Who are we ?
The work of St George’s Hospital Charity ('we', 'us' or 'our' being interpreted accordingly) aims to enhance the patient experience and support patients, staff and visitors of St George’s University Hospitals NHS Foundation Trust. We fund research, state-of-the-art equipment, staff development and welfare projects. Through fundraising the charity is able to fund projects which touch the lives of the thousands of people cared for by St George’s and Queen Mary’s hospitals in south west London (the 'Hospitals') and local community services each year.
St George’s Hospital Charity is registered as a charity in England and Wales (registered charity no. 1171195).
Our commitment to privacy
St George’s Hospital Charity is committed to protecting your privacy. This policy statement ('Privacy Statement') explains how we collect and use the personal information you provide to us, or which is provided to us by third parties, whether online or via phone, mobile, e-mail, letter or other correspondence.
Changes to the Privacy Statement
This Privacy Statement replaces all previous versions and is correct as of 1st of April 2019. We will regularly review and update this Privacy Statement and will update its contents at our discretion. Any changes will be notified to you either via e-mail or through an announcement on our website.
What personal information do we process?
We collect personal information from you in various ways, for example if you:
a. request information about our activities;
b. register your details in order to participate in an event;
c. make a donation;
d. set up a standing order for regular donations to us;
e. make a purchase from our online store; or
f. engage with us via social media.
We may also receive personal information about you from third party sources such as Virgin Money Giving, Just Giving, BT My Donate, PayPal, Unity Lotteries, in memory intermediaries and funeral directors, the Hospitals and from publicly available third party sources (please see 'Supporter background research' section below).
Personal information is information that can be used to identify you. The type of personal information we collect may include your name, date of birth, email address, postal address, telephone number(s), fax number, family details, job title, bank account, credit/debit card or other payment details, details of fundraising efforts, whether you are a UK tax payer and health data.
Such personal information is referred to in this Privacy Statement as 'Personal Data'.
If you choose not to provide Personal Data, we may not be able to comply with a request for information or to participate in an event or activity, or to provide you with our goods or services.
Sensitive personal data: We do not collect or process sensitive Personal Data about you unless there is a reason for doing so, we have explained that reason to you, and we have received your consent. We do not have access to patient data, but we may collect health information from you if you tell us about your experiences of the hospital (for example, if you agree to act as a case study for us), or if you are participating in an event so that we can ensure that appropriate facilities are provided.
Under 16s: We do not aim our products, services or events at under 16s, however if you are aged 16 or under, and would like to participate in an event, make a donation or get involved with us, we will need to have your parent/guardian’s consent before accepting your participation and holding your Personal Data.
How do we use your Personal Data?
We may collect your Personal Data for a number of reasons, such as for:
Transactional purposes: to provide you with the information, services or products you have requested; to fulfil orders for items from our shop; if you use your credit or debit card to donate to us, buy something or pay online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (for more information visit www.pcisecuritystandards.org). Only those staff authorised to process payments will be able to see your card details. If we receive an e-mail containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
Administrative and operational purposes: for the legitimate interest of administering any donations we receive from you or from an estate or organisation with which you are connected; employment administration, volunteer activity administration, internal record keeping (including the management of feedback or complaints), inviting you to participate in surveys or research, running and co-ordinating events, fundraising projects and other activities we organise.
Supporter background research: to comply with our obligations as a registered charity, we must take reasonable and appropriate steps to know who our donors are, particularly where significant sums may be donated. This means that we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support. We will only process Personal Data for this purpose as is necessary for us to meet our obligations.
Identity verification / compliance: to process your Personal Data for the purposes of credit risk reduction or fraud prevention (regrettably some people target charities for illegal purposes such as money laundering and, quite rightly, we are required to monitor financial activity and report suspected fraud to the appropriate authorities) and where it is otherwise required by law.
