, we may also obtain your personal information from publicly available sources, such as:

The Post Office’s National Change of Address database) to make sure we keep your information up to date

Companies House and Land Registry records and/or sources to make use of demographics and indicators of wealth (see further information below).

We might collect your personal information from a third party service provider to help us to carry out research in order to identify potential new donors (again, we have included further information about this below).

We may ask if you are comfortable to have your photograph or video taken at events held by Severn Hospice, we use this footage or imagery to promote and explain hospice care and to gain further supporters in newspaper articles and supplements, magazines, and other media such as websites, information leaflets, newspaper, presentations, and social media. You are under no obligation to be filmed, or to share your images, if you would like to opt-out please let us know.


3. What information we collect

Severn Hospice is what’s known as the ‘controller’ of the personal information you provide to us. We will usually collect basic personal data about you such as:


Postal address

Telephone number

Email address

If you are a patient, we will also collect more sensitive information such as:

Date of birth/Age


Medical conditions

Emergency contact details of a friend/relative

Details of clinical interventions

Summaries of social work support provided

Medical histories

National Insurance number

If you work or volunteer with us, we need to collect:

Bank details

Date of birth/Age

Diversity Monitoring

Medical information (where necessary)

Emergency contact details of a friend/relative

Previous employment details

Additionally, if you are a Transport volunteer we may collect, as appropriate to your role and with your agreement:

Driving license details

MOT details

Insurance details

National Insurance number

If you are interacting with the hospice as a supporter, we collect your personal information in connection with specific activities, this includes giving us donations, taking part in one of our events and signing up as a gift aider when donating goods to one of our charity shops, then we will collect


Postal address

Telephone number

Email address

Sometimes, for example if you are taking part in an event, we may hold additional details such as:

Date of birth/Age


Medical conditions

Emergency contact details of a friend/relative

We will only collect this ‘sensitive personal data’ if there is a clear reason for doing so, such as participation in a strenuous event, where we need this information to ensure we provide appropriate facilities and can give support in case of emergency.

If you use our website, we may process your IP address as well as certain information regarding the device you are using, e.g., is it a desktop or mobile device and which browser you are using.

If you visit one of Severn Hospice’s buildings your image may be captured by our CCTV systems, this is to provision a safe and secure environment for the benefit of those who work at and visit us, and for the protection of our property.

While our telephone system has the technical capabilities to record calls, Severn Hospice does not record any telephone conversations; the functionality is turned off by default for every telephone across the whole organisation. If this changes in anyway we will update this privacy policy accordingly.


 4. How we use the information we collect

All the information you give us is used to make sure we have your details accurate and up to date. We use the basic information you give us to remember who you are so that you don’t have to keep repeating yourself every time you interact with us.

Depending on your relationship with us, we use your information for different purposes and in slightly different ways.

As a patient we use your information:

To provide the best possible care to you.

For legal reasons, for example: National healthcare records, activity figures

To contact your next of kin in case of emergency.

To keep your information up to date and accurate.

As a relative of a patient that we have cared for we use your information:

To allow you to engage with our various support and bereavement services.

To invite you to attend memorial services in memory of loved ones.

As a staff member or volunteer we use your information:

For administration purposes (to manage and fulfil your contract with Severn Hospice).

For holding records that we are legally required to keep, for example National Insurance, Gender Pay Gap reporting or HMRC requirements

To contact your next of kin in case of emergency.

To ask for support at events or with other fundraising activities

To keep your information up to date and accurate.

To demonstrate compliance with government mandates

As a supporter of the hospice, we may use information held about you in the following ways:

To take a payment from you (for example, if you have purchased an item from us online, if you have booked a place on one of our events, if you have made a donation using your debit/credit card, if you have signed up to our lottery)

To claim Gift Aid from the government if you have signed up to the scheme with us

To code and record transactions against your supporter record on our databases so that we can keep a record of the financial support you have given us (e.g. dates and values of donations).

To keep a note of your preferences on what and how you want to engage with us. This includes keeping a record of all those supporters who have notified us they do not want any contact from us.

