St Christopher’s Full Privacy Notice

St Christopher’s Hospice Group exists to promote and provide skilled and compassionate palliative care of the highest quality.

Privacy and Cookies Notice

Who We Are

At St Christopher’s Hospice Group our vision is of a world in which all dying people and those close to them have access to the care and support they need, when and wherever they need it.

We were founded in 1967 by Dame Cicely Saunders and, nearly 50 years later, her words still remain at the heart of everything we do: “You matter because you are you and you matter until the last moment of your life.”  Every year we provide care and support to over 6,000 people across South East London, both at home and in the hospice.

We passionately believe that everyone should have access to the best care at the end of their lives and have an extensive education programme, working with people across the world, to improve and develop hospice care.

 How We Use Your Information

We care about your personal data and it is important that you know how we use it and how we keep it safe. This Privacy Notice covers how, when and why we use your information. This Privacy Notice also explains the choices you can make about the way in which we use your information and how you have the right to change your mind at any time.

This Privacy Notice is not exhaustive and we are always happy to provide any additional information or explanations where needed. Please contact our Data Protection Lead either by email, telephone or in writing using these contact details:

Data Protection Lead, St Christopher’s Hospice, 51 – 59 Lawrie Park Road, Sydenham, London SE26 6DZ. Telephone: 02087684500 Email: info@stchristophers.org.uk

This Privacy Notice applies to all information held by St Christopher’s Hospice Group relating to individuals, whether you are a patient, service user, member of staff, volunteer, supporter or contractor.

For further information on what information we may hold about you and the legal reasons for processing your information please refer to our ‘Keeping In Touch’ leaflet and ‘Your Information: How we use and keep it’ leaflet.

 Reviews of and Changes to our Privacy Notice

We will review our Privacy Notice on an annual basis. This Privacy Notice was last reviewed in April 2018.

Information We Collect and Hold about You

We need to use information about you in various forms and we will only use the minimum amount of information necessary for the purpose. Sometimes we will use information that does not identify you i.e. statistics / anonymised reports.

Definitions – what is personal data

By personal data we mean any information that might allow you to be identified, such as your name, address, date of birth, credit card details, I.P. address, photo or video image or voice recording. For our patients, some of this data will be sensitive and relate to their health and wellbeing, ethnicity and religious views.

The Hospice processes several different types of information:

  1. Identifiable – containing details that identify an individual. This may include but is not limited to such information as name, address, NHS number, full postcode, date of birth.
  2. Pseudonymised – information where individuals can be identified by using a coded reference which does not show their ‘real world’ identity.
  3. Anonymised – information about individuals with identifying details removed.
  4. Aggregated – statistical information about a group of individuals that has been combined to show general trends or used for benchmarking purposes.

Our records may be held on paper or in electronic computer systems.

 Legal Obligations to Collect and Use Information

In the circumstances where we are required to use personal identifiable data we will only do this if:

  • The information is necessary for your direct healthcare
  • We have received written consent from you to use your information for a specific purpose e.g. employment, volunteering, fundraising, lottery membership etc.
  • There is an overriding public interest in using the information e.g. in order to safeguard an individual or to prevent a serious crime
  • There is a legal requirement that will allow us to use or provide information e.g. a formal Court order or subpoena.
  • We have permission to do so from the Secretary of State for Health to use certain confidential patient identifiable information when it is necessary for our work
  • Emergency Planning reasons such as protecting the health and safety of others. Typically these relate to severe weather, outbreaks of diseases e.g. seasonal flu, and major transport incidents.

Primary and Secondary Care Data

The NHS provides a wide range of services which involve the collection and use of information. Even though we are a registered charity we are also an NHS Business Partner as we provide a healthcare service for the people of Bromley, Croydon, Lewisham, Lambeth and Southwark. Different care settings are considered as either ‘primary care’ or ‘secondary care’. Primary care settings include GP Practices, pharmacists, dentists and some specialised services including military health services. Secondary care settings include local hospitals, rehabilitative care, urgent and emergency care and community and mental health services. St Christopher’s Hospice is a secondary care setting.

