Privacy & Security Policy
1.0 Who are we?
Southern Area Hospice Services (SAHS) provide invaluable care and support to patients with life limiting illnesses including Cancer, Multiple Sclerosis, Motor Neurone Disease, HIV and Aids.
The SAHS recognises the importance of protecting personal and confidential information in all that we do, all we direct, or commission, and takes care to meets its legal duties.
Key legislation includes:
- The General Data Protection Regulations (GDPR);
- The Access to Health Records (Northern Ireland) Order 1993 (AHR);
- The Human Rights Act 1998 (HRA);
- Relevant health service legislation; and the
- Common law duty of confidentiality.
2.0 Your information
The SAHS uses personal information for a number of purposes. This privacy policy provides a summary of how we use your information. To ensure that we process your personal data fairly and lawfully we are required to inform you of:
- What personal information we collect
- Why we need your data;
- How it will be used;
- Who it will be shared with; and
- How long it will be kept for.
2.1 How do we collect personal data from you?
We may collect personal information about you when you take part in one of our fundraising events or challenges, make a donation, play our lottery or raffles, buy items in our shops, apply to work or volunteer with us, or use our website. If you are referred to one of our clinical services, we will collect data from you, and may also receive it from other healthcare providers.
What type of information is collected about you?
If you are a patient
If you use our clinical services we will need to collect information such as your name, age, address, gender, and possibly sensitive personal information concerning your health and wellbeing, ethnic origin, and religious denomination. In order to provide complete care we may also collect some information about family members and carers. If you stay on, or visit our premises, such as our Inpatient Unit, we may collect your image on CCTV. It may also be necessary to take still images of you for medical purposes, such as in the case of pressure ulcers.
Fundraising, visiting our shops, and playing our lottery
The personal information we collect about you for the purposes of our fundraising, lottery and retail activities might include your name, address, email, phone number, date of birth, I.P. address, photo or video image and financial information such as credit card details. You may appear in still images or video footage using Closed Circuit Television (CCTV) that is used on some hospice sites for security purposes.
2.2 Staff and Volunteer Privacy Statements
You can read our staff and Volunteer privacy statement here.
2.3 Sharing your information
For direct marketing communications we collect data only with your explicit consent, which you may withdraw at any time. We will enable you to record your preferences using tick boxes at various points when we communicate with you.
On correspondence requesting consent from you, we will ask what types of communication you would like. Please see below further detail on what you would expect to receive for each type of communication:
Appeals and fundraising
- Requests for financial support through mailings such as in memory appeals.
- Updates on new and existing fundraising initiatives.
Lottery and raffles
- Information regarding your hospice lottery.
- Raffle tickets for the hospice raffle.
Hospice events and challenges
- Information on a selection of hospice organised events i.e. Midnight Walk, etc.
- Information on places in challenge events i.e. London Marathon, bespoke walks and bike rides etc.
Volunteering opportunities
- Volunteering information including current vacancies.
Information about our services
- Information about various hospice services, both existing and new developments.
Hospice news and publications
- Newsletter mailings i.e. time magazine and any interim updates from the hospice.
Accessing and updating your information
We care about the accuracy of the information we hold about you. If you believe any information about you is incorrect or out of date, please contact us.
By email dpo@southernareahospiceservices.org
Or in writing to
Data Protection Officer
SAHS
St. Johns House
Courtenay Hill
Newry
BT34 2EB
2.4 Retaining Information
SAHS will retain personal data in accordance with relevant legislation and good practice guidelines.
2.5 Right to be forgotten
Under GDPR, individuals have a right, in some circumstances, to have information held about them deleted. SAHS will facilitate any requests to delete personal information held about an individual who has submitted a request under the above-mentioned legislation. You can do this by emailing us at dpo@southernareahospiceservices.org. and we will delete your personal details from our systems.
3.0 SAHS staff
The information HR hold about staff, in order to perform its function in managing staff includes:
- Name, address, telephone number and email address
- Family details for example next of kin details
- Employment details, for example, salary, HSC service information; sickness absence and other absence information; and
- Details held in personnel files.
For further information, staff should refer to specific privacy statements developed for staff on the SAHS website.
4.0 Security of our information
SAHS is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:
- All SAHS staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;
- Staff are granted access to personal data on a need to know basis only;
- A range of policies and procedures are in place to protect your information on line-these are outlined below.
