How we use and look after your data

Privacy Policy

This policy includes:

• Your rights as an individual
• Contacting us about your information.
• The information we collect, use or access
• How we keep your data safe and how we share that information
• How long we keep information about you
• Changes to this Policy

Your rights as an individual

We feel it is important that you are aware of your rights as an individual.

• The right to be informed - you have the right to be told about how and when your personal information will be used. Our aim is that this notice, in conjunction with statements on other materials, provides a clear and transparent description of how your information will be used.
• Right of access - you have the right to request a copy of the information that we hold about you (this is also known as a 'Subject Access Request').
• Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten - in certain circumstances you can ask for the data we hold about you to be erased from our records. You should be aware we are required to keep most information for a minimum period of time.
• Right to restriction of processing - where certain conditions apply you have the right to restrict our processing of your information.
• Right of portability - you have the right to have the data we hold about you transferred to another organisation.
• Right to object - you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing including profiling. You have the right to ensure decisions about you are not automatically made by a system or technology.

If you have any concerns or questions about your rights as an individual please contact us. You are entitled to an independent review of our actions should you have a concern or feel we have not respected your rights.

If you feel this is the case you can register your concern with the UK Information Commissioner's Office. Details on how to do so can be found here on their website (https://ico.org.uk/concerns) or by calling 0303 123 1113.

Contacting us about your information

Your personal contact details are used in order for us to manage our relationship with you. To make it easier for you to contact the correct person in CHAS, we have included contact information within the Children and Families, Supporters, Volunteers staff sections in this document. General enquiries can be directed to:

Information Governance Manager
Children's Hospices Across Scotland
Canal Court
42 Craiglockhart Avenue
Edinburgh
EH14 1LT
Tel: 0131 444 1900
Fax: 0131 444 4001
Email: support@chas.org.uk

The information we collect, use or access

Depending on your relationship with us, the services you use and the way in which you support us, the information we hold about you may include the following:

• Your personal details (such as your name, e-mail address, telephone numbers, work address etc);
• Vehicle registration details if you visit a CHAS site;
• Details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
• Our correspondence and communications with you;
• Information about any complaints and enquiries you make to us;
• Information we receive from other sources
• Information used to identify you or devices you use such as IP addresses, MAC addresses or cookies etc.

How we keep your data safe and who has access

We ensure that there are appropriate technical controls in place to protect your personal details; for example our online forms are always encrypted and our network is protected and monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and volunteers and contractors.

We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

How long we keep information about you

We realise it is important for you to know and understand how long we will keep and use your data. We are required by certain laws and regulations to maintain records for certain periods. Once your information is no longer required it is disposed of securely. We have included retention schedules within the Children and Families, Supporters, Volunteers and staff sections of this document.

Changes to this Policy

We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on the CHAS Website or by contacting you directly.

From 13 June 2022, Children's Hospices Across Scotland (CHAS) will operate under a new communication and contact policy for supporters' data. Whilst continuing to follow an "opt in" (consent) approach for all activity through email and text, CHAS will use legitimate interest as basis for post and phone communications activity. A combination of these two approaches has been deemed the most appropriate approach in meeting the needs of the charity and the expectations of our supporters, following a review of our previous policy.

More information can be found in our "Supporters" section below but we also have more information on the change, and we will be contacting our supporters by email where possible over the coming weeks to give further information about the change.

Links to additional information

• Visits to CHAS sites
• Children and Families
• Supporters
• Volunteers
• Staff recruitment
• Staff

Visits to CHAS Sites

If you work at, or make a visit to any of our sites, for example to work, to train, to visit any of our children or their families in the hospices, make a donation, volunteer etc, we will usually collect some information about you. You will always be asked to sign in at Reception on all sites - whether it is via an iPad or on paper:

Visitors Register

We maintain a register of staff, visitors and contractors who enter our buildings. For this register we will keep the details you provide such as name, company details, and vehicle details and registration.