Within this Privacy Notice you may see reference to an organisation called NHS Digital who is the national provider of information, data and IT systems for commissioners, analysts and clinicians in health and social care. NHS Digital provides information based on identifiable information passed securely to them by Primary and Secondary Care Providers who are legally obliged to provide this information. The way in which NHS Digital collect and use your information can be found here: http://content.digital.nhs.uk/patientconf

 Our Commitment to Data Privacy and Confidentiality Issues

We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the General Data Protection Regulation (2018), the Common Law Duty of Confidentiality and the Human Rights Act 1998.  The various laws and rules about using and sharing confidential information, with which St Christopher’s Hospice will comply, are available in “A guide to confidentiality in health and social care” which is published on the NHS Digital website. The Hospice also has a local policy on Confidentiality which can be made available on request.

St Christopher’s Hospice is a Data Controller and under the terms of the Data Protection Act 1998 and the General Data Protection Regulation (2018) we are legally responsible for ensuring that all personal confidential data that we collect and use i.e. hold, obtain, record, use or share about you is done in compliance with this legislation.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities. Our ICO Data Protection Register number is Z6199614 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website (https://ico.org.uk/).

Everyone working for St Christopher’s Hospice Group has a legal duty to keep information about you confidential. The NHS Care Record Guarantee and NHS Constitution provide a commitment that all NHS organisations and those providing care on behalf of the NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-to-know basis. All health and social care organisations are required to provide annual evidence of compliance with applicable laws, regulation and standards through the Information Governance Toolkit, https://www.igt.hscic.gov.uk/ which show our current level of compliance as ‘satisfactory’ providing assurance to you of how we protect your information.

All of our staff, volunteers and Executive Team receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. All staff are trained to ensure they understand how to recognise and report an incident ensuring that the organisation’s procedure for investigating, managing and learning lessons from incidents.

We will only retain information in accordance with the schedules set out in the Records Management Code of Practice for Health and Social Care 2016. The Hospice’s Records Management Policy includes guidance around the secure destruction of information in line with the Code of Practice.

Your information will not be sent outside of the European Economic Area (EEA) where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.

Confidentiality Advice and Support

The Hospice has a Caldicott Guardian who is a senior person responsible for protecting the confidentiality of service user and service user information and enabling appropriate and lawful information-sharing. Further information about the role of the Caldicott Guardian is available on request.

Your Rights

You have certain legal rights:

  • Right of Access (Tell you if we have your data; give you a copy of your data)
  • Right to Rectify (Correct your data)
  • Right of Erasure (Delete your data)
  • Right to Restrict Processing (Stop processing your data but not delete)
  • Right of Portability (Give you your data in common, machine readable format)
  • Right to Object (to direct marketing, to processing for scientific / historical research or statistics, to processing based on legitimate interests or public interest)

You have the right to privacy and to expect St Christopher’s Hospice Group to keep your information confidential and secure.

You also have a right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered.

If we do hold identifiable information about you and you have any queries about the information we hold please contact the Data Protection Officer using the details below:

St Christopher’s Hospice, 51 – 59 Lawrie Park Road, Sydenham, London SE26 6DZ. Telephone: 02087684500 Email: info@stchristophers.org.uk

 Complaints

St Christopher’s Hospice Group aims to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. Contact details for complaints regarding the processing of information should be directed to the Data Protection Lead, St Christopher’s Hospice, 51 – 59 Lawrie Park Road, Sydenham, London SE26 6DZ. Telephone: 02087684500 Email: info@stchristophers.org.uk You can also raise a concern directly with the ICO https://ico.org.uk although our aim is to resolve your complaint swiftly ourselves in the first instance. For more information on how to make a suggestion or complaint, please see our guidance leaflet ‘A Guide to Suggestions and Complaints’.

