Whittington Health Charity Privacy Policy
February 2022
Who we are
For the purpose of the Data Protection requirements the data controller is Whittington Hospital Charitable Funds (working name ‘Whittington Health Charity’), Whittington Health, Magdala Avenue, London, N19 5NF’. This is also our registered office.
Our registered charity number is 1056452.
Contacting Us
If you want to request further information about this privacy policy or exercise any of your rights, you can email fundraising.whitthealth@nhs.net
We are committed to protecting and respecting your privacy, and we take your privacy very seriously.
Our commitment to you
To enable us to undertake our charitable objectives we collect and use personal information about individuals. We recognise and appreciate the trust placed in us by individuals whose information we use.
This policy sets out the basis on how any personal data we collect from you, or that you provide to us, or that we obtain about you will be processed by us. Please read the following carefully to understand our aims and practices regarding your personal data and how we will treat it. We are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
This notice applies to the general public including our supporters, contractors, and other customers.
Your Data Protection Rights
We take the protection of your personal data very seriously and respect your privacy in accordance with data protection legislation and best practice. You have rights relating to your personal information. You can find more information about your privacy rights from the Information Commissioner's Office You have the right to be informed about how and why we process your personal information and any time you give us personal information you have the right to be informed about why we need it and how we'll use it.
You can find most of the information you need in this Privacy Notice.
You have right of access to any of your personal data that we hold about you
You have right of access to any of your personal data that we hold about you. You can contact us at any time to gain information about what data we hold about you and why we hold it. Please email fundraising.whitthealth@nhs.net for further information about how we comply with this right.
If you make a formal request, we will respond to acknowledge your request, though we will require you to prove your identity. We may also ask you for information about any specific information you are seeking to help us make sure we meet your request fully and help to speed up the process.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
We will provide you with the information that you are entitled to as soon as possible and without unreasonable delay and in most cases at the latest within one month of your identity been verified by us.
In exceptional cases we may extend the period of compliance by a further two months if the request(s) is complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
There is no charge made for this right of access by Whittington Health Charity unless exceptional criteria apply.
To make a request to Whittington Health Charity for any personal information we may hold we would ask that you email fundraising.whitthealth@nhs.net.
You have the right to ask us to correct inaccurate personal information
If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time e.g. the spelling of your name or your contact information.
You also have the right to ask for our processing of your personal data to be restricted. For example, if you are contesting the accuracy of data we are using about you. In such case we will restrict our processing while we verify the accuracy of the data that we hold.
You can ask for certain information about you to be deleted
You can also ask for certain information about you to be deleted. For example, if you are moving out of the area.
In certain cases, we will be unable to delete your information if there are statutory or legitimate grounds to retain it (i.e. HMRC or other legal requirements).
You have the right to data portability
You have the right to data portability where processing is automated, although we don't currently carry out any such processing. If we do in future, you can make a request and this data can be exported from our systems for you.
You have the right to ask us not to process your personal data for profiling purposes
We will ask for your consent at the time of collecting your data if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
You can exercise your right to prevent such processing by contacting us at fundraising.whitthealth@nhs.net
Making a complaint
Whittington Health Charity tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive details of all aspects of Whittington Health Charity’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to fundraising.whitthealth@nhs.net
If you believe that Whittington Health Charity has not complied with your data protection rights, you can complain to the Information Commissioner’s Office, their address is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by calling 0303 123 1113.
Information we collect from you and what we do with it
It is important to us that we inform you about the information we collect and why we collect it. The information we collect and the reason for collecting it are different for different groups of individuals.
For Fundraising and to promote the interests of the charity
The generosity and support of individuals and organisations is essential to funding the vital work we undertake, and we view you as part of the Whittington Health Charity family.
We conduct a range of fundraising and marketing activities in relation to:
Our cause, campaigns and projects
Events and challenges
Volunteering
Retail
We promote our activities through a range of methods and channels, including online and social media platforms. We use personal information to thank you for supporting us and to provide you with further communications about our events, products and activities aligned to your preferences and interests.
We also ask if you are able to Gift Aid your donations and keep information specifically for this as required by HMRC.
