St Christopher’s Hospice takes privacy and the protection of personal and sensitive information seriously. We have robust technical and organisational systems and measures in place to manage and protect all personal data. These measures include data encryption, up to date security software and controls to guard against unauthorised access, unlawful processing, accidental loss, damage or destruction.
Our Privacy notice explains how we use and protect your personal information, to show that we are adhering to the new General Data Protection Regulation (GDPR) and the Data Protection Act, both of which came into force in May 2018.
It also explains how we collect and use the personal information that you provide to us whether, in person, online or via phone, email, letter or other correspondence, this includes data from our website and sets out how St Christopher’s Hospice uses and protects any information that you give us.
St Christopher’s Hospice is committed to protecting your privacy and right to confidentiality. We comply with GDPR, DPA and NHS requirements concerning confidentiality and information security standards.
This notice explains how we use any personal information we collect about you based on your relationship with St Christopher’s Hospice, detailing how we collect data, how we store it, how we use it and protect it.
St Christopher’s Hospice is a registered charity (Charity Number 210667). St Christopher’s Hospice exists to promote and provide skilled and compassionate palliative care of the highest quality. The GDPR require every organisation that processes personal information to be registered with the Information Commissioner’s Office. Our registration number is Z619964
You can view our full Data Protection Policy online here or request a copy of the policy by contacting us at:
Data Protection Lead
St Christopher’s Hospice
51-59 Lawrie Park Road, Sydenham
London, SE26 6DZ
020 8768 4500
Email: privacy@stchristophers.org.uk
We obtain personal information from you when you are referred or enquire about our services and activities, register for an event or educational programme, apply to volunteer or work with us, send or receive an email, make a donation to us, ask a question about our services or otherwise provide us with your personal information.
Occasionally, we may obtain your personal information from third party data suppliers only if they provide the appropriate evidence that you have agreed for your personal information to be shared with other organisations.
We gather non-identifiable general information from the use of our websites such as pages visited and areas that are of most interest to users. We use this information to improve our website and make it a better experience for everyone. For further information please see the cookies section below.
The personal information we collect might include name, address, email address, telephone numbers, date of birth, bank account details (for setting up regular Direct Debit or payment information), and your family relationships to avoid duplicating communications.
We will typically collect sensitive data for employees, casual workers, or volunteers as part of our statutory, contractual, and management responsibilities.
We may use your personal information for:
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
If you are referred to one of our clinical services, we will collect data from you and may also receive your personal data from and share it, where necessary with other healthcare providers.
Legitimate interest, Consent and Legal obligation currently constitute the lawful basis on which we collect personal information. In order to provide complete care, we may also collect some information about family members and carers.
Where Next of Kin or family details are provided within clinical services, this information will be shared with our Fundraising team to enable invitation to memorial events to be sent to loved ones. In addition, we may also share this information with our Spiritual care team to enable an offer of Spiritual support for loved ones. Information is also passed to our Bereavement Team when a patient dies to enable an offer of Bereavement Support to be made directly to a patient’s loved ones.
If you stay at or visit our premises, such as our Inpatient Unit, we may collect your image on CCTV. We may take photographic images of you for medical purposes, with your prior consent, such as in the case of pressure ulcers, to assist in your care. We also receive data about our patients and their families and carers from other healthcare providers.
Personal data we collect may include one or more of the following:
In addition, we may need to contact other agencies for relevant health or social care information for the benefit of our patients’ care.
We use your personal data for a number of purposes including the following:
Please be assured, we never share, sell, swap or rent your data to third parties for marketing purposes.
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
As a child service user, you are entitled to the same rights as adult service users. We collect the same type of information about you as we do from the adults, process it for the same reasons and hold your data in the same way.
Your data is held with the consent of your parents/guardian and with your consent. Your details are kept securely with restricted access and handled with the greatest respect for privacy.
We will share your details with our Candle Child Bereavement Service, which provides bereavement services for children.
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
When you apply to work at St Christopher’s Hospice we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the hospice – for example, if we need a reference, or need to get a criminal record check from the Disclosure and Barring Service – we will make sure we tell you beforehand unless we are required to disclose this information by law.
When you apply to work at St Christopher’s Hospice, we will typically collect the following information about you:
During the course of your employment we will also collect performance data including probation, training and appraisals data as well as reasons for sickness absence data for up to 2 years at a time.
If you are unsuccessful in your job application, we will hold your personal information for 6 months after we have finished recruiting the post you applied for. After this date, we will destroy or delete your information. We keep information about applicants to develop and improve our recruitment processes, but this information is kept in a form that ensures that individual applicants cannot be identified.
