Privacy and data protection policy

The purpose of this privacy statement

Southampton Hospitals Charity is committed to ensuring we are transparent about ways in which we use your personal information and that we have the right controls in place to ensure it is used responsibly and is kept safe from inappropriate access, theft, or misuse.


  1. Who we are
  2. Why we hold and process personal information
  3. What information we collect
  4. How we collect information about you
  5. What your information is used for
  6. Sharing of your information
  7. Our lawful basis for processing your data
  8. Storage and security of your data
  9. How long we keep your data for
  10. Your rights
  11. Changes to this policy
  12. How to contact us


  1. Who we are

Southampton Hospitals Charity helps to enhance the care and treatment of patients at University Hospital Southampton. We work with our supporters to raise money and provide financial support to areas of the hospital service that lie beyond the scope of NHS funding.

Visit Our Impact page to find out more about the ways in which money raised has improved patient care.


  1. Why we hold and process personal information

In carrying out our day-to-day activities we have relationships with our supporters, our staff, trustees, volunteers and patients, visitors and staff of University Hospital Southampton NHS Foundation Trust. As a result, we collect, store and process personal information on a day-to-day basis. Our use of personal information allows us to meet legal requirements, make better decisions, communicate with all  our stakeholders and fundraise more efficiently.

We are therefore required to adhere to the requirements of the Data Protection Act 2018 (incorporating the UK General Data Protection Regulations) and the Privacy and Electronic Communication Regulations.  We take our responsibilities under these regulations very seriously and your personal information is processed and stored in accordance with the legal requirements in the corresponding laws.


  1. What information we collect

Your personal information may include some or all of the following: name, date of birth and contact details, family and next of kin details, stories and images, financial, tax status and banking details, and cookies when accessing the website and digital channels, some of which will be publicly available.

Certain types of personal information are in a special category under data protection laws, as they are considered to be more sensitive.  Examples of this type of sensitive data would be information about health, race, religious beliefs, political views, or sexuality.  We only collect this type of information about our supporters, volunteers or staff where there is a clear reason for us to do so.

When we use special category personal information, we will either do so on the basis of your explicit consent or because we need to process it for employment purposes or because it is in your vital interests.

  1. How we collect information about you

Information you provide to us directly

We collect personal information from you when you enquire about our activities, register/sign up for an event, make a donation, enter the lottery, apply for or accept a job, volunteer, engage with our social media channels, respond to a survey we have sent you, or otherwise provide us with your personal information and agree to be contacted. We may also collect this type of information if you make it public or volunteer it to us when engaging with us.

Information you provide to us indirectly

Your information may be shared with us by third parties, for example independent event organisers, fundraising sites like Just Giving or other organisations engaged by us to raise funds for the Charity. These independent third parties will only do so when you have indicated that you wish to support Southampton Hospitals Charity, and with your consent. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.

Information from other sources

In addition to the information you give us, we may add information from publicly available sources including data from, for example, reputable newspapers, company websites, Companies House, the Charity Commission, Who’s Who and Debrett’s, LinkedIn. We may also use geographic and demographic information based on your postcode.

We do this in order to manage our fundraising effectively and to give you the best experience by tailoring our approaches to you according to your interests as well as the level at which you could potentially support us. This also enables us to manage our fundraising efficiently and effectively so we can raise more to spend on our beneficiaries.

We also obtain data from public sources to ensure the addresses and postcode information we hold for you is kept up to date.


Website cookies

Cookies are used to gather information on how you use our website.

Cookies are text files, which identify a user’s computer to our server. Cookies in themselves do not identify the individual user, just the computer used. The Southampton Hospitals Charity website uses persistent cookies – these are used to track returning visitors. They expire after 12 months and enable us to compare website traffic from month to month.

Cookies help us identify which pages are most visited and which events or activities are of most interest. This information can be used to help us improve our website and services and ensure we provide you with the best service. Wherever possible, the information we use for this purpose will be aggregated or anonymised i.e., it will not identify you as an individual visitor to our website.

You can reject cookies. Most browsers allow you to refuse cookies – consult the help section of the browser toolbar. Information on controlling cookies or rejecting cookies is available from several web sites, e.g.

Use of email products for bulk mailing

We also use products for sending emails to large numbers of people and can identify from this product whether the email has been opened, and whether links within the email have been clicked.

This enables us to determine whether our emails are of interest to the recipient.


  1. What your information is used for

The main purposes for using your data is for fundraising/donations, communication and newsletters, working with us as an employee, trustee, sole trader, or consultant. We may use the information for handling compliments/complaints, executing a Will, financial and anti-fraud operations, sharing stories and images.

We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. These might be local businesspeople who have been prominent in our community or people who have made public an interest in our particular area of work. This may include people connected to our current major supporters or trustees. The activity would involve looking at publicly available information (press articles, public profiles on networking sites). This activity might also result in us processing data of individuals who we conclude that we will not contact.

We may also carry out wealth screening using our trusted third-party partners to identify those on our database who may have the capacity to give more. You will always have the right to opt out of this processing.

The above activities help us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you.

We will also use publicly available sources to carry out due diligence on donors, in line with the Charity’s Donation Policy and to meet money laundering regulations.


  1. Sharing of your information

We will not share your data other than for the purposes we use your data for, unless permitted by the law. We will not sell, trade or lease your personal information to others. Your information will be kept secure within the UK or EU with the exception of where we use Mailchimp, based in the USA, to send out bulk mailings, e.g., newsletters.


  1. Our lawful basis for processing your data

In order to be lawful when processing your personal data, we rely on at least one of the following conditions.  We may rely on having your consent, although this is not the only condition we can rely on.  We may rely on having legitimate interests, either the Charity’s or yours, particularly when we are researching or analysing your publicly available data. Other conditions may include our legal obligations, for contract purposes, or where it is in your vital interests or for a lawful public task (including research).


  1. Storage and security of your data

We commit to keeping your personal information safe by implementing appropriate technical and organisational controls.


  1. How long we keep your data for

We commit to keeping your personal information no longer than required by law and/or our operating needs.


  1. Your rights

You have the right to opt out of any element of the processing of your publicly available personal data.

Your rights also include the rights of access, to be informed, to request rectification, erasure, restriction of processing, data portability, to object and in relation to automated decision making, analysis and profiling.


  1. Changes to this policy

We reserve the right for us to change the policy as required.


  1. How to contact us

You are able to contact us as follows:

Southampton Hospitals Charity

Mailpoint 135

Southampton General Hospital


SO16 6YD

Phone 023 8120 8881


and/or notify the

Information Commissioner’s Office (ICO)

by calling their helpline on 0303 123 1113

or by writing to them at:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Cheshire, SK9 5AF.