Privacy notice

How and when do we collect information about you?  

We collect your data directly from you when you donate to our charity via our website, through fundraising sites such as JustGiving, MuchLoved etc or via one of our face-to-face fundraisers when you sign up to the lottery or a regular gift. 

The information we collect includes the following: your name, title, gender, email address, phone number, address, bank details, correspondence and reasons for donating. We also collect your preferences in wanting to hear from us via different channels of communication. For those of our supporters playing the lottery we also collect date of birth to ensure we only sign-up age-appropriate supporters. 

How is this information used and what is our lawful basis for processing this information? 

This information allows us to process your donation, and deal with any potential enquiry. We rely on our legitimate interest to process this data.  If you agree that we can claim Gift Aid on your donations we are legally required to keep a record of the claim and your Gift Aid declaration.   If you are donating using a third party, please also refer to the privacy notice published on their websites.   

Who do we share your data with? 

We may only share your data with HM Revenue and Customs if Gift Aid is being claimed. 

How we store your information and for how long? 

We retain the personal data of all our supporters and donors for a period of in line with our retention periods. If you would like to know more about this, please contact us at the email address above.   

How and when do we collect information about you?  

If you apply for a grant fund with the Charity, we will collect the names of individuals involved in the project, contact information and bank account information (for reimbursements only). If you include the personal data of other individuals in your grant application or monitoring reports, you are responsible for ensuring compliance with the Trust’s GDPR obligations. You must inform those individuals that their personal data may be shared with the Trust and, where relevant, with external organisations as part of the grant management process. 

How is this information used and what is our lawful basis for processing this information? 

This information is used to process applications and payments for grants, reimburse expenses to individuals and collect information on the impact of our grants.  

Who do we share your data with? 

Your personal data shared as part of your application may be shared with our stakeholders to report how our charitable funds have been used in pursuit of our objectives and public benefit.  

How we store your information and for how long? 

We retain the personal data contained in the grant applications and data on the co-applicants for a period of in line with our retention periods. If you would like to know more about this, please contact us at the email address above.   

(Job applicants and current and former employees, trustees, volunteers, contractors) 

How and when do we collect information about you?  

You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment or engagement with us. In some cases, the Charity may collect personal data about you from third parties, such as references supplied by former employer or information from employment background check providers. 

What types of information is collected about you and who provides it?   

We keep several categories of personal data to carry out effective and efficient processes. Specifically, depending on your type of engagement with us, we may process the following types of data:  

• your name, address and contact details, including email address and telephone number, date of birth and gender;  
• the terms and conditions of your employment;  
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Charity;  
• information about your remuneration, including entitlement to benefits such as pensions;  
• details of your bank account and national insurance number;  
• information about your marital status, next of kin, dependents and emergency contacts;  
• information about your nationality and entitlement to work in the UK;  
• information about any past criminal records, if relevant;  
• details of your days of work and working hours and attendance at work;  
• details of periods of leave taken by you, including holiday, sickness absence, and family leave and the reasons for the leave;  
• details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;  
• assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence; and  
• information about medical or health conditions, including whether you have a disability for which the organisation needs to make reasonable adjustments.   

We collect this information in a variety of ways: e.g. through job application papers, CVs; from your passport or other identity documents such as your driving license; from forms completed by you; from correspondence with you; or through interviews, meetings or other assessments.   

We may also process special categories of data which include health information, sexual orientation, race, ethnic origin. We may also process criminal records information if the role involves a Disclosure and Barring Service (DBS) check.   

How is the information used?  

We are required to use your personal data for various legal and practical purposes for the administration of your contract or your volunteer/trustee agreement, without which we would be unable to employ you or engage with you. Holding your personal data enables us to meet various administrative tasks, legal obligation or contractual/agreement obligation. We process information in relation to the DBS for our safe recruitment practices.   

What is our lawful basis for processing this information? 

We mainly use ‘contractual obligation’ as a lawful basis for processing personal data for employees, job applicants and contractors. We mainly use ‘legitimate interest’ for trustees. We may also have legal obligation in order to process and share your data, for example we need to share salary information to HMRC or use some of your data to enrol a new employee on a pension scheme.   

We may rely on our legitimate interest for processing activity such as keeping supervision and appraisal records; using your image, bio and videos/pictures of the organisations’ events where you may appear on our website or marketing/fundraising materials to promote the charity.   

Some special categories of personal data, such as information about health or medical conditions is processed in order to carry out employment law obligations and for health and social care obligations (such as those in relation to colleagues with disabilities and for health and safety purposes). We may also process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief on the basis of substantial public interest for the purposes of equal opportunities monitoring.  

When processing criminal records (for example, to perform DBS check), the organisation relies on the lawful basis of legitimate interest and additional conditions of the UK GDPR and DPA 2018.   

