1. Data protection overview

We understand that complying with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) update involves us processing and storing information about our supporters efficiently.  We take our responsibilities under this Act very seriously and ensure that the personal information we obtain will always be held, used and otherwise processed in accordance with that Act and all other applicable data protection laws and regulations.  

 

  1. What personal information do we collect?

Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address, telephone number and credit/debit card details. We collect personal information when you enquire about our activities, register on our website, make a donation to us, order any products with us (such as newsletters and merchandise), or otherwise give us personal information.

If you read our web pages or download content from our website, we may gather information about it such as the pages which are most visited and what literature is downloaded the most. This data is used to help us improve our website and services so that we can provide you with the best possible service. Where possible, this data is anonymous and will not identify you as a visitor to our website.

  1. Credit and Debit card information.

If you use our website to buy merchandise, donate to us, Stripe – our third party card processor will be processing your card details and the Charity does not receive any of these card details.  We will receive a notification of payment to us with the details that you disclosed at the time of payment. These personal details will be added to our donor management system to create a profile. This is used to administrate any donation received. By using this service you are agreeing to Stripes Privacy Policy which can be found here

If you use PayPal to donate to us, buy something or pay online or over the phone, PayPal are processing your card details and the Charity do not receive any of these details. We receive a notification with your name and your address and contact details if you disclose them which we transfer onto our donor management system to create a profile. This is used to administrate any donations received. PayPal’s privacy statement can be found here.

If you set up a regular giving pledge, all card details would be processed by GoCardless and the Charity would receive a notification email of the personal details the donor enclosed, however we do not receive any card details. The personal details provided would then be used to create a profile on our donor management system in order to administrate any donations received. GoCardless’ privacy statement can be found here.

If you provide us with your card details in person at the Charity office or over the phone, all details and validation codes are destroyed securely once a payment or donation has been processed.  Only staff who are authorised to process payments will handle your sensitive data. 

 

  1. Why do we collect and how do we use your information.

We may collect and process your personal information for a number of reasons, for example:

  • To provide you with a service, information or product that you have requested;

  • To provide you with information about our work and activities, where you have given explicit consent for us to do so;

  • To send you items you have ordered from our shop;

  • To process a donation that we have received from you;

  • To contact you about a donation you have made for administration purposes or an event you have shown interest in or registered for;

  • Where you have given explicit consent that we can do so, to ask you to help raise money or donate money to Royal Papworth Hospital Charity;

  • To improve the services we offer;

  • For the management of feedback and complaints, internal records must be kept for audit purposes.

We may need to share your personal information with external service providers such as our mailing company. In this instance, we have a strict data agreement with the external company to ensure that your data is treated correctly.

Raising IT is the Charity’s website host and they process and store data on the Charity’s behalf to provide us with a service. Your details and contact preferences will be transferred onto our donor management system as a profile every time you donate, buy a product or sign up to our newsletter. Raising IT’s storage retention period is 7 years. Their privacy statement can be found here.

We reserve the right to share your personal data if we are legally obliged to do so for the prevention or detection of a serious crime.

The Charity has strict agreements in place to ensure that any third parties who process data on our behalf do so securely and all data is protected by UK data protection law. We never store bank details on our database or server and we will never keep any sensitive details such as card details if you happen to pay over the phone.   

  1. How we collect information about you.

Directly from you – when you sign up to an event, make a donation or buy something from us, in most cases we would record some personal details.

Indirectly from you – If you indicate that you would like to support us via an independent event organisation for example: Just Giving, the company will contact us to say that someone would like to support us, but only if you have expressed that you would like them to do so. More information about third party processing of data can be found in their privacy policies.

When other organisations have your permission to share it – depending on the personal settings you have on social media platforms, it is possible that you may be giving us permission to access your information. You could also provide permission when signing up to third party organisations who work with us, for example Unity, our lottery provider.

All third party organisations that we work with are required to comply with data protection laws, our high standards and are only allowed to process your information strictly as instructed.  We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure our compliance.

6.The accuracy of your data

We aim to ensure that all of the information we hold about you is accurate and up to date.  If any of the information we hold about you is inaccurate and we are advised of this by yourself or we become otherwise aware, we will ensure it is updated and changed as soon as possible.

