Access Services
DONATE
t: 01978 316800   e: info@nightingalehouse.co.uk
t: 01978 316800  e: info@nightingalehouse.co.uk
Access Services
DONATE
Translate

Privacy Policy

Nightingale House Hospice is a registered charity (1035600) providing specialist palliative and end of life care in Northeast Wales and the border area. We are based at Chester Road, Wrexham, LL11 2SJ.

This Privacy Notice applies to:

  • Nightingale House Hospice (ICO reg. Z7435017)
  • Nightingale House Lottery Ltd (ICO reg. ZB267921)
  • Nightingale House Promotions (our hospice shops)(ICO reg. ZB267910)

 For the purposes of data protection law, these organisations, collectively referred to as Nightingale House, operate as Joint Data Controllers under a formal joint controller agreement. You may exercise your rights by contacting any of the organisations listed in this notice.

Your privacy

We are committed to protecting your personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR), where applicable

We process personal data lawfully, fairly and transparently and in accordance with the core data protection principles.

 

Collection of your personal data

We collect your personal information directly from you, for example, if you sign up to one of our services, if you get in contact with us by telephone, email or form submission or when you visit our website, and where lawful, from third parties such as healthcare providers, carers, authorised representatives, or public authorities.

We will only collect data required to carry out a specific purpose and will not use your information for other purposes without your permission.

Depending on your relationship with us, we may collect:

  • Identity details (name, date of birth, gender)
  • Contact details (address, telephone number, email)
  • Financial details (bank details, payment information)
  • Employment history (for applicants and volunteers)
  • Health and medical information (patients only)
  • Information about family members and carers (where relevant to care)
  • CCTV images
  • Marketing preferences
  • Gift Aid declarations (including confirmation of UK taxpayer status)

We treat all personal data with care. Some information we process is classified as Special Category Data, including health data and, in some cases, children’s data.

Below is a summary of our processing activities, lawful bases and retention periods:

 

Processing Activity and Purpose

Personal Data Processed

Retention Time

Lawful Basis

 Provision of specialist palliative care, symptom management, emotional support and bereavement services.

(Patients and families)

Name, date of birth, gender, contact details, next of kin . Current and past health and medical information.  It may also be necessary to take photos of patients  for medical purposes. As part of your treatment or care, we may collect some information about family members and carers.

Up to 8 years following the end of care, in line with NHS records management guidance.

Article 6(1)(e) – Public task OR

Article 6(1)(f) – Legitimate interests

AND

 

Article 9(2)(h) – Provision of health or social care

 

Fundraising and donations

Name, address, email, telephone number, bank/financial details.

In the promotion of our fundraising activities we may on occasion seek your consent to use photos, videos or other information about you for these purposes. 

7 years.

Contract – you have agreed to provide these details in order to donate to Nightingale House Hospice.

Lottery Membership

For administering lottery participation and payments

Name, telephone number, bank/financial details.

7 years after cancellation of membership.

Article 6(1)(b) – Contract

Retail (Hospice Shops)

Processing purchases, deliveries, collections and Gift Aid claims.

Contact details, payment information, Gift Aid declarations

Delivery data: until fulfilment complete

Financial data: 7 years

 

Article 6(1)(b) – Contract

Article 6(1)(c) – Legal obligation (Gift Aid and financial compliance)

 

Job & Volunteer Applicants

Recruitment and employment administration.

Name, address, email, telephone number, employment history. Successful applicants joining our team, will be provided with full Privacy notifications during their induction period.

 

Unsuccessful candidates – 7 months from date of interview.

Successful candidates – 10 years following end of relationship

Article 6(1)(b) – Contract (pre-contract steps)

Article 6(1)(c) – Legal obligation

 

CCTV for:

·    Prevention and detection of crime

·    Protection of staff, patients and visitors

·    Investigation of incidents

CCTV Images at hospice and retail locations

31 Days unless required for an investigation

Art6(1)(f) – Legitimate interests

Marketing Communications

Information about our services, events and fundraising activities.

Name, contact details, communication preferences

Until asked to stop by you or until consent withdrawn by you. You can withdraw consent or opt out at any time by:

 

·        Clicking the unsubscribe link in communications

 

·        Contacting us directly

Article 6(1)(f) – Legitimate interests – we will provide information which we believe is of genuine interest to you.