If you begin employment with us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us, we will keep this file according to our record retention guidelines. You can contact us to find out more about this.
We collect this information because we have a legitimate interest to ensure employees fulfil their roles and responsibilities as detailed within their job description.
We also have a legal obligation to ensure that those we care for are safe and therefore we need to verify that applicants and employees hold the required qualifications.
We have a contractual obligation to pay employed staff; therefore we use bank account details to process such payments.
Your information will be shared where data disclosure may be required by law, for example to government bodies such as HMRC for tax purposes
Date of birth information is collected for pension and if applicable, redundancy purposes.
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware of this, we will ensure it is amended and updated as soon as possible.
We take great care to ensure that your data is kept secure at all times. Data is only accessible to appropriately trained Employees and volunteers whose job functions makes it necessary that they have access to your information.
Although most of the information we store and process stays within the UK some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers is located in a country outside the EU. These countries may not have similar data protection laws to the UK, however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy.
We will keep your information for as long as required to enable us to operate our services, but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations, tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
As appropriate for a volunteer role, we may ask
We collect this information because we have a legitimate interest in making sure we give you a suitable volunteer role and support you to carry out the duties of the role. We also have to ensure that those we care for are safe – it is our moral and legal obligation.
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware of this, we will ensure it is amended and updated as soon as possible.
We take great care to ensure that your data is kept secure at all times. Data is only accessible to appropriately trained Employees and volunteers whose job functions makes it necessary that they have access to your information.
Although most of the information we store and process stays within the UK some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers is located in a country outside the EU. These countries may not have similar data protection laws to the UK, however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy.
We will keep your information for as long as required to enable us to operate our services, but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations, tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
We collect information from you directly which you provide when you fill in any of our online or printed forms to make a donation, sign up to an event or buy a product. Sometimes, this information is collected by an organisation working on our behalf, but we are responsible for your data at all times.
We also collect information shared with us by independent organisations. These third parties will only share your information with us when you have given permission for them to do so.
The type of information we collect will include
When taking part in a challenge event, you may also be asked for health information and emergency/next of kin contact information for health and safety reasons.
We hold records of your donations and fundraising efforts alongside communications we have sent to you and those we have received from you.
When you sign up to our events, depending on the event, we have an obligation to check that you are in a reasonably good health to participate safely in the event you signed up for.
We have a legitimate interest to contact you about making or increasing your donations to St Christopher’s Hospice.
We also have a legitimate interest to invite you to fundraising, memorial and other related events.
We may also have to share your donation information with HMRC in order, for example, to process Gift Aid.
We use your information to process your donations or product/information requests, provide appropriate acknowledgement and collect gift aid. We also keep a record of your relationship with the hospice and your contact preferences.
We will also use your information to keep you informed of our work, the latest news and to ask for donations or other fundraising support in accordance with your contact preferences.
We make it easy for you to tell us how you want us to communicate with you and include information on how to select your communication preferences when we send you marketing and communication material.
We may analyse geographic, demographic and other information relating to you and this allows us to understand the background of our supporters, which helps us to make appropriate requests to supporters who may be willing and able to give more than they currently do, or to identify those who may be able to support us in other ways. This information is compiled using publicly available data about you.
Where possible, we will ask you about your contact preferences at the first point of contact, i.e. when you first register for an event, make a donation or request fundraising information. However, when this is not possible, we will ask you about your contact preferences in an appropriate and timely manner.
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware of this, we will ensure it is amended and updated as soon as possible.
We take great care to ensure that your data is kept secure at all times. Data is only accessible to appropriately trained Employees and volunteers whose job functions makes it necessary that they have access to your information.
Although most of the information we store and process stays within the UK some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers is located in a country outside the EU. These countries may not have similar data protection laws to the UK, however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy.
We will keep your information for as long as required to enable us to operate our services, but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations, tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
Education events, training programmes and conferences are delivered by St Christopher’s Hospice through the Education Department to delegates who may be individuals employed by or volunteer for St Christopher’s, or who may be external to the hospice and from countries outside the UK/EU.
The library is open to all staff who may wish to borrow books and other resources.
The information we collect is made clear on the education application form and will include details such as
We will normally collect this information directly from you or your employer if they have booked the place on the event for you.
Library book borrowers are registered by name.
When you sign up to our educational events or programmes, we may, based on contractual obligation, share your details with the relevant certificate awarding body. For example, if you sign up to a City and Guilds programme, we will share your details with them.
