1. What is this notice about?

East and North Hertfordshire Hospitals’ Charity raises funds for Lister Hospital, New QEII Hospital, Hertford County Hospital and Mount Vernon Cancer Centre.  The charity is currently funding the Lynda Jackson Macmillan Centre, Magic of Play and the Lister Butterfly Volunteer Service. 

Our registered charity number is 1053338.

If you support the charity by donating, either as an individual or on behalf of an organisation or Trust, we need to process information (data) about you.  This notice explains what personal data we may process about you and why, how we protect your personal data and your rights under data protection law. 

If you are also a patient or volunteer, you can find details about how we protect your personal data in our main Trust Privacy Notice.

The main laws that protect people’s personal data are the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and, for electronic communications for marketing or fundraising purposes, the Privacy and Electronic Communications Regulations (PECR).  All these laws are regulated by the Information Commissioner’s Office. 

Under the data protection law, the organisation who determines the purpose of the processing is called the ‘Data Controller’.  The charity is the data controller for the personal data that we process for the purposes contained in this Privacy Notice.

2. What personal data do you process about me?

 We hold a record of:

• your name
• the name of your organisation or Trust (if applicable)
• your contact details (postal address, email address, telephone number(s), fax number (if applicable)
• the payment details you give us (your personal or organisation bank details, debit or credit card number and expiry date)
• whether you are a UK taxpayer (this is so we can claim Gift Aid of 25% of the amount of your donation(s) if you are a UK taxpayer)

If you have agreed to be part of a communications campaign or to provide a case study, we may hold additional information about you, but we will tell you what additional data we hold about you and why.   

We only use your personal data for the purpose(s) for which it was provided to us and in ways that you would reasonably expect. 

3. Why we process your personal data

We want to keep in touch with you about the valuable work we do for patients and their families, to tell you about opportunities to support our charity and to make sure that your support is recognised. This includes:

• contacting you to invite you to events
• contacting you to update you on our work, to tell you about new areas of work and fundraising appeals and to ask for your support
• contacting you about areas of our work that we believe are of interest to you as a Trustee or in your professional capacity
• managing our relationship with you in the ways you would expect and so that we can thank you appropriately for your generosity and support.

We also need to make sure that we hold accurate records of your past support and any pledges you have made, for financial management and accounting purposes, and for fraud prevention.

As above, if you have agreed to be part of a communications campaign or to provide case study, we will tell you what additional information we are holding about you and why.

4. The lawful bases for processing

We must have a lawful basis under Article 6 of the UK GDPR to process your personal data.  The purposes for the processing to which this privacy notice applies are marketing and fundraising.

If you have previously donated, the lawful basis we rely on is ‘Legitimate interest’.  If you have not previously donated, we will ask for your ‘Consent’ to contact you for marketing or fundraising purposes. 

If you have agreed to be part of a communications campaign or a case study that will be published, we also use legitimate interest as the lawful basis, though we will always make sure we have your consent to participate and know how your information will be used.  We may also record your consent under ‘common law’.

For financial transactions, we have a ‘legal obligation’ to retain financial data for accounting and HMRC reporting purposes and for fraud prevention.

Where we communicate with you electronically, we must also comply with the Privacy and Electronic Communication Regulations (PECR).  PECR protects companies as well as individuals from unfair marketing or fundraising by digital means (phone, email, text or fax) as well as tracking people’s activity on websites through ‘cookies’. We ensure we comply with PECR by making it easy for you to update your communication preferences or to opt out of receiving electronic communications.  If we use cookies on any of our websites, we will explain what these are and how you can increase your privacy. For details on cookies, see our cookie policy. 

5. Your communication preferences

You can update your communication preferences at any time.  You can opt in or out (subscribe or unsubscribe) to receiving marketing or fundraising materials from us or tell us what you would like to receive or prefer not to receive.  You can also tell us what methods of communication you would prefer us to use.

You can also object to us processing your personal data.  We will consider your objections and if there is no legitimate reason why we need to retain the data, we will delete the data you ask us to. Where we have relied on legitimate interests and there is a legitimate reason why we need to retain the data, then we will not be able to comply with your request whilst the data is still needed for a legitimate purpose.

6. Sharing your data

We will never share your personal data with third parties for their own purposes.

We use third parties to carry out specific data processing tasks on our behalf.  These third parties are called data processors and the processing they carry out for us is done under a contractual obligation.  Under data protection law, data processors must work in accordance with our instructions and comply with our responsibilities as data controller.  We have contracted data processors for finance, communications (including mail outs) and events.

7. Keeping your personal data secure, accurate and up to date

We hold your personal data securely and it can only be accessed by authorised staff.  Staff are aware that their access may be monitored.  We ensure that staff duties are separated to prevent errors or fraudulent activity. 

We want to ensure that the data we hold about you is accurate and up to date.  Please tell us if your details change, so we can update our records.  If we become aware of any changes, we will contact you to confirm with you your correct details.  

8. How long we keep your personal data for  

We only keep personal data for as long as needed for the purpose it was collected for.

This includes the need to comply with our legal obligations for accounting and tax purposes.  When we no longer need to retain your data, we will ensure it is securely disposed of.

9. Your rights

You have the right to:

• request a copy of the data we hold about you
• ask us to correct any data we hold about you that is wrong
• ask us to delete your personal data
• object to the processing of your personal data
• restrict the processing of your personal data, in certain circumstances.

You can also change your communication preferences at any time. 

For more information on your data subject rights under the UK GDPR, please visit our main Privacy Notice.

10. Do you have any questions?

If you have any questions about this Privacy Notice, please contact the charity at:

Email: [email protected]

Tel: 01438 285182

Post: East and North Hertfordshire Hospitals’ Charity, Lister Hospital, Coreys Mill Lane, Stevenage, Hertfordshire, SG1 4AB

If you would like to contact the East and North Hertfordshire NHS Trust’s Data Protection Officer please write to: [email protected].

Page updated April 2023