For Data Protection* requirements the data controller is Barnsley Hospice, Church Street, Barnsley, South Yorkshire S75 2RL. This is also our registered office. Our registered charity number is 700586
We are registered with the Information Commissioner (reg. no. Z6910489)
If you want to request further information about this privacy notice or exercise any of your rights, you can email us at email@example.com
Our commitment to you
We are committed to protecting and respecting your privacy, and we take your privacy very seriously.
Barnsley Hospice (BH) collects, stores and processes personal information during the course of our activities. We process personal information about patients and their family members, carers, or friends; about our donors and supporters and our suppliers and contractors.
We have a separate privacy notice for our employees and volunteers.
We recognise the need to treat personal and sensitive information in a fair, lawful and transparent manner. No personal information held by us will be processed unless the requirements for fair, lawful and transparent processing can be met.
Access to personal and sensitive data is controlled, and only available on a ‘need to know’ basis. All our staff receive training on the principles of data protection and information security. We also train our volunteers if they handle personal data.
Your Data Protection Rights
You have certain rights in relation to your personal information, although those rights will not apply in all cases or to all the information that we hold about you. For example, we may need to continue to hold and process information to establish, exercise or defend our legal rights.
Under Data Protection law, if we hold information about you, you have the following rights:
To be informed why, where and how we use your information.
To ask for access to your information.
To ask for your information to be corrected if it is inaccurate or incomplete.
To ask for your information to be deleted or removed where there is no need for us to continue processing it.
To ask us to restrict the use of your information.
To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
To object to how your information is used. You can object to us processing your data at any time. If you do object, we will stop processing your data immediately and will only reinstate processing if we can confidently prove that we have an overriding reason to do so. However, it may be that we cannot provide our services safely without processing this data, which may mean we would have to withdraw our service.
To challenge any decisions made without human intervention (automated decision making).
Lawful basis for processing
We must have a lawful basis for processing your information; this will vary on the circumstances of why we process and how we use your information, but typical examples include:
The activities are within our legitimate interests as a charity that provides hospice care. Barnsley Hospice has a duty of care for its patients, and processing is necessary for the provision of health and social care, the treatment of patients, and for the management of health or social care systems and services.
The processing is necessary for compliance with a legal obligation to which we are subject e.g. we must provide certain contact information and other details about our services to HMRC and the Charities Commission.
The processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
The processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
An individual has given consent for us to process their information.
To protect vital interests e.g. the processing is necessary to protect someone’s life.
If we process any special categories of information i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic or biometric data for the purpose of uniquely identifying individuals, health data, or data concerning your sex life or sexual orientation, we must have a further lawful basis for the processing. This may include:
The processing is necessary to protect the data subject’s vital interests or someone else’s vital interests, e.g. where the data subject is physically or legally incapable of giving consent.
The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
The processing is necessary for: reasons of substantial public interest, for the purposes of preventive or occupational medicine, for the assessment of the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services based on legislation or pursuant to contract with a health professional and subject to the conditions and safeguards.
The data subject gives us their explicit consent to do so.
If the public interest is thought to be of greater importance: for example, if a serious crime has been committed; if there are risks to the public or our staff; to protect vulnerable children or adults.
Where we have a legal duty, for example reporting some infectious diseases, wounding by firearms and complying with court orders.
If we need to use the information for medical research – we have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority) to do this.
What information we collect
Barnsley Hospice collects, stores and processes personal information about prospective, current and former patients who have been referred to us for any care service provided by the Hospice. We also collect, store and process personal information about prospective, current and former family members, carers or friends of patients, where these details have been provided to us for the purposes of providing care.
The personal data we process in relation to our care is provided to us both by the individual and by a third-party healthcare professional who has referred the individual to us for care. This information can include:
Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
Contact details such as names, addresses, telephone numbers and emergency contact(s)
Medical information including physical health or mental condition, medications, previous treatments and records of care given by other health and social care organisations.
Health records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection Laws.
Our staff are trained to handle your information correctly and protect your confidentiality and privacy; we do not undertake automated decision-making such as profiling.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes and is not sold on to any other third parties. Your information is not processed overseas.