To analyse the personal information, we collect to create a profile of your interests and preferences so we can better understand our supporters and make appropriate requests to our supporters who may be able and willing to give more than they already do.

To carry out research to find out more information about our supporters’ and prospective supporters’ backgrounds and interests, and to understand how you engage with us through our website to enable us to improve user experience.

For administration purposes (for example, we may contact you to provide a receipt for a donation you have made, to send out materials for an event you have registered for, to process an order you have placed, to chase sponsorship payment, or notify you of details relating to your lottery subscription including sending out prizes).

If you have registered for our Retail Gift Aid scheme, we are legally required to email or write to you if we make a claim.

To contact your next of kin in case of emergency if you are taking part in a Severn Hospice event

To raise funds (for example we may send you information about how you can support us, for example, by purchasing raffle tickets, donating to an appeal or volunteering with us) or upgrade your support for Severn Hospice (for example, by changing payment method or donation amount).

To provide you with information about our work and activities, and to keep you up to date with how your support is helping our patients and those closest to them.


5. What are our lawful basis for collecting information?

We will only use personal information when the law allows us to (i.e., where we have a ‘lawful basis’). Most commonly, we will use your personal information in the following circumstances:

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we have a legitimate interest in providing our services and raising funds;

Where it is necessary for the performance of a contract with you;

Where it is necessary to comply with a legal obligation on us (for example, reporting to HM Revenue and Customs, Companies House or the Charity Commission).

In some circumstances, we may ask for your consent to use your personal information for a specific purpose. In particular, we may obtain your consent before we send you any email marketing, or -potentially – in order to process your special category data (see below).

You may unsubscribe from our email communications by following the instructions in any email that we send you, or you can withdraw your consent and request us to remove your personal information at any time by emailing us at information@severnhospice.co.uk.

In some cases, and as noted above, we may need to process special category data, which is particularly sensitive data (e.g. data relating to health and/or ethnicity). We may rely on the following conditions in order to process this data;

We process health information of patients for the purposes of palliative, preventive or occupational health care and as part of the provision of our health services;

We process health information of employees to the extent necessary to comply with our obligations under employment law;

In limited circumstances (i.e. in an emergency) we may process your special category data where necessary to protect your vital interests;

We process information relating to race and religion as part of our diversity monitoring practices, and to keep under review equality of opportunity within our organisation.

We do not carry out any automated decision-making using personal information which produces legal effects or otherwise significantly affects individuals.


 6. Will you be contacted for marketing purposes?

No information given to our medical services, of you or your family members, will be processed in order to send you marketing materials.

Relatives of patients cared for by Severn Hospice will be invited to free of charge memorial services to celebrate their loved ones. Unless they have previously requested not to be contacted for this reason.

Please note, if you also interact with the Hospice as a supporter, you may receive marketing information via that channel.

Keeping in touch with our supporters is really important to us because it means, together, we can help more local people with incurable illnesses. Occasionally we like to keep our supporters posted with our news, appeals and ways they can support our work.

Sometimes, with your explicit consent, we will contact you using your email address to provide you with information about our work and/or ways you can support us.

Where you have provided your postal address, we may send you information about our work and/or ways you can support us by post unless you have told us that you do not wish to receive such information in this way.

We will only contact you for marketing purposes by telephone if you have not opted out from receiving such communications. We screen against the Telephone Preference Service (sometimes known as TPS) and if you are listed, we will not contact you in this way.

We rely on the legitimate interest legal basis for some of our processing for marketing purposes. This applies to the following:

Where you are an existing supporter and we are contacting you by post and/or telephone about our news, appeals and other ways you can support our work.

We consider that we have a legitimate interest in continuing to contact you by post and/or telephone once you have provided your details and there is no overriding prejudice to you or your rights by our use of the data in this way and for these purposes subject always to our carrying out appropriate checks with the relevant preference services.


7. Do you profile my data for marketing and fundraising purposes?

We may carry out research and profiling to see if we can find new supporters who want to support and build a relationship with us. We also undertake research on existing supporters to see who may be well placed to provide additional financial or other support.

