3.How long do we keep your personal information?
We only keep personal data for as long as it is needed for our services and activities.
Healthcare records are required to be kept for a number of years after the treatment of the patient has finished. These periods are set nationally by the NHS and we comply with the periods set in their Records Management Code of Practice.
Records held for fundraising activities may be kept for a number of years after our last communication with a donor. We may hold records for longer so that we can communicate with donors in the future about things like capital appeals that happen decades apart.
We are also required to keep records related to staff/employees for a number of years after their employment has ceased in case of any queries on employment or pension issues.
As we hold many types of records for a variety of differing periods they can’t all be listed here, but if you have a query about how long we hold your data, please contact us.
4. How do we keep your personal information secure?
We are committed to ensuring that your information is secure. We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect both in person and online.
Personal data in our databases is only accessible by appropriately trained staff and volunteers who need to access your personal data as an essential part of their role. All access is tracked through individual login credentials.
We employ security technology, including firewalls and encryption, to safeguard personal data and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
Processing of credit card payments by the Hospice is in line with PCI-DSS (Payment Card Industry Data Security Standard).
We only use third party service providers where we are satisfied that the security they provide for your personal data is at least as stringent as we use ourselves.
5. Can I see my data and can I discuss my concerns with you?
If you want a copy of your personal data, we will require proof of identity and proof of authority if the request comes from someone other than the person whose data we are asked to provide. This will ensure we only provide information to the correct person. You may request the data in printed or electronic format (normally csv or pdf) but we will discuss this with you at the time.
If you have any concerns about your personal data, please contact us and we will do our best to address your concerns in line with the requirements of data protection laws.
6. What rights do you have in respect of your personal information?
In certain circumstance, you have the following rights in respect of your personal information:
- the right to be informed;
- the right to request access to personal information relating to you;
- the right to request that we correct any mistakes in your personal information;
- the right to request to have your personal information deleted;
- the right to request to restrict or prevent processing of your personal information;
- the right to request to have your personal information transferred to another data controller;
- the right to object to us processing your personal information;
- rights in relation to automated decision taking and profiling;
7. How will we respond to your request?
We aim to acknowledge receipt of your request within a working week in writing, either by post or email.
All requests will be actioned and completed at the latest within one calendar month of receipt. Where a request is noted as complex, then this period may be extended by up to a further two calendar months. If this is the case we will inform you within the first month that this has been determined and the basis on which the decision has been made. In all cases we will contact you either by post or email.
8. What should you do if you have any questions or complaints?
If you have any questions or complaints about how we have processed your data in accordance with this notice, please contact us in the first instance. If you are not satisfied with our response, you can complain to the Information Commissioner's Office. Information about how to do this is available on their website at ico.org.uk/make-a-complaint or by calling their helpline on 0303 123 1113.
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to: data.protection@stpetershospice.org or write to us at: Data Protection, St Peter's Hospice, Charlton Road, Brentry, Bristol, BS10 6NL.
10. Accessibility Statement
St Peter's Hospice is committed to making its privacy notice accessible to all those who need to access it. If you have difficulty reading the information on our website, please contact us and we will try to find an alternative means for you.
11. Security and CCTV statement
At St Peter's Hospice we take your security and privacy seriously. When we collect your personal information we use a variety of technical processes to prevent unauthorised access including firewalls, digital surveillance, and encryption.
CCTV is used in all of our premises and is for the purposes of crime prevention, the protection of all those who use our premises and safeguarding of our assets. CCTV is recorded and stored in line with our Record Management Policy and CCTV Policy. Access to view CCTV footage is restricted to key individuals.
CCTV may be used to:
- Assist in the apprehension and prosecution of offenders, including use of images as evidence in criminal proceedings or to support insurance claims.
- In the investigation of Health and Safety incidents.
- To monitor employee conduct.
- To monitor employee performance in respect of the management of controlled drugs, and where required, to support the investigation of concerns related to potential controlled drug errors.