PRIVACY NOTICE

Find out more about how we, Tetbury Hospital Trust, use your information:

What information do we collect from you?
Why do we collect your information?
Who might we share your information with?
What do we do with your information?
How long do we keep hold of your information?
How can I access the information you hold about me?
How the Trust ensures information is used appropriately
What to do if you have concerns about the use of your information
What information do we collect about you?

Records which this Trust may hold about you may include the following:

  • Details about you, such as your address and next of kin
  • Any contact the Trust has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you

Why do we collect your information?

We collect your information to enable us to provide you with health and social care services. However, your information may also be collected for other purposes that you should be aware of, such as CCTV recordings used for crime prevention, or if you make a complaint/enquiry or if you complete a survey. As we are a Charity and fundraiser, your information will be held on our private Friends database, if you have applied to join the Friends. This information is not shared with any third party and is used solely for information on fundraising. In all situations the Trust is required to comply with data protection law. Our staff may check your details with you to ensure they are up-to-date and correct. This is important to avoid errors in your care or treatment. So, if your details have changed (such as your name or address) you need to let us know.

Marketing

If you have consented to our processing your personal data for marketing/fundraising purposes, in accordance with this Privacy Policy, we may send you information (via mail, email or phone about our products and services which we consider may be of interest to you.

Who might we share your information with?

The Trust may decide it is appropriate to share your information with other organisations or professionals involved in your care so that you receive good quality care and to prevent you being assessed again or being asked the same questions. Ordinarily information kept by the Trust will be made available to your GP. The Trust works with many partner organisations such as Social Care services, Educational bodies, Housing Associations, Voluntary and Community organisations. Staff should discuss with you what information they are sharing, why and with whom. We will only consider sharing information with other organisations or professionals where we consider it an important part of delivering effective care. However, you have a right to object to your information being shared. There are exceptional circumstances whereby the Trust may share information about you without your knowledge, for example, in an emergency where you or someone else might suffer substantial harm or distress, where it relates to a ‘communicable disease’ (such as cholera, plague, smallpox, etc) or if information is required by law (such as a court order). Click here Gloucestershire Information Sharing Group to see a list (‘Partner Organisations’) of the Trust’s main information sharing partners (this will take you to a website provided by Gloucestershire County Council)

What other information about you do we hold?

As well as information that you provide to us directly, we also use information from other sources to help us provide you with safe and effective health and social care. This may include, for example: • information from another NHS Trust, or your GP Surgery about health care that you have received previously • information from other partner organisations such as Social Care services, housing associations, and voluntary and community organisations

How long do we keep your information?

There is a requirement for the Trust to hold a record of your information for a set length of time (which varies according to the type of information that it is). You can find further information on the rules that the Trust must follow here (this will take you to a website provided by the Information Governance Alliance – see ‘Records Management Code of Practice for Health and Social Care 2016’).

Where is my information stored?

Some health records are held in paper form but most are now electronic as the NHS strives to become paperless. Almost all electronic records are stored in the UK. However, for a very small minority of services some information is stored abroad, such as Functional Family Therapy information which is stored electronically in the USA. We make sure that where information is stored abroad, it has the same level of legal protection as it would if it were stored here.

What are my rights?

The Data Protection Act gives you certain rights in respect of the information we hold about you. Select a topic below for further information:

  • Request a copy of information that we hold about you
  • Object to the Trust using your personal data
  • Request to have your personal data rectified
  • Request to have your personal data erased

How to submit a request

The Trust may refuse your request (in full or in part) where there is a legal basis to refuse and you will be notified of this. How can I request a copy of information that we hold about you You are entitled to a free-of-charge copy of information that we hold about you. However, the Trust may charge a ‘reasonable fee’ for particularly bulky, complex or repetitive requests (for the same information) based on the administrative cost of providing the information. The Trust must provide you with the requested information (where it is appropriate to provide) within 30 calendar days once it has sufficient details to be able to process the request. However, the Trust may extend this period up to 90 calendar days or refuse to respond for bulky, complex or repetitive requests. How to submit a request Submit your request in writing by either: Email – Enquiries@tetburyhosptal.co.uk OR Post – Head of Information Tetbury Hospital Trust Ltd Malmesbury Road Tetbury Glos GL8 8XB

How to Object to the Trust using your personal data

You have the right to object to the Trust using/sharing your information, however, there is no automatic right to prevent the Trust using/sharing your information. Objections will be considered and you will be notified of the Trust’s decision and reason for its decision. Where we have asked for your consent to collect and use your information, you have the right to withdraw that consent at any time.

Request to have your personal data rectified

You are entitled to have personal data rectified if it is inaccurate or incomplete. The Trust must respond within 30 calendar days. However, the Trust may extend this period up to 60 calendar days for complex requests. The Trust may refuse the request if it believes the information is accurate/complete or there is a legal basis to refuse and you will be notified of this. You have the right to complain to the Information Commissioner’s Office and to seek correction by order of a Court.

