Donate

Privacy Policy

West Herts Hospitals Charity is committed to protecting your privacy and upholding our responsibilities under the Data Protection Act 2018 and UK GDPR. We strive to ensure that any personal information we collect is handled, used, and processed in line with these regulations and all applicable data protection laws.

This statement explains how we manage the personal information you provide to us. We may occasionally update this privacy statement, so please check this page periodically for any changes.

Our Contact Details

We are the Data Controller for your information registered with the Information Commissioner’s Officer (ICO) under registration number Z5205111. A Data Controller decides on why and how information is used and shared.

West Herts Hospitals Charity
Sycamore House, Watford General Hospital
WD18 0HB
07815 459037
West Herts Hospitals Charity

Data Protection Officer’s contact details

Our Data Protection Officer is Nicola Bateman. She monitors our compliance with data protection laws. For queries about your personal data, contact her at westherts.infogov@nhs.net.

What personal information do we collect?

Personal information is information that can be used to identify you. We collect the following information:

  • Your title, name, gender, and date of birth.
  • Your contact details (postal address, email, telephone number and social media contact details).
  • Family and spouse/partner details, relationships to other supporters.
  • Current interests and activities.
  • Gift aid status and records of donations.
  • Contact preferences.
  • Media articles about you.
  • Your IP address, location, browser type and information on how you interact on our website.
  • You credit/debit card details in line with payment card industry standards.
  • bank account details if you set up a direct debit or standing order payment for regular donations to us. 

In some limited circumstances we may collect information considered ‘special category data’.  This is personal information regarding racial or ethnic origins, political opinions, religious beliefs, and health (including mental health). 

How do we collect personal information about you? 

We collect personal information about you in the following ways:

  • Directly from you – You may provide us with your information when you sign up for one of our events, share your story, make a donation, or communicate with us in other ways. Occasionally, when you support us, your information may be processed by third-party organisations working on our behalf (such as a mailing house).
  • Indirectly from third parties – Your information may be shared with us by independent organisations, such as fundraising platforms like JustGiving. These third parties will only do so if you have expressed your wish to support us and given your consent. We recommend reviewing their privacy policies to understand how they handle your data before providing any information.
  • Through permission from other organisations – Depending on your privacy settings and the policies of social media or messaging platforms like Facebook and Twitter, you may grant us access to certain information from your accounts or services.

What we do with your personal information

The personal information we collect helps us achieve our fundraising goals. If you support us, for example by donating, volunteering, registering to fundraise, or signing up for an event, we will mainly use your information to:

  • Provide you with the information, activity, services, or products you have asked for.
  • Provide you information about other activity, services, or products we think might interest you where you have consented to being contacted.
  • Administer you donation or support your fundraising, including processing Gift Aid.
  • Send you surveys, and for market research.
  • Invite you to events.
  • Keep a record of your relationship with us and record the contact we have with you.

We do not, and will never, sell or trade your data.

Is information transferred outside the UK?

All information we collect is stored and processed within the UK, except for data held in our donor database, Raiser’s Edge (a product of Blackbaud Inc.). Blackbaud, headquartered in the United States, may transfer personal data outside the UK as necessary to fulfil its obligations to clients, where we act as the data controller. 

These data transfers occur only to countries recognised by the UK Secretary of State as having adequate data protection levels or to organisations using lawful transfer mechanisms that ensure proper safeguards, such as standard contractual clauses or binding corporate rules.

How do we keep your information secure and confidential?

We are committed to ensuring that your personal information is kept safe and secure. We use a range of measures to protect your data, including:

  • Encryption: All electronic records are encrypted to prevent unauthorized access.
  • Access controls: Only authorised staff with a legitimate need to access your information are granted access, and this is regularly reviewed.
  • Training: Our staff receive regular data protection training to ensure they understand their responsibilities when handling your personal information.
  • Physical security: Paper records are stored securely, and access to these is restricted.
  • Secure transfer: When sharing your information with other organisations, we use secure methods to ensure it remains protected.

