This Information Notice applies to:
Donors to Katharine House Hospice

Broad nature of data collected and our use of this data

• Name, address, contact details – To enable us to contact you
• Details of donations made, including types of support given: for example attendance at an event, sponsorship, in-memory donations, etc – To enable us to process the donations, and properly thank you
• Details of Gift Aid claims – To enable us to claim gift aid on donations and provide evidence to HMRC

How we process this data

• Donation data is processed by volunteers and staff to ensure we account for our income correctly, and enter relevant details on our donor software.
• The data is used with donors consent to send them information about events, or appeals we are running.
• We also use personal data to make claims for gift aid from HMRC
• We also use financial details in aggregate to assess the performance of the different events and appeals we run, to help us make decisions as to whether to continue running these.

Sharing this data

• We only provide name and address details to third party companies who undertake our mailings.
• We do not share information with third parties, unless we are required to do so for legal reasons – for example HMRC may ask us for specific information to make claims.

How we store the data

• Most of the data is stored electronically on proprietary software (called Donorflex) which stores details on our own servers. Access to this data is restricted first by a user Id and password to get on to our servers and then by a separate user id and password to get onto Donorflex.

Retention of the data

• Data is retained indefinitely unless a donor requests us to delete this information. However, records must be kept for HMRC and for financial regulation of charities for a period of at least six years.

Destruction of the data

• Paper records are destroyed by an external company shredding the records using an industrial shredder.
• Electronic records are anonymised – your name and address details can be removed from the record, but we may need to retain information about your gift aid for six years.

Other relevant Information Notices:

• None

This Information Notice applies to:
Patients of Embrace Quality Care

Broad nature of data collected and our use of this data

• Name, address, contact details – To enable us to visit you and maintain contact with you
• Date of birth, NHS number – To ensure you are correctly identified and your records are correctly assigned to you
• Next of Kin / Main Carer – To enable us to communicate with them in the case of an emergency
• Details of your health and clinical conditions, including your medications – To ensure that the care we deliver is safe and effective.

How we process this data

• This data is collected on a computer tablet. This information is uploaded via a dedicated telephone signal to our clinical system. Once the data is uploaded it is immediately and automatically deleted from the tablet.
• A paper record of each visit is maintained in your house and these are collected on a weekly basis and stored on your clinical record at the company’s office.
• Anonymised data is used to monitor the quality of our services and to report about incidents or complaints to the board of directors.
• Should there be a serious incident which needs to be reported to the Care Quality Commission we send an anonymised report to them. Exceptionally they may request further details.
• Name and address data is used to generate invoices for the services we provide to patients when we are billing the patient directly.

Sharing this data

• For your benefit we need to share information we hold about you with other organisations which are or will be involved in your care, for example General Practitioners (GPs), District Nurses, Ambulance Services and Social Services. This is to ensure the care delivered to you is safe, effective and responsive.
• We provide an anonymised case number if we invoice a commissioner for the services we provide to you.
• However, we will not disclose any information to other third parties without your consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.
• If we are asked to share information with another organisation that does not directly relate to your care, we will always seek consent prior to any information being shared. If you choose not to consent to this when asked, then that decision will be recorded and respected.

How we store the data

• The electronic data is stored on proprietary software on our own servers. Access to this data is protected via a user log-in and password to the servers and by a second, separate user log-in and password for the software.
• Paper records are held in a room in locked cabinets. When the room is not occupied by team members it is locked.

Retention of the data

• Data about your care is retained for eight years after our last contact with you, or longer if required by law to do so.

Destruction of the data

• Paper records are destroyed by an external company shredding the records using an industrial shredder.
• Electronic records are anonymised – your name and address details are removed from the record.

Other relevant Information Notices:
None

Other useful information:
Embrace Quality Care uses a confidentiality code of conduct based on one developed by the NHS. This code outlines the requirements that must be met in order to provide individuals with a confidential service.

The three main principles are:

• PROTECT look after people’s information;
• INFORM ensure that people are aware of how their information is to be used;
• PROVIDE allow people to decide whether their information can
• CHOICE be disclosed or used in particular ways.

To support these three requirements, there is a fourth:

• IMPROVE always look for better ways to protect, inform, and provide choice.

Everyone working for Embrace Quality Care is subject to the Common Law Duty of Confidentiality. Information provided in confidence will only be used for the purposes stated and to which you have consented, unless there are other circumstances covered by the law.

Under our Confidentiality and Data Protection Policy, all of our staff are required to protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared. This will be documented in your records.

This Information Notice applies to:
Staff and volunteers working within Katharine House Hospice and its subsidiary companies, patients, visitors, customers, those attending our fundraising events.