Information collected about you to deliver your health care is also used to assist with:
Making sure your care is coordinated and of a high standard.
Assessing your condition against a set of criteria to ensure you are receiving the best possible care.
Using statistical information to plan services to meet the needs of the population.
Preparing statistics on our performance for NHS commissioners, the Care Quality Commission and other regulatory bodies.
Helping train staff and support research.
Supporting the funding of your care.
Reporting and investigation of complaints claims and untoward incidents.
When you are referred to the Hospice, we need to receive enough information about you to be able to make a decision as to whether you are eligible to receive our services, and whether we are best placed to deliver the care you need. This includes your contact details and information about your health, which is relevant to the service you are being referred to (for example, your past medical history and what medication you are taking). This information is stored on our electronic database.
Donor and Supporter Records
Barnsley Hospice collects, stores and processes personal information about prospective, current and former donors and supporters of the charity.
The personal data we hold in relation to donors is provided by individuals at the point at which they choose to support Barnsley Hospice or through fundraising donations or via the donation of Gift Aid on the sale of donated goods in one of our charity shops.
In order to carry out our activities in relation to donors and supporters, we handle data in relation to contact details such as names, addresses, telephone numbers, emails, bank account and credit card details.
Our staff are trained to handle your information correctly and protect your confidentiality and privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is only collected for our own marketing purposes and is never collected for or sold to other organisations.
Barnsley Hospice operates a Closed-Circuit Television (CCTV) surveillance system (“the system”) at our head office and in our retail shops with images being monitored and recorded. The system is owned, operated and managed by the Hospice. It is used for maintaining public safety, the security of property and premises and for the detection, prevention and investigating of crime. Where appropriate, in exceptional cases, it may also be used to monitor staff when carrying out work duties. Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with Data Protection legislation.
We do not collect more information than we need to fulfil our stated purposes and will not retain if for longer than is necessary.
Data is stored and managed in each monitored location. Extraction of this data from each location is restricted to authorised personnel only, and is only carried out for legitimate, lawful reasons.
We will retain the images for 30 days after which they will be automatically erased, except where we have taken excerpts for purposes of detection, prevention or investigating crime. Any images retained for this purpose will be erased on completion of our investigations. Where required to do so as part of any external police investigation, we will share such images with the appropriate authorities.
Access to view recorded images is restricted to key individuals but we may be requested to share the images with the Police and other agencies for crime prevention or detection purposes.
How we use and share your personal data
Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. In order to process your information and donations to the highest possible standards, we will sometimes need to give other organisations access to your data, for example our database provider.
There are a number of reasons why we are lawfully required to share information with others. This can be due to:
Our obligations to comply with legislation
Our duty to comply with any Court Orders which may be imposed
The detection and prevention of crime or fraud
We will use the contact details provided on your referral form to contact you, or your referrer, with the result of the referral, and to offer an appointment if accepted into our care.
Once you are under our care, we will make notes during the provision of our healthcare services, which are shared by our health care professionals within the Hospice on a need to know basis, to enable the safe provision of your care.
If you attend our counselling sessions, your case may be discussed with the Counsellor’s manager for supervision purposes, in order to provide a safety mechanism to continuously assess competency, and for the health and well being of our Counsellors. However, this is done anonymously, so the manager is unaware of who you are. We also provide our counselling clients with specific information about how their information is handled sensitively, which is also explained at the point of deciding whether they wish to receive our counselling service.
To enable delivery of direct clinical care to our patients, and ensure our records are accurate, up to date and complete, we access other records such as hospital records and communicate with other health and social care professionals involved in their care.
When we discharge you from our care, we will use your contact details, and the details of your GP, to send out a discharge letter to you as the patient if required, and to your GP.
As part of our PallCall service, we may receive requests for advice over the telephone from previous patients, their carer(s) or other external health care professionals. We keep a record of advice given for safety purposes, to ensure the right advice is being given.
Our Bereavement Support service will use the contact details of our patients’ Next of Kin/Family Member(s) to offer support after they are bereaved. We explain this in our bereavement pack and they have the right to object to us contacting them for this purpose, and should they object, we will not contact them to offer this service.