 

Article 6(1)(a) – Consent (where required under PECR)

You may withdraw your consent or opt out of marketing communications at any time by clicking the unsubscribe link or contacting us

Website and Online forms

We collect personal data submitted through contact forms and website enquiries.

 

We use WordPress.com (Automattic) to host our website and collect anonymised usage statistics.

Name, email address, address, telephone number

6 years

Article 6(1)(b) – Contract

Article 6(1)(f) – Legitimate interests

 

Sharing of personal data

We may share your personal data:

  • Within our group of companies
  • With healthcare professionals involved in patient care
  • With contracted service providers (processors) including:
    • IT and cloud providers
    • Mailing and printing providers
    • Payment processors
    • Lottery management systems
    • Fundraising platforms/event organisers
    • Website hosting services
    • Confidential waste disposal providers

 We may also share your data where required by law, including with:

  • Law enforcement
  • Regulators
  • Insurers (where claims arise)

If our organisation is restructured or transferred, personal data may form part of transferred assets.

A list of current processors is available from our Data Protection Officer.

Where our website links to a third parties’ website, for example, to purchase tickets, make an online donation or take part in an adventure, then you will share your personal data directly with them.  You should ensure you are aware of their Privacy policies and intentions before submitting your personal information to them.

 You can withdraw consent or opt out at any time by:

  • Clicking the unsubscribe link in communications
  • Contacting us directly

A full list of processors is available from our Data Protection Officer.

International transfers

Our operations are based in the UK and your personal information is generally processed within the UK and countries within the European Economic Area (EEA. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (IDTA).

 

Keeping your information safe

We have implemented appropriate physical, technical and organisational measures to protect personal information from unauthorised access, use, alteration, destruction and loss.

Access to your data is restricted to only those who need access to it and we have strict policies governing the use and security of all personal data collected.

Online financial transactions are processed Payment Card Industry Data Security Standards (PCI DSS) compliant providers.

In the event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we will inform you if the loss or unauthorised access to your data has potential to cause you harm. We will report this to the Information Commissioners Office if required by law, who are responsible for regulating data protection legislation in the UK. https://ico.org.uk/

 Your Rights

You have the following rights under UK GDPR: 

Right

Explanation

Right to be Informed

This means that we have to be transparent in how we collect and use your personal data

Right of Access

You have the right to access your personal data.

Right to Rectification

If the information we hold about you is inaccurate or incomplete you can request that we correct this

Right to Erasure

You can request that we delete or remove personal data in certain circumstances

Right to Restrict Processing

You have the right to request that we cease processing your data if

·        you consider it inaccurate or incomplete and/or

·        you object to the reason we’re processing your data

We will review the validity of your request and respond to you with our decision

Right to Data Portability

Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party

Right to Object

You have the right to object to our processing in certain circumstances. For example, you can object to:

·        direct marketing and

·        processing for the purposes of scientific/historical and statistics

Rights relating to Automated Decision-Making including Profiling

We do not use automated decision-making or profiling

Where automated decision-making is applied, organisations must

·        give you information about the processing

·        introduce simple ways for you to request human intervention or challenge a decision

·        carry out regular checks to make sure that our systems are working as intended

 

If you wish to exercise any of these rights or make a complaint you can contact our Data Protection Officer.

 

Manage Cookies

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies allows us to process data such as browsing behaviours or unique IDs on this site. Please click HERE to view our Cookies Policy.

How to contact us

For all data protection matters or questions relating to how we manage your data, or if you are concerned about how your data is being handled, you can contact our Data Protection Officer:

Data Protection Officer:                Clinical DPO

Phone Number:                               0203 411 2848

Email:                                                 NightingaleHouseDPO@clinicaldpo.com

For complaints, please include the following where possible:

  • Your name and contact information.
  • A description of your concern or the data protection issue.
  • Any relevant supporting information.

Complaints will be acknowledged within 30 days. We aim to fully respond and resolve the matter without undue delay. If your issue requires more time or clarification, we will keep you informed throughout.

If you are dissatisfied in how we have responded to your complaint, you have the right to complain to the UK Information Commissioner’s Office (ICO):

Changes to this Privacy Policy

We reserve the right to update this privacy notice at any time, The most recent version will always be available on our website, and where changes are significant, we will notify you appropriately.

 

Translate