As a responsible charity, Compton Care value the trust you place in us when you share your personal and sensitive data. We are committed to protecting the privacy of everyone who uses our services: as patients and carers or as employees and volunteers; and that of anyone who supports our work through fundraising, retail or lottery activities.
It is our promise to you that we will be open and honest about how we use the information you’ve entrusted us with and how we recognise the importance of treating your data with care.
This policy explains who we are, what personal sensitive data we process, how and why we collect it, and who we share it with and why we do so. We’ll also explain the steps we take to keep your information safe and secure.
The charity, as a data controller, are mandated by data protection legislation to process your personal and/or sensitive personal data safely and securely. We take our duty to be transparent seriously, particularly around the way we use your information and are committed to ensuring that we do so in a manner that is both lawful and respects your privacy.
Supplementary privacy note on Covid-19 for Patients/Service Users, Carers & Staff
This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice which is available here
The health and social care system are facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.
Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law, the Secretary of State has required NHS Digital; NHS England and
Improvement; Arms-Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here and some FAQs on this law are available here.
During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.
In order to look after your health and care needs we maybe required to share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals, nursing homes and NHS 111. We may also use the details we hold to send public health messages to you, either by phone, text or email.
During this period of emergency, we may offer you a consultation via telephone or video- conferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.
We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.
NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.
In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require, and we will ensure that any information collected is treated with the appropriate safeguards.
We may amend this privacy notice at any time so please review it frequently. The date at the bottom of the page will be amended each time this notice is updated.
We are Compton Care Group Ltd, a charitable organisation that specialises in palliative care. We use the company name Compton Care Retail Ltd for our trading activities including our retail shops and merchandise. We are registered with the Information Commissioners Officer (ICO) - Z6533643 and with the Charities Commission – 512357.
By personal data we mean any information that might allow you to be identified, such as your name, address, date of birth, credit card details, I.P. computer address, photo or video image or voice recording. For patients, some of this data will be sensitive and relate to their health and wellbeing, ethnicity and religious views.
Processing means any function that is performed with or on data, i.e. the collection of, the manipulation of, the use of, the sharing of and the storage/archiving of information that has been shared with us or collected on the behalf of Compton Care.
We may collect personal data about you when you take part in one of our fundraising events or challenges, make a donation, play our lottery, buy items in our shops, apply to work or volunteer with us or use our website. If you are referred to one of our clinical services, we will collect data from you and may also receive it from other healthcare providers.
We may also receive information about you from third parties that we work with, for example, JustGiving or eBay, where you have consented to them sending us your information.
We will never acquire your contact details from private organisations, nor will we sell your personal data. We may on occasion work with carefully selected organisations for the purpose of conducting market research activities, in order to gain a better understanding of our supporter demographics and to update your contact details such as your address.
We may also work with carefully selected organisations to conduct due diligence on significant personal donations for counter fraud purposes, this may include background checks from publicly available records on the donor.
The lawful basis we rely upon for processing all this data varies depending upon the way it’s been collected, and the purpose. We either process your data with your consent (unambiguous or explicit as outlined in Articles 4 & 6 of the EU 2016 General Data Protection Regulations (GDPR)) or when it is necessary for a legal obligation, necessary for the vital interests of you or another person, necessary for legal proceedings or for preserving yours or someone’s legal rights, necessary for medical purposes or for our own legitimate interests or the interests of a third party with whom we might disclose data to, except where there is unwarranted prejudice to yours or others legitimate interests.
Fundraising activities, visiting our shops, and playing our lottery
The personal data we collect about you for the purposes of our fundraising, lottery and retail activities might include your name, address, email, phone number, date of birth, I.P. computer address, social media profiles, photo or video image and financial information such as credit card details.
You may appear in still images or video footage using Closed Circuit Television (CCTV) that is used on Compton Care sites and shops for security purposes.
We do not collect ‘sensitive personal data’ about our supporters unless there is a legitimate reason for this (e.g. if you participate in an event for which we may need to provide you with additional support).
If you use our clinical services we will need to collect all the personal data we’ve outlined already, plus sensitive or ‘special category’ information that relates to your physical and/or mental health and any other information deemed as relevant such as your religious beliefs or sexual orientation. This data goes onto form your healthcare record, together with additional information such as the personal details of your family and/or carers, etc.