Marketing communications: where you have expressly consented to us doing so, we may contact you with information about our activities, to ask you to donate or to ask you to help us raise money, via email, telephone, text message or other social messaging services. We may also contact you by post from time to time, unless you have told us that you do not want to receive these communications. You can change your preferences regarding the marketing communications you receive about our Charity at any time by contacting us at St George’s Hospital Charity, Grosvenor Wing, Blackshaw Road, SW17 0QT, on 020 8725 4522 or via email:email@example.com. or by logging onto the Fundraising Preference Service website. We will also update your preferences if you respond to a letter we have sent which asks how you would like us to communicate with you. We will not use your information for marketing purposes if you have asked us not to but we will retain your details on a suppression list to help ensure we do not continue to contact you (see 'Retention Periods' section below).
Marketing analysis: for the legitimate interest of monitoring IP addresses to block disruptive use, to record website traffic or to personalise the way our information is presented to you by identifying your approximate location and to analyse the use and improve the services we offer.
We may also contact you for other purposes that you consent to from time to time.
We will never buy, sell, trade or rent Personal Data.
Read about how we care for your data in Philanthrophy at St George's Hospital Charity.
Vulnerable circumstances policy
We recognise the importance of protecting our vulnerable supporters and follow the guidance issued by the Institute of Fundraising on treating donors fairly. We believe this helps to support our staff and fundraisers who come into contact with supporters in providing high quality customer care, ensuring anyone donating to the Charity is in a position to make a free and informed decision.
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, national laws implementing the EU Data Protection Directive (95/46/EC) and from 25 May 2018 the EU General Data Protection Regulation (2016/679).
Personal Data that we collect will be processed by staff, volunteers and contractors who are based at our offices in the UK and such Personal Data is not transferred outside the UK.
From time to time we may send your Personal Data to one of the Charity's suppliers or service providers outside the EU, although we will only do so in accordance with applicable law.
Information sharing and disclosure
We will not disclose your Personal Data to third parties without you knowing about it. The exceptions are:
- We may disclose your Personal Data to third parties if we are required to do so by law.
- We may share your Personal Data with the Hospitals for administrative and operational purposes.
- We may share your Personal Data with our data processors acting under our instructions. These are trusted partner organisations that work with us in connection with our charitable activities including HR service providers, payment service providers such as Paypal and marketing services providers who send marketing communications on our behalf (subject to the communications preferences you have expressed) such as Direct Link, One Post and Unicity. We may also need to share your name and postal address with any third party distributors fulfilling the purchase of items from our shop.
We always aim to ensure that Personal Data is only used by third parties for lawful purposes and in accordance with this Privacy Statement.
We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to 6 years after a particular financial transaction). In respect of the holding of Personal Data for direct marketing purposes, we will retain this in line with applicable law and guidance of competent regulatory authorities. We will delete Personal Data that is no longer needed by us or will mark your data as 'do not contact' if you tell us you do not wish to be contacted in the future.
When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.
Security to protect Personal Data
For all areas of our website which collect Personal Data, we use a secure server. Although we cannot 100 per cent guarantee the security of any information you transmit to us, we have in place appropriate technical and organisational security measures to protect your information and prevent unauthorised access.
A cookie is a small file of letters and numbers that we may put on your computer or mobile device when you access our website. These cookies allow us to distinguish you from other users of the website helping us to provide you with a good experience when you browse our website and also allow us to analyse use and improve our website. For example, they will tell us whether you have visited our website before, if our website is working well and which pages you visited.
We use Google Analytics cookies to help track the success of our online advertising and monitor the usage of our website.
The information we collect and share from cookies is anonymous and does not personally identify you. It does not contain your name, address, telephone number, or email address.
You have the right to:
- request a copy of your Personal Data which we hold;
- request that we update or erase the information we hold about you if it is wrong;
- change your marketing communication preferences at any time (including asking that we no longer use your Personal Data for marketing purposes); or
- raise a concern or complaint about the way in which your Personal Data is being used.
If you wish to find out more about these rights, or obtain a copy of the information we hold about you, or have any question or query about this Privacy Statement, please contact our Data Controller at:
St George’s Hospital Charity, Grosvenor Wing, Blackshaw Road, SW17 0QT, on 020 8725 4522 or via e-mail:firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) www.ico.org.uk.