Statement

Heart of Kent Hospice takes privacy and the protection of personal and sensitive (known as special category data) information seriously. We have robust technical and organisational systems and measures in place to manage and protect all personal data. These measures include data encryption, up to date security software and controls to guard against unauthorised access, unlawful processing, accidental loss, damage or destruction.

Our Privacy notice explains how we use and protect your personal information, to show that we are adhering to the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

It also explains how we collect and use the personal information that you provide to us whether, in person, online or via phone, email, letter or other correspondence, this includes data from our website and sets out how Heart of Kent Hospice uses and protects any information that you give us.

Notice

Heart of Kent Hospice is committed to protecting your privacy and right to confidentiality. We comply with UK GDPR, DPA and NHS requirements concerning confidentiality and information security standards.

This notice explains how we use any personal information we collect about you based on your relationship with Heart of Kent Hospice, detailing how we collect data, how we store it, how we use it and protect it.

Heart of Kent Hospice is a registered charity (Charity Number 298164). Heart of Kent Hospice exists to promote and provide skilled and compassionate palliative care of the highest quality. The UK GDPR and DPA require every organisation that processes personal information to be registered with the Information Commissioner’s Office. Our registration number is ZA285791. As a registered Data Controller the hospice is responsible for the collection and use of data both within our organisation and by the organisations that provide services to us (suppliers and processors). Our Data Protection Officer is Christina Eldridge and can be contacted on preferences@hokh.co.uk

· How we collect information

· Patient and significant persons

· Colleagues and volunteers

· Fundraising/ supporters

· Suppliers

· Digital communication

· How to change your preferences

· How to make a complaint

How we collect information

As someone experiencing our care services, we receive personal information either from you directly when you are referred or enquire about our services, or from referring organisations.

Likewise, if you are kind enough to support us with your time as a volunteer, make a donation to us, register for an event or educational programme, apply to work with us, send or receive an email, or contact us via a telephone or mobile call to ask a question about our services, we will use the personal information you provide to support your journey with the hospice.

If you stay at or visit our premises, such as our Inpatient Unit, we may collect your image on CCTV. CCTV images are retained for 30 days after which they are automatically overwritten.

We gather non-identifiable general information from the use of our websites such as pages visited and areas that are of most interest to users through a Google Analytics cookie. We use this information to improve our website and make it a better experience for everyone. For more information on the cookies we use please visit this page – you can change your cookie preferences at any time by visiting https://www.hokh.org/cookies/

Across our organisation we use specialist databases which are designed to securely store information relevant to your relationship with us.

How we use this information

We may use your personal information for:

· Providing and personalising our care and support services

· Dealing with your enquiries, requests, complaints and investigations

· Processing your donations

· Providing you with information about our work, activities, educational programmes, events and services

· Complying with our legal obligations, policies and procedures

· Fundraising

· Recruitment, training analysis, quality improvement and management responsibilities

· Identifying any issues in our processes with a view to improving them

How we protect your information

We take great care to ensure that your data is kept secure at all times. Data is only accessible to appropriately trained colleagues and volunteers whose job functions makes it necessary that they have access to your information.

We adopt appropriate data collection, storage, and processing practices, including the use of multifactor authentication for remote access, to safeguard your personal and transactional data from unauthorised access, alteration, disclosure, or destruction on our website and systems.

We have security procedures, rules and technical measures in place to protect your data. Your data will be kept in a secure environment with access restricted on a need to know basis. We don’t keep your data for longer than is required by law or necessary for the purpose for which it was obtained.

Although most of the information we store and process about you stays within the UK some information may be transferred to countries outside the European Economic Area. This may occur if, for example, one of our trusted partners’ servers is located in a country outside the EEA.

These countries may not have similar data protection laws to the UK, however, we take steps with the aim of ensuring your privacy continues to be protected as outlined in this privacy policy.


Patients and Significant person

If you are referred to one of our clinical services, we will collect data from you and may also receive your personal data from and share it, where necessary with other healthcare providers and other services who are involved with your care.

Consent and Legal obligation currently constitute the lawful basis on which we collect personal information. In order to provide complete care, we may also collect some information about family members and carers.

