Privacy & Security Policy
1. Who are we?
Southern Area Hospice Services (SAHS) provide invaluable care and support to patients with life limiting illnesses including Cancer, Multiple Sclerosis, Motor Neuron Disease, HIV and Aids.
The SAHS recognises the importance of protecting personal and confidential information in all that we do, all we direct, or commission, and takes care to meet its legal duties.
Key legislation includes:
The General Data Protection Regulations (UKGDPR);
The Access to Health Records (Northern Ireland) Order 1993 (AHR); The Human Rights Act 1998 (HRA);
Relevant health service legislation;
Common law duty of confidentiality
Fundraising Regulator
Privacy & electronic Communication Regulation (PECR)
2. Your information
The SAHS uses personal information for a number of purposes. This privacy policy provides a summary of how we use your information. To ensure that we process your personal data fairly and lawfully we are required to inform you of:
What personal information we collect
Why we need your data; How it will be used;
Who it will be shared with; and
How long it will be kept for.
3. How do we collect personal data from you?
We may collect personal information about you when you take part in one of our fundraising events or challenges, make a donation, play our lottery or raffles, apply to work, or volunteer with us, or use our website.
If you are referred to one of our clinical services, we will collect data from you, and may also receive it from other healthcare providers.
What type of information is collected about you?
If you are a patient
If you use our clinical services, we will need to collect information such as your name, age, address, gender, and possibly sensitive personal information concerning your health and wellbeing, ethnic origin, and religious denomination. In order to provide complete care we may also collect some information about family members and carers. If you stay on, or visit our premises, such as our Inpatient Unit or Community Hubs, we may collect your image on CCTV. It may also be necessary to take still images of you for medical purposes, such as in the case of pressure ulcers.
Fundraising and playing our lottery
The personal information we collect about you for the purposes of our fundraising, lottery and retail activities might include your name, address, email, phone number, date of birth, I.P. address, photo or video image and financial information such as credit card details. You may appear in still images or video footage using Closed Circuit Television (CCTV) that is used on some hospice sites for security purposes
Staff and volunteer privacy statements
You can read our staff and volunteer privacy statement here.
4. Sharing your information
For direct marketing communications we collect data only with your explicit consent, which you may withdraw at any time. . We do not share or buy any information with any third parties.
When sending communications via email, text or telephone we will follow PECR – Privacy and Electronic Communications regulations and UKGDPR – United Kingdom General Data Protection Regulation guidelines in which we will receive your consent and preferences by using a tick box consent form. You can change or withdraw your consent at any time (see section Accessing and updating your information). This form is used on our website when you make a donation or buy from our e-shop, when registering for one of our organised events i.e., midnight walk, marathons, light up a life and when joining our lottery.
When sending out postal communication following GDPR guidelines under “Legitimate Interest” we will always include “opt-out” details by way of the telephone number in which to use if you do not want to receive this type of communication. We only rely on legitimate interest where we consider that any potential impact on you (positive or negative), how intrusive it is from a privacy perspective and your rights under UKGDPR laws do not override our interests in us using your information in this way.
Please see below further detail of what you would expect to receive from each type of communication. (Please note you will not receive communications on all these only what is of interest to you based on your relationship with us and events that you support).
Appeals and fundraising
• Requests for financial support through mailings such as in memory appeals.
• Updates on new and existing fundraising initiatives.
Lottery and raffles
• Information regarding your hospice lottery.
• Raffle tickets for the hospice raffle.
Hospice events and challenges
• Information on a selection of hospice organised events i.e. Midnight Walk, etc.
• Information on places in challenge events i.e. London Marathon, bespoke walks and bike rides etc.
Volunteering opportunities
• Volunteering information including current vacancies.
Information about our services
• Information about various hospice services, both existing and new developments.
Hospice news and publications
• Newsletter mailings i.e. interim updates from the hospice (3 per year).
5. Accessing and updating your information
We care about the accuracy of the information we hold about you. If you believe any
information about you is incorrect or out of date, please contact us.
By email: dpo@southernareahospiceservices.org
Or in writing to
Data Protection Officer
SAHS
St. Johns House
Courtenay Hill
Newry
BT34 2EB
Or by telephoning 028 302 67711
6. Retaining Information
SAHS will keep your personal information for no longer than is necessary to fulfil the purposes for which it was collected, taking into account the requirements from the following criteria:
1. Any laws, or regulations that we are required to follow
2. The type of information we hold about you
3. If you are still signed up with us via regular giving/events/lottery, volunteering.
4. Retention in case of queries; we will retain for a reasonable period of time in case we receive a query from you
5. Retention in case of claims; in some instances we will retain your information for the period in which you might legally bring claims against us (in UK this means we will retain it for six years)
Right to be forgotten
Under UKGDPR, individuals have a right, in some circumstances, to have information held about them deleted. SAHS will facilitate any requests to delete personal information held about an individual who has submitted a request under the above-mentioned legislation. You can do this by emailing us at dpo@southernareahospiceservices.org. and we will delete your personal details from our systems if applicable to do so under current regulation.
