1. This Privacy Notice sets out the data protection practices of the Patient Welfare Fund for personal information held in electronic and manual forms. It explains the data we may collect when we interact with you and how we store and handle that data, our reasons for doing that and how we keep it safe.
2. We want to keep you as informed as possible about how we do our business, especially when it involves your personal data, hopefully this Notice will provide you with the answers you need. If, however, you wish further clarification or have any more questions please get in touch with us.
Who we are?
3. The Patient Welfare Fund is a charitable organisation that provides welfare support to Service personnel and their families whilst they are undergoing treatment as patients in University Hospital Birmingham Foundation Trust hospitals.
4. For simplicity throughout this notice, 'we', 'our' or 'us' means the Patient Welfare Fund.
What is personal data?
5. Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. It may include name, identification number or location data.
What is the processing of personal data?
6. Processing includes a broad range of operations including collection, structuring, dissemination and erasure of data.
What are our responsibilities?
7. The General Data Protection Regulation (GDPR) requires that we process personal data lawfully, fairly and in a transparent manner in relation to individuals. WE have to ensure that we are able to demonstrate compliances with the principles.
How do we use your personal data?
8. The Patient Welfare Fund uses your personal data to maintain records of our donors and beneficiaries. We keep personal data up to date and store and destroy it securely. We do not collect or retain excessive amounts of data and we protect personal data from loss, misuse and unauthorised access and disclosure.
9. We use the contact details of our supporters to maintain a working relationship and to keep them informed of our activities, news, events and to enable fundraising or the promotion of the interest of the charity. In addition, we will use our supporter's details to maintain our own records.
10. We use the names of our beneficiaries to keep accounting records.
Our legal basis for processing your personal data
11. In order for us to contact you by email, telephone or post for direct marketing or to provide you with information on our activities we use the legal basis of consent. That is, you have to give us clear consent that you are happy to be contacted in this format in order for us to provide updates of information.
12. In order for us to contact you by post when it is deemed necessary we use the legal basis of legitimate interest. That is, we can use your information to keep you informed of any changes. This legal basis allows us to keep you informed in the future if we feel it is necessary in relation to your or our interests for us to provide you information about the Patient Welfare Fund. For example, if as a previous donor we felt it appropriate to inform you of changes to how we were using the money you had donated.
13. In order for us to maintain our records we use that legal basis of legal obligation. That is, processing of the data is necessary for us to comply with any legal obligations that we are subject to.
The sharing of personal data
14. We will not share your personal data with any outside organisation unless there is a legal basis for doing so. For example, for the purposes of accounting or at the request of a law enforcement, regulatory of government department.
The storage of personal data
15. Personal data will only be held for the time that is necessary for the purposes it was collected for. Either to maintain records in accordance with our legal obligation or whilst we have an active relationship with our supporters and beneficiaries. We will conduct regular reviews of our personal data holdings.
16. We ensure that we store it safely and securely. We will treat your information with the utmost care and take appropriate steps to protect it. We will carry out regular reviews of our procedures and ensure the continued protection. If a data breach occurs we will inform you where possible, for this reason it is vital you ensure that your information is kept up to date.
Your rights and your personal data
17. Unless subject to an exemption under legislation, you have the following rights with respect to your personal data:
a) Request a copy of your personal data held.
b) Request correction of personal data if found to be inaccurate or out of date.
c) Withdraw consent.
d) Removal of personal data.
18. Where we rely on legitimate interest you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your information.
How can you stop the use of your personal data for direct marketing?
19. If you wish to opt out at any point please contact using the information on our contact page. Please ensure you provide your name. Your name will be retained on a database.
Contacting the regulator
20. If you feel your data has not been handled correctly, or you are unhappy with our response to any request you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office.
a) Telephone: 0303 123 1113
b) Online: www.ico.org.uk/concerns (opens in a new window. Please Note: We cannot be held responsible for the content of external websites).
21. We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your right to control it. If you have any questions that have not been covered, please contact us using the details providing on our contact page.
This Notice was last update on 15/05/2018