1. Plymouth Hospitals Charity (PHC), registered charity number 1048679, is committed to protecting your privacy.
If you provide us with information that you can be identified by, we will only use it as described in this Privacy Notice.
The Charity Privacy Notice was written to comply with the Data Protection Act 2018 and the EU General Data Protection Regulations (May 2018). You are not under a statutory or contractual obligation to provide personal data.
Plymouth Hospitals Charity offers you the chance to stay in touch. We can let you know about our fundraising activities, events, and how we spend donations.
2. What we collect
We may collect the following information:
- Full name and title
- Contact information including address and postcode. (Where appropriate, this can also include a place of work or club/society)
- Phone numbers and email addresses
- Bank account details (if you are making a card payment or setting up a Direct Debit)
- Date of birth
- We may collect information relating to your health (for example if you are taking part in an event or volunteering for us)
- Emergency contact details (if you are volunteering for us)
If you sponsor a person using an online giving platform such as Just Giving or Virgin Money Giving and you indicate that you would like to hear from us, then they may pass your contact details to us. You should check the Privacy Statements of sites such as Just Giving before you give them your information.
If you make online payments or sign up to our fundraiser pages through our site we use a company called Enthuse:
ou can find the Enthuse Privacy Statement here: enthuse.com/privacy/
3. What we do with the information we collect.
We require the information for the following reasons:
If you have given consent for marketing:
- We may use the information to keep you up to date with what is happening at Plymouth Hospitals Charity.
- We may periodically send letters or emails about fundraising events which we think may interest you, using the contact details you have provided.
You can unsubscribe from this service at any time by emailing email@example.com
Internal record keeping:.
- To be able to thank you for your donations, volunteering, or other support.
- To respond to you if you have made an enquiry and send you any information you have requested.
- To keep financial records for inspection by HMRC if required
- To allow our charity auditors to check that donations are allocated correctly.
To let you know what your donation has been spent on.
We may share your name and details of your donation with University Hospitals Plymouth NHS Trust. We might do thisto make sure your donations are used according to your wishes or if you have agreed to a publicity campaign. Your information would be limited to senior members of staff only. You can let us know if you would prefer for your details to remain anonymous and we will always respect your wishes.
- We may use this information to improve our services.
- We may analyse the data we hold to determine how successful a fundraising event was or to identify a possible trend
4. How long do we keep your records?
We will archive your data after three years if no interaction has taken place during that time.
You may be contacted every two years to check that your details are still correct and that you are happy to stay on the database. If we cannot contact you your non-financial records will be erased or anonymised. Your financial exchanges are kept for seven years by the charity in line with HM Revenue and Customs regulations.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
6. Keeping you in control
Our legal basis for processing information about your financial transactions and your direct communications with us is legitimate interest . This includes information from emails, letters, phone calls or in person interactions. We use this information to communicate with you about the processing of your donations or requests.
Our legal basis for processing your information for marketing is Consent. We collect your Consent by sending you a ‘Staying in Touch’ form, which asks for you to opt-in to receiving information from us. You can choose how we send information to you, or choose not to hear from us. The form also tells you how to withdraw your Consent, which you can do at any time. Please let us know by emailing firstname.lastname@example.org.
If you request that we do not contact you again for marketing purposes, we will respect your wishes. However, in certain situations, we may still have to contact you. For example: you've made a donation or payment to a ward that no longer has the same medical purpose; or an event that you are attending has options we might have to confirm, or the event has been cancelled.
We do not have any access to your medical records.
We will not sell or lease your personal information to third parties.
Unless required by law, we will not share your information with third parties for their purposes.
We do not use automated decision making or profiling tools.
You may request details of personal information which we hold about you under the Data Protection legislation. If you would like a copy of the information held about you, you can request this in writing from Tracey Baker, Plymouth Hospitals Charity, Level 5 - Opp Pharmacy, Derriford Hospital, Plymouth PL6 8DH.
If you believe that any of the information we are holding on you is incorrect or incomplete, please contact us as soon as possible, so that we can correct it.
7. What we promise to do
- We will regularly review (at least annually) our processes and, where necessary, update our privacy information.
- If we plan to use personal data for a new purpose, we will update our privacy information. We will tell you about the changes before we start any new types of processing.
- We will audit the quality of the information we hold (at least annually) to ensure our data is accurate and appropriate.
- We will test this privacy notice with a selection of people, to evaluate the effectiveness of the delivery of our information.
If you have concerns or are unsatisfied with how we use your personal information you can contact the Charity Development Manager:
Corinne Bailey, Charity Development Manager, Plymouth Hospitals Charity, Level 5 - Opp Pharmacy, Derriford Hospital, Plymouth PL6 8DH.
You also have the right to register a complaint with the Information Commissioner’s Office. For more information, please visit the Information Commissioner’s Office here.
To compliment or complain to the charity you can email email@example.com for a copy of our Compliment and Complaints proceedure.
Links to other websites
We appreciate your support and aim to ensure that your privacy is treated with respect at all times, in compliance with the Data Protection Act 2018.
Plymouth Hospitals Charity and University Hospitals Plymouth NHS Trust are working closely to ensure that all data collected on individuals is only processed if there is a lawful basis to do so.
Who are the Charity project team responsible for data protection?
System Manager - Tracey Baker, Digital Development Manager firstname.lastname@example.org
Data Protection Officer - Penny Taylor, Head of Information Governance email@example.com
Information Asset Owner - Corinne Bailey, Charity Development Manager
Senior Information Risk Owner - Sarah Brampton, Director of Finance