As part of our commitment to providing safe, effective health care services, we sometimes access our patient information for auditing purposes. Audits are carried out by our health care professionals, or by a member of the administration support team who has been trained in Information Governance.
We may also use some patient data for performance reporting purposes. All performance reports use anonymised aggregated data and are used to report internally or externally for management purposes and service planning and commissioning decisions.
Clinical services questionnaires are sent out to patients/families on occasion in order to obtain vital information about the quality and impact of our services.
We may also use your personal data for the following purposes:
We may, on occasion conduct clinical research projects using patient personal data. Where patients are identifiable in this research we would only do so if we have their consent.
Media quotes from patients/relatives – we would only use quotes in the media if we have the patient or relative’s explicit consent to do this.
We will only send out our counselling and bereavement services questionnaires to clients if they have given their consent for us to do so.
We do not share notes taken at counselling sessions provided by the Hospice with other Health Care Professionals as a routine. If there is a requirement to share information with another Healthcare Professional, this will only be done with the client’s explicit consent (or their parent, if a child under 16).
We access patient electronic GP records only on a ‘need to know’ basis, to help us deliver care. This is only accessed by us where patients have consented to having their health records shared in this manner, and we only access the information that is relevant, necessary and proportionate to deliver our care.
You have the right not to consent to any of the above, or to withdraw your consent at any time, by notifying any of your Hospice care providers who will discuss this with you and aim to find the best approach to delivering your care safely within your requirements.
Sometimes your care may be provided by members of a care team, which might include people from other organisations such as health; social care; education; or other care organisations.
We share your information with other organisations in order that we can provide effective care to you. If you do not want us to do this, you have the right to object. If this happens, we will discuss with you the implications this may have for your care.
We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.
We have a legal obligation to provide information to HMRC regarding Gift Aid claims and will do so to comply with this. We will only send information that is directly relevant for this purpose, and not use it for any other purpose.
The rules within which we must comply are stated here: https://www.gov.uk/claim-gift-aid/gift-aid-declarations
Events processing and lottery
For events that you have paid to attend, we will collect your details for payment, and contact. These are necessary for us to perform our duties under our contract with you. Some events may request further details such as next of kin, where we are responsible for your health and safety. We will only contact your next of kin or pass it onto an emergency care provider if there is a health and safety reason to do so. If you are paying by debit or credit card, we will only use your payment data to process the payment for that event. We will also process your contact details to contact you for events publicity (see below), unless you object to us doing so.
Our literature will explain that event participants have a right to object to us using their contact details to contact them about future events.
We will only process your details for the lottery if you have signed up to do the lottery. This is handled by an external company with whom we have a contract. The contact includes a responsibility to abide by the current Data Protection legislation. Contacting you about the lottery is part of the contract you have signed up to.
Our lottery database is handled externally and is not cross referenced with our Donor database. However, we do share information for data cleansing purposes e.g. where a donor is deceased.
We will contact you via ‘Thank you letters’, if we need to clarify anything about your donation with you, and via our Newsletters.
You can object to us processing your data for any of the reasons stated in this section, at any time. If you do object, we will stop processing your data immediately and will only reinstate processing if we can confidently prove that we have an overriding reason to do so, which does not impact on you in a detrimental manner.
We also ask if you are able to Gift Aid your donations and we will keep information specifically for this reason, as required by HMRC.
We conduct a range of fundraising and marketing activities in relation to:
Our cause, campaigns and projects
Events and challenges
Retail shops and special offers
We promote our activities though a range of methods and channels, including online and social media platforms. We use personal information to thank you for supporting us and to provide you with further communications about our activities according to your preferences and interests.
We believe that it is fair and reasonable for us to contact you to let you know when events are taking place that are the same or similar to ones that you have previously participated in, unless you object to us doing so. This is necessary for us to be able to continue to provide a viable fundraising service for the Hospice.
By taking a targeted approach to events notification, we feel that this is proportionate and there is no risk of harm or detriment to the recipients. We will always provide details on the right to object to us contacting people in this way and will stop doing so should we receive an objection.