We have a legitimate interest to collect your debit or credit card details for the purpose of processing your payments.
We also have a legitimate interest to inform you about related education programmes and events that we think might be of interest to you.
We use your personal information at the Education Department to undertake the following:
Information about our delegates will be shared with the service suppliers instructed by us. For example, name and address details of individuals we wish to mail information to must be sent to a print and mailing house to fulfil this purpose.
Other suppliers that we work with support us through email delivery platforms, direct marketing, data analysis and insight.
Any information shared to support and further the work of the education department is processed by the supplier under contract with St Christopher’s remaining in control of your information at all times.
Some of our suppliers run their operation outside the European Union (EU), this may include a country which may not be subject to the same data protection laws as companies based in the UK. In these circumstances, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law, and appropriate safeguards are in place.
Application and payment information is kept for a maximum of 5 years for legal reasons and registration for Continued Professional Development for 5 years.
We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware of this, we will ensure it is amended and updated as soon as possible.
We take great care to ensure that your data is kept secure at all times. Data is only accessible to appropriately trained Employees and volunteers whose job functions makes it necessary that they have access to your information.
Although most of the information we store and process stays within the UK some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers is located in a country outside the EU. These countries may not have similar data protection laws to the UK, however, we will take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy.
We will keep your information for as long as required to enable us to operate our services, but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations, tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
We adopt appropriate data collection, storage, and processing practices, and security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal or transactional data stored on our website and systems.
We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.
We are committed to protecting the privacy of the young people that engage with us through our website and at fundraising events. Our fundraising events also request specific information about the age of participants. Anyone under the age of 16 must obtain parental or guardian consent before participating in an event organised by St Christopher’s Hospice.
Under the General Data Protection Regulation, which came into force on May 25th, 2018, you have the following rights:
You have a right to obtain confirmation that your personal information is being processed. You also have the right to request a copy of your personal information we hold.
You may be required to provide proof of your identity by providing a valid photographic identity document such as a passport or photocard drivers licence. Your request will be processed within 30 days of receipt of your request and all the relevant information we require.
The accuracy of your personal information is important to us. You can edit your personal information including your address and contact details at any time.
You have the right to request the deletion of your personal information which we will review on a case by case basis.
You have the right to ‘block’ or suppress processing of your personal data. However, we may continue to store your data but will no longer process it. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future.
To exercise any of these rights, please contact us at the address below. We will then send you a form so you can provide us with as much information as possible about the nature of your request. This will help us locate your records. There is no requirement to complete this form to make a valid request, however, it has been designed to capture the information we may reasonably require to process your request effectively.
You have the right to object to your personal information being processed for fundraising, marketing (including profiling) and for research purposes.
Please provide as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take 28 days before they take effect.
If we process your personal information for the exercise or defence of legal claims, or we can demonstrate compelling grounds that override your rights and freedoms, we may not be able to fulfil your request. However, we will contact you to discuss further.
Please address any of the above requests to our Data Protection Lead at
Data Protection Lead
St Christopher’s Hospice
51-59 Lawrie Park Road
London
SE26 6DZ
Email: privacy@stchristophers.org.uk
We expect to be able to resolve any complaints that you might have concerning our services or events. We therefore ask that you give us the opportunity to do so in the first instance. You, however, have the right to lodge a complaint or seek advice from a supervisory authority. Please contact If you wish to lodge a complaint or seek advice from a supervisory authority please contact:
The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: +44 (0) 01625 545 745
Website: www.ico.org.uk
This policy is correct as of June 2019. We will regularly review and update this Privacy and Data Protection Statement and will update, modify, add or remove sections at our discretion and in response to relevant changes in legislation.
We will notify you of any changes, either via e-mail or through an announcement on our website and your continued use of our website, any of our services and/or the continued provision of personal information after we have posted the changes to these terms, will be taken to mean you are in agreement with those changes.
We expect to be able to resolve any complaints that you might have concerning our use of your information. Please write to us or call us at:
Data Protection Lead
St Christopher’s Hospice
51-59 Lawrie Park Road, Sydenham
London, SE26 6DZ
Tel: 020 8768 4500
Email: privacy@stchristophers.org.uk
If you would like this notice in another format (for example audio, large print, braille), please contact us as above.
St Christopher’s Hospice uses “cookies” to help track and monitor the usage of our website. We use Google Analytics for our web analytic cookies. The information we collect and share is anonymous and does not personally identify you. It does not contain your name, address, telephone number or email address.