Privacy statement
1. Data protection overview
We understand that complying with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) involves us processing and storing information about our supporters efficiently. We take our responsibilities under this Act very seriously and ensure that the personal information we obtain will always be held, used and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations.
2. What personal information do we collect?
Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address and telephone number. We collect personal information when you enquire about our activities, register on our website, make a donation to us, order any products with us (such as newsletters and merchandise), or otherwise give us personal information.
If you read our website pages or download content from our website, we may gather information about it such as the pages which are most visited and what literature is downloaded the most. This data is used to help us improve our website and services so that we can provide you with the best possible service. Where possible, this data is anonymous and will not identify you as a visitor to our website.
3. Credit and debit card information
If you use our website to buy merchandise, donate to us, Stripe – our third party card processor will be processing your card details and the Charity does not receive any of these card details. We will receive a notification of payment to us with the details that you disclosed at the time of payment. These personal details will be added to our donor management system to create a profile. This is used to administrate any donation received. By using this service you are agreeing to Stripes Privacy Policy which can be found here.
If you use PayPal to donate to us, buy something or pay online or over the phone, PayPal are processing your card details and the Charity do not receive any of these details. We receive a notification with your name and your address and contact details if you disclose them which we transfer onto our donor management system to create a profile. This is used to administrate any donations received. PayPal’s privacy statement can be found here.
If you set up a regular giving pledge, all card details would be processed by GoCardless and the Charity would receive a notification email of the personal details the donor enclosed, however we do not receive any card details. The personal details provided would then be used to create a profile on our donor management system in order to administrate any donations received. GoCardless’ privacy statement can be found here.
If you use Text-to-Donate to donate to us, your donation is being processed by the third party service provider, Just Giving. The Charity does not receive any personal details including you phone number and the donation will be treated as anonymous. Your data will be held in compliance with Just Giving’s Privacy policy found here.
If you provide us with your card details in person at the Charity office or over the phone, all details and validation codes are destroyed securely once a payment or donation has been processed. Only staff who are authorised to process payments will handle your sensitive data.
4. Why do we collect and how do we use your information
We may collect and process your personal information for a number of reasons, for example:
- To provide you with a service, information or product that you have requested;
- To provide you with information about our work and activities, where you have given explicit consent for us to do so;
- To send you items you have ordered from our shop;
- To process a donation that we have received from you;
- To contact you about a donation you have made for administration purposes or an event you have shown interest in or registered for;
- Where you have given explicit consent that we can do so, to ask you to help raise money or donate money to Royal Papworth Hospital Charity;
- To improve the services we offer;
- For the management of feedback and complaints, internal records must be kept for audit purposes.
We may need to share your personal information with external service providers such as our mailing company. In this instance, we have a strict data agreement with the external company to ensure that your data is treated correctly.
When sending in-house email mailings. Royal Papworth Charity may use Mailchimp to facilitate larger numbers of emails at a time. Mailchimp takes data security and privacy very seriously; find out more about how they protect your data by clicking here.
Synapture is the Charity’s website host and they process and store data on the Charity’s behalf to provide our supporters with a service. Your details and contact preferences will be transferred onto our customer relationship manager as a profile every time you donate, buy a product or sign up to our newsletter, as well as being stored by Synapture. Further details about how Synapture use your data can be found here.
Royal Papworth Charity is the administrator of 'Our Community Hub'. Royal Papworth Charity will not use your data for any purposes other than those consented to by you when completing the consent form. All data provided will be stored securely on our database and will be deleted in line with our data retention procedure
We reserve the right to share your personal data if we are legally obliged to do so for the prevention or detection of a serious crime.
The Charity has strict agreements in place to ensure that any third parties who process data on our behalf do so securely and all data is protected by UK data protection law. We never store bank details on our database or server and we will never keep any sensitive details such as card details if you happen to pay over the phone.
5. How we collect information about you
Directly from you – when you sign up to an event, make a donation or buy something from us, in most cases we would record some personal details.
Indirectly from you – If you indicate that you would like to support us via an independent event organisation for example: Just Giving, the company will contact us to say that someone would like to support us, but only if you have expressed that you would like them to do so. More information about third party processing of data can be found in their privacy policies.
When other organisations have your permission to share it – depending on the personal settings you have on social media platforms, it is possible that you may be giving us permission to access your information. You could also provide permission when signing up to third party organisations who work with us, for example Unity, our lottery provider.
All third party organisations that we work with are required to comply with data protection laws, our high standards and are only allowed to process your information strictly as instructed. We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure our compliance.
6. The accuracy of your data
We aim to ensure that all of the information we hold about you is accurate and up to date. If any of the information we hold about you is inaccurate and we are advised of this by yourself or we become otherwise aware, we will ensure it is updated and changed as soon as possible.