Information is also passed to our Family Team when a patient dies to enable an offer of Bereavement Support to be made directly to a patient’s loved ones.

We may take photographic images of you for medical purposes, with your prior consent, such as in the case of pressure ulcers, to assist in your care. We also receive data about our patients and their families and carers from other healthcare providers.

Heart of Kent Hospice are one of the partner organisations to the Kent and Medway Care Record (KMCR). The KMCR is an electronic care record which links your health and social care information held in different provider systems, to one platform. This allows health and social care professionals who have signed up to the KMCR to access the most up to date information to ensure you receive the best possible care and support by those supporting you. In order to enable this sharing of information, organisations who use the KMCR have agreements in place that allow the sharing of personal and special category data.

For further information about the Kent and Medway Care Record and the ways in which your data is used for this system please click here.

What information we collect about you

Personal data we collect may include one or more of the following:

· Patient details such as name, NHS number, address, telephone number, email address, date of birth

· Patient GP details (plus other involved health care professionals)

· Patient representative details, such as name, address, telephone number and email address

· In addition, we may need to contact other agencies for relevant health or social care information for the benefit of our patients’ care.

How we use your information

We use your personal data for a number of purposes including the following:

· Information relating to diagnosis, treatment and care will be shared across our multi-disciplinary hospice teams to ensure all our healthcare professionals are updated for continuing care

· Advising patient representatives (keeping in touch)

· If appropriate, information will be shared with external healthcare professionals such as GPs, Hospitals and other involved health care professionals, such as our contracted Pharmacy

· For medical research and educational purposes.

The legal basis for collecting and using your information

· When we have your consent to use your information for continuing health care and support

· When it is necessary for compliance with a legal obligation to which we are subject (for example a change in the law)

· When it is in the public interest to do so (for example, a notification of infectious diseases (NOID) that need to be reported to the Local Authority health protection team)

· Where data disclosure may be required by law, for example to government bodies and law enforcement agencies.

Please be assured, we never share, sell, swap or rent your data to third parties for marketing purposes.


Colleagues and volunteers (including Trustees)

When you apply to work or volunteer at Heart of Kent Hospice we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the hospice – for example, if we need a reference, or need to get a criminal record check from the Disclosure and Barring Service – we will make sure we tell you beforehand unless we are required to disclose this information by law.

What information we collect about you

When you apply to work at Heart of Kent Hospice, we will typically collect the following information about you:

· Name

· Date of Birth

· Address

· Mobile phone number

· Emergency contact details

· National Insurance Number

· A copy of your passport or immigration document

· Your skills, knowledge, experience and qualifications where applicable

· Industry/ professional body registration details where applicable

· Contact details for referees

· Pre-employment checks – DBS information

· Full employment history

· Equality and Diversity monitoring information

During the course of your employment we will also collect performance information including probation, training and appraisals information as well as reasons for sickness absence, this information will be stored in line with statutory retention requirements.

What happens to the information we collect about you

If you are unsuccessful in your job application, we will hold your personal information for after we have finished recruiting the post you applied for 6 months only.. After this date, we will destroy or delete your information. We keep information about applicants to develop and improve our recruitment processes, but this information is kept in a form that ensures that individual applicants cannot be identified.

If you are offered employment, in keeping with our regulatory requirements electronic records are held on our specialist People Services database which can only be accessed by select colleagues and volunteers for the duration of your engagement with the Hospice.

Once you stop working for us, we will keep this file according to our record retention guidelines. You can contact us to find out more about this.

The legal basis for collecting and using your information

We collect information for colleagues because we have a legitimate interest to ensure colleagues fulfil their roles and responsibilities as detailed within their job description.

We have a contractual obligation to pay employed colleagues; therefore we use bank account details to process such payments.

Your information will be shared where data disclosure may be required by law, for example:

· to government bodies such as HMRC for tax purposes and DWP for national insurance purposes.

· As part of our contract of employment with you, your information will be shared with:

with our payroll and pension services provider to remunerated services are processed effectively and, where adopted, pension contributions are effectively invested.

Date of birth information is collected for pension purposes and if applicable, redundancy purposes.

Your mobile or home phone number may be used in the event of work-related emergencies.

