1. Data protection overview
We understand that complying with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) update involves us processing and storing information about our supporters efficiently. We take our responsibilities under this Act very seriously and ensure that the personal information we obtain will always be held, used and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations.
2. What personal information do we collect?
Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address, telephone number and credit/debit card details. We collect personal information when you enquire about our activities, register on our website, make a donation to us, order any products with us (such as newsletters and merchandise), or otherwise give us personal information.
If you read our web pages or download content from our website, we may gather information about it such as the pages which are most visited and what literature is downloaded the most. This data is used to help us improve our website and services so that we can provide you with the best possible service. Where possible, this data is anonymous and will not identify you as a visitor to our website.
3. Credit and Debit card information
If you use PayPal to donate to us, buy something or pay online or over the phone, PayPal are processing your card details and the Charity do not receive any of these details. We receive a notification with your name and your address and contact details if you disclose them which we transfer onto our donor management system to create a profile. This is used to administrate any donations received. PayPal’s privacy statement can be found here.
If you set up a regular giving pledge, all card details would be processed by GoCardless and the Charity would receive a notification email of the personal details the donor enclosed, however we do not receive any card details. The personal details provided would then be used to create a profile on our donor management system in order to administrate any donations received. GoCardless’ privacy statement can be found here.
If you provide us with your card details in person at the Charity office or over the phone, all details and validation codes are destroyed securely once a payment or donation has been processed. Only staff who are authorised to process payments will handle your sensitive data.
4. Why do we collect and how do we use your information
We may collect and process your personal information for a number of reasons, for example:
- To provide you with a service, information or product that you have requested;
- To provide you with information about our work and activities, where you have given explicit consent for us to do so;
- To send you items you have ordered from our shop;
- To process a donation that we have received from you;
- To contact you about a donation you have made for administration purposes or an event you have shown interest in or registered for;
- Where you have given explicit consent that we can do so, to ask you to help raise money or donate money to Royal Papworth Hospital Charity;
- To improve the services we offer;
- For the management of feedback and complaints, internal records must be kept for audit purposes.
We may need to share your personal information with external service providers such as our mailing company. In this instance, we have a strict data agreement with the external company to ensure that your data is treated correctly.
When sending in-house email mailings. Royal Papworth Charity may use Mailchimp to facilitate larger numbers of emails at a time. Mailchimp takes data security and privacy very seriously; find out more about how they protect your data by clicking here.
Synapture is the Charity’s website host and they process and store data on the Charity’s behalf to provide our supporters with a service. Synapture's storage retention period is 5 years. Your details and contact preferences will be transferred onto our customer relationship manager as a profile every time you donate, buy a product or sign up to our newsletter, as well as being stored by Synapture. Further details about how Synapture use your data can be found here.
We reserve the right to share your personal data if we are legally obliged to do so for the prevention or detection of a serious crime.
The Charity has strict agreements in place to ensure that any third parties who process data on our behalf do so securely and all data is protected by UK data protection law. We never store bank details on our database or server and we will never keep any sensitive details such as card details if you happen to pay over the phone.
5. How we collect information about you
Directly from you – when you sign up to an event, make a donation or buy something from us, in most cases we would record some personal details.
Indirectly from you – If you indicate that you would like to support us via an independent event organisation for example: Just Giving, the company will contact us to say that someone would like to support us, but only if you have expressed that you would like them to do so. More information about third party processing of data can be found in their privacy policies.
When other organisations have your permission to share it – depending on the personal settings you have on social media platforms, it is possible that you may be giving us permission to access your information. You could also provide permission when signing up to third party organisations who work with us, for example Unity, our lottery provider.
All third party organisations that we work with are required to comply with data protection laws, our high standards and are only allowed to process your information strictly as instructed. We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure our compliance.
6. The accuracy of your data
We aim to ensure that all of the information we hold about you is accurate and up to date. If any of the information we hold about you is inaccurate and we are advised of this by yourself or we become otherwise aware, we will ensure it is updated and changed as soon as possible.
7. Our Website
Cookies are small amounts of information, which are stored on your computer’s hard drive. For more detailed information about cookies visit the Direct Gov website.
Please note, if you change your settings to block all cookies (including essential cookies) you may not be able to access all or parts of http://www.papworthhospitalcharity.org.uk/ (“Website”).
You can find more information about the individual cookies we use on the Website and the purposes for which we use them in the table below:
|These are Google Analytics cookies used to allow us to count page visits and traffic sources so that we can measure and improve the performance of our Website. For more information about these cookies visit:Cookies & Google Analytics
||Session and 24 hour
8. Your rights
You have the right to access all personal information we hold about you. This includes:
- Requesting a copy of any personal information we hold
- Updating or amending any information that we hold about you
- Changing your communication preferences at any time
- Objecting to us processing your details for marketing purposes
- Raising a complaint about the way your information has been used
- The Right to be Forgotten
Under the new GDPR legislation, you have the ‘Right to be forgotten’. You can contact the Charity Office to request that we delete any information that we hold on you. If however the Charity has a legal obligation to retain the data, we will not be able to comply until the legal retention period of the data has expired. In this case all details will be archived securely and there will be no further contact
If you would like to contact the Charity about any of the above issues, please Email: email@example.com or Call: 01223 639950
The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. This access request is free, must be in writing and we have 1 calendar month to respond to your request.
9. Data retention
The Charity has to collect and store information about its donors and fundraisers. Donors who have set their contact preferences to do not contact will be archived on our database so they are available for audit purposes for 2 years. Unless there is any financial activity during the 2 years, or the donor had a gift aid declaration active, the record will be deleted securely from our database and servers and all paper trails will be shredded.
Gift aid declarations and financial records have to be retained for 6 full tax years. The Charity’s data retention procedure adheres to this by holding records longer than the specified 2 years when there is a gift aid declaration or financial activity present. After 2 years of no activity we will contact the donor to update the consent form, if there is no response the Charity will assume no further contact is wanted and the donor’s record will be archived until 6 full financial years have passed from the date of the most recent donation made. The record will then be deleted securely from our database and servers and all paper trails will be shredded.
Donors who have left the Charity a Gift in their Will may continue to have an active donor record for some time after their death. The record for the donor will be stored until the legacy comes to an end and the gift is settled. At this point the record will be archived and kept until 6 full tax years from the date of when the legacy has been fulfilled. The record will then be deleted securely from our database and servers and all paper trails will be shredded.
10. Direct Marketing
Royal Papworth Hospital Charity would like to contact it’s supporters from time to time with news and updates on what’s happening at the Hospital and the Charity. You can update your preferences anytime via our website under the ‘my details’ tab. We will need your prior consent to be able to contact you via: email, telephone and post. Please see our Data Form to let us know or update your preferences. You can also update your preferences anytime via our website under the ‘my details’ tab once you are logged in. Alternatively if you no longer wish to hear from Royal Papworth Hospital Charity, please email: firstname.lastname@example.org or call: 01223 639950.
11. Privacy Notice
Royal Papworth Hospital Charity reserves the right to change the privacy statement without notice. It is the responsibility of users to check this privacy statement regularly.
Royal Papworth Hospital NHS Foundation Trust is committed to adhering to all Data Protection Legislation, including the General Data Protection Regulations, that came into force in May 2018. If you would like more information with regard to how they process your information, please visit their website here.