We may also need to contact your previous health or social care providers for additional background information which may include not only your GP but hospital Trusts and other community care providers, but only with your explicit consent.
From time to time, care staff may be asked to take clinical photographs of your body for medical purposes, such as in the case of pressure ulcers. Such photographs would form part of your medical record and would not be made publicly available (without your explicit consent). Equally, CCTV is only used in general areas and access to view the footage is restricted to key individuals.
Staff and volunteers
You can read our staff and volunteer privacy statements … (coming soon!)
Using our website
When you visit our website our servers record data about your internet browser, I.P. computer address (which is the unique numerical address given to every computer connected to the internet), the time and duration of your visit and which pages you looked at.
We also collect information about how our website is used and track which pages users visit when they follow links in Compton Care emails.
Like many other websites, the Compton Care website uses 'cookies' which are small files stored on your computer that allow websites to recognise you when you visit the next time. They store data about your browsing history but do not identify you as an individual.
We use this information to monitor and improve our website, services and activities which helps us to deliver a better more personalised service.
You can switch off cookies in your browser preferences but doing so may result in a loss of functionality when using our website.
By using our website and services you agree to be bound by the terms of this statement.
Links to other website
The Compton Care website may include links to other sites, not owned or managed by us. We cannot be held responsible for the privacy of information collected by websites not managed by Compton Care.
The way we use your data largely depends upon why we have collected it in the first place. We only collect information about you that:
- Enables us to record your donations or purchases so that we can properly thank you and, where available, claim Gift Aid, specifically keeping this information as required by HMRC.
- Helps us to keep in touch with you so we can let you know about our services and events.
- Helps us to answer your questions, queries and follow up feedback should you decide to leave us.
- Helps us to understand why you support our work, allowing us to tailor future communications to you so we can better meet your needs.
We process your personal data in accordance with the law, as stated, where you have either given us prior consent or we believe we have a legitimate reason for doing so. By giving us consent to process your personal data, you will have opted in to share specific details with us and to receiving fundraising communications. From time to time, we will then send you information about our work and how you can support it in accordance with your contact preferences.
However, for non-electronic communications, you do not need to give us prior consent to receive these same types of fundraising communications, providing we have a legitimate reason for sending them to you. We will determine whether we have a legitimate reason to contact you based on your prior engagement with us and your contact preferences, making sure you have not previously opted out of certain communications or complete contact with us.
When you use our secure online donation or payment pages you will be directed to a specialist supplier company, who will receive your credit card number and contact information to process the transaction. We, however, do not retain your credit or debit card details.
We may occasionally use research and profiling to help us to identify any potential donors, help us better understand our current donors and improve our services. Such information is compiled using the information you have provided and publicly available data. External sources could include Companies House, social media platforms, newspaper articles and wealth listings.
We may also use profiling to produce short biographies of individuals where they are due to meet with a staff member or attend an event. We carry out research such as this to better understand donor motivations and preferences, with the aim of greater engagement with our supporters. By better understanding our donors we can tailor requests for support and ensure our approaches are relevant and consequently more effective.
We always seek to ensure that any research or profiling is done in a way that does not unreasonably or unexpectedly intrude on an individual's privacy. We also endeavour to make sure that in accordance with fair and lawful processing requirements under current legislation, individuals are made aware of the purposes for which we may collect and process their personal data at the earliest reasonable opportunity.
We respect your rights of privacy and are happy to provide further information about any ‘profile’ details that we may hold about you in accordance with your data subject access rights under current legislation.
In accordance with those rights, you may also at any time request that we update, correct or delete any ‘profile’ information that we may hold about you and/or no longer use it for direct marketing or fundraising purposes (EU GDPR Article 21(2)).
Employees, volunteers and job applicants
We collect personal data about our volunteers, job applicants and employees for administrative purposes and in order to comply with employment and safeguarding legislation, such as referrals to the Disclosure and Barring Service (DBS).