These measures are designed to safeguard your information in compliance with data protection laws, including the UK GDPR and the Data Protection Act 2018.

What is our lawful basis for processing your data?

Under the UK General Data Protection Regulation (UK GDPR) we must have a legal reason to collect, keep and use your data. We rely on the following legal basis for processing it:

Article 6(1)(a) We have your consent – this must be freely given, specific, informed, and unambiguous.

When we rely on your “consent” to process your information, this means we only use it with your permission, and you can withdraw that permission at any time without any negative consequences. However, if you withdraw consent for receiving our news and updates through certain methods, we will no longer be able to send those to you.

With your consent, we may use your personal information to:

  • Send you updates and information about our charity by email, SMS, or direct social media messages. You will always be given the opportunity to opt out of communication from any channel at any time.
  • Making automated telephone calls.
  • Call you on private numbers registered with the telephone preference service to ask for your support.
  • Share information about your support for us.

If you agree to receive further updates from us when asked on a partner website or giving platform, that partner will pass your contact and donation information to us, along with your consent to be contacted by the method you agreed to (such as email or text message).

Article 6(1)(b) Contractual necessity the following circumstances will result in using your information for the purposes of administrating a contract:

  • Providing you with a ticket for an event, training course, and processing your registration for that ticket or event.
  • Using your data to communicate with you in respect of grants or gifts we have made or received where that grant or gift is subject to a contract between us and you or an organisation with which you are connected.

Article 6(1)(c) Legal obligation – We have a legal obligation to process your information in the following circumstances.

  • If you allow us to claim Gift Aid, we are required to keep records and share them with His Majesty’s Revenue and Customs.
  • We keep records for auditing and accounting purposes.
  • For certain donations, we are required to conduct anti-money laundering checks.
  • To comply with our legal obligations under Charity fundraising: a guide to trustee duties (CC20), as well as regulation such as the Charity Commission’s Know Your Donor Policy and the Fundraising Regulator’s Code of Practice, we may also undertake due diligence research to assess the source of funds for donations and to ensure that we are robustly considering ethical and reputational risks to the charity.
  • We comply with charity regulations to protect the charity’s reputation.
  • We are legally required to record details of any complaints about fundraising.

Article 6(1)(f) Legitimate interests Some of our work requires using your data, even when we don’t need your consent by law. In these cases, we use “Legitimate Interests,” meaning we balance our needs with your rights. If the impact on you seems too high, we’ll ask for your consent. You can also ask us to stop using your data under “Legitimate Interests.”

The following are some examples of instances where we process your data for our legitimate interest.

  • Direct marketing – We will send postal marketing and fundraising requests about our charity, including how you can donate. You will always be given the opportunity on how to opt-out of receiving and further information.
  • Profiling and analysing information – We carry out limited profiling and research to help us understand our donors and potential donors, including gathering information from publicly available resources to give and insight into philanthropic interests and ability to support our charity. 
  • Administrative purposes – For example, if a direct debit were to cease due to a change of bank account, or to ask you to consider completing a Gift Aid form.

Who do we share your data with?

We only share your data in this way if we have your consent, or if we are legally obliged to do so.

We may pass your data to the following organisation:

  • To HMRC to claim Gift Aid
  • To statutory bodies, for example the Charity Commission, or the Police, if they had obtained the relevant powers to require us to pass your data to them.

We may share your data with organisations that help us carry out our work, known as “Data Processors.” These organisations work under contract with us, which means they can only use your data as instructed by us. They are not allowed to use your data for their own purposes or keep it beyond what we’ve authorised. Examples include companies that print letters for us or manage our secure, encrypted donor database in the cloud.

How we update your information

Please let us know if you move or change your contact details so we can keep our records accurate. If mail to you is returned as “moved away” or similar, we may use public sources, like the National Change of Address database, to verify and update your information.