Broad nature of data collected and our use of this data

• Name, address, telephone number – To enable us to contact persons involved
• Injury to part of the body or person – To assess suitable treatment
• Description of what has happened – As part of our compliance with MHSWR (management of health and safety at work regulations.

How we process this data
<ul.

• Copies of the accident or Incident forms are completed by a member of staff and passed in a sealed envelope to the CEO’s office where data is input onto a excel spreadsheet.
• The form is checked by the Health and safety manager
• Each form is assessed to ascertain whether we can improve the safety of patients, staff, volunteers, and the public.
• The data is analysed quarterly and an report that contains no confidential details is submitted to the directors and managers of the organisation.

Sharing this data

• Data may be shared internally with relevant departments for us to improve our management of Health and Safety
• Personal details may be shared with the Health and Safety Executive if the accident meets the relevant criteria.
• Personal details may be shared with our insurance company who may require copies of the relevant documents. This would only happen when a serious accident or incident has occurred including vehicle accidents.

How we store the data

• All paper copies of the Accident or Incident are filed in reference number order only, in a locked cabinet in a locked office.
• The excel spreadsheet has limited access to staff who require the information to collate reports on accidents regarding staff and patients.

Retention of the data

• The paper format is kept for five years in a locked filing cabinet in a locked office.
• Excel spreadsheet information is stored indefinitely, but contains no personal details.

Destruction of the data

• All Paper copies are destroyed by shredding by a third party supplier.

Other relevant Information Notices:
Care Services

This Information Notice applies to:
Patients of Katharine House Hospice

Broad nature of data collected and our use of this data

• Name, address, contact details – To enable us to visit you and maintain contact with you
• Date of birth, NHS number – To ensure you are correctly identified and your records are correctly assigned to you
• Next of Kin / Main Carer – To enable us to communicate with them in the case of an emergency
• Contact details of other health or social care providers including your GP – To ensure that we can communicate quickly with them to ensure your care is safe, effective and responsive
• Details of your health, clinical conditions and treatments, including your medications – To ensure that the care we deliver is safe and effective.

How we process this data

Depending on the method of referral or admission to our services, we may collect this data manually or on a computer tablet. Once the data is uploaded it is immediately and automatically deleted from the tablet. This information is either uploaded via a dedicated telephone signal to our clinical system or entered on to our system.

We maintain paper records relating to the care and treatment we provide.

We provide relevant information to internal staff and volunteers in order to enable us to provide a safe, effective and responsive service to you. Examples include:

1. Where we offer you transport to the hospice, your name and address and any relevant risk assessment would be shared with drivers and escorts;
2. In order for you to access the full range of services we offer we may share your data with relevant health and social care professionals and therapists either employed directly by the hospice or contracted in to work for us;
3. We may need to provide information to the pharmacy at County Hospital in order to obtain medications for you when you are discharged.

Sharing this data

• For your benefit we need to share information we hold about you with other organisations which are, or will be, involved in your care, for example General Practitioners (GPs), District Nurses, Ambulance Services and Social Services. This is to ensure the care delivered to you is safe, effective and responsive.
• However, we will not disclose any information to other third parties without your consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it.
• If we are asked to share information with another organisation that does not directly relate to your care, we will always seek consent prior to any information being shared. If you choose not to consent to this when asked, then that decision will be recorded and respected.

How we store the data

• The electronic data is stored on proprietary software (Crosscare) on our own servers. Access to this data is protected via a user log-in and password to the servers and by a second, separate user log-in and password for the software.
• Paper records are held in lockable rooms within lockable cabinets. When the room is not occupied by team members it is locked.

Retention of the data

Data about your care is retained for eight years after our last contact with you, or longer if required by law to do so.

Destruction of the data

• Paper records are destroyed by an external company shredding the records using an industrial shredder.
• Electronic records are anonymised – your name and address details are removed from the record.

Other relevant Information Notices:
None

Other useful information:
We use a confidentiality code of conduct based on one developed by the NHS. This code outlines the requirements that must be met in order to provide individuals with a confidential service.

The main principles are:

1. PROTECT look after people’s information;
2. INFORM ensure that people are aware of how their information is to be used;
3. PROVIDE allow people to decide whether their information can
4. CHOICE be disclosed or used in particular ways.

To support these requirements, there is another:

IMPROVE always look for better ways to protect, inform, and provide choice.

Everyone working for us is subject to the Common Law Duty of Confidentiality. Information provided in confidence will only be used for the purposes stated and to which you have consented, unless there are other circumstances covered by the law.

Under our Confidentiality and Data Protection Policy, all of our staff are required to protect your information, inform you of how your information will be used (for example as stated in this Information Notice), and allow you to decide if and how your information can be shared. This will be documented in your records.

This Information Notice applies to:

• Visitors, public, staff and volunteers.
• Use of CCTV cameras at our various sites named on the website, specifically the main Hospice and Norton Bridge.