Who do we share your data with?  

Personal Data in relation to your salary is shared with HRMC as part of our legal obligation. Personal Data may be shared with third parties for the following reasons:  

1. For the administration of payroll, pension, HR functions or administering other employee benefits.
2. When sharing information with third parties, we have data sharing agreements, data processing agreements or contracts in place to ensure data is not compromised. These third parties implement appropriate technical and organisational measures to ensure the security of your data.  

How long do we keep your data?  

We only keep your data for as long as we need it for, which will be at least for the duration of your employment/engagement with us though in some cases, we will keep your data for a period of 6 years after your employment/engagement has ended. If you’ve applied for a vacancy but your application hasn’t been successful, we will keep your data only for 12 months.   

Some data retention periods are set by the law. Retention periods can vary depending on why we need your data. Please get in touch by contacting us using the details above if you want to know more about retention period.   

Data is destroyed or deleted in a secure manner as soon as the retention date has passed. 

In case of a high value donation or in order to identify potential high value supporters, we may use profiling and screening techniques. We may undertake in-house research and from time to time engage third-party partners to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, Charity Commission and from social media sites such as LinkedIn.     

We would gather publicly available information regarding previous charity support, connection to our cause, credibility, geographical, demographic, financial soundness, career information, peer networks and other publicly available information (e.g. age, address, listed Directorships, hobbies and interests).   

If you have already engaged with us, we may also profile information that you have provided to us during your engagement, including information such as occupation, title, details of any correspondence had with us, DOB, fundraising appeals responses, event participations with us, details of your reasons to engage with us.  We also use publicly available sources to carry out due diligence on donors in line with the charity’s Ethical Fundraising Policy and to meet money laundering regulations.   

This information also allows us to understand how likely it is that you would be interested in supporting us so that we can better tailor our communications such as telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you.  We rely on our legitimate interest in order to profile and screen your information. If you would rather we did not do this, please just let us know and we will respect your wishes. Otherwise, following our initial profiling and screening, we will contact you either via phone or via e-communication if consent has been provided. If you are happy to engage with us, we’ll proceed with establishing our relationship with you, which may include further engagement and profiling.  

Additionally, we sometimes ask existing supporters and trustees whether they would be prepared to open their networks up to us.  An existing supporter or trustee may tell us about an individual previously unknown to us and facilitate an introduction. In this scenario we would check whether the person in question is registered on the TPS or FPS and exclude them if their details have been registered on either of these registries.  We would then advise our Trustee or existing supporter about our data responsibilities and ask them to ensure that the person they would like to introduce to us is happy for an introduction to take place.  Following the introduction, we would direct the individual to this privacy notice and confirm their marketing consent preferences before communicating with them further. 

Events: 

We host many events in a year, and your personal information is collected when you register for an event with us. We may collect personal information, such as your name, email, phone number, address and health information. We rely on legitimate interest to administer your registration for the event. When we collect other information such as dietary information or health information, we rely on your explicit consent.  

If you have attended an event with us previously, we may reach out to you to invite you for our future events. We rely on consent (to send you emails) and legitimate interest (to call you on your registered number with us). 

Lottery: 

If you join our weekly lottery, we will ask for information such as title, name, email address, phone number, DOB, bank details and post code. This is processed to register your details and comply with our gambling commission responsibilities and to contact you about the outcome should you be a winner in our lottery. We rely on contractual obligation for processing this information. If you are a winner in the lottery your initial, surname and location (town/city) will also be added to our lottery micro-site as part of our commitment to lottery transparency. 

Marketing: 

We may reach out to you with marketing communications, if you have previously engaged with us in relation to an event, donated to the Charity, signed up to our Hospital WiFi, sent in an enquiry about one of our activities or if we believe that you may be interested in engaging with our organisation. We may also send you marketing communications if you have signed up for marketing emails. We use texts, email, and calls for marketing.  

When we make calls for fundraising and marketing, we make these calls on the lawful basis of legitimate interest. However, we will screen your calls through the telephone preference service (TPS). If you would prefer to not receive these calls, please do let us know. We rely on your consent to send you email communications (except where this is a business email address, whereby we rely on legitimate interest). 

If you would like to change your marketing preferences, please reach out to us on the email address provided in the first section of this privacy notice, or you can simply unsubscribe with the option on the bottom of the emails.  

We may also use post as a mode of sending you marketing communications, relying on legitimate interest. If you would like us to not send such communications, please do reach out to us.  

In some cases, we may contact you under the “charitable purpose soft opt-in”. This means that if you have previously donated to us, taken part in an event, or otherwise supported the Charity, we may send you information about similar activities or ways to get involved, even if you haven’t specifically signed up for marketing. You will always have the opportunity to opt out of these communications at any time.