At Shooting Star Chase we are committed to ensuring that your privacy is protected and respected in compliance with the EU General Data Protection Regulation (GDPR)
Our privacy promise
• To keep your data safe and private
• Not to exchange or sell your data to another organisation
• To only hold your information for as long as necessary
• To make sure that you are in control of how we use your information and that you will always have the right to ask us to stop using it
• We will only contact you in the ways that you wish, making use of what you have told us so that we can tailor our communications so that they are appropriate and relevant to your interests
• To give you ways to manage and review your communication preferences at any time
Shooting Star Chase’s Data Controller
Nigel Harding, Chief Executive
Shooting Star Chase, Bridge House, Addlestone Road, Addlestone, Surrey KT15 2UE
Who we are
Shooting Star Chase is a children’s hospice charity caring for babies, children and young people with life-limiting conditions, and their families. Whether lives are measured in days, weeks, months or years, we are here to make every moment count. We support families from diagnosis to end of life and throughout bereavement with a range of nursing, practical, emotional and medical care. As an organisation, Shooting Star Chase is registered with the Information Commissioner in accordance with the General Data Protection Regulations. Our registered charity number is 1042495.
Your acceptance of this policy and our right to change it
By using our website, social media pages or providing your information, you consent to our collection and use of the information you provide in the way(s) set out in this policy. If you do not agree to this policy please consider carefully the use of our website, social media pages or services.
We may make changes to this policy from time to time. If we do so, we will post the changes on this page and make sure it’s publicised clearly on our website. These changes will apply from the time we post them. This policy was last updated on 25 May 2018.
If you have any queries about this privacy statement please contact the Data Protection Officer at Shooting Star Chase, Bridge House, Addlestone Road, Addlestone, Surrey, KT15 2UE
What is personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number, email address, and now includes online identifiers (eg. Cookies and your IP Address, which is the location of your computer on the internet).
Personal data concerning health means data related to the physical or mental health of a natural person, including the provision of health care services which reveal information about his or her health status.
It is important that you read the full policy to understand what information we hold, how we may use it, and what your rights are. Here is a quick summary:
• We collect information that is either personal data (as outlined above) or non-personal data (such as web pages accessed)
• We collect information about the children and families to whom we provide care and support
• We collect information about supporters, customers, volunteers and employees
• We collect information so that we can provide services or goods, to provide information, to fundraise for our vital work, for administration, profiling and analysis
• We collect information for the prevention and detection of crime
• We will make sure that we update your data when you tell us to do so
• We will only collect the data that we need or that would be useful to us to provide you with the best possible service and experience
• We will make sure that we keep personal information secure wherever we collect personal data online
• We will never sell your data and we will never share it with another company or charity for marketing purposes without your explicit consent
• We will only share data where we are required to do so by law or with carefully selected partners who we work with
THE FULL POLICY
This policy applies to the website we operate, our use of emails and text messages for marketing purposes and any other methods we use for collecting information. It covers what we collect and why, what we do with your information and what we will not do with your information, and what rights you have.
The privacy of non-care related data
What information do we collect and why?
We will only ever collect information we need (including data that will be useful to help to improve our services). We collect information as follows:
1. Personal information such as name, date of birth, email address, postal address, telephone number, credit/debit card details, your reason for supporting Shooting Star Chase. Personal data has been extended to include online identifiers such as IP addresses.
2. Non-personal information such as web pages accessed and files downloaded. We may use this information to personalise the way our website is presented when users visit it, to make improvements to our website and to ensure we provide the best service for users. This information does not tell us anything about who you are or where you live, it simply allows us to monitor and improve our services.
We collect this information in connection with specific activities such as event registration, donations, newsletter requests, feedback etc. The information is either needed to fulfil your request or to enable us to provide you with a more personalised service.
You may give us information about you when you:
• Register with us to find out more information about the charity
• Make a donation, fundraise on our behalf or register for an event (where you will need to provide health data which may be sensitive)
• Order products from us
• Seek care, support and assistance from us (eg by contacting the care admin team at the hospices)
• Request publications, newsletters or other information from us
• Volunteer with us
• Apply for a job (including sending us your CV)
• Report a problem with our website
• Otherwise give us personal information (eg sensitive information about your physical or mental health)
You may give us this information when you correspond with us by phone, email, via our website or otherwise.