When we collect personal sensitive data from patients/service users and their families and carers, we do so to provide care to them and protect their wellbeing. We also collect and store it for the purposes of audit, quality control, complaints and incident reporting. We will not disclose your personal information to any third party without your consent, except in circumstances where we are required to by law or for the vital interests or safety of you or other person(s)
Except where your information is anonymised (where all personal data is redacted), we will not use your information for other purposes without your permission. Anonymised data is used to monitor and improve the quality of care received by patients/service users, to ensure that treatments and services meet the needs of the communities we serve and our clinical commissioners and for training and education purposes.
It’s important to note that health and social care information differs from direct marketing and profiling in that withdrawal of consent to process this type of data could result in Compton no longer being able to provide you with a health or care service.
Certain processing, such as how long we keep your healthcare data for, is mandated under different legislation which means we are duty bound to keep your healthcare records for a specified amount of time. Therefore, the withdrawal of your consent in these cases does not necessarily mean all processing activities will cease.
We will never sell or swap your details with third parties. We may share your data with trusted third parties as previously described. Subcontractors, such as those who administer our electronic donation systems or come onto our sites for maintenance purposes, are asked to sign confidentiality/non-disclosure agreements which are upheld by law.
For direct and continuity of care purposes, we may ask if we can share some of your healthcare data with other healthcare providers in line with best practices.
We may sometimes also be legally required to share it with local authorities and our regulator, the Care Quality Commission.
We only keep information for as long as is necessary in accordance with legislation or relevant regulations. Once we no longer need to keep your information we remove it from our systems or securely dispose of it.
For direct marketing communications we collect your data via an ‘opt out’ model of consent (where you are asked to tick an ‘opt out’ box should you not wish to hear from us) and then use it for our legitimate purposes.
You have the right to object to this type of processing and may withdraw your consent at any time upon which all types of marketing or those you have specifically identified, will stop. We will enable you to record your preferences using tick boxes at various points when we communicate with you.
Please see below further detail on what you would expect to receive for each type of communication:
- Appeals and fundraising including requests for financial support through mailings such as in memory appeals, new or existing fundraising initiatives.
- Information on Compton Care’s Lottery or organised events.
- Volunteering opportunities including current vacancies.
- Information about our variety of services; existing and new developments.
- Compton Care news and publications; newsletters and interim updates.
It is important that we keep your personal information up to date. You can contact us at any time if your circumstances change. It is your choice whether and how you receive information from us about our work, fundraising and ways in which you can get involved.
You can stop receiving emails or texts by contacting us on email@example.com or calling us on 0300 3230250.
If you choose to donate to Compton Care, or take on an event for us, we will thank you for your support and will keep you informed about the work of Compton Care and how your money has helped us, together with other selected opportunities to get involved with raising vital funds.
We will keep you updated in this way, under the legitimate interest principal of data processing unless you ask us to remove your details from our database.
We are legally required to provide you with a copy of your personal data within one month of receipt or advise you if we are unable to comply for any reason.
For further information see the Information Commissioners Office link on how to access your information - https://ico.org.uk/your-data-matters/your-right-of-access/
If you find discrepancies or would like to advise us of changes to your personal demographic or contact information, please advise us at firstname.lastname@example.org or call 0300 3230250 so we can update our records.
Also, at your request, we will erase the personal data we hold on you (exercising your ‘right to be forgotten’). However, please note that this right does not apply to health or social care records and there will be some exemptions with regards to financial data that we are required to keep for a set period of time by law.
At Compton Care we take every precaution to protect all of our information assets. When we collect your personal information, we use a variety of technical processes to prevent unauthorised access including firewalls, digital surveillance and encryption.
All sensitive personal data (including financial information) sent to us will be held on encrypted servers. Non-sensitive details, e.g. your email address, are transmitted normally over the Internet which can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit electronically to us and you do so at your own risk.
All manual records are kept in locked cabinets or held in locked offices overnight. Our buildings are alarmed, the lower floors have lockable windows and our main sites are patrolled by CCTV cameras.
In some circumstances, we may need to know if you are aged 16 or under and may refuse certain services, products or events unless we have your parent/guardian’s permission.
If you believe that we have breached your privacy in any way, we urge you in the first instance to contact our Data Protection Officer at DPO@comptoncare.org.uk or call us on 0300 323 0250.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office at:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
We may update this statement from time to time so please check back periodically. We will notify you of significant changes by placing a notice on our website.