Request to have your personal data erased

This is more commonly known as the ‘right to be forgotten’. You may request to have your data erased where:

  • It no longer needs to be kept by the Trust (it has surpassed the minimum retention period)
  • Where you withdraw your consent or object to the use of your data and there is no requirement for the Trust to retain the data
  • It has been used unlawfully
  • The Trust must comply with a legal obligation
  • You are under 16 and data has been stored electronically by the Trust at your request

The Trust may refuse your request (in full or part) where there is a legal basis to refuse and you will be notified of this. How the Trust ensures information is used appropriately The Trust is required to provide evidence of the steps it takes to ensure information is used appropriately. Click here to find out more (this will take you to a website provided by NHS Digital).

What to do if you have concerns about the use of your information

You can contact the Trust’s Information Governance Manager: janejones@tetburyhospital.co.uk Or the Trust’s Accountable Officer: zenadalton@tetburyhospital.co.uk.
If we can’t resolve your concern, you have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details can be found here Information Commissioner’s Office.

This Privacy Policy governs the manner in which The Friends of Tetbury Hospital collects, uses, maintains, discloses and processes information collected from users of the friendsoftetburyhospital.co.uk website (“Site”). This privacy policy applies to the Site and all products and services offered by The Friends of Tetbury Hospital.

To use the The Friends of Tetbury Hospital website and services you must agree to this privacy policy. When signing up, you agree to this policy and your use of The Friends of Tetbury Hospital signifies your continued acceptance.

 

Summary

  • We are The Friends of Tetbury Hospital and you can contact us at friends@tetburyhospital.co.uk
  • We process your data to provide our services to you, or for our legitimate interests
  • We only process your data for as long as we need to, and then we delete it
  • We do not sell or share your data with others unless they are providing a service to us (such as payment service providers), or unless you ask us to share your data
  • Our services include a number of places where you can send data to third parties. If you want to use these, you should check you are happy with the way they use your data
  • We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time
  • We do not share your data outside the EEA
  • You’ve got lots of rights, including the right to complain to the Information Commissioner’s Office. If you need a hand in exercising your rights, feel free to contact friends@tetburyhospital.co.uk

 

Who We Are

The Friends of Tetbury Hospital (“we”, “us”, “our”) is a business registered in England & Wales, The Friends of Tetbury Hospital, Malmesbury Road,  Tetbury, Gloucestershire, GL8 8XB.

We operate a number of services including business transfer, legal services, acquisition funding and others. This privacy policy covers how we will use, collect and process any data provided to us.

 

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.

 

How We Process Your Data

Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. The key information that we process is shown below for your information:

Authorisation & Session Data

Whenever you login to one of our services we will use at least two cookies that will identify your session to our services. This is necessary to provide our service to you.
The browser_id cookie is a permanent cookie that uniquely identifies your browser to us and allows us to ensure that previous sessions from that browser are invalidated when logging in again. This is only used for the purposes of invalidating these sessions as well as allowing us to notify you when new sessions are created in new browsers.
The user_session cookie is, initially, a session-only cookie that contains a unique token that identifies your specific session. This data is not stored on our end and is only stored in a hashed form. If you choose to persist with your login session, this cookie will be converted to a more permanent cookie with an expiry time at some point in the future. The actual time will depend on the service you are using.
In addition to these cookies, we also store IP addresses & user agents with your session. This allows us to look for anomalies in its use to help us protect your account and our systems.
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Retention: This data is stored until such time as the associated user account is deleted.

Your Name

When you sign up, we need to know your first & last name so that you can be identified. We will use your name to address you and it may be stored in various systems that you use. This is necessary to provide our service to you.
Your name may be shared with other people that share access to an account you are part of. For example, if you have a The Friends of Tetbury Hospital account, your name will be shared with other members of that account.

Retention: Your name will be retained until your user account is deleted. In some cases, your name may be kept with your billing records where we have a legal obligation to store this information.

E-mail Address

We will store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations.
We may also use your e-mail address to send you messages about our services which may include notifications about newly launched features, improvements to the service, upcoming maintenance as well as ways to help you make the most of your service. If you would rather not receive these messages, please let us know or click the unsubscribe link in these e-mails.
We will not send you any other marketing messages unless you subscribe to our newsletter which you can do through our website when signing up or through one of our applications. When you do this, you will be consenting with us to use your email address for this purpose. You may withdraw this consent at any time by unsubscribing from the messages or contacting us.
If you are using a service that allows multiple users to have access to the same account, your e-mail address may be shared with the other users on this account.
Our applications may share a cryptographic hash (MD5) of your e-mail address with the Gravatar service to allow us to display an appropriate profile image with your images. If you do not have an account with Gravatar, they will not be able to determine your actual e-mail address.

Retention: Your email address will be kept until such time as all accounts associated with it are deleted from our systems.

Outgoing E-mails

If we send you transactional e-mails, these will be passed through our internal mail server and stored for a period of time to assist with debugging delivery problems and ensuring messages are appropriately delivered to their destinations. This is necessary to provide our service to you.
The information stored includes the contents of the message sent, the e-mail addresses of the recipients and any other headers.

Retention: The contents of messages are stored for a minimum period of 30 days from the date the message is received by our mail system.