Information we receive from other sources
We may also obtain personal information about you from other sources eg. if a family member, a friend or your GP contacts us on your behalf, or if a fundraiser passes on your details to us. We may also combine your personal information with other information we collect from third parties (eg. for fundraising purposes). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
If you are aged 16 or under, you must get your parent/guardian’s permission before you provide any personal information to us.
How do we use this information?
We collect information about you:
• To provide you with the services, products or information you have requested
• Process sales transactions, donations or other payments and verify financial transactions
• Claim Gift Aid on your donations
• Record any contact we have with you
• For administration purposes
• Provide you with information about other services and products we offer that are similar to those that you have already purchased or enquired about
• Prevent or detect fraud or abuses of our website
• Enable 3rd parties to carry out technical, logistical, fulfilment or other functions on our behalf
• To carry out research on the demographics, interests and behaviours of our users and supporters, to help us gain a better understanding of them and to enable us to improve our service. This research may be carried out internally by our employees or we may ask another company to do this work on our behalf
• Send you information and communications about what we do and how we can help you and how you can help us (eg. volunteering, fundraising, events)
• If you have agreed to it, provide you with information that we think may be of interest to you
• Carry out obligations arising from any contract entered into between you and us
• Look into, and respond to, complaints, incidents, near misses, legal matters or any other issues
• Send you information and communication around your employment or volunteering role
If you enter your contact details in one of our online registration forms, we may use this information to contact you even if you don’t “send” or “submit” the form. We will only do this to see if we can help with any problems you might be experiencing with the form or with our website.
We may need to share your information with our service providers and associated organisations working on our behalf for administration purposes only. We will never share your information so that you are contacted by other organisations.
We will only send marketing information to individuals who have specifically said that they agree to us doing this or have a legitimate interest in our work.
When we send you any marketing information by email, every message we send will include a link if you want to tell us that you do not wish to receive emails from us in the future.
You can change your marketing preferences at any time by contacting Supporter Care Services, Shooting Star Chase, Bridge House, Addlestone Road, Surrey, KT15 2UE, by phone on 01932 823100, or email email@example.com
You can also update your preferences online at shootingstarchase.org.uk/consent
Shooting Star Chase will process personal information for certain legitimate organisational purposes. For example, when you request to receive services or products from Shooting Star Chase, we have a legitimate organisational interest to use your personal information to respond to you and where there is no overriding prejudice to you by using your personal information for this purpose. This also includes some or all of the following:
• Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our users and supporters
• To identify and prevent fraud
• To better understand how our customers (ie. users and supporters) interact with our website
• To provide postal communications which we believe will be of interest to you
• To determine the effectiveness of promotional campaigns and advertising
•To enhance the security of our network and information services
You have the right, at any time, to object to Shooting Star Chase processing your data in this way. This is the case, for example, where we seek to obtain your consent to receive “marketing” communications via email about Shooting Star Chase.
Data privacy for those we provide care and support to
What you need to know about your records and those of your child at Shooting Star Chase. We understand that our care may apply to more than one child in a family, and also the support of the wider family, so for the context of this policy, each child will have their own “record” and this will also contain details of any support to the wider family, including siblings.
Why we collect information about you
We receive information about your child from your child, you, your family and from other people involved in their care (eg. your GP, hospital doctors and nurses, social workers). We use this information to keep records about their care (“Records”). These Records are stored electronically or on paper and may include:
• Personal details like name, address, date of birth, parent or guardian, legal representative
• Contacts we have with you like appointments and telephone calls
• Notes and reports about their health, treatment and care
• Results of any laboratory tests or x-rays
• Relevant information from people who care for them or know them well
•Things we are told about wishes and preferences
How Records may be shared with other professionals
Members of the Shooting Star Chase team looking after your child may share relevant information from their Records, with each other. This team may include nurses, therapists, administration staff and people providing emotional and practical family support. It may also include students or trainees in health and social care who are working with our team.