4.1 How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information.
4.2 Google Analytics cookies
We use Google Analytics to review our website and this lets us see information such as the number of visitors, how long they stay on and what pages they have viewed. Google Analytics does not provide any personally identifiable information about you. In order to run Google Analytics we use a cookie which is a small piece of software that loads in your browser which will log your site visit and the pages visited. Google Analytics will store your IP address and, also records the pages you visit on our website and other information which is not personally identifiable to you. For more information on google analytics https://www.google.co.uk/analytics.
4.3 Shopping Basket Cookies
Our shopping cart uses cookies so that you can add products to the cart. This allows you to browse the rest of the shop and your products will be stored in the basket when you checkout. We also have a cookie to remember your chosen currency and the destination country so that we can calculate the shipping costs. If you prefer not to use cookies then you can switch these off on your browser settings.
4.4 Enquiries & feedback
When you make an enquiry or feedback using the forms on this website, we store this information for a while, so that we can effectively deal with the enquiry or feedback request. When we have dealt with the enquiry or feedback we will then delete the personal details e.g. name, email address, telephone no etc.
As a fail-safe, we have also built in an automatic deletion system that will automatically delete your personal details after 12 months. Unless you have ticked the opt in box so that you can be keep up to date with news and promotions.
4.5 Bookings
When you make a booking using the forms on this website, we store this information so that we can deal with the booking and also deal with any queries after the booking. We store the information for up to 12 months after the date of the booking. As a fail-safe, we have also built in an automatic deletion system that will automatically delete your personal details after 12 months.
4.6 Gift vouchers
When you order a gift voucher using the form on this website, then we store this information so that we can deal with the gift voucher order and also deal with any queries after the order. We store the information for up to 12 months after the date of the order. As a fail-safe, we have also built in an automatic deletion system that will automatically delete your personal details after 12 months.
4.7 Orders
When you place an order through the website, we will keep your personal details for up to 12 months, after the order has been processed. Unless you have registered through the website in which case we will store your details until you instruct us to delete them.
4.8 Registration
You can register with our website and we will store your personal details so that you do not have to re-enter these with every order.
4.9 Payments details
We do not store your payment details on this website or offline. Payments are processed in real-time at the time of the order. Payments are processed via a third party payment provider and we have no access to your card details.
4.10 Security
Data encryption
The website and the data, is stored in a secure data centre, and while all reasonable efforts have been made to maintain a high level of security, a determined hacker can work through even the most sophisticated security systems. We take your data protection very serious, and therefore the data stored on our website is encrypted making this close to impossible to use in the event of a data breach.
4.11 SSL (Secure Socket Layer)
The website has an SSL Certificate installed, which encrypts the data being sent to and from the web server (where the website is stored) and the browser (which you use to view the web pages). When you fill in a form on this website, the data is encrypted so that it cannot be read, making using the website more secure.
5.0 Receiving Information
5.1 How can you get access to your personal information?
GDPR gives you the right to access information that SAHS holds about you. SAR’s (Subject Access Requests) must be made in writing.
You will need to provide:
- Adequate information (for example, full name, address, date of birth) so that your identity can be verified and your information located.
- An indication of what information you are requesting, to enable us to locate this in an efficient manner.
SAHS aims to comply with requests for access to personal data as quickly as possible, and normally within a calendar month of receipt, unless there is a reason for delay that is justifiable under GDPR.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect, then please let us know.
5.2 Complaints about how we process your personal information
If you are dissatisfied with how SAHS is, or has been processing your personal information, you have the right to advise SAHS of this in writing.
You also have the option of making a complaint directly to the Information Commissioners Office (ICO) details below:
The Information Commissioners Office – Northern Ireland
3rd Floor
14 Cromac Place
Belfast
BT7 2JB
Telephone: 028 9027 8757 / 0303 123 1114
Email: ni@ico.org.uk
6.0 Contact Details
Any requests for information, or complaints, should be submitted in writing, contact details are as follows:
Data Protection Officer
SAHS
St. Johns House
Courtenay Hill
Newry
BT34 2EB
email dpo@southernareahospiceservices.org
7.0 Changes to our privacy statement
We keep our privacy statement under regular review and will place any updates on this document on our website.