Dorothy House Hospice Care (Dorothy House) is committed to protecting all personal information and being transparent about what we do with it. We use your personal information in accordance with all applicable laws concerning the protection of personal data and we will not do anything with your information you wouldn’t reasonably expect.
This statement sets out how Dorothy House uses and protects your personal data, sometimes sensitive information, including data from your use of our website.
Listed below is a set of privacy statements which provide more detail as to how we process your personal data, depending on your relationship with us.
Each privacy statement outlines why, how, what, where and for how long Dorothy House processes (collects and uses) your personal data, including details of any sharing of data with third parties.
The General Data Protection Regulation (GDPR), introduced in May 2018, provides six lawful bases under which personal information can be processed and we have highlighted in each privacy statement which lawful bases apply. In particular, we have highlighted where data is collected and used on the basis of “legitimate interest.” This means that Dorothy House deems it necessary and appropriate to collect this information for reasons that do not require your consent. However, you can object to data processing on this basis. See Your Rights section.
Please click on the links below to read more about how we process your data:
- Patients, Families and Clients
- Trustees and Volunteers
- Job Applicants and Referees
- Fundraising Donors
- Retail Donors and Shoppers
- Customers (non-patient/client) e.g. training course attendees, those who hire our rooms,
DBS external agencies, library users
- Suppliers e.g. contractors/suppliers
- Website Users
Sharing Personal Information
We will never sell personal data. We use databases internally whereby the data is stored off-site with the relevant software provider. In some cases we also share information with third parties such as mailing houses who process information on our behalf including managing events and marketing by post and email. When we use a third party in this way we require their assurance that data is handled in line with our policies.
The Communications Team at Dorothy House will always ask for consent to use any photos, videos or quotes from individuals, for the sole purpose of promoting our services and raising awareness of our work. Publicity channels we use include our website, social media channels, local/national media, leaflets, exhibition displays, organisational publications.
If you attend one of our events we might use photographs and video from the events in publicity, via the channels above. If you are not happy about this we will do our best to remove you from photographs/video if you make us aware of your objection before attending.
As an individual whose personal data is processed by Dorothy House you have the following rights:
- the right to be informed – which is what this privacy statement is for
- the right to access the data we hold about you
- the right to object to direct marketing
- the right to object to processing carried out on the basis of legitimate interests
- the right to erasure (in some circumstances)
- the right to data portability (in some circumstances)
- the right to have your data rectified if it is inaccurate
- the right to have your data restricted or blocked from processing
Dorothy House is registered as a Data Controller with the Information Commissioner’s Office (ICO) and our ICO registration number is Z7289749. Our Data Protection Lead is Tony De Jaeger, Finance Director. Our Caldicott Guardian is Dr Patricia Needham.
If you have a general query about data protection in the first instance please contact firstname.lastname@example.org. Or call 01225 722988
If you are not happy with the way we have handled your data, and are unable to resolve the issue with us personally, you can complain to the ICO.
This policy was updated in December 2018 following the new General Data Protection Regulation (GDPR) and Data Protection Act 2018, which came into force in May 2018. Both the overarching statement and individual privacy statements may be updated from time to time and any significant changes made we will alert you to on these pages of our website.
The latest version will always be available here. (Updated 13.02.2019)