This information is required for health and safety and security purposes, and will be for held for one month and then deleted.

Car Parking Registration

We will collect and retain your vehicle details if you register them when signing in. We use the data you provide to ensure effective car park management.

This information is held for one month and then deleted.

COVID-19

To support NHS Scotland's efforts in tackling COVID-19, in addition to the information we already collect form you when you visit us, we are now requesting you provide a contact telephone number or postal/email address.

In order to assist in the containment of the virus, we will only share your data when it is requested directly by NHS Scotland and statutory partners. This will only be in the unlikely event there is a cluster of coronavirus cases linked to the premises.

The purpose for which we are processing your personal data is to assist with NHS Scotland's efforts in tackling the coronavirus public health epidemic. This will involve the gathering and, when necessary, the sharing of information with NHS Scotland and statutory partners. Your data will not be used for any other purpose.

Children and Families

Your rights as an individual

These are as detailed in the general policy.

• Informal requests by a child, young person or parent to have sight of current daily diary entries or care plan entries in the health records can be made at any time during an admission or episode of home care.
• A member of the team can help you with a formal request.
• Contacting us about your information.

For further information or if you have any concerns regarding your information and its use, please contact one of the Charge Nurses on:

Rachel House: 01577 865777

Robin House: 01389 722055

The information we collect, use or access

• The most important reason for us to hold information is to help us give you the very best care. It helps our team to see the most up to date information and saves you having to repeat things to lots of people.
• With your consent, your information is also shared with other professionals who work with you such as NHS, Local Authorities and other organisations who support you. You have the right to refuse to allow us to share information with other health care professionals. Unless, it is a matter of child or vulnerable adult protection.
• Prescribers within CHAS have access to patients Emergency Care Summaries (ECS - electronic GP records on medicines and diagnosis) via source board or GP. ECS is recommended by the Scottish Government as one of the best medicines information sources to use for medicines reconciliation at transition of care.
• We sometimes review care records to do clinical audit of the standards of care provided by CHAS against accepted best practice. Audit results are published and/or presented in an anonymous format so that individuals cannot be identified.
• Our external regulators, Healthcare Improvement Scotland and Care Inspectorate, look at care records as part of their inspection of the service.
• Other ways we may use information could be in education awareness raising or research, but we would always seek your permission before doing this.
• Having up to date contact information helps us keep in touch with you and we will check this with you regularly. We will also ask you to sign consent to share and hold your information when you are introduced to us.

How we keep your data safe and how we share that information

• We take the responsibility of looking after this information safely very seriously and here are a few of the ways we do this:
• CHAS is committed to complying with the information Governance requirement set out in the NHS Records Management Guidance.
• CHAS is obliged to share health and social information with other parties such as the National Health Service including National Services for Scotland and their Information Services Division to comply with national reporting and statistical requirements. CHAS is also be required to share information with Healthcare Improvement Scotland and the Care Inspectorate in order to ensure that the care we provide meets the standards expected of a Scottish healthcare provider.
• Every member of staff has a duty to maintain your confidentiality and we talk about this with every new members of staff who starts work with CHAS and update this training every year.
• CHAS has an 'Access to Health Care Records' Policy.

How long we keep information about you

CHAS complies with our own internal retention schedules and the retention schedules set out in the NHS Records Management Guidance.

Supporters

Types of information we hold about you

If you support us, for example to make a donation, volunteer, register to fundraise, sign up for an event or buy something from our shop, we will usually collect:

• Your name
• Your contact details
• Your date of birth
• Your bank or credit card details

Where it is appropriate we may ask for:

• Information relating to your health (for example if you are taking part in a high risk event)
• Your motivation for giving, including whether this relates to any personal experience of CHAS. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us

We will mainly use your data to:

• Provide you with the services, products or information you asked for
• Administer your donation or support your fundraising, including processing gift aid
• Keep a record of your relationship with us
• Manage your marketing preferences
• Understand how we can improve our services, products or information
• We will sometimes analyse the data we hold to build a picture of the kind of people who are supporting us. We may use external sources to help us to do this but will always respect your privacy
• We may also use external sources to help us keep your data up to date

Whatever it is about CHAS you are interested in, we really want to be as tailored as we can in our communications to you. We also want to engage with you in the best possible way, to help us do this, we will sometimes analyse things like what you are interested in and where you live to help us engage with you in a meaningful way. This is important because it cuts down on broad ranging communications and helps us ask for donations or give information based on what we know they would like to hear about.