How we protect your information

We will keep your information for the term of your employment or volunteering with us, in line with statutory retention requirements. We will take into consideration our legal obligations, tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we ensure it is securely disposed of, at the appropriate time.


Fundraising / Supporters

Where we collect information about you

We collect information from you directly which you provide when you fill in any of our online or printed forms to make a donation, sign up to an event or buy a product online or at one of our shops. Sometimes, this information is collected by an organisation working on our behalf, but we are responsible for your data at all times.

We also collect information shared with us by independent organisations. These third parties will only share your information with us when you have given permission for them to do so.

What information we collect about you

The type of information we collect will include

· Names

· Addresses

· Next of kin

· Family connections

· Email

· Telephone details

· Dates of birth

· Communication preferences and information you have shared such as your experience of the hospice or why you have chosen to support our work.

When taking part in a challenge event, you may also be asked for health information and emergency/next of kin contact information for health and safety reasons.

We hold records of your donations and fundraising efforts alongside communications we have sent to you and those we have received from you.

How we use your information

We use your information to process your donations or product/information requests, provide appropriate acknowledgement and collect gift aid. Where you are kind enough to donate to us, we use Enthuse to process your donations. We also keep a record of your relationship with the hospice and your contact preferences.

We will also use your information to keep you informed of our work, the latest news and to ask for donations or other fundraising support in accordance with your contact preferences.

Sometimes, when we are writing to large numbers of people, we use a mailing house to print and post our letters. This is the quickest and most cost effective way of sending large mailings. On these occasions your contact details will be shared with the mailing house, for the purposes of printing and posting our letters. We have signed agreement from each mailing house we use that they delete the information we share with them as soon as the mailing is complete.

As part of our effort to keep costs to a minimum by limiting the number of letters which get returned to us, we also use a data cleansing agency which de-duplicates our database against a national database to identify anomalies where residents records have been updated as deceased, or goneaway (usually because they have moved house). We also de-duplicate our database against the Fundraising Preference Service (FPS) as a FPS exclusion will over-ride any previous consent you may have given to us to.

Where you have agreed to receive marketing by email, we use Mailchimp to email you. This means that we must share limited information about you with Mailchimp to be able contact you. Mailchimp are not based in the UK or EEA, but we have ensured that robust contractual arrangements are in place to allow the transfer of this limited information to the USA.

We make it easy for you to tell us how you want us to communicate with you and include information on how to select your communication preferences when we send you marketing and communication material.

We may analyse geographic, demographic and other information relating to you and this allows us to understand the background of our supporters, which helps us to make appropriate requests to supporters who may be willing and able to give more than they currently do, or to identify those who may be able to support us in other ways. This information is compiled using publicly available data about you.

Where possible, we will ask you about your contact preferences at the first point of contact, i.e. when you first register for an event, make a donation or request fundraising information. However, when this is not possible, we will ask you about your contact preferences in an appropriate and timely manner.

The legal basis for collecting and using your information

When you sign up to our events, depending on the event, we have an obligation to check that you are in a reasonably good health to participate safely in the event you signed up for.

We have a legitimate interest to contact you about making or increasing your donations, to upgrade donations via Gift Aid .

We also have a legitimate interest in inviting you to fundraising, in memory events and other related events.

We may also have to share your donation information with HMRC in order, for example, to process Gift Aid.

How we protect your information

We will keep your information for as long as required to enable us to operate our services, but we will not keep your information for any longer than is necessary. We will take into consideration our legal obligations, tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.

Supporters - lottery

Heart of Kent Hospice weekly lottery and superdraws are supported by third party specialist agencies including the following: Sterling: Our external lottery manager, Yeomans: Our mailing house for superdraw mailings, Secure Collections: Our secure direct debit facilitators, Britevox : Our supporter recruitment partners.

Working with specialists in these areas ensures that we are able to operate a secure and reliable weekly draw which is compliant with the Gambling Commission.