Often it is necessary to share relevant information from your Child’s Records with health or social care professionals in other services who are directly involved in their care. Such professionals may include GPs, hospital teams, ambulance staff or social care services.
In these circumstances, we only share relevant information from their Records for medical purposes and if these people have a genuine need for it, or if we are under a legal obligation to do so. If you give us specific instructions not to share their Records in this way, we will respect this to the extent we are not prohibited from doing so by any legal obligation, although this may affect your child’s care. If it will affect care, we will let you know.
Other reasons for sharing Records
Your child’s Records help us to review the care we provide and to make sure that it is of the highest possible standard. This includes routine audits of our care, or investigating and responding to complaints, incidents or near misses. Our regulatory body, the Care Quality Commission (CQC) or NHS organisations who commission services from us, may also ask to review relevant information from these Records and/or seek feedback from you about the service we provide. We may also share information with local organisations, or commissioners, to gain Commissioned care funding.
If you do not want us to share relevant information from your child’s Records with these organisations or you do not want to provide feedback, they will respect your wishes where it is possible to carry out their checks without looking at relevant information from Records and/or containing you for feedback.
Some relevant information in your child’s Records may also be shared with other professionals or other organisations. This might be to help teach health or social care professionals, to provide statistical information to national organisations with interests in health care or health care research. When relevant information from your child’s Records is shared in this way, we remove or disguise any personal or identifiable information about you wherever possible. Your wishes will be respected and if you do not want us to share your child’s Records in this way, it will not affect their care.
Occasionally we are required by law to share Records and may therefore be prevented from respecting your wishes not to share these Records. This includes when:
• Our regulator, the CQC, is carrying out an audit
• We find an infectious disease (eg. meningitis or measles) which may put others in danger
• A formal court order has been made
• Other organisations like the police or social services need it to prevent serious crime or where there is a child at risk of abuse or neglect
How you can help us
You can help us by providing us with the correct details about yourself and your child, and by letting us know if you have any particular wishes about sharing your Records. You can also help by letting us know when any of these details change.
How we keep Records safe
We take our obligations to keep your child’s Records safe very seriously. Everyone working for us, or who has received their Records from us, has a legal duty to keep records confidential. They are monitored by the Caldicott Guardian, a senior clinical responsible for ensuring that people’s rights to confidentiality are respected.
Shooting Star Chase’s Caldicott Guardian
Helen Sibley, Director of Care
020 8783 2000
Shooting Star Chase, Shooting Star House, The Avenue, Hampton, Middlesex, TW12 3RA.
Photographs and films of children in our care
From time to time we photograph or film children in our care and use these photographs or films for publicity purposes. We will always obtain consent from the parent or guardian prior to photographing or filming any child in our care, and all photographs and films are stored and managed in accordance with GDPR.
Sharing your information
We will only share your information if:
• We are legally required to do so eg. compelled by a Court Order or required by a law enforcement agency legitimately exercising a power
• We believe it is necessary to protect or defend our rights, property or the personal safety of our staff and volunteers, or visitors to our premises or website
• We are working with a carefully selected partner that is carrying out work on our behalf. These partners may include mailing houses, marketing agencies, IT specialists and research firms. The kind of work we may ask them to do includes processing; packaging; mailing and delivering purchases; answering questions about products or services; sending postal mail, emails or text messages; carrying out research or analysis; and processing card payments. We only choose partners that we can trust. We will only pass on personal data to them if they have signed a contract that requires them to:
— Abide by the requirements of the General Data Protection Regulations
— Treat your information as carefully as we would
— Only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation)
— Allow us to carry out checks to ensure they are doing all these things.
Storing your information
Information is stored by us on computers located in the UK. We may transfer the information to other offices and to other reputable third party organisations as explained above. We may also store information in paper files.
The personal information we collect from or about you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) (eg. fundraising events that are outside the EEA, or in order to process credit/debit card transactions, the bank or card processing agency may require verification of your personal details for authorisation outside the EEA). By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice. This will never include medical data.
We place great importance on the security of all personal data and information associated with our supporters, service users and beneficiaries. We have security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, only authorised personnel are permitted to access user information and we use secure server software (SSL) to encrypt financial and personal information you input before it is sent to us via the internet.
