Last updated: 31 January 2020
A ‘privacy notice’ is a statement issued by an organisation which explains how personal and confidential information about individuals and organisations is collected, used and shared. This Privacy Notice is for Portsmouth Hospitals Charity (or Charity) and relates to the information we collect about individuals and organisations who engage with the Charity. This could include activities relating to:
Portsmouth Hospitals Charity is the main charity of Portsmouth Hospitals NHS Foundation Trust. The Charity supports the work of Portsmouth Hospitals NHS Foundation Trust (the Trust). The Trust has issued a separate privacy notice located here. For the purposes of this Privacy Notice the terms ‘we’, ‘us’ or ‘our’ refer to both the Charity and Trust (as Corporate Trustee of the Charity).
We function in accordance with the requirements of the Charities Act 2016 and we are regulated by the Charity Commission (registration no. 1047986). The Charity manages the receipt and distribution of charitable donations. The Charity distributes donations in the form of grant funding to enable the provision of improvements to facilities, equipment and services provided by the Trust and those who support these activities to enable patients to get treated faster and in greater comfort. The Charity supports all wards and departments of the Trust and aims to improve facilities, equipment and patient experience.
This Privacy Notice demonstrates the Charity’s commitment to openness and accountability. We take the legal requirement to protect personal and confidential information in all that we do extremely seriously and take the necessary steps to meet our legal duties including compliance with:
Depending on how you engage with the Charity, you may provide us with your information to:
In the examples above, we will ask you to provide us with some of your personal information in order for us to process your request. This information may be supplied to us directly from you including submission via:
You may also provide information to us by engagement with relevant third-parties e.g. Eventbrite | Facebook | JustGiving | Much Loved | Virgin MoneyGiving | PayPal and/or external event organisers you sign up with for participation in events ‘in aid of’ Portsmouth Hospital Charity. If you choose to use a third party website to provide us with your information or donations, please make sure you read their privacy notice as this will explain how they collect and process your information.
The Charity will only collect the minimum information we require about you for the purpose it is being obtained.
This may include details such as:
For monitoring purposes, we may also be required to collect your date of birth where it is necessary for an age specific/restricted event or activity. Should you wish to make a donation to the Charity directly using a debit or credit card, we will collect the necessary payment from you to process this transaction.
When you interact with Charity/Trust webpages, we may collect statistical data about your online visit. This may include details such as:
No personal data which directly identifies you is collected.
No. The Charity will never access medical records held by the Trust to collect your information.
What about photographs we take?
As part of activities and events run by or involving the Charity we may take photographs which could include you and/or general members of the public. Official photographs taken on behalf of the Charity are only obtained by a specifically appointed person. Photographs taken by other fundraisers or general members of the public for personal/domestic purposes do not fall within the responsibility of the Trust/Charity and are therefore not included within the scope of this Privacy Notice.
We will endeavour to make individuals aware if/when official photographs or videos are being taken by the Charity and how the photographs might be used (e.g. uploaded online, used in newsletters and on social media). These photographs are taken for genuine and reasonable purposes as part of the legitimate interests of the Charity (for example to promote the activities and impact of the Charity/Trust and inspire further donations. Individuals will be made aware of their right to decline being part of the photograph/having their photograph taken.
Parental permission will be obtained for photographs of children under 18 years through a specific consent form (subject to the nature of the event).
Official photographs taken on behalf of the Charity are used for promotional purposes to raise awareness of the Charity, its activities and also to encourage fundraising. To enable this, photographs may be uploaded to the following websites, which are publicly available for anyone to view without an account/login:
Portsmouth Hospitals Charity
Why do we collect your information?
We will only process your personal data when the law allows us to. Under this Privacy Notice, this includes:
How do we keep your information safe and maintain confidentiality?
Under the Data Protection Act 2018 and General Data Protection Regulation (GDPR), there are strict principles which govern our use of information and our duty to ensure it is kept safe and secure. Your information may be stored within electronic or paper records, or a combination of both. All of our records are restricted so that only those individuals who have a legitimate need to know can get access to the information. This might be through the use of technology or other environmental safeguards.
All systems access is governed by strict controls which are compliant with our information governance and IT security policies. Everyone working for the NHS is subject to the Common Law Duty of Confidentiality. This means that any information that you provide to us in confidence will only be used in connection with the purpose for which it was provided, unless we have specific consent from you or there are other special circumstances covered by law.
Under the NHS Confidentiality Code of Conduct, all of our staff are required to protect information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. Every NHS organisation has a senior person that is responsible for the overall protection, security and confidentiality of information. This person is known as the Senior Information Risk Owner and sits within our Governance Directorate at the Trust.
Where your information is stored and for how long is it kept?
Your information may be stored within electronic and/or paper records, depending on how and where it was collected. These records are maintained by the Trust/Charity. Under the NHS Records Management Code of Practice, we are required to retain information for a specific minimum period after the processing has finished. The exact retention period will vary depending on the information type and purpose of processing. The information you provide to the Charity for the purposes described in this notice will be held for a minimum of six years.
When information has reached the minimum retention period and is assessed as no longer being required, it is permanently deleted (electronic) or disposed of via confidential shredding bags (hard copy). If you would prefer not to have your information held for the period specified above, you have the right to request that your information is deleted earlier. To do this, simply contact the Charity using the details provided at the end of this notice. We will endeavour to process your deletion request within 28 calendar days, and will confirm to you in writing when this has been completed.
Do we share your information with anyone else outside the organisation?
As part of our legal duty to protect the charitable funds that we administer, we may be required to share your information with other relevant external bodies for the collection of funds or for the prevention and detection of fraud. Where mandatory disclosure is necessary only the minimum amount of information is released. If you have opted in to receiving e-mail communication from us, we may send you e-mails directly through the Trust’s e-mail servers. As part of our activities we engage with external event organisers for certain activities and occasions. Where you have registered for any of these events or indicated an interest to get involved, it may be necessary for us to share your details with the relevant external organiser(s).
This will be made clear at the time of your registration and only the minimum data necessary will be shared for the purpose of managing the event.
All sharing of information, both internally and with any third parties is completed using secure methods and governed by strict controls to ensure appropriate protection at all times. Unless there is a valid reason permitted by law, or there are exceptional circumstances (such as a likely risk to the safety of you or others), we will not disclose to any other third parties any of your information which can be used to identify you without your consent.
We will never sell your information for any purpose, or provide third parties with your information for the purpose of marketing or sales.
Do you have any control over how we use your information?
Under the terms of the Data Protection Act 2018 and the General Data Protection Regulation, you have a number of rights in relation to your personal information and how it is used. Under GDPR you have the right to access the information we hold about you, both in paper and electronic formats. We may not be able to supply you with some information if:
Your additional rights under GDPR
How can you make a complaint?
You have the right to make a complaint if you feel unhappy about how we hold, use or share your information. Depending on the nature of your complaint, we would recommend contacting the Complaints Team who will help you to identify the most appropriate procedure to follow based on the specifics of your complaint. Alternatively you may wish to contact the Information Commissioner’s Office directly via the contact details below. Please note that the Information Commissioner will not normally consider an appeal until you have exhausted your rights of complaint to us directly.
Information Commissioner’s Office
Should you feel that our response to a complaint you have made is unsatisfactory you can contact the Fundraising Regulator via:
How do I contact the Charity?
You can contact the Charity via:
Portsmouth Hospitals Charity