Direct Marketing

What legal basis does CHAS have for processing my information?:

For the purposes of Direct Marketing - CHAS relies on the legal basis of "Legitimate Interests" to process you data for post and telephone calls and by "Consent" for email and text message communication.

Why do we use legitimate interest for post and telephone calls?

The purpose of CHAS is to reach and support families in Scotland living with the terrifying heartbreak that their child will die young. We can only achieve this by building and developing relationships with both new and existing supporters. We depend upon traditional direct marketing techniques such as mail and telephone to keep our supporters updated about how they are making a difference to the lives children and families at CHAS, and give them further opportunities to experience the joy of giving.

We will not contact anyone who has explicitly said they do not wish to be contacted.

When will you be contacted for fundraising purposes?:

Email and other electronic channels

We will only contact you for marketing purposes by email or other electronic means such as SMS if you have agreed to be contacted for these purposes.

Telephone

We may contact you for marketing purposes by telephone unless you have told us that you do not wish to receive telephone calls from us or you are registered with the Telephone Preference Service (TPS).

Post

We may send you correspondence by post about our work including occasional appeals unless you have told us that you do not wish to receive such information by post.

What communications will you receive

We will contact you to let you know about the progress we are making and to ask for financial and non-financial support. If you don't want to hear from us, that's absolutely fine, please just get in touch to let us know and we will make sure your wishes are followed. When you give us your information, or you get in touch with us we will assign a CHAS number and you can email it to support@chas.org.uk.

We do not sell or share personal details to third parties for the purposes of marketing. But, if you attend an event run in partnership with another named organisation your details may need to be shared. We will be very clear what will happen to your data when you register.

What happens if you don't respond to the information we send?

We will continue to communicate with you for as long as you continue to engage with CHAS by post plus three years and by phone plus two years. Thereafter your information will be suppressed until it is deleted from the database. Always remember though you can get in contact with us at any time to update your preferences.

How long do we keep your information: we generally retain your information as long as necessary, for a period of up to 7 years (for example, for Gift Aid for health and safety, risk assessment, and insurance purposes). We review our supporter database every year to make sure it is up-to-date and delete any data which is no longer relevant or that we are not entitled to retain.

Prospect Research and Wealth Screening

As a fundraising organisation, we carry out targeted fundraising activity to ensure that we are contacting you with the most appropriate communication, which is relevant and timely and will ultimately provide an improved experience for you.

In doing so, we carry out limited in-house profiling and research to help us better understand and communicate with our donors and potential donors. To support this activity, we may use automated or manual processes such as wealth screening to analyse and segment our data using our trusted third party partners. Such information is compiled using publicly available data, e.g. directories, companies house, charity registers, and social media platforms such as LinkedIn. You will always have the right to opt out of this processing.

We may also carry out research using publically available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch.

We also use publicly available sources to carry out due diligence on donors in line with the charity's Gift Acceptance Policy and to meet money laundering regulations.

If you would prefer us not to use your data in this way, please email us at support@chas.org.uk or call us on 0141 779 6180.

Where we collect information about you from

We collect information in the following ways:

When you give it to us directly

You may give us your information in order to sign up for one of our events, tell us your story, make a donation, purchase our product or communicate with us. Sometimes when you support us, your information is collected by an organisation working for us (e.g. professional fundraising agencies), but we are responsible for your data at all times.

