Keep Our St Helier Hospital

The official website for the Keep Our St Helier Hospital (KOSHH) Campaign

Privacy Policy

Keep Our St Helier Hospital (KOSHH) Campaign Privacy Policy v1.0.0.0

The Keep Our St Helier Hospital (KOSHH) Campaign is committed to safeguarding your privacy. We are committed to respect any personal data you share with us, or that we receive from other organisations, and keeping it safe. This Privacy Policy sets out our data collection and processing practices and your options regarding the ways in which your personal information is used.

This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Policy from time to time without notice to you, so please check it regularly.

The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to (as appropriate) sign a petition, make a donation or purchase items via our online shop, or apply to volunteer with us.

1. We collect information about you:

(1.1) When you give it to us DIRECTLY
You may give us your personal data in order to sign a petition, complete a questionnaire, complete a survey, when you share information about a petition, or survey, or other post from our website on Facebook, Twitter and/or via email, when you apply to volunteer with us, when you contact us by phone, email or post, when you sign up to our e-newsletter, and/or when you donate money to us.

(1.2) When you give it to us INDIRECTLY
Your information may be shared with us by others including other fundraising entities, sponsors and supporters of our organisation and services. Your information will also be provided to us when you follow us or otherwise interact with on or via Twitter, when you like and/or join our page on Facebook or interact with us in other ways on or via Facebook.

(1.3) When you give permission to OTHER ORGANISATIONS to share it or it is AVAILABLE PUBLICLY
We may combine information you provide to us with information available from external publicly available sources. Depending on your privacy settings for social media services, we may also access information from those accounts or services. We use this information to gain a better understanding of you and to improve our communications and fundraising activities.

(1.4) When you visit our WEBSITE
We use cookies to identify you when you visit our website and to enable us to personalise your online experience, to identify which pages of our website are viewed, at what time they are viewed, from which geographic location, from which source (eg. Web search engines, direct referrals from social media sites, news outlet websites etc.), and where possible, from which type of web-browser. This enables us to identify which pages of our website and types of content are popular, and which are not. When completing online surveys, questionnaires and petitions on the KOSHH website, we collect and log the public Internet Protocol address in order to provide an audit trail to identify any potential attempts to submit multiple responses from the same source, or other attempts to incorrectly influence the result of surveys, petitions, questionnaires etc. Please refer to our Cookies Policy for details on the way our use of cookies affects your personal data (https://koshh.org/cookies)

2. What information do we collect?

We may collect, store and use the following kinds of personal data:

(2.1) We will typically hold your name and contact details, where necessary including physical address, telephone number and e-mail address, and social media identity. However, we may request other information where it is appropriate and relevant, for example

  • Details of why you have decided to contact us
  • Why you chose to sign a petition
  • Why you chose to complete a survey or questionnaire

(2.2) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;

(2.3) information about the services you use, services and products of interest to you or any marketing and/or communication preferences you give; and/or

(2.4) any other information shared with us as per clause 1

Do we process sensitive personal information?

Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; we will only do so with your explicit consent.

3. How and why will we use your personal data?

Personal data, however provided to us, will be used for the purposes specified in this Policy or in relevant parts of the website.

We may use your personal information to:

(3.1) Enable you to use and/or learn about our local campaign in particular, or the defence of the wider National Health Service in general.

(3.2) Send you information about our work, campaigns, organisations and any other information, products or services that we provide (this will not be done without your consent);

(3.3) Provide you with the services, products or information you have requested;

(3.4) Improve your browsing experience by personalising your interaction with our website;

(3.5) Handle the administration of any donation or other payment you make via credit/debit card, cheque, standing order, BACS transfer or other electronic fund transfer mechanism;

(3.6) Collect payments from you and send statements and/or receipts to you;

(3.7) Handle the administration of your volunteering application;

(3.8) Conduct research into the impact of our campaigns;

(3.9) Deal with enquiries and complaints made by or about you relating to the website or us in general;

(3.10) Make petition submissions to third parties, where you have signed the petition and the third party is a target of the campaign to which the petition relates; and/or

(3.11) Audit and/or administer our accounts.

4. Supporter research/profiling

We may use your personal information to undertake research to gather further information about you from publicly accessible sources (as per clause 1 above). This helps us to get a better understanding of your background, interests and preferences in order to improve our communications and/or interactions with you, to help ensure they are targeted to be relevant and appropriate, and to provide information (sometimes through third parties) about petitions and other aspects of our services which we consider may be of interest to you.

Facebook marketing

We may use some of your personal information to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display adverts to both existing and prospective supporters when they visit Facebook. We may provide your email address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Some of your data is sent in an encrypted format that is deleted by Facebook (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder.

For more detailed information please see https://www.facebook.com/business/help/744354708981227 and Facebook’s data policy at https://en-gb.facebook.com/policy.php.