SAHS staff
The information HR hold about employees, in order to perform its function in managing staff includes:
Employee details held in personnel files and on our HR system which includes personal details such as full name, contact details, next of kin and all details relating to employment with SAHS. These include Right to Work, salary, benefits, monitoring, sickness absence, training, and performance management. Details of any disciplinary meetings are also held for the recommended length of time as stated in the Disciplinary procedure.
For further information, staff should refer to specific privacy statements developed for staff on the SAHS website.
7. Security of our information
SAHS is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:
All SAHS staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;
Staff are granted access to personal data on a need to know basis only;
A range of policies and procedures are in place to protect your information online-these are outlined below.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information.
Google analytics cookies:
We use Google Analytics to review our website and this lets us see information such as the number of visitors, how long they stay on and what pages they have viewed. Google Analytics does not provide any personally identifiable information about you. In order to run Google Analytics we use a cookie which is a small piece of software that loads in your browser which will log your site visit and the pages visited. Google Analytics will store your IP address and, also record the pages you visit on our website and other information which is not personally identifiable to you. For more information on google analytics https://www.google.co.uk/analytics
Shopping basket cookies:
Our shopping cart uses cookies so that you can add products to the cart. This allows you to browse the rest of the shop and your products will be stored in the basket when you checkout. We also have a cookie to remember your chosen currency and the destination country so that we can calculate the shipping costs. If you prefer not to use cookies then you can switch these off on your browser settings.
Enquiries & feedback:
When you make an enquiry or feedback using the forms on this website, we store this information for a while, so that we can effectively deal with the enquiry or feedback request. When we have dealt with the enquiry or feedback we will then delete the personal details e.g. name, email address, telephone no etc.
As a fail-safe, we have also built in an automatic deletion system that will automatically delete your personal details after 12 months. Unless you have ticked the opt in box so that you can be keep up to date with news and promotions.
Bookings
When you make a booking using the forms on this website, we store this information so that we can deal with the booking and also deal with any queries after the booking. We store
the information for up to 12 months after the date of the booking. As a fail-safe, we have
also built in an automatic deletion system that will automatically delete your personal details after 12 months.
Gift vouchers:
When you order a gift voucher using the form on this website, then we store this information so that we can deal with the gift voucher order and also deal with any queries after the
order. We store the information for up to 12 months after the date of the order. As a fail-
safe, we have also built in an automatic deletion system that will automatically delete your personal details after 12 months.
Orders
When you place an order through the website, we will keep your personal details for up to
12 months, after the order has been processed. Unless you have registered through the website in which case we will store your details until you instruct us to delete them.
Registration
You can register with our website and we will store your personal details so that you do not have to re-enter these with every order.
Payments details:
We do not store your payment details on this website or offline. Payments are processed in real-time at the time of the order. Payments are processed via a third party payment provider and we have no access to your card details.
8. Security
Data encryption
The website and the data, is stored in a secure data centre, and while all reasonable efforts have been made to maintain a high level of security, a determined hacker can work through
even the most sophisticated security systems. We take your data protection very seriously and therefore the data stored on our website is encrypted making this close to impossible to
use in the event of a data breach.
SSL (Secure Socket Layer)
The website has an SSL Certificate installed, which encrypts the data being sent to and from the web server (where the website is stored) and the browser (which you use to view the web pages). When you fill in a form on this website, the data is encrypted so that it cannot be read, making using the website more secure.
9. Receiving Information
How can you get access to your personal information?
UKGDPR gives you the right to access information that SAHS holds about you. SAR’s
(Subject Access Requests) can be made in writing, by email, by telephone or in person We would prefer requests be made in writing.
You will need to provide:
Adequate information (for example, full name, address, date of birth) so that your identity can be verified and your information located.
An indication of what information you are requesting, to enable us to locate this in an efficient manner.
SAHS aims to comply with requests for access to personal data as quickly as possible, and normally within a calendar month of receipt, unless there is a reason for delay that is justifiable under GDPR.
We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect, then please let us know.
10. Complaints about how we process your personal information
If you are dissatisfied with how SAHS is, or has been processing your personal information, you have the right to advise SAHS of this in writing.
You also have the option of making a complaint directly to the Information Commissioners
Office (ICO) details below:
The Information Commissioners Office – Northern Ireland
3rd Floor
14 Cromac Place
Belfast
BT7 2JB
Telephone: 028 9027 8757 / 0303 123 1114
Email: ni@ico.org.uk
Contact Details
Any requests for information, or complaints, should preferably be submitted in writing, contact details are as follows:
Data Protection Officer
Southern Area Hospice Services
St. Johns House Courtenay Hill Newry
BT34 2EB
Email dpo@southernareahospiceservices.org
Telephone number: 028 302 67711
Changes to our privacy statement
We keep our privacy statement under regular review and will place any updates on this document on our website.