We may carry out research to create a profile of your interests, preferences and ability to donate. At Severn Hospice, our work is only made possible thanks to the generosity of our supporters, so it’s vital that our fundraising efforts are as effective as they can be. By developing a better understanding of our supporters through researching them, including using publicly available sources, we can tailor and target our fundraising events and communications to those most likely to be interested in them. This enables us to make appropriate requests to those who may be willing and able to make a donation to us, donate more than they already do, or leave a gift in their will, and allows us to be more efficient and cost-effective with our resources and in the way that we raise funds. It also helps to ensure communications are relevant and timely, and reduces the risk of someone receiving information that they might find irrelevant, intrusive, or even distressing, so that we can provide an improved experience for our supporters.

Our Fundraising Team uses information that is already in the public domain (information that has been published in print or online) to identify high net worth individuals who may be interested in supporting our work with a major gift. This might also include estimating their gift capacity, based on their job or assets, history of charitable giving and how connected they are to Severn Hospice.

The publicly available sources of information we use may include Companies House, the electoral register, the phone book, the Charity Commission’s Register of Charities, Who’s Who, LinkedIn, company annual reports, and articles in newspapers and magazines. We do not use publicly available sources which we consider would be intrusive for this purpose, such as Facebook, X, JustGiving, genealogy websites, photograph sharing sites, or websites that are like these.

We also carry out research to identify existing supporters who may be able to join our major donor programme. This is based both on publicly available information, and information our supporters have given us (e.g. where a person lives, who they bank with, what their occupation is and their age).

We may from time to time engage a specialist third party prospect research company or consultant to assist us with our research. We always ensure that we have the appropriate contracts and processes in place with third parties in order to protect people’s personal data.

In order to process your personal information in this way, we rely on the lawful basis that doing so is in our legitimate interests and that these interests are not overridden by your rights and freedoms. In particular, we have a legitimate interest in being able to identify potential donors and to raise funds in order to support and further its services.

We’re committed to putting you in control of your data and you have the right to opt out from us using your data for this activity at any time by contacting us at information@severnhospice.co.uk.

We are also legally required to carry out checks on individuals who give us large donations, to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud.


8. Sharing your information

We will treat your information with the utmost care and will never sell or rent your personal information to other organisations.

As a patient we will only share your information where it is appropriate and necessary to provide you with, or further your existing patient care.

As a member of staff we are legally obliged to share certain pieces of information, for example to allow us to perform DBS checks or when sending payroll information to HMRC.

As a supporter we may share your information with selected third parties such as suppliers including professional fundraisers, printers and mailing houses and sub-contractors for the performance of any contract we enter into with them or you. We require such suppliers and any third party that processes data on our behalf to sign a legally binding contract that requires them to hold in the strictest confidence any and all Severn Hospice information they deal with and confirms their compliance with data protection regulations.

Images captured from our CCTV Systems will only be shared with police forces, in relation to the investigation of a crime, or where a legitimate subject access request has been received.

Regardless of our relationship with you, we may also share your personal information in the following circumstances:

With contractors, suppliers, or other third parties that provide services on our behalf (including website host providers and any organisations we use to help us to conduct research on potential donors);

As part of a sale, merger or acquisition, or other transfer of all or part of our assets;

Pursuant to a subpoena, court order, or other legal process or as otherwise required or requested by law, regulation, or government authority programs, or to protect our rights or the rights or safety of third parties;

With our professional advisors, lawyers, accountants and auditors; or

With your consent or as otherwise disclosed at the time of data collection or sharing.


9. How we keep your data safe and who has access to it

At Severn Hospice we are committed to respecting and protecting your privacy, any information you provide to us is stored securely with strict procedures, technical and physical security features in place to try to prevent unauthorised access.

All staff receive regular data security training and all contracts, including staff, volunteers, suppliers and software venders, have data security clauses contained within them.

All our security is regularly tested and audited, however no service can be completely secure, if you have any concerns or questions about our security then please do not get in touch

If you have questions about our security, please email security@severnhospice.org.uk or call 01743 236565

While we seek to use appropriate organisational, technical and administrative measures to protect personal information within our organisation, unfortunately no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the details set out at the bottom of this Policy.