       7.Our Website   

Like most websites, we use cookies to help us track how people are using our website; this means we can improve our service and ‘remember you’ and your preferences.

Cookies are small amounts of information, which are stored on your computer’s hard drive. For more detailed information about cookies visit the Direct Gov website.

You may disable the use of cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

Please note, if you change your settings to block all cookies (including essential cookies) you may not be able to access all or parts of http://www.papworthhospitalcharity.org.uk/ (“Website”).

The Website uses "analytical" cookies. They help us to provide you with a good experience when you browse the Website. We also use cookies to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example by ensuring that users are finding what they are looking for easily.

We will not use cookies to collect personally identifiable information about you.

You can find more information about the individual cookies we use on the Website and the purposes for which we use them in the table below:

Cookie Name

Purpose

Duration (persistence)

_utma
_utmb
_utmc
_utmz

These are Google Analytics cookies used to allow us to count page visits and traffic sources so that we can measure and improve the performance of our Website. For more information about these cookies visit:Cookies & Google Analytics

Session and 24 hour

PHPSESSID

PHP creates a session ID when you use the Website to store and track data while you travel through a series of pages, or page iterations to differentiate you from other users.

Date not set.

 

Please note that the owners of third party websites which the Website links to may also use cookies, over which we have no control. To opt-out of third-parties collecting any data regarding your interaction on the Website, please refer to their websites for further information.

8.Your rights

You have the right to access all personal information we hold about you. This includes:

  • Requesting a copy of any personal information we hold

  • Updating or amending any information that we hold about you

  • Changing your communication preferences at any time

  • Objecting to us processing your details for marketing purposes

  • Raising a complaint about the way your information has been used

  • The Right to be Forgotten

 

Under the new GDPR legislation, you have the ‘Right to be forgotten’. You can contact the Charity Office to request that we delete any information that we hold on you. If however the Charity has a legal obligation to retain the data, we will not be able to comply until the legal retention period of the data has expired. In this case all details will be archived securely and there will  be no further contact

If you would like to contact the Charity about any of the above issues, please

Email: [email protected] or Call: 01480 364237

The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. This access request is free, must be in writing and we have 1 calendar month to respond to your request.

9.Data retention

The Charity has to collect and store information about its donors and fundraisers.  Donors who have set their contact preferences to do not contact will be archived on our database so they are available for audit purposes for 2 years. Unless there is any financial activity during the 2 years, or the donor had a gift aid declaration active, the record will be deleted securely from our database and servers and all paper trails will be shredded.

Gift aid declarations and financial records have to be retained for 6 full tax years. The Charity’s data retention procedure adheres to this by holding records longer than the specified 2 years when there is a gift aid declaration or financial activity present. After 2 years of no activity we will contact the donor to update the consent form, if there is no response the Charity will assume no further contact is wanted and the donor’s record will be archived until 6 full financial years have passed from the date of the most recent donation made. The record will then be deleted securely from our database and servers and all paper trails will be shredded.

Donors who have left the Charity a Gift in their Will may continue to have an active donor record for some time after their death.  The record for the donor will be stored until the legacy comes to an end and the gift is settled. At this point the record will be archived and kept until 6 full tax years from the date of when the legacy has been fulfilled. The record will then be deleted securely from our database and servers and all paper trails will be shredded.

  1. Direct Marketing

Royal Papworth Hospital Charity would like to contact it’s supporters from time to time with news and updates on what’s happening at the Hospital and the Charity. You can update your preferences anytime via our website under the ‘my details’ tab. We will need your prior consent to be able to contact you via: email, telephone and post. Please see our Data Form to let us know or update your preferences. You can also update your preferences anytime via our website under the ‘my details’ tab once you are logged in.  Alternatively if you no longer wish to hear from Royal Papworth Hospital Charity, please email: [email protected] or call: 01480 364237.

  1. Privacy Notice

Royal Papworth Hospital Charity reserves the right to change the privacy statement without notice. It is the responsibility of users to check this privacy statement regularly.