Broad nature of data collected and our use of this data

• Images and video of those attending the site – To be used for the security and safety of staff, public, visitors and equipment at the sites.

How we process this data

• We review images or footage when incidents or accidents have been reported, including theft and malicious damage to property or storage containers on the sites.
• Images and footage can only be accessed by authorised personnel including the health and safety manager and Chief Executive, following investigations of incidents on site.
• It is used for the purpose of seeking to confirm what has happened, and/or who was involved, and/or who was present at the time.

Sharing this data

• This data may be shared with a third party including the police and our insurers.

How we store the data

• The footage is stored on DVR recording machinery on site, for 7 days 24 hours a day on a continuous loop. If any footage is taken off for investigation. This would be done using USB memory stick from the authorised person.

Retention of the data

• The image or footage would only be retained on a password protected USB for Insurance or prosecution purposes. It is kept on a locked cabinet in a locked office. This also includes any photographic imagery that may have been taken off the Footage for the sole use of identification.
• Otherwise data is retained for one week only.

Destruction of the data

• Once a review of the footage or image as been assessed, then it is deleted completely from the USB or any PC it may have been stored on.

Other relevant Information Notices:
None

This Information Notice applies to:
All employees of Katharine House Hospice and its subsidiary companies

Broad nature of data collected and our use of this data

• Personal details – To ensure accurate records are kept of all employees relating to all aspects of employment.
• Contractual details – To ensure we can maintain the employer/employee relationship.
• Information on health including sickness details – To ensure we can manage employees effectively, including entitlement to sick pay.
• Induction/Training – To ensure we retain legally required information to support the running of the organisation.
• Appraisal/reviews – To record employees’ progress with the organisation and the formal discussions held with managers.
• Disciplinary/Grievance/formal processes – To maintain records of what issues arose, how they were handled, what decisions were reached.
• Maternity – To ensure we comply with relevant legislation, for example in regard to maternity leave, maternity pay, risk assessments and reintroduction to work
• Risk assessments – Where risk assessments are carried out relating personally to an employee
• Letters sent to you – To maintain a record of information supplied to employees.
• Copies of DBS certificates (for required roles only) – Where roles require a DBS check, we retain a record of the check, and the check itself until the Care Quality Commission inspect us.
• All relevant information necessary to run a payroll that complies with the law – To ensure we pay employees accurately, and make all necessary deductions required by law or as agreed with employees.

How we process this data

• Information is held on manual employee personnel files and information is input onto our Personnel Database where appropriate. Electronic information is held on our main IT servers, and copies of any paperwork are kept in individual employee folders.

Sharing this data

• Where we are statutory required we will provide information to third parties, the CQC regulator, HMRC, and other regulatory bodies. Data may also be shared with third parties where appropriate, this includes Occupational Health, the Disclosure & Barring Service, Simplyhealth and when responding to requests regarding references/mortgages/tenancies etc.
• Personal data may also be shared with our insurers and legal advisors, for example when seeking advice and guidance about a specific employment situation

How we store the data

• All paper copies are kept in individual personnel files in locked cabinets within a locked office. The Personnel Database is password protected and only accessible by HR staff. Individual electronic folders can only be accessed by HR staff and appropriate authorised line managers.

Retention of the data

• Employee information is kept indefinitely and stored as above.
• Copies of DBS certificates are kept until a CQC inspection has taken place.

Destruction of the data

• Employee information is not destroyed although paper records are archived when employees leave the organisation and kept in locked cabinets within a locked office or may be transferred to external secure containers.
• Copies of DBS certificates are destroyed by shredding by a third party supplier.

Other Relevant information Notices:
Recruitment

This Information Notice applies to:
Applicants for employment positions at Katharine House Hospice or its subsidiary companies

Broad nature of data collected and our use of this data

• Name, address, e-mail, telephone – To enable us to contact you
• Education, Training and Employment details – To assess your suitability for the position
• Equal Opportunities Monitoring Form – To assess our compliance with legislation
• Professional Registration details – Where this is required for the position eg NMC registration
• Criminal Records Form – For those positions where DBS clearance is required
• Eligibility to work in the UK – Required by law

How we process this data

• Anonymised copies of the application form are sent either as paper copies or as scanned copies via e-mail to those short-listing applicants. Personal details forms, equal opportunities forms and DBS forms are separated and not sent to the shortlisting panel.
• Full application forms are provided as paper copies to the interview panel for those candidates who are successfully shortlisted only.
• Equal opportunities data is entered into a spreadsheet but no personal details are recorded.

Sharing this data
This data is not shared with third parties

How we store the data
All paper copies of application forms are returned to HR.
For unsuccessful candidates, these are retained in a file for six months after the recruitment has been completed and are then destroyed by shredding.