Google Analytics

We may use some of your personal information to analyse our digital performance, for example to see how our website can be improved to help us achieve the purposes set out in section 11 below, to record how you are using our website or to assess the popularity of marketing campaigns.

For more information on how we use your personal information in relation to Google Analytics, please view our cookie policy by clicking this link (insert link to cookies policy).

You can opt-out of the collection of information for such purposes here: http://www.aboutads.info/choices

5. Communications, fundraising and marketing

Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our events and/or activities that we consider may be of particular interest; about the work of The Keep Our St Helier Hospital (KOSHH) Campaign; and to ask for donations or other support.

6. Donations and other payments

All financial transactions carried out on our website are currently handled through PayPal, Eventbrite or GoFundMe, who are third-party payment services providers. We recommend that you read PayPal’s privacy policy (available here), Eventbrite’s privacy policy (link here) and/or GoFundMe’s privacy policy (link here)prior to effecting any transactions with us. We will provide your personal data to 3rd party payment providers only to the extent necessary for the purposes of processing payments for transactions you enter into with us. We do not store your financial details.

7. Children’s data

We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 or under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.

8. Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we will disclose your information to regulatory and/or government bodies and/or law enforcement agencies upon request only when required to do so in order to satisfy legal obligations which are binding on us.

9. Security of and access to your personal data

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.

Your information is only accessible by appropriately trained and authorised members of our steering committee.

We may also use agencies and/or suppliers to process data on our behalf. We may also merge or partner with other organisations and in so doing transfer and/or acquire personal data.

Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We may transfer and/or store personal data collected from you to and/or at a destination outside the European Economic Area (“EEA”). Such personal data may be processed by agencies and/or suppliers operating outside the EEA. If we transfer and/or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data.

Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent, and we will NEVER sell your personal data to anyone.

10. Your rights

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:

(10.1) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.

(10.2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.

(10.3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.

(10.4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.

(10.5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.

(10.6) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.

To exercise these rights, please send a description of the personal information in question using the contact details in section 16 below.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in section 16 below.

You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/.


11. Lawful processing

We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:

  1. Personal information is processed on the basis of a person’s consent
  2. Personal information is processed on the basis of a contractual relationship
  3. Personal information is processed on the basis of legal obligations
  4. Personal information is processed on the basis of legitimate interests

(11.1) Consent
We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing and fundraising emails, for targeted advertising and profiling, and if you ever share sensitive personal information with us.

(11.2) Contractual relationships
Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you apply for employment or to volunteer with us, or if you purchase something via our online shop.

(11.3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.

(11.4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).

We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent.

Achieving our purposes

These include (but are not limited to):

  • Campaigning to protect, maintain and improve all services currently provided by the Epsom & St Helier University Hospitals NHS Trust, or whichever organisation(s) may take over custodianship in the future.
  • Campaigning for the continued existence of the National Health Service in the United Kingdom
  • Campaigning for a return to an NHS which is:
    • Publicly provided (by directly employed staff)
    • Publicly accountable (by restoring the Secretary of State for Health & Social Care’s duty to provide an NHS)
    • Publicly funded (through general taxation)
    • Comprehensive
    • Universal
    • Free at the point of clinical need

Publicity and income generation

Conventional direct marketing and other forms of marketing, publicity or advertisement

Unsolicited commercial or non-commercial messages, including campaigns, newsletters, income generation or fundraising

Analysis, targeting and segmentation to develop and promote or strategy and improve communication efficiency

Personalisation used to tailor and enhance your experience of our communications


Operational Management

Volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes

Physical security, IT and network security

Processing for historical, scientific or statistical purpose


Purely administrative purposes

Responding to enquiries

Delivery of requested products or information

Communications designed to administer existing services including administration of petitions and financial transactions

Thank you communications and receipts

Maintaining a supporter database and suppression lists


Financial Management and control

Processing financial transactions and maintaining financial controls

Prevention of fraud, misuse of services, or money laundering

Enforcement of legal claims

Reporting criminal acts and compliance with law enforcement agencies

When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.


12. Data retention

In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.

In the event that you ask us to stop sending you direct marketing/fundraising/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.


13. Policy amendments

We keep this Privacy Policy under regular review and reserve the right to update from time-to-time by posting an updated version on our website, not least because of changes in applicable law. We recommend that you check this Privacy Policy occasionally to ensure you remain happy with it. We may also notify you of changes to our privacy policy by email.


14. Third party websites

We link our website directly to other sites. This Privacy Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.


15. Updating information

You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at info@koshh.org


16. Contact

We are not required by law to have a “Data Protection Officer”.

Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by emailing us at info@koshh.org.

Recent Posts

Recent Comments

Archives

Categories

Meta

Recent Tweets

Keep Our St Helier Hospital © 2015 - 2017 Frontier Theme