10. How long do we keep your information for?

We are committed to maintaining the security and privacy of your medical records in compliance with all applicable laws and NHS and Social Care regulations.

We keep your personal information for as long as is necessary and in accordance with all legal information, taxation and accounting rules and regulations.

Please see the table below to see how long we will keep your personal information for:

Category of personal information we hold


Employee records, covering contracts, references, all data collected.

6 years after the end of your employment

Volunteer records, covering contracts, references, all data collected.

1 year after your last contact with us.

Medical records

Our medical database allows access to the relevant staff to your medical records for a specific period as required by your care and regulations. But we do not delete them. Instead, we employ stringent security measures to make them inaccessible, once the retention period has elapsed.

If someone attempts to access a patient’s record after the patient is discharged from our care, an internal alert will be activated, prompting a review. If the access attempt occurs 4 weeks after discharge, a privacy warning will be triggered instead. In this case, the user will need to provide a valid reason for accessing the record before they can proceed further.

Supporter records with financial or legacy information attached i.e., donations, gift aid, lottery members, event participants, sponsorship, purchases etc.

7 years

Supporter records with no financial or legacy information attached.

3 years

Sensitive information captured for event participants i.e., medical conditions, emergency contact and next of kin details.

3 months

Organisation’s including community groups, businesses, trusts etc. where we have a named contact who uses their personal contact details as a c/o for the organisation. 

Until we are informed of a change

11. What are my rights?

You are in control of your personal information. You have the right to:

request a copy of your information that we hold about you

ask us to correct any information that is wrong

have your information deleted or to request that we only use it for certain purposes (i.e. to restrict our processing), in some circumstances

object to our processing of your personal information in some circumstances

in certain circumstances, ask us to port personal information about you that you have provided to us to you or to a third party; and

change your mind and ask us to stop using your information where we rely on your consent. For example, unsubscribing from any marketing emails

Please bear in mind, sometimes we might not be able to help, for example if exemptions apply to us. Further, there are some things that we cannot delete even if you ask us to, as we have to keep them for legal reasons. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can always complain to the Information Commissioner’s Office (ICO).


12. National Data Opt-Out (only applies to patients)

 At Severn Hospice we are compliant with the national data opt out. This is where you can stop your confidential patient information being used for research and planning. To find out how to make your choice please go to the following website – https://www.nhs.uk/your-nhs-data-matters/

If you’re happy with your confidential patient information being used for research and planning, you do not need to do anything.

Any choice you make will not impact your individual care.


13. How to contact us

If you would like to talk through anything in our privacy policy or find out more about your rights under data privacy laws, please contact us using the details below:

Email                      information@severnhospice.org.uk 

Write to us            Please address your envelope to: FAO Information Governance, Severn Hospice, Bicton Heath, Shrewsbury, SY3 8HS

Please include your name, address, and if applicable any reference number given on all correspondence and a contact telephone number so that we can get back in touch with you easily.

Telephone            01743 236565

Please ask to speak to the a member of the information governance team, our phone lines are open Monday to Thursday from 9am to 5pm, Friday 9am to 4pm. Outside of these hours if you leave a message and a contact number and someone will return your call on the next working day

Or if you would like to obtain a copy of the information we hold about you, please us this online form.

If you want to complain about how we have handled your personal data, please contact us directly in the first instance, you can do this using the online form here. We work very hard to ensure all data security practices are efficient and effective as possible and want to know if anything has not met this high standard. However, if you are still not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain directly to the Information Commissioner’s Office (ICO).

Please ask to speak to our data protection officer, Ben Graham, our phone lines are open Monday to Thursday from 9am to 5pm, Friday 9am to 4pm. Outside of these hours if you leave a message and a contact number and someone will return your call on the next working day

Or if you would like to obtain a copy of the information we hold about you, please us this online form.

If you want to complain about how we have handled your personal data, please contact us directly in the first instance, you can do this using the online form here. We work very hard to ensure all data security practices are efficient and effective as possible and want to know if anything has not met this high standard. However, if you are still not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain directly to the Information Commissioner’s Office (ICO)


Print page