We strive to keep your information accurate and up to date and will assume that the details you provide are correct unless we learn otherwise. If we discover any inaccuracies, we will correct them promptly.

How long will we keep your data?

We keep your personal information only as long as needed to fulfil the purpose for which it was collected, as well as to meet any legal, accounting, or reporting requirements.

Typically, we follow a set time frame based on our data retention policy, which may vary depending on the purpose of the information and any legal or contractual requirements (such as financial regulations).

In most cases, we keep personal information related to donations, campaign actions, or mailing list subscriptions for six years after your last donation or interaction with us. After this period, we will decide if we need to retain it for another six years. Once the retention period is over, your information will be securely deleted or disposed of.

If you’ve pledged a legacy gift, we will retain your information until the gift is received, so we can match the gift with the pledge.

Information on children and those under 18

We don’t actively collect data on children, though we know some generously choose to fundraise for us. If we receive any information about children through our donation platforms, we’ll make sure we have parental consent for anyone under 13. We don’t market to anyone under 18. If we wish to keep a photo of someone under 18, we’ll get their consent if they are 13 or older, and parental or guardian consent if they are younger.

Profiling and fund-raising efficiency

To ensure our communications and fundraising efforts are as relevant and effective as possible, we may analyse certain information about our supporters.

  • Profiling for relevant communications: We may analyse your personal information to understand your interests and preferences, so we can share updates and opportunities that may be of most interest to you.
  • Additional information sources: Where available, we may use publicly accessible information (like geo-demographic and wealth indicators) to tailor our fundraising efforts effectively and understand the background of our supporters.
  • Segmentation for efficient fundraising: Based on your giving history and that of other supporters, we may group supporters into “donor segments” (e.g., by donation amount, frequency, or other relevant factors) to develop our fundraising strategies. We may use software to support this analysis.
  • Third-party data: To organise our fundraising efforts efficiently, we may include information from third-party sources, such as indicators of wealth, previous giving to other causes, and any public social media posts. This helps us direct our resources effectively, making appropriate requests to those more likely to contribute.
  • Data matching: We may compare your information against external databases solely for fundraising purposes. The owners of these databases will not use your information themselves.

This analysis may be considered “profiling” under data protection law. You have the right to request that we stop this processing of your data. If you would like to opt-out or have any questions, please contact our charity office.

What are your data protection rights?

You have several rights regarding your personal information, which may vary depending on the reasons we are processing your data. Your rights include:

  • Right of access: You have the right to ask us for copies of your personal information (known as a subject access request). You can request copies of your personal health information by emailing westherts.accesstohealthrecords@nhs.net 
  • Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Right to restrict processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
  • Right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to exercise any of these rights, please contact our data protection officer westherts.infogov@nhs.net.

How to contact us if you have a complaint, a query or wish to compliment

If you are dissatisfied with our work or feel something has been overlooked, we want to hear from you. We also appreciate hearing what we’re doing well. Your feedback helps us learn and improve our services. To share a complaint, compliment, or comment, please contact the Charity CEO westherts.hospitalscharity@nhs.net.

We understand that you might sometimes want an independent group to investigate your concerns. The Fundraising Regulator, which oversees charitable fundraising, can investigate cases where fundraising practices have caused public concern. Before reaching out to them, please allow us the chance to address your concern or complaint through our own process first.

The Fundraising Regulator
Eagle House
167 City Road
London, EC1V 1AW
0300 999 3407
www.fundraisingregulator.org.uk

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously. You can submit a complaint by contacting our Information Governance team by emailing them on: westherts.infogov@nhs.net 

If you remain dissatisfied with the Trust’s decision following your complaint, you may wish to contact:

Information Commissioner’s Office

Wycliffe House Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

www.ico.gov.uk 

Get the latest news

By giving us your email address, you’re giving us permission to email you about our news, events and fundraising. For further details in relation to how we handle the personal information you provide to us, please see our privacy notice.

Charity No. 1052210
Envelope Facebook Instagram X-twitter Linkedin-in

About

Quick Links