Retention of the data
These are retained in a locked cupboard for at least six months after the recruitment has been completed.
Applicants will be contacted to give their consent if we wish to retain their details on file for future reference for positions.

Destruction of the data
The unsuccessful applications for a position are destroyed by shredding by a third party supplier after the retention period.

Other relevant Information Notices:
Successful applicants should refer to the Employee Information Notice

This Information Notice applies to:
Lottery Membership

Broad nature of data collected and our use of this data

• Name, address, and contact details – To register you into the lottery and assign your payments to your lottery record.
• Payment details (where necessary this includes your bank details) – To ensure we keep you informed if your credit is running low, and to help assign your payments to your lottery number
• Details of winnings – To enable us to make a payment to you when you win a prize within the lottery draw

How we process this data
Summary data is entered onto our lottery software, which holds details of your lottery number, your name, address, payments by you into our lottery and payments taken out for each you are entered for. The system also retains a record of the amount of credit you have, and the date and amount of your winnings.

Sharing this data
We supply name and address details to companies carrying out mailings on our behalf. Mailings would include newsletters and notice and tickets for additional draws

This data is not otherwise shared with third parties. We share information between our lottery department and our finance department on a weekly basis to ensure reconciliation of lottery player’s credits to the funds we hold.

How we store the data
Data is held on record within the software system that runs the lottery draw. This includes all data listed above. There are manual records of reports relating to the processing of each draw to help reconcile information each week.

Retention of the data
This data is retained for as long as you are a lottery members and for legal reasons for a further six years after the year you cease to be a member.

Destruction of the data
Data is retained indefinitely on the system – although at your request we can anonymise this.

Finance information is destroyed six years after the year end (31 March) to which the information relates.

Other relevant Information Notices:
None

This Information Notice applies to:
Customers

Broad nature of data collected and our use of this data

• Name; address; email address; telephone number – To enable delivery of order.
• Payment Details – To enable us to process payment.

How we process this data
Delivery details are reproduced on each individual order for posting.

Sharing this data

• If necessary data is provided to the banking system to enable payments to be processed.
• Personal data is not otherwise shared with third parties.

How we store the data
All paper copies are filed in the Retail office

Retention of the data
These are retained in a locked filing cabinet in the Retail office.

Destruction of the data

• Data is destroyed one month after Christmas each year.
• Data is shredded via third party shredding company.

Other relevant Information Notices:
None

This Information Notice applies to:
Donors and customers requiring collections or deliveries

Broad nature of data collected and our use of this data
Name; address; telephone number To enable us to deliver and collect items and to contact you.

How we process this data
Details are entered onto a paper delivery / collection forms and given to our transport drivers.

Sharing this data
This data is not shared with third parties except for destruction

How we store the data
All paper copies are returned to the store and filed securely.

Retention of the data
Data is retained for up to six years after the year end in which the information was last used.

Destruction of the data
Manual records are shredded by an industrial shredder operated by a third party

Other relevant Information Notices:
None

This Information Notice applies to:
Donors who are UK tax payers and sign up for our retail gift aid

Broad nature of data collected and our use of this data

• Name; address; email address; telephone number – To enable us to contact you with Gift Aid correspondence
• Details of the value of your goods sold by us – To enable us to submit a Gift Aid claim to HMRC

How we process this data
Details are entered onto our electronic database. Data passes over the internet in a secure manner.

Sharing this data

• We only provide data to third party companies who undertake either our mailings or bulk e-mails to enable us to run the gift aid scheme in compliance with HMRC requirements.
• This data is not shared with third parties.

How we store the data

• All paper copies are filed in the Retail office
• Electronic data is stored on servers held by our provider – Cybertill

Retention of the data
Paper copies are retained in a locked filing cabinet at our Retail office.

Destruction of the data
Data is retained whilst donor is ‘live’. Once discontinued, data is destroyed by third party shredding company 6 years after last gift aid claim is made.

Other relevant Information Notices:
None

This Information Notice applies to:
Voluntary positions at Katharine House Hospice or Retail Shops

Broad nature of data collected and our use of this data

• Name, address, e-mail, telephone – To enable us to contact you
• Interests and experience – To help assign volunteers to the type of role they would like
• Volunteering work undertaken – To help us monitor

How we process this data

• This data is retained within voluntary services – either as manual records, or on spreadsheets.
• Information is provided to the department managers for which volunteers work.

Sharing this data
This data is not shared with third parties.

How we store this data

• Paper records are stored within locked filing cabinets.
• Spreadsheets are stored on our main IT systems, which require a user id and password to log in.

Retention of the data

• Records are retained for up to six years
• Computer files may be retained in archive indefinitely

Destruction of the data
Paper records are destroyed by shredding by an industrial shredder operated by a third party.

Other relevant Information Notices:
None