At ACCORD Hospice, we are committed to protecting your personal information and privacy. We comply with all legislation regarding the collection and use of personal data. This Privacy Notice describes how we collect and use your personal information.
We may update this Privacy Notice from time to time so please check back periodically. We will notify you of significant changes by putting a notice on our website.
If you have any queries about this Privacy Notice, please contact our nominated Data Protection Officer (DPO)
In this Privacy Notice, ‘ACCORD Hospice’ means ACCORD Hospice (registered as a charity in Scotland, No SC013682) and a company limited by guarantee (SC092520) with our offices at 7 Morton Avenue, Paisley PA2 7BW. We are registered with the Information Commissioner’s Office, registration reference Z6995209.
We collect personal information about you when you interact with us (e.g. in person, by phone or online) in order to:
We may also receive information about you from third parties that we work with or support, for example independent event organisers, fundraising sites like JustGiving and Virgin Money, Starvale Management and Technologies Limited (our lottery company), our payroll and pension providers and Disclosure Scotland.
Patients and Family Members
The types of information we might collect from patients and family members would include names, postal addresses, email addresses, phone numbers, dates of birth and details of next of kin as well as information of a medical and personal-sensitive nature.
This information is collected for the purposes of providing clinical and specialist palliative care to those referred to us and could be used and shared between departments within ACCORD as well as with other health and social care service providers under strict guidelines. We may also receive information from the NHS which is only shared with us under strict guidelines.
We may collect personal-sensitive information including but not limited to race, faith, gender, religion, disability and family status for statistical and reporting purposes but these will be anonymised and no individual will be identifiable.
Employees and Volunteers
The types of information we might collect from employees and volunteers include names, postal addresses, email addresses, phone numbers, dates of birth, next of kin, employment history, disabilities relevant to their employment or volunteering role, and character or employment references.
We may collect personal-sensitive information including but not limited to race, faith, gender, religion, disability and family status for statistical and reporting purposes but these will be anonymised and no individual will be identifiable.
Supporters
The types of information we might collect from supporters include names, postal addresses, email addresses, phone numbers, dates of birth, next of kin, communication preferences, credit or debit card details, and whether they are a tax payer so that we can claim Gift Aid. We also hold records of specific donations and fund-raising efforts alongside the communications that we have had.
We will not store credit or debit card details after they have been processed.
We do not collect personal-sensitive data such as race or disability relating to our supporters unless there is a legitimate reason for this (e.g. participation in an event for which we may need to provide support.)
Patients and Family Members
The lawful basis for processing patient, family and next of kin data is the legitimate purpose of providing a health and social care service. Special category data held on patients is also processed for the purposes of providing a health and social care service.
If you, a relative or a friend, are cared for or supported by ACCORD, the personal-sensitive information you provide to us will be used only for the purposes of offering access to and providing you with our specialist services including bereavement support, for training our staff or for monitoring the quality of our services. ACCORD will not disclose your personal information to any third party without your consent, except in the following circumstances:
We will not use your information for other purposes without your permission. If you tell us about your own experience with terminal illness or the experience of someone else we will explain how we will use that information. If you don’t want us to use such information for other purposes or change your mind at any time, it will not affect any services we provide.
Employees and Volunteers
The lawful basis for processing employee and volunteer data is the legitimate purpose of managing the relationship between ACCORD and the employee or volunteer.
We use the information collected on our employee and volunteer application forms to identify suitability for work for or volunteering with ACCORD. If your application is unsuccessful we will dispose of your data within six months. If your application is successful we will retain a copy of your application form and your data will be stored within our employment records to allow us to manage the employment or volunteering relationship we have with you.
If you cease to be employed by ACCORD we will retain your personal data for a period of six years.
If you cease to volunteer with ACCORD we will retain your personal data for a period of one year.
Supporters
The lawful basis for processing data held on recent (donations made within the past three years) supporters is the legitimate purpose of raising charitable funds to support the delivery of specialist palliative care in Renfrewshire and parts of East Renfrewshire. If you stop making donations in any form we will only process your data with your consent.
We use the personal information collected from you for a number of purposes, including:
We may also use your details:
(including our website) or for our internal records;
When you use our secure online donation or payment pages you will be directed to a specialist supplier company who will receive your credit card number and contact information to process the transaction. We do not retain your credit or debit card details.