You can update your preferences at any point by contacting us via the details above.
We will not contact you about events if you haven’t participated in any of our events, unless you have given us your consent to contact you for this purpose.
When you visit our website, we may collect a variety of information about you to support us in providing you with the best possible service.
You may be asked to supply personal information in certain sections of this (the Barnsley Hospice) website. Personal information means anything that helps us to identify you, such as your name, address or email address. If you supply this information we will not pass it on to any third party. All personal information supplied will only be used for the purpose it was supplied. All data is held securely. We endeavour to take all reasonable steps to protect your personal information; however, we cannot guarantee the security of any data you disclose online. By adding your personal information on this website, you accept the inherent security risks of communications over the internet and you agree not to hold Barnsley Hospice responsible for any breach of security unless this is due to our negligence or wilful default.
The information we collect from our website is used in several ways to help us provide you with a good service and to help us understand how our website is used:
We use information to process your donations and other financial transactions and to address any enquiries and comments, as set out in our ‘Donor Records’ section above.
We use information to supply you with goods and news of events and developments if you request them or give us permission to contact you, as set out in our ‘Donor Records’ section above.
We use information gathered to provide statistics that will guide the future content of our website. If at any time you wish us to remove your personal information from our web servers,you can request this in writing via post or email (contact details given at the end of this document).
When ‘ticking’ any checkbox on this website which indicates that you are willing to be contacted by us, you agree to receiving communications from us via that particular method of communication (e.g. email, letter, text). We take this to mean that you do not consider this as a breach of your rights under the Privacy and Electronic Communication (EC Directive) Regulations 2003.
If you use our website to send feedback or request more information about a particular service or event, the personal information you provide will only be used to answer your enquiry.
In order to process credit card, direct debit or other financial transactions we may ask for your bank or card details. In order to input this information, you will be directed to a secure page for financial transactions. Barnsley Hospice does not store or record any of your bank or card details. Whether you wish to make a donation, pay for goods or events, or set up a sponsored event, all financial interactions are carried out by our chosen Payment Service Providers who are fully compliant with the Payment Card Industry Data Security Standards (PCI DSS).
Payments made on our website are processed by WorldPay (www.worldpay.com/uk). This data is encrypted and credit or debit card information and bank details are not held on our web servers.
Our website may contain links to other sites that are not owned or managed by Barnsley Hospice. Please be aware that we cannot take responsibility for any personal data you choose to enter within these external sites.
How long do we keep your data
Our Data Retention Schedule sets out the criteria we use for how long we keep data.
We will retain personal data for the minimum period required by legislation or national guidance provided by statutory authorities (for example, patient information is kept in line with NHS guidance).
When no longer required for day to day processing, personal information will be archived, either electronically or if in hard copy, stored in a secure location at the Hospice, or offsite with an approved data management company. All data will be destroyed after the data retention period has ceased.
As we are able to claim gift aid retrospectively for up to 4 years, we believe it is fair for us to keep donor details on our database for up to 4 years, even if the donor has opted out of receiving any marketing or promotional material, or objects to us contacting them under any other legitimate interest. This is because, should they make a future donation and gift aid it, including any other donations they have made in the last 4 years, we would be unable to do so without keeping this record.
Changes to this Privacy Notice
We may from time to time need to update and amend this notice in light of changes in the law or developments in our own or industry standards. Alterations to this policy will be posted on our website.
Should you wish to lodge a complaint about the use of your information, details of our complaints policy can be found on our website, or you can email us at: firstname.lastname@example.org or in writing to: Senior Information Risk Owner, Barnsley Hospice, 104-106 Church Street, Gawber, Barnsley. S75 2RL.
If you are still unhappy with the outcome of your enquiry you can write to the Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or call 01625 545700.
All rights reserved; no part of this website, including information, images, photos, logos and names can be republished, posted, broadcast in any form whatsoever without written permission by the copyright holders.
Unless stated that they are provided for download, documents on this site may not be downloaded, altered or adapted for any purpose without prior written permission from the copyright holders.