Whilst we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we comply with GDPR guidance on data storage and management to try to prevent this.
We will keep your information only for as long as we need it to provide you with the goods, services or information you have requested, to administer your relationship with us, or the preferences of our supporters, to comply with the law, or to ensure we do not communicate with you if you have asked us not to do so. When we no longer need information we will always dispose of it securely, as outlined in our data retention policy.
The General Data Protection Regulations give you certain rights over your data and how we use it.
• You retain control of how we use your data and you have the right to ask us to stop processing your personal information, which we will do. In some circumstances, we may legally be required to retain your personal information for legal or audit purposes. However, this will be discussed with you depending on your requirements.
— Please contact firstname.lastname@example.org or call us on 01932 823100 if you have any concerns.
• You have the right to ask for a copy of the information we hold about you and, of course, to have any inaccuracies in your information corrected.
— If you wish to exercise these rights, please contact Supporter Care Services, Shooting Star Chase, Bridge House, Addlestone Road, Surrey, KT15 2UE, by phone on 01932 823100, or email email@example.com.
— You will need to complete and return a Subject Access Request From to us at the above address.
• You have the right to object to our use of your personal information, or ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the “right to object” and “right to erasure” or the “right to be forgotten”. There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.
— If you want to object to how we use your data, or ask us to delete it or restrict how we use it, please contact us in writing at Data Protection Lead, Shooting Star Chase, Bridge House, Addlestone Road, Addlestone, Surrey KT15 2UE or calling 01932 823100.
How to withdraw your consent
You can withdraw your consent at any time. Please contact us if you want to do so. If you wish to exercise these rights, please contact Supporter Care Services, Shooting Star Chase, Bridge House, Addlestone Road, Surrey, KT15 2UE, by phone on 01932 823100, or email firstname.lastname@example.org
Automated decision making and profiling
To help us promote our products and services to appropriate individuals, and to provide our supporters with the best experience possible, we may from time to time undertake profiling and automated decision making activities, to target key individuals for marketing specific products and services to. Before we do this we will:
• Carry out a Data Protection Impact Assessment to consider and address the risks before we start any new automated decision making or profiling
• Tell our supporters about the profiling and automated decision-making we carry out, what information we use to create the profiles and where we get this information from
• Use anonymised data in our profiling activities
If you would prefer that we do not use your personal information in this way, please let us know in writing at Data Protection Officer, Shooting Star Chase Children’s Hospice, Bridge House, Addlestone Road, Addlestone, Surrey KT15 2UE by emailing email@example.com or calling 01932 823100.
We may participate in Facebook’s “Custom Audience” programme which enables us to display ads to our existing supporters when they visit Facebook. Data is encrypted locally on our browsers to produce a unique fingerprint which cannot be reversed. This information is then sent to Facebook for them to compare to an existing list of their users’ encrypted IDs. Any matches are added to our Custom Audience and our adverts may then appear when you access Facebook. The matched and unmatched encrypted IDs are deleted and are not stored by either party.
When you make a payment or donation via our website with a credit or debit card, please be assured that any payment transactions are encrypted using either:
Our website may include links to website run by other organisations. Shooting Star Chase is not responsible for the privacy practices of these other website so you should read their privacy policies carefully.
Cookies and anonymous data
We may collect and record information in order for us to understand more about how our site is used and in turn make sure the site reflects your needs. To do this we may send cookies to your device. A cookie is a small file that contains information that allows us to recognise that you have used the site before, but will not contain any personal data.
For more information
For more information about your rights under the General Data Protection Regulations, go to the website of the Information Commissioner’s Office at www.ico.org.uk
Shooting Star Chase is not a “public authority” as defined under the Freedom of Information Act and we will therefore not respond to requests for information made under this Act.
Making a complaint
If you would like to make a complaint about how we process your personal data, please contact our Data Controller. If you are not happy with how your complaint is dealt with, you should contact the Information Commissioner’s Office (www.ico.org.uk). Alternatively, you are entitled to make a complaint to the Information Commissioner’s Office without first referring your complaint to us. For further information please see the Information Commissioner’s guidance.