Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

You are here:

Call our 24/7 advice line for health care professionals and families if you need support with symptom management and end of life care - 01284 766133.

Your Experience survey

If you have used our Hospice's services, please consider taking some time to inform us of your experience.

Privacy

On this page you will find information regarding: 

What is personal data?

By personal data we mean any information that might allow you to be identified, such as your name, address, date of birth, credit card details, I.P. address, photo or video image or voice recording. For our patients, staff and volunteers, some of this data will be sensitive and relate to their health and wellbeing, ethnicity and religious views.

You can read more about the use of cookies by clicking here.

Why is my personal information so important?

St Nicholas Hospice Care is obliged to protect the privacy rights of all individuals. This means when a person chooses to share their information with us, we strive to keep it safe with strong security measures.

It is the responsibility of the Hospice’s staff and volunteers to protect against unauthorised processing of information and against accidental loss, destruction and damage. We ask any third-party organisation that processes data on our behalf to match and demonstrate the same high standards. Contractors must comply with the law, as well as our data security and confidentiality procedures and must sign a binding agreement.

We have signed up to the Digital Ethics Charter as part of our commitment to how we will use and protect data. You can read more information by clicking here.

What are my rights?

The rights of everyone protected by law are:

  • the right to be informed about the processing of your personal information
  • the right of access to your personal information and to obtain information about how we process it
  • the right to have your personal information rectified if it is inaccurate and to have incomplete personal information completed
  • the right to object to the processing of your personal information
  • the right to restrict the processing of your personal information
  • the right to erase your personal information (the ‘right to be forgotten)
  • the right to move, copy or transfer your personal information (‘data portability’)
  • rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

What is your legal basis for processing my personal information?

Health Purposes

GDPR Article 6 (1) (e) Public Task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

And special category data:

GDPR Article 9 (2) (h) Health or social care (with a basis in law)

Basis in Law:

DPA18 Schedule 1, Part 1, Section 2 (1) this condition is met if the processing is necessary for health or social care purposes.

Employment & Recruitment

GDPR Article 6 (1) (b) Contract: Employment, social security and social protection (if authorised by law)

And special category data:

GDPR Article 9 (2) (b) Employment, social security and social protection (if authorised by law)

Basis in Law:

DPA18 Schedule 1, Part 1, Section 1 (1) this condition is met if the processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection

Fundraising, Events, Lottery and Donations

GDPR Article 6 (1) (a) Consent: Explicit consent

GDPR Article 6 (1) (f) Legitimate Interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

CCTV

GDPR Article 6 (1) (f) Legitimate Interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

And in accordance with the law:

Legitimate Interest Assessment and Data Protection Impact Assessment carried out justifying the use at St Nicholas Hospice sites.

Retail, eCommerce & GiftAid

GDPR Article 6 (1) (a) Consent: Explicit Consent

Why do you collect my information?

We may collect personal information about you when you take part in one of our fundraising events or challenges, make a donation, play our lottery or raffles, buy items in our shops, apply to work or volunteer with us or use our website. If you are referred to one of our clinical services we will collect data from you and may also receive it from other healthcare providers.

Information collected on service users: Name, date of birth, address, phone number, email, next of kin, ethnicity, current and historic health information

Information collected on supporters: Name, date of birth, address, phone number, email and next of kin (in some circumstances).

Information collected on staff and volunteers: Name, date of birth, address, phone number, email, next of kin, ethnicity, bank details, pension and tax information, current and historic health information.

Do you share my information?

On occasion information will be shared with other health professionals, social care professionals, carers or organisations involved in your care.

We may also share information if there is a lawful basis to do so. Such as a court order, a declaration from the Police stating it’s for the detection or prevention of crime or is required in the vital interests of the individual or the general public.

We are also part of the My Care Record scheme. You can read about this by clicking here.

Has anything changed about sharing my information during COVID-19?

During the COVID-19 pandemic, we may be required to share your medical information under Regulation 3(4) of the Health Service (Control of Patient Information) Regulations 2002 (COPI) for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the COVID-19 outbreak and incidents of exposure. This Notice is imposed on us by the Secretary of State for Health and Social Care and will be reviewed on or before 31st March 2022 and may be extended by The Secretary of State. If no extension is made, this Notice will expire on 31st March 2022.

Is my information processed by any third parties?

We use third-party systems and use third parties to carry out some processing on our behalf.

  • SystmOne – Clinical System – The Phoenix Partnership
  • Radar Healthcare – Compliance System – SmartGate Solutions Ltd
  • Compass – HR System – CIPHR Ltd
  • Mailchimp – Mailing House – The Rocket Science Group
  • Office365 – Communication, data storage and administration – Microsoft
  • NHS Mail – Secure communication – NHS Digital
  • Stripe – Payment System – Stripe

How long do you hold my data for?

Information is retained in line with the NHS Records Management Code of Practice 2021 which you can read about on the NHSX website by clicking here.

How do you secure my information?

The security of your information is very important to St Nicholas Hospice. We use a range of security measures including but not limited to:

  • Hard Drive Encryption
  • Encrypted links (such as the Health and Social Care Network)
  • Anti-Virus Software including Anti-Malware
  • Firewalls
  • Regular Security Patch Updating
  • Staff Training
  • Username and Password Access Control
  • Role-Based Access Control (NHS Smartcards)
  • https Website Encryption

What do I do if I have a question or concern?

You can contact our team by emailing governance@stnh.org.uk with your queries or concerns. Or you can write to:

St Nicholas Hospice Care, Hardwick Lane, Bury St Edmunds, Suffolk IP33 2QY

Our team is made up of:

Data Protection Officer – Sara Taylor

Information Governance Lead – Michael Pollington (Cert EU GDPR practitioner)

Senior Information Risk Owner (SIRO) – James Rae – Head of Corporate Services

Caldicott Guardian – Dr Sarah Mollart – Palliative Care Consultant

You can also contact us by using this form.

You can also check out the Information Commissioners Office (ICO) website at www.ico.org.uk.

If any concerns are not answered to your satisfaction you can directly contact the ICO. Details are available by clicking here.

How do I access my information?

Under the Data Protection Act, 2018 individuals have a right to access information recorded about you, e.g. patient records.

If you would like access to your records please complete our online form by clicking here.

How can I update my details or preferences?

With your information, we can keep in touch with you. Also, if you’re a UK taxpayer, we can increase the value of your donations through GiftAid, at no extra cost to you.

Please share or update your preferences below, or use the form to ask us to stop using your information.

  • Hidden
    MM slash DD slash YYYY

  • Your data - would you like to update us?

    With your information we can keep in touch with you. Also, if you're a UK tax payer, we can increase the value of your donations through GiftAid, at no extra cost to you.

    Please share or update your preferences below, or use the form to ask us to stop using your information.

  • We frequently share general updates on Hospice activities; this is the best way for supporters to keep in touch, and discover the latest news from all areas of the Hospice.
  • While we're updating our records we would like to ensure we have an up-to-date gift aid statement. By gift aiding your donations you can boost your donations by 25p for every £1 you donate at no extra cost to you.
  • This field is for validation purposes and should be left unchanged.