When you give it to us indirectly

Your information may be shared with us by independent event organisers; for example the London Marathon or fundraising sites like Just Giving or Kiltwalk. These independent third parties will only do so when you have indicated that you wish to support CHAS. You should check their Privacy Policy when you provide your information to understand fully how they will process your data.

When you give permission to other organisations to share it

Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.

You may also provide permission for third party organisations to share your data with other third parties, including charities. You may do this when you buy a product or service, register with a website that runs competitions or register with a comparison site.

The information we get from those services depends on your settings or the responses you give, so you should regularly check them.

When we collect it as you use our websites or apps

Like most websites, we use "cookies" to help us make our site - and the way you use it - better. Cookies mean that a website will remember you. They're small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier - for example by automatically filling your name and address in text fields.

In addition, the type of device you're using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you're using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The website uses a cookie for Google Analytics. It does not capture or store personal information, but merely logs the user's IP address which is automatically recognised by the web server. This is used to record the number of visitors to our site and volumes of usage.

For more information about Google Analytics visit the Google Analytics website.

Similarly, the site uses cookies for Hotjar - an analytics and feedback tool which helps us to improve the usability of our site. Hotjar sets persistent cookies (up to 365 days) for analytics purposes and to display the correct content to our visitors. You can read about what cookies are stored by visiting Hotjar's website. Hotjar also records visitor information including mouse clicks and movements, scrolling activity and user input on our website - this information is anonymous. Recordings are automatically destroyed after 365 days.
You can opt out of Hotjar collecting your information at any time by following these instructions.

If you do not wish to accept cookies on to your machine you can disable them by adjusting the settings on your browser. However this will affect the functionality of the CHAS website.

We also work with third parties who support our work and raise money.

For this reason there are third party cookies on our website. If you accept these we will show you adverts on other websites that are relevant for you.

If you do not want these cookies to be stored on your PC it is possible to opt out here and here without affecting your navigation around the site.

Contacting us about your information

Where possible we use publicly available sources to keep your records up to date. We really appreciate it if you let us know if your contact details change.

Your right to know what we know about you, make changes or ask us to stop using your data.

You have a right to ask us to stop processing your personal data, and if it's not necessary for the purpose you provided it to us for (e.g. processing your donation or registering you for an event) we will do so.

Contact us on 0141 779 6180 or support@chas.org.uk if you have any concerns.

You have a right to ask for a copy of the information we hold about you. If you spot any mistakes, please let us know and we will correct them.

If you have any questions, comments or suggestions, please let us know by contacting the Support Services Team, 2nd Floor, Buchanan Tower, Cumbernauld Road, Stepps, Glasgow, G33 6HZ or email support@chas.org.uk.

If you want to access your information, send a description of the information you want to see and proof of your identity by post to CHAS, 2nd Floor, Buchanan Tower, Cumbernauld Road, Stepps, Glasgow, G33 6HZ. We do not accept these requests by email.

If you have any questions please send these to support@chas.org.uk.

Volunteers

If you volunteer with us, we will hold the information you submit on your application form on our secure database. This information is treated confidentially and kept securely, with access limited to authorised personnel only.

We will only use your data for the purposes of volunteer management in CHAS and you will only be contacted about your volunteering activity. You will not be contacted about fundraising unless you are also registered with CHAS as a supporter.

When you leave your volunteering, or if you apply and do not go on to become a volunteer, we will delete your record on our database in line with our record retention guidelines.

We may also use external sources to help us keep your data up to date and to send you the latest information about our services.

If you have any questions please send these to:volunteering@chas.org.uk.

Staff Recruitment

From the moment you register your interest to work with us, CHAS will ensure that we gather and secure only relevant information from you as part of our recruitment process. Please visit our recruitment section on the website for further information.

Staff

CHAS ensures all personal information of our Employees and Bank Workers is kept securely and is up to date, Please refer to current HR Policies available on the Intranet for further information on the data we hold for our employees.

Updated June 2022