This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Policy from time to time without notice to you, so please check it regularly.
The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to (as appropriate) sign a petition, make a donation or purchase items via our online shop, or apply to volunteer with us.
1. We collect information about you:
(1.1) When you give it to us DIRECTLY
You may give us your personal data in order to sign a petition, complete a questionnaire, complete a survey, when you share information about a petition, or survey, or other post from our website on Facebook, Twitter and/or via email, when you apply to volunteer with us, when you contact us by phone, email or post, when you sign up to our e-newsletter, and/or when you donate money to us.
(1.2) When you give it to us INDIRECTLY
Your information may be shared with us by others including other fundraising entities, sponsors and supporters of our organisation and services. Your information will also be provided to us when you follow us or otherwise interact with on or via Twitter, when you like and/or join our page on Facebook or interact with us in other ways on or via Facebook.
(1.3) When you give permission to OTHER
ORGANISATIONS to share it or it is AVAILABLE PUBLICLY
We may combine information you provide to us with information available from external publicly available sources. Depending on your privacy settings for social media services, we may also access information from those accounts or services. We use this information to gain a better understanding of you and to improve our communications and fundraising activities.
(1.4) When you visit our WEBSITE
2. What information do we collect?
We may collect, store and use the following kinds of personal data:
(2.1) We will typically hold your name and contact details, where necessary including physical address, telephone number and e-mail address, and social media identity. However, we may request other information where it is appropriate and relevant, for example
- Details of why you have decided to contact us
- Why you chose to sign a petition
- Why you chose to complete a survey or questionnaire
(2.2) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
(2.3) information about the services you use, services and products of interest to you or any marketing and/or communication preferences you give; and/or
(2.4) any other information shared with us as per clause 1
Do we process sensitive personal information?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; we will only do so with your explicit consent.
3. How and why will we use your personal data?
Personal data, however provided to us, will be used for the purposes specified in this Policy or in relevant parts of the website.
We may use your personal information to:
(3.1) Enable you to use and/or learn about our local campaign in particular, or the defence of the wider National Health Service in general.
(3.2) Send you information about our work, campaigns, organisations and any other information, products or services that we provide (this will not be done without your consent);
(3.3) Provide you with the services, products or information you have requested;
(3.4) Improve your browsing experience by personalising your interaction with our website;
(3.5) Handle the administration of any donation or other payment you make via credit/debit card, cheque, standing order, BACS transfer or other electronic fund transfer mechanism;
(3.6) Collect payments from you and send statements and/or receipts to you;
(3.7) Handle the administration of your volunteering application;
(3.8) Conduct research into the impact of our campaigns;
(3.9) Deal with enquiries and complaints made by or about you relating to the website or us in general;
(3.10) Make petition submissions to third parties, where you have signed the petition and the third party is a target of the campaign to which the petition relates; and/or
(3.11) Audit and/or administer our accounts.
4. Supporter research/profiling
We may use your personal information to undertake research to gather further information about you from publicly accessible sources (as per clause 1 above). This helps us to get a better understanding of your background, interests and preferences in order to improve our communications and/or interactions with you, to help ensure they are targeted to be relevant and appropriate, and to provide information (sometimes through third parties) about petitions and other aspects of our services which we consider may be of interest to you.
We may use some of your personal information to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display adverts to both existing and prospective supporters when they visit Facebook. We may provide your email address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Some of your data is sent in an encrypted format that is deleted by Facebook (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder.
For more detailed information please see https://www.facebook.com/business/help/744354708981227 and Facebook’s data policy at https://en-gb.facebook.com/policy.php.
We may use some of your personal information to analyse our digital performance, for example to see how our website can be improved to help us achieve the purposes set out in section 11 below, to record how you are using our website or to assess the popularity of marketing campaigns.
You can opt-out of the collection of information for such purposes here: http://www.aboutads.info/choices
5. Communications, fundraising and marketing
Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our events and/or activities that we consider may be of particular interest; about the work of The Keep Our St Helier Hospital (KOSHH) Campaign; and to ask for donations or other support.
6. Donations and other payments
7. Children’s data
We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 or under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.
8. Other disclosures
9. Security of and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.
Your information is only accessible by appropriately trained and authorised members of our steering committee.
We may also use agencies and/or suppliers to process data on our behalf. We may also merge or partner with other organisations and in so doing transfer and/or acquire personal data.
Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We may transfer and/or store personal data collected from you to and/or at a destination outside the European Economic Area (“EEA”). Such personal data may be processed by agencies and/or suppliers operating outside the EEA. If we transfer and/or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data.
10. Your rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
(10.1) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(10.2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.
(10.3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
(10.4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(10.5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(10.6) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question using the contact details in section 16 below.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in section 16 below.
You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/.
11. Lawful processing
We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:
- Personal information is processed on the basis of a person’s consent
- Personal information is processed on the basis of a contractual relationship
- Personal information is processed on the basis of legal obligations
- Personal information is processed on the basis of legitimate interests
We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing and fundraising emails, for targeted advertising and profiling, and if you ever share sensitive personal information with us.
Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you apply for employment or to volunteer with us, or if you purchase something via our online shop.
(11.3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.
(11.4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).
We will rely on this ground to process your
personal data when it is not practical or appropriate to ask for consent.
These include (but are not limited to):
- Campaigning to protect, maintain and improve all services currently provided by the Epsom & St Helier University Hospitals NHS Trust, or whichever organisation(s) may take over custodianship in the future.
- Campaigning for the continued existence of the National Health Service in the United Kingdom
- Campaigning for a return to an NHS which is:
- Publicly provided (by directly employed staff)
- Publicly accountable (by restoring the Secretary of State for Health & Social Care’s duty to provide an NHS)
- Publicly funded (through general taxation)
- Free at the point of clinical need
Publicity and income generation
Conventional direct marketing and other forms of marketing, publicity or advertisement
Unsolicited commercial or non-commercial messages, including campaigns, newsletters, income generation or fundraising
Analysis, targeting and segmentation to develop and promote or strategy and improve communication efficiency
Personalisation used to tailor and enhance your experience of our communications
Volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes
Physical security, IT and network security
Processing for historical, scientific or statistical purpose
Purely administrative purposes
Responding to enquiries
Delivery of requested products or information
Communications designed to administer existing services including administration of petitions and financial transactions
Thank you communications and receipts
Maintaining a supporter database and suppression lists
Financial Management and control
Processing financial transactions and maintaining financial controls
Prevention of fraud, misuse of services, or money laundering
Enforcement of legal claims
Reporting criminal acts and compliance with law enforcement agencies
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
12. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
In the event that you ask us to stop sending you direct marketing/fundraising/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
13. Policy amendments
14. Third party websites
15. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at firstname.lastname@example.org
We are not required by law to have a “Data Protection Officer”.
Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by emailing us at email@example.com.