Kingston Hospital Charity – Privacy Policy

  1. Introduction

Kingston Hospital Charity* (“Us”, “We”),  is a charity registered in England and Wales with charity number 1056510 and registered address Kingston Hospital NHS Foundation Trust, Galsworthy Road, Kingston Upon Thames, KT2 7QB.

Kingston Hospital Charity is the charity of the Kingston Hospital NHS Foundation Trust (“Kingston Hospital Trust”), and is established to support and raise money for Kingston Hospital Trust.

The Kingston Hospital Charity has its own website www.khc.org.uk (the “Website”).

We are committed to protecting your privacy and will only use the information that we collect about you lawfully. This policy is intended to give you an understanding of how and why we use the information you provide to us both online and otherwise.

Please read this policy carefully to understand how we will collect, use and store your data. We may update this policy from time to time without notice to you, so please check it regularly.

* full registered name: Kingston Hospital NHS Foundation Trust General Charitable Fund

  1. What information do we collect about you?

We collect personal data about you for a number of reasons, including communicating with you, responding to requests for information, and to process donations. We also collect information about the use of our website using cookies (see the Cookies Policy).

The personal data we collect can include:

  • Your full name;
  • postal address;
  • telephone number(s);
  • email address;
  • records of your correspondence with us;
  • donation and gift aid details;
  • information you may enter onto the Website; and
  • information you share with us.

We will never collect sensitive personal data (such as health information) without your explicit consent.

  1. How will we use the information about you?

We will process your data for the following reasons:

  1. To administer your donation including processing Gift Aid;
  2. To acknowledge donations and send a thank you letter;
  3. Deliver services, literature and/or other materials and information you have requested from us;
  4. Unless you tell us otherwise, we will send you information that we think you may be interested in, including updates on Kingston Hospital Charity’s and Kingston Hospital Trust’s work, fundraising appeals, volunteering opportunities and events by post. We will also send this information by e-mail, where you have provided consent.
  5. Contact you about making a celebratory gift, leadership gift, donating in memory, leaving a gift in your will, or for any other fundraising channel you have expressed an interest in, to raise money for Kingston Hospital Charity;
  6. For our own internal administrative purposes and keep a record of your relationship with us;
  7. To manage your communication preferences;
  8. To conduct research, for example, via surveys about your opinion of current services offered by Kingston Hospital Charity or of potential new services which may be offered;
  9. To carry out research to find out more information about our supporters’ backgrounds and interests; and
  10. To comply with applicable laws and regulations, and requests from statutory agencies.

We may also analyse your personal information (including your name, address and giving history) and create a profile of your interests and preferences. This allows us to ensure communications are relevant and personalised, and provide an improved experience for our supporters. It also helps us understand the background of our supporters and their ability to support us financially so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds sooner and more cost-effectively.

When building such a profile, we may make use of additional information about you, including geo-demographic information and measures of affluence. This information is taken from publicly available sources, for example from public registers, such as listed Directorships, typical earnings in a geographical area, information from the electoral roll, press reports and social media posts.

This research will often be carried out by us directly but in some instances we use third party service providers to undertake this on our behalf in order to manage our resources more efficiently.

Activities carried out by such third parties may include wealth-screening techniques. This would involve sharing select personal data (name and address) with the service provider and screening against their existing database of publicly available data for evidence that you may have the financial ability and inclination to provide further philanthropic support.

If you would like to opt-out of our use of your personal data in this manner, please get in touch with us using the details in the “How to contact us” section below.

  1. Our legal basis for processing personal data

Kingston Hospital Charity needs a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Three of these are relevant to the types of processing that Kingston Hospital Charity carries out. This includes information that is processed on the basis of:

  • A person’s consent (for example to send you direct marketing by e-mail) (see Article 6.1 (a) of the GDPR
  • Processing that is necessary for compliance with a legal obligation (for example to process a gift aid declaration) (see Article 6.1 (c) of the GDPR;
  • Kingston Hospital Charity’s legitimate interests (please see below for more information) (see Article 6.1 (f) of the GDPR).

Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used (see Article 9.2 (d) of the GDPR).  Kingston Hospital Charity’s legitimate interests include:

  • Charity Governance, including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes;
  • Administration and operational management, including responding to solicited enquires, providing information, research, events management, the administration of volunteers and employment and recruitment requirements.
  • Fundraising and Campaigning, including administering campaigns and donations, and sending direct marketing by post, sending thank you letters and maintaining communication suppressions.

If you would like to change our use of your personal data in this manner, please get in touch with us using the details in the “How to contact us” section below.

 

  1. Will we share this information with others?

No. we do not share, sell or rent your information to third parties for marketing purposes. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law.

We may allow our staff, consultants and/ or external providers acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to deliver mailings, to analyse data and to process payments). We only provide them with the information they need to deliver the relevant service under contract, and we make sure your information is treated with the same level of care as if we were handling it directly.

  1. How do we protect the security of personal data?

We aim to ensure that there are appropriate physical, technical and managerial controls in place to protect your personal details.  Any information and payment transactions will be encrypted using SSL technology.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We encourage you to review the privacy statements of websites you choose to link to from the Website so that you can understand how those sites collect, use and share your information. Kingston Hospital Charity is not responsible for the privacy statements or other content on sites outside of the Website. The information we collect from you may be transferred to and processed and/ or stored at a destination outside the European Economic Area (“EEA”). When we send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information e.g. Kingston Hospital Charity’s database is cloud based and provided by a company based in the US.  The contract with this company includes standard clauses to protect the information held outside UK territory.

  1. How long do we keep your data for?

We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our internal policies.

The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under such as financial regulations, statutory limitation periods, Health and Safety regulation etc., or any contractual obligation we might have.

Subject to the above, we will typically store data relating to donors and supporters for seven years after their last donation or interaction with us. Our retention policy is available on request should you wish to see it.

Once the retention period has expired, the information will be confidentially disposed, permanently deleted, or in some cases archived.

If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

  1. Your rights

You have a number of rights under data protection legislation. These include:

  • Right of access

You have the right to know what information we hold about you and to ask, in writing, to see your records.

We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 28 days.  We will not charge you for this.  You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before.  We need to be sure we are only releasing your personal data to you.

This is called a data subject access and can be done by writing to us using the “How to contact us” details.

  • Right to be informed

You have the right to be informed how your personal data will be used. This policy as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.

  • Right to withdraw consent

Where we process your data on the basis of your consent (for example, to send you marketing e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the “How to contact us” section below.

  • Right to object

You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the “How to contact us” section below.

  • Right to restrict processing

In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

 

 

  • Right of erasure

In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.

  • Right of rectification

If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details in the “How to contact us” section below.

  • Right to data portability

Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.

If you would like to exercise any of these rights please get in touch with us using the details in the “How to contact us” section below.

  1. What if you have questions or need to make corrections to your information?

We want to make sure that your personal information is accurate and up to date. Please let us know if your details change. We may also use publicly available sources to keep your records up to date (e.g. checking against deceased records). You may also ask us to correct or remove information you think is inaccurate.

You can also opt-out of receiving all or some of our marketing/ fundraising communications or request that we stop processing data about you for certain purposes (e.g. profiling) at any time by contacting us using the details below.

If you are unhappy with the way in which we have handled your personal data please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office https://ico.org.uk/

  1. How will we let you know of changes to our privacy policy?

We may update this policy from time to time without notice to you, so please check it regularly. The privacy policy was last updated in April 2020.

  1. How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:

By phone: 020 8973 5040

Email us on: khft.charity@nhs.net

Or write to us at: Freepost KHCHARITY