You can opt out or update your preferences at any point by contacting us via the details above.
Common activities
Digital Identities and Cookies
Where appropriate, we use technology to support and assist us in undertaking our work. We collect information that enables us to manage and secure technology and provide insight about its use as follows:
Cookies that analyse visitors to our website and social media pages
Device information about users of our Wi-Fi and other systems
Social media advertising programmes e.g. Facebook Custom Audience
Details on how you can manage your cookie settings can be found at https://ico.org.uk/your-data-matters/online/cookies/
Administration and Governance
As a charitable organisation we also hold, and process data as required by regulatory bodies such as the Charities Commission. This can include personal information relating to:
Enquiries or complaints about us.
Processing financial transactions, maintaining our accounts and prevention of fraud.
Administering Gift Aid claims.
Anonymised details for measuring equality and diversity of our workforce
Sensitive Information
We do process sensitive information about individuals in a limited manner as follows:
To ensure your health and wellbeing in the workplace or at an event.
As part of monitoring equality and diversity in accordance with existing legislation.
Why we may share information about you
We understand that sharing information is a sensitive topic. We will never sell your information and are committed to being transparent with you about where we legally share information, the reason why and who with. The list below provides an overview of what information is shared and with who.
Your information may be shared internally, including with members of the fundraising, HR and managers and IT staff if access to the data is necessary for legitimate purposes, i.e. for marketing or in the event of a complaint about performance of roles.
This sharing may include:
Personal and financial details about donations for the purpose of Gift Aid claims, audits and anti-fraud legislation are shared with HMRC.
Personal details are shared with designated mailing houses for the purposes of sending printed communications.
Email addresses with providers of social media and email marketing platforms where you have agreed to receive information from us via these channels.
Information about the use of IT systems is shared with technical suppliers for the purposes of support and system administration.
Limited information about your digital identity is used to provide statistical information about the use of our IT systems including website and social media pages.
Personal details may be shared with the Clinical Quality Commission (CQC) as part of their inspection, they will use their legal powers as their legal basis to access this data. Please click here to access the CQC Privacy Policy.
Our lawful basis for using your data
Privacy Law states we must have a lawful basis for processing your information, the legal basis will vary depending on the circumstances of how and why we have your information. Our primary lawful basis is our legitimate interests to operate as an NHS charity. We may use your data in a way that we believe is of a clear benefit to you or others; where there is limited privacy impact on you and in circumstances that you would reasonably expect us to process your data for example because of our existing or previous relationship, i.e. to monitor and improve our services. In each case where we use your data based on our legitimate interests, we carefully balance your rights and expectations to ensure that processing is fair to you.
In some cases, we may use other lawful bases, for example:
Contract – your personal information is processed by us to fulfil a contractual or potential contractual arrangement between us or with another third party.
Consent – where you consent to us processing your information in a specific way.
Legal obligation – where there is a statutory or other legal requirement to process and share the information and we have a lawful duty to retain or use your data i.e. gift aid audits.
Examples of the different ways we may use your data are:
If you are a patron or supporter of Whittington
By handling the administration of your gift or donation by cash, cheque, credit/debit card, direct debit, standing order, vouchers or via our online fundraising partners. Our lawful basis is contractual.
Manage Gift Aid and Gift Aid declaration forms - our lawful basis is a legal obligation concerning how we use Gift Aid.
To keep you informed of our corporate and fundraising activities, for example forthcoming events and promotions. Our lawful basis is our legitimate interest to generate income to fund our purposes as a Trust.
We may retain a record of your association with us. Our lawful basis is our legitimate interest to generate income to fund our supporting purposes as a Trust.
Providing you with information and requests on issues that are important to people affected by end of life and palliative care. Our lawful basis is our legitimate interest and/or your consent to improve our services.
How long we keep information about you
We only keep information for as long as necessary in accordance with legislation or relevant regulations. Once we no longer need to keep your information, we remove it from our systems or securely dispose of it and we do this at the end of each financial year.
Notification of changes
This statement may change from time to time, for example, if the law around information changes or for operational purposes. We advise you to visit this page regularly to keep up to date with any changes.