This privacy notice sets out how Douglas Macmillan Hospice (DMH) uses and protects personal information collected.
DMH is committed to ensuring that an individual’s privacy is protected under the Data Protection Act 2018 specifically regarding information collected, by which an individual can be identified.
DMH may change this notice when necessary by updating this document. You should check the latest version from time to time to ensure that you are content with any changes.
This privacy notice tells you what to expect regarding personal information collected:
We will require your personal identifiable information if you:
We may collect the following information:
Additionally if you are a patient, receiving treatment or care we may also collect more sensitive data relating to:
If you have been referred to us by a health care professional this information will be provided by your doctor, another healthcare professional or the NHS. We store this information securely on our computerised medical record platform called Crosscare.
If you apply for a paid job or volunteer role we will require:
This information is securely stored on a sector recognised computerised software platform, employees are recorded on a system known as Cascade, Volunteers are recorded on a system known as Better Impact.
We will collect your information on either paper, electronic forms or via the web and subsequently record and store this information on electronic information systems whenever you interact with us. This may be when:-
We will observe the requirement to have at least one of the six recognised lawful basis for processing data (personally identifiable information) always upholding an individual’s rights and interests, namely:
We require relevant and appropriate information to carry out activities regarding your relationship with us and provide you with an excellent service. From time to time we may use this data to:
*In order for Douglas Macmillan Hospice to operate, we need to engage with other organisations for the provision of some services. We always enter into Data Sharing agreement that is legally binding for both parties to ensure complete adherence to Data Protection Act 2018 by all stakeholders. All third part contracts are assessed to ensure compliance with the General Data Protection Regulations.*
DMH is committed to ensuring your information is kept safe and secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to keep safe and secure the information we collect online and offline. We use sector approved secure electronic databases to protect and store your personal information.
Specifically, financial information such as Credit/Debit card details collected online and offline are securely processed through our various financial service providers, observing the most up to date PCI DSS standards, and all card details recorded in a paper based form will be destroyed once the process is completed, using a cross shredder at DIN Level 4.
Information collected to facilitate sales transactions using card readers is similarly securely processed through our various financial service providers and information on receipts is encrypted using industry standard methods.
We will never retain your financial information within our electronic database without applying encryption security.
We will only retain your information for the purpose it was collected, as stated at the point of collection. Your information will be kept for the period of time the purpose it was collected dictates and/or as long as we are legally bound to keep it – such as HMRC regulations.
We will never sell, distribute or lease your personal information to third parties.
We will only share your information with other healthcare services, when required as part of care being received, in all other circumstances we will only share your information with another third party with your permission.
Data Subjects may request a copy of all information being held at any point and this will be provided in excel spreadsheet format.
Requests can be made by using any of the contacts options below or by using the Data Subject Access Request Form (see section 16).
A formal written request will be responded to within 28 working days, which may be extended, if the request is numerous or complex.
Where information being held is thought to be inaccurate, corrections will be made upon receipt of notification of the correct information by one of the contact options listed below. We will correct any information found to be incorrect or remove information thought to be inaccurate.
We have CCTV cameras in place around the hospice site in Barlaston and in our shops in Meir and Burslem. The footage recorded will be stored for 30 days before it overwrites itself. In particular circumstances such as an investigation we may have need to keep a copy of the footage(s) for evidence. Once an investigation is completed the recordings will be securely destroyed.
All photos and image recordings which mean an individual can be identified will be treated the same way as any other format of personal data.
Before we take any individual or a group of people’s photograph and/or moving film images on the Hospice premises or shops, we will obtain full consent from the individual using appropriate consent forms. We will ensure that these are captured and used, fairly and lawfully.
We consider anyone under 18 to be a minor and protection of children and young people is important to us.
We will collect data and information from young people aged over 13, but under 18, without parental consent, but we will require age verification to ensure we can process the information and communicate in ways that are legal and compliant.
We will only collect data and information from young people, under 13, with permission of a parent or responsible guardian and therefore we will require confirmation of consent from a parent or responsible guardian demonstrated at the point of personal information is given to us. If we collect personal information unknowingly without such consent this will be immediately, securely destroyed. We will also attempt to inform the parent or responsible guardian of this unintentional collection of data.
We will flag on data recording systems, the age and/or date of birth of the young person, at the point at which the age was admitted.
The hospice has a duty to help to safeguard the people it supports from the experience or risk of abuse and neglect. We have an integrated process for safeguarding adults and children and work closely with other statutory agencies. Our aim is to offer the highest quality service and we are committed to preserving confidentiality regarding your identity, however, there may be occasions when we are required to inform Local Authority Safeguarding Teams and/or the Police where there may be experience or risk of abuse and neglect and any acts outside the law. Although we would usually seek peoples consent before taking this action, we may sometimes have to do this without their consent in accordance with local and national safeguarding policy and procedures.
The Hospice takes seriously the vulnerability of some individuals in society and is aware that some may not have the mental capacity to make an informed decision and understand the consequence of their donation at the time of interaction. We understand that some people may need further support before deciding whether to donate.
The Hospice continually raises awareness of safeguarding practices to its representatives through mandatory training. We will endeavour to recognise situations regarding adults in vulnerable circumstances or lacking capacity when they occur in relation to information collection activities and may refer to a carer or care agent or appropriate adult to ensure an individual’s privacy is protected
This privacy notice and any associated Data Protection Policies are approved by the Senior Executive Group and Trustee Board of DMH and reviewed at 3 year intervals, as a minimum.The notice will be posted on our website, notice boards on our premises, our internal intranet and produced as a hard copy on request.This notice can be made available to you in an alternative format that suits your specific needs upon request, such as a different language, brail or an auditory format.
Should you have any concerns about the way we process your data, you have the right to complain and we would encourage you to contact us in the first instance so that we can attempt to resolve any concerns. Our contact details are as follows:
If you are not satisfied with our response you can also complain to the ICO about how we have used your data.
The ICO’s contact details are:
The current updated frequency of this document is 3 years.
Version 1: 1/06/18
Version 2: 4/02/21
Please click here to open the Data Subject Access Request form.