 Details of Information Collected and Used for Specific Purposes

Detailed information on our purposes for processing information; the type of information used; the legal basis identified for the collection and use of information; how we collect and use the information required; data processing activities – any third parties we may use for each purpose and information on how to opt out of your information being used for each purpose are contained in our ‘Keeping In Touch’ and ‘How We Use Your Health Records’ leaflets.

 Using our website

What information we may collect via our website: 

  • Form submissions, for example registering interest for events, feedback forms and information requests
  • Subscribing to receive communications from St Christopher’s such as fundraising or education updates
  • Details of your visits to our site, including which pages you visit and what you do

Shop, Tickets, Donations and Tribute microsites: 

  • Personal information, such as but not limited to name, email address, billing and shipping address, when making a purchase or donation
  • Details of transactions you carry out through our site and of the fulfilment of your orders
  • Ticket registration details

 Education delegate microsite, NHEC/Information Hub and End of Life Journal microsites 

  • Material that you post or contribute to our forums
  • Personal information provided at the time of registering

Information collected from the registration process about your place of work and areas of professional interest will be retained securely and only used to help us to understand and analyse the user profiles

 Third party software

Your information will not be sent outside of the European Economic Area (EEA) or to any other country where the laws do not protect your privacy to the same extent as the law in the UK without. We will never sell any information about you.

 Our third parties who receive data – directly or indirectly – from our website include:

  • MailChimp – email marketing
  • Salesforce – Customer Relationship Management (CRM) platform for our education department
  • eTouches – event management software for our education events
  • The Raiser’s Edge – Customer Relationship Management (CRM) platform for our fundraising department
  • Better Impact – Volunteer management database

 What information collected directly via third parties on our behalf:

  • Personal information such as name, registration details, billing and shipping address, when purchasing a conference place (eTouches)
  • Personal information such as name, address and interests when registering to receive education updates (Salesforce)

 Cookies

 What is a cookie?

A cookie is a simple text file of letters and numbers that is stored on to your computer or mobile device by a website’s server when you access certain websites. Only that server will be able to retrieve or read the contents of that cookie.

Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers

What does a cookie do?

A cookie is like a door key – cookies unlock a computer’s memory and allow websites to recognise users when they return to that particular site.

Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you. Cookies may be set by the website you are visiting or they may be set by other websites who run content on the page you are viewing.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier.

Cookies have limited functionality and cannot browse or scan your computer or dig for information. Users always have the option of accepting or denying cookies.

 How does St Christopher’s use cookies?

Information received via web cookies is used to enhance your experience of our site and microsites, ascertain whether the website is functioning correctly and for logged-in members to ensure access to entitled resources.

Analytical cookies

 The cookies we use are predominantly ‘analytical’ cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our web site when they’re using it.

This helps us to improve the way our website works, for example by making sure users are finding what they need easily.

This website uses Google Analytics* cookies.  Unless you have adjusted your browser setting to refuse cookies, our website will deliver the cookie as soon as you visit the website.

Google Analytics is collected via a JavaScript tag in the pages of our site.  Google Analytics uses a Persistent Cookies (remains on your computer unless it expires or your cookie cache is cleared) and some session cookies (used to calculate visit information such as visit length and where a visitor arrived from).

We have enabled Google Analytics Demographics and Interest Reporting so we better understand our demographics and our website users’ interests.

More information on Google Analytics can be found on Google’s support website https://support.google.com/analytics/answer/6004245

Functional cookies

 St Christopher’s uses cookies for the checkout process when making a purchase in our shop, registering for an event or donation.

We also use cookies to remember login details and information you supply, for example for the End of Life Journal.

What to do if you don’t want Cookies to be set

Some people find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing.

The cookies St Christopher’s use are harmless and we do not use them for advertising that has been targeted to your interests.

However, if you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of the St Christopher’s website.

You can control which types of cookies you allow by turning cookies on or off in your web browser’s settings. You can also delete cookies by clearing your browser’s cookie cache (history).

To find out how to turn cookies on and off in your browser, click on the relevant browser link below.

If you have any questions or concerns about the cookies we use, please email digital@stchristophers.org.uk