Privacy and data protection policy

General Data Protection Regulation:

In May 2018, new Data Protection Regulations were introduced with a number of lawful reasons how we can use/process your data.  One of these reasons is called Legitimate Interest.

In general terms this means that we can process your personal information if:

We have a genuine and legitimate reason and we are not harming your rights and interests.

 This means that when you provide your personal details, we will use your information for our legitimate business interest to carry out our work in enabling the world class services provided at University Hospital Southampton NHS Foundation Trust.

Prior to using your data, we will carefully consider:

  1. Identifying what the legitimate interest is (Purpose test)
  2. Would you, as the data subject, reasonably expect us to process their data (Necessity test)
  3. What impact, if any, would there be on you (Balancing test)
  4. What safeguards to we have in place to protect you and your data

Some examples of when and why we would use this approach are:

Direct mail – We send marketing and fundraising asks to keep you informed of the work we are doing to support University Hospital Southampton NHS Foundation Trust and to ask for support on key projects.

Research – We may use your data to help us asses the effectiveness of promotional campaigns and to develop our products, services, systems and relationships with you.

Due Diligence – We may need to conduct investigations on supporters, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.

We will also hold information about you so that we can respect your preferences of how we contact you.

You can change the way you hear from us or withdraw your permission at any time by contacting us at charity@uhs.nhs.uk or 023 8120 8881.

What information we collect:

In May 2018, new Data Protection Regulations were introduced with a number of lawful reasons how we can use/process your data.

We obtain data from our website and other collection methods for a number of reasons set out above, including providing you with the most useful relevant information about Southampton Hospital Charity. We do this through collecting and analysing both anonymous, or aggregate data, and personal data volunteered by you online or through other collection methods.

In some areas of our website, for example forms, orders and emails we collect personal details such as your name, address, telephone number and email address. We use this information only for the reason you have supplied it or any other reason for which you have given us permission to do so.

Where relevant, information is provided to explain why the data is being collected and how it will be used. In all cases we will give you the option to ‘opt out’ of receiving future communications including email, or text marketing.

In addition to this, as a fundraising organisation we undertake in-house research and, upon occasion, we engage with specialist third party providers to gather information from publicly available sources. You will always have the right to opt out of this processing. Research will also be used to carry out due diligence on donors in line with the charities Gift Acceptance Policy and to meet money laundering regulations.

All research is carried out with the express purpose of understanding more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and to ensure that we provide you with an experience as a supporter, or potential supporter, which is best for you.

We will also collect information about your visit to our website (for example, the date and time of your visit and the pages that you view). This information is not connected to you personally, and is in aggregate form. This kind of data helps us understand how our visitors use our site so that future website development can better meet your needs.

Under the Data Protection Act, we have a duty to protect any information we collect from you. We do not pass on your details to any third party unless you give us permission to do so.

All staff working at Southampton Hospitals Charity have undertaken data protection and information governance training so that they understand how to handle your data.

Further information on the Data Protection Policy can be found here or more about our terms and conditions here.