We use external companies to help us with larger mailings and to process Direct Debits, these companies are UK based and are data protection compliant. If you complete a Gift Aid declaration we will share your name and address and the value of your donations with HMRC for the purposes of reclaiming tax paid.
We will never sell or share your data with any other third party unless required by law.
It is important that we keep your personal information up to date. You can contact us on 0141 581 2000 or at dpo@accord.org.uk at any time if your circumstances change.
For our legitimate fund-raising purposes we will mail you newsletters and fundraising information for a period of three years following your latest donation. If a period of three years passes without a donation we will contact you to provide an option to consent to continue to hear from us. Any consent provided will be valid for a period of five years without a donation.
You can stop receiving mail at any time by contacting the Fund-Raising Team on 0141 581 2000 or at fundraising@accord.org.uk.
You can stop receiving emails by clicking on the “unsubscribe” link in our marketing emails.
You can update your contact preferences by contacting the Fundraising Team on 0141 581 2000 or at fundraising@accord.org.uk.
We will not use your details for fundraising or related purposes if you tell us not to, however, we will retain your details on our database to help ensure that we do not contact you again.
We will never sell your data to any third party. We will not share your details with other charities for marketing purposes.
We will only share information with other organisations where we have your permission to do so in accordance with this Privacy Notice, where it is necessary for a legitimate reason connected with the services we offer or where it is required by law or regulation.
Sometimes, we may need to share your information with a small number of trusted partners (service providers, agents and affiliated companies) for the purposes outlined above (e.g. a supplier that produces promotional material or delivers goods for us or a supplier that processes payments securely). Where we use third parties, we require them to adhere to appropriate controls to protect personal information.
We use Microsoft Office 365, Blackbaud Raiser’s Edge, SCI Gateway and Sage which are multi-tenant cloud services, to store data. This means that internal documents and information which are generated at ACCORD are stored in cloud services which are hosted within the EEA apart from Blackbaud which is hosted in Boston, USA. We have an appropriate privacy shield from that processor.
We may, on an exceptional basis, use other tools or services which process data outside the EEA. In these cases we require suppliers to ensure adequate protection for personal data e.g. Microsoft may provide us with emergency support for Office 365 from outside the EEA in rare circumstances.
ACCORD is committed to keeping your personal information safe and secure and we have security policies and technical measures in place to help protect your information.
Unfortunately, no data transmission over the internet can be guaranteed 100% secure. As a result, while we strive to protect your personal information, ACCORD cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
As a user you can help protect the integrity of any data you transmit to ACCORD by taking common precautions such as regularly allowing patching for your operating system, ensuring you are running up to date and supported anti-virus software, and only transmitting data where “https” appears at the beginning of the page URL (this refers to the security technology Secure Sockets Layer (SSL) and indicates that the data is being transmitted securely).
You have the following rights with regard to the data we store about you:
If you wish to exercise any of these rights please contact our Data Protection Officer on 0141 581 2000 Ext 203 or dpo@accord.org.uk for more information. You can contact us in any way you deem appropriate but our preferred approach is via email (dpo@accord.org.uk) as this allows us to ensure that all such requests (we call them “Data Subject Action Requests”) can be dealt with promptly, efficiently and within the statutory timescales which we are given. We require proof of your identity in order for us to deal with your request, so please make sure this is provided to us. We will respond to any requests as quickly as we can, but definitely within 28 days. However, we reserve the right to refuse (or charge for) requests which we deem to be unfounded or excessive. If we do so, we will notify you of our reasons for doing so (again within 28 days). You have a right to complain to the supervisory authority and to seek a judicial remedy if you are unhappy with our response to your request so if after speaking to us you are unhappy with our use of your personal data, you have the right to complain to the Information Commissioner’s Office.
We use these to improve the user’s experience of our website, temporarily store data and understand the parts of the website that users are visiting. Cookies help us gather statistics on the use of our website anonymously. You can set your browser to not accept cookies, but this may affect the functionality of the website. More about cookies can be found by visiting the Google Analytics website.
This notice only applies to ACCORD, so when you link through to our partner companies (e.g. to donate, register for an event) please read their own privacy notices.
If you have any questions or concerns relating to our collection, storage, processing or use of personal information, please contact our Data Protection Officer at 0141 581 2000 Ext 203 or at dpo@accord.org.uk
Updated – August 2021