Incoming E-mails

If you send us e-mails, these may be passed through our mail servers. If some cases, these messages will be consumed by one of our services or applications. This is necessary to provide our service to you.

Retention: The contents of messages are stored for a minimum period of 30 days from the date the message is received by our mail system.

Your Postal Address

We require your postal address in order to provide you with an invoice for your services. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years. We may need to send you items by post. To do this, you will need to provide your address to us again and consent to us using it for the purposes of sending you items by post. We may store your address on file to allow us to send you items in the future. You may opt to have this address removed from our records at any time by contacting us.

 

Any Data Added By You And Stored In Your Accounts

When you use our services you might upload or generate personal information relating to your own customers and users. You will remain the data controller for all such data that is stored within our systems and are responsible for ensuring you have an appropriate lawful basis & notices in place to allow us to store this data on your behalf.
If you use a The Friends of Tetbury Hospital service which allows you to upload, store or process any personal data, you are responsible for ensuring that you are compliant with appropriate laws & regulations (for example the General Data Protection Regulation) for this data.
We do not recommend customers store any personal data in areas of our systems that are not designed for the purposes of storing this information.

Retention: Data stored in the services you have with us will be kept until such time as you delete the data yourselves or you cancel your account. Upon cancellation of an account, we may keep the data for up to 7 days at which point it will be purged from our databases.

 

Analytics

We use Google Analytics to help us track the details of visitors browsing our public websites. We do not use Google Analytics on any URLs once you have been authenticated. We do not send any personal data to Google’s services through Google Analytics and we configure our tracking codes to anonymise any IP addresses.

 

E-mail Directly To/From Our Employees

If you communicate with our employees directly by e-mail (i.e. not using our normal support channels), we may retain your name & e-mail address in the mailboxes of the employee(s) that you communicate with. This is necessary to provide our service to you.

Retention: Employee e-mails are kept indefinitely. Any e-mails that contain sensitive data that are delivered by accident will be removed immediately.

 

Our Servers

We use a United Kingdom based hosting company. All their data centres have a number of physical security precautions in place including 3m perimeter fencing, full CCTV coverage, 24/7 security personnel and electronic access control systems.

 

Transfer Of Data To Group Companies

We may share and/or transfer your data with other companies within our group for the purposes of administration and company structuring.

 

Transfer Of Data On Product Or Service Acquisition

If one of our services is acquired by another company or entity, we may share your information with the acquiring company so that they may continue to provide you with the services that you have elected to receive. You will be notified by e-mail in the event that such an acquisition occurs.

 

Third Party Processors

In some cases, we may use third parties to provide storage or computing services. We maintain a list of third parties that process data on our behalf.

Professional Services
We may share your details with processional service companies such as accountants or accounting software.

Payment Service Providers
We may share your details with company who provide us with payment services for taking payments from credit/debit cards.

Technical Service Providers
We may share your details with providers we use to provide computing services.

E-mail Marketing Software
We may share your details with e-mail marketing software providers to allow us to send e-mails to customers.

Communication Services
We may share your details with companies who provide us with communication services such as a live chat or e-mail providers.

We will not share your data with third parties for the purposes of any marketing without your consent unless otherwise specified in this privacy notice.
Some of our applications allow users to configure integrations with third party services. When using any of these integrations, you share your data with the organisations who operate these services. You should review their own privacy information with regard to how they will treat this information once it has been provided.

 

Correcting Your Personal Data

It is important to us that the information we store is up to date and accurate. You may update your details at any time through our various websites & applications.

 

Removal Of Your Personal Data

In some cases, you may be able to request that we remove your personal data from our systems. As with correcting your data, you can often delete your data yourselves through our websites & applications. In other cases, though, please feel free to contact us using the information below.

 

Your Rights

You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.

 

Notification Of Data Breaches

Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.

 

Electronic Storage Of Data

No method of electronic storage can be 100% secure, however, we have sophisticated and detailed security & development policies that govern our systems & applications to help ensure your data is as secure as it can be.

 

Use Of Our Services By Persons Under The Age Of 16

We do not provide any of our services to anyone under the age of 16. If we are made aware of anyone under the age of 16 using our services we will immediately delete any and all data from our systems.

 

Changes To Our Privacy Policy

We may need to make changes to this privacy policy from time to time. All changes will be published to our websites and we recommend reviewing it to stay up to date. If we make any changes that we feel may affect your privacy rights, we will notify you by e-mail or by displaying the information within the our services or applications.

 

Our Lawful Basis For Data Processing

Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.
Where our processing is based on consent, you may withdraw consent at any time.
Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our services to you if you do not give us the data in question.

 

Disclosure Of Information To Law Enforcement Agencies

We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.

 

Data Protection Authority

You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner’s Office (ICO) in the United Kingdom (our authority).
The ICO can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.gov.uk.

 

Contacting Us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

The Friends of Tetbury Hospital
Malmesbury Road
Tetbury
Gloucestershire
GL8 8XB

Mobile: 01666 502336
Email: friends@tetburyhospital.co.uk

This document was last updated on 20th November 2020.