7. Our website
Like most websites, we use cookies to help us track how people are using our website; this means we can improve our service and ‘remember you’ and your preferences.
Cookies are small amounts of information, which are stored on your computer’s hard drive. For more detailed information about cookies visit the Direct Gov website.
You may disable the use of cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
Please note, if you change your settings to block all cookies (including essential cookies) you may not be able to access all or parts of: Royal Papworth Hospital Charity (royalpapworthcharity.com) (“Website”).
The website uses "analytical" cookies. They help us to provide you with a good experience when you browse the website. We also use cookies to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way the Website works, for example by ensuring that users are finding what they are looking for easily.
We will not use cookies to collect personally identifiable information about you.
You can find more information about the individual cookies we use on the Website and the purposes for which we use them in the table below:
|
Cookie Name
|
Purpose
|
Duration (persistence)
|
|
_utma
_utmb
_utmc
_utmz
|
These are Google Analytics cookies used to allow us to count page visits and traffic sources so that we can measure and improve the performance of our website. For more information about these cookies visit:Cookies \and Google Analytics
|
Session and 24 hour
|
Please note that the owners of third party websites which the Website links to may also use cookies, over which we have no control. To opt-out of third-parties collecting any data regarding your interaction on the Website, please refer to their websites for further information.
To increase awareness of the work of the Charity and to
promote fundraising events, the Charity advertises on our Charity website and the
social media platforms owned by Meta Platforms INC, specifically Facebook and
Instagram. When visiting our website, Facebook or Instagram page, if you agree
to the use of cookies, a pixel is used to store anonymous cookie information on
the end users’ device. This provides a measurement service which informs
relevant retargeting for future adverts. If you engage with the Charity through
an advert or the Charity website your personal details are not captured or
stored by the Charity. Although it is not possible to opt out of viewing
Facebook and Instagram ads, you are able to control what you see – more
information about this can be found here.
The anonymous data received by the Charity is used to improve your browsing
experience and show you personalised content.
8. Your rights
You have the right to access all personal information we hold about you. This includes:
- Requesting a copy of any personal information we hold
- Updating or amending any information that we hold about you
- Changing your communication preferences at any time
- Objecting to us processing your details for marketing purposes
- Raising a complaint about the way your information has been used
- The Right to be Forgotten
Under GDPR legislation, you have the ‘Right to be forgotten’. You can contact the Charity Office to request that we delete any information that we hold on you. If however the Charity has a legal obligation to retain the data, we will not be able to comply until the legal retention period of the data has expired. In this case all details will be archived securely and there will be no further contact
If you would like to contact the Charity about any of the above issues, please Email: papworth.charity@nhs.net or Call: 01223 639950
The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. This access request is free, must be in writing and we have 1 calendar month to respond to your request.
9. Data retention
The Charity collects and stores information about its supporters and fundraisers to provide products and services. When we are provided with explicit consent, also known as your contact preferences, we will use this consent to contact you for five years from the date it was received, unless you tell us that you would like to hear from us in a different way.
Where there is a request for no further contact, the record will be archived and stored in line with the relevant legal requirements for that data.
The Charity will provide opportunities throughout the year for supporters to update their preferences. Supporters can also update their preferences at any time by contacting papworth.charity@nhs.net or calling 01223 639950
Supporters who have left the Charity a Gift in their Will may continue to have an active record for some time after their death. The record for the supporter will be stored until the legacy comes to an end and the gift is settled. At this point the record will be archived and kept until six full tax years from the date of when the legacy has been fulfilled. The record will then be deleted securely from our database and servers and all paper trails will be shredded.
10. Direct marketing
We love to talk about all the ways that the generous donations from our supporters make a difference to staff, patients and their family members at Royal Papworth Hospital.
The Charity sends out newsletters and appeals to share the projects that we have been working on, provide new and exciting ways to fundraise and share the opportunities available to get involved with. We also have information on our products and services such as our Duck Club, lottery and volunteering.
We only want to send the information that is important to you and ask that you let us know how you would like to hear from us and what you would like to hear about through our data consent form. You can let us know your preferences at any time using the website: Marketing Consent Declaration (royalpapworthcharity.com) or by letting us know at papworth.charity@nhs.net or calling us on 01223 639950.
11. Privacy notice
Royal Papworth Hospital Charity reserves the right to change the privacy statement without notice. It is the responsibility of users to check this privacy statement regularly.
Royal Papworth Hospital NHS Foundation Trust is committed to adhering to all Data Protection Legislation, including the General Data Protection Regulations, that came into force in May 2018. If you would like more information with regard to how they process your information, please visit their website here.