The contact details and payment details of all players is stored and used by Sterling for the purpose of managing the weekly draw. Sterling transfer the bank details of players who pay by direct debit to Secure Collections on a weekly basis in order for them to process payments. Secure Collections and Britevox do not hold any player contact or payment information themselves. Britevox securely hold the contact and payment information which is collected by our fundraisers when a new players signs up to the lottery and share it with Sterling to administer the weekly draw. Mailing and fulfilment agencies such as Yeomans or PFC Group Ltd use data that we provide them with to complete

Superdraw mailings, they do not store this data for any other purposes. Heart of Kent Hospice has access to our lottery players contact information but we do not hold any payment information.

You may wish to limit gambling related adverts from your social media feeds, here is some guidance from www.begambleaware.org


Suppliers

Contact and payment details of our suppliers are stored in a specialist accounting system which enables us to log orders and process payments efficiently. This information is shared and stored securely with our bank to facilitate on-line transactions.

In keeping with good practice, paper records relating to orders made are archived for seven years after which they are destroyed. Electronic files are archived after one year.

The information we store can only be accessed by authorised individuals within the Hospice finance department.


Digital communications

By visiting our website or reacting to our social media communications you may also be sharing some basic information with us via cookies, tags or pixels (collectively known as tracking technologies), such as your browser type and IP address (This is the case when you visit most website and social media platforms). We have the ability to use this information through analytics tools which enables us to improve the content we provide to visitors, and provide tailored content based on users’ personal preferences and profiles.

Our website uses cookies. Cookies are small computer files which are downloaded onto your device (with your agreement unless strictly necessary to the functionality of the website) and collect information about the way in which visitors to our website navigate and use it, and how they use the broader internet. Cookies do not collect any information which allows us or 3rd parties to identify individual users, however depending on the type of cookie, they may share data with 3rd parties to allow targeted advertising. For the hospice, they collect information which can help us to provide you with a more personal experience and identify ways we can improve our website over time. You can delete and block all cookies or decide just to block certain types of cookie via your browser setting. However, if you choose to block or delete cookies, this may affect the functionality of the website.


How to change your preferences

We aim to ensure that all information we hold about you is accurate and, , kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware of this, we will ensure it is amended and updated as soon as possible. We will update our records within three working days. It can however, sometimes take up to two months for all planned activity and scheduled mailings to conclude

When you share your personal information with us, we promise to use it respectfully, and only for the purposes that you originally shared it for. Please do tell us if you would like us to change:

· how we contact you – mail, email, telephone

· what we contact you about

· or if you would prefer that we don’t send you anything at all

This will help us to keep our expenditure to a minimum.

You can unsubscribe to emails by clicking the link at the bottom of any marketing email sent to you or call the Fundraising Team at the Hospice on 01622 790195 who will cascade your request to the appropriate team within the Hospice; email preferences@hokh.co.uk or write to Christina Eldridge, Head of Information and Quality Assurance at Heart of Kent Hospice, Preston Hall, Maidstone, ME20 7PU.

How to access your information

Patients, colleagues, volunteers and donors can request access to any information the hospice may hold on them, this is called a subject access request. Further information on how to do this is available by writing to Kerry Harrison, Director of Patient Services at Heart of Kent Hospice, Preston Hall, Aylesford, ME20 7TB.

Requests for access to patient records by next of kin and/or executors must be made in writing to Kerry Harrison, Director of Patient Services (and Caldicott Guardian). Each request will be considered on a case by case basis.


How to make a complaint

If you are unhappy with how your data has been used, we would prefer that you speak to us in the the first instance. We encourage you to speak to the manager of the department your experience relates to. If you need help getting in touch with the right person, please contact ann.bubb@hokh.co.uk who will be able to help. If you are still dis-satisfied, you can follow the Hospice’s formal complaints procedure which can be found here.

You can of course, escalate concerns to the UK regulator for data protection at any time. You can contact the Information Commissioner’s Office here

Updates

This statement was last reviewed in July 2023. It is kept under regular review and changes are made as required. We encourage you should periodically review this statement for changes. If however, any material changes are made and where we are required under privacy and data protection legislation, we will notify you or give you the option to consent to any changes as necessary.

Contact

Please get in touch if you have any questions about the content of this privacy notice or would like to get in touch with our Data Protection Officer, Christina Eldridge by emailing preferences@hokh.co.uk.