1.1 We, the Northwick Park Cardiac Research Charity (a charity registered in England & Wales, charity number 1177753) of Northwick Park Hospital, Watford Road, Harrow, Middlesex, HA1 3UJ (‘Charity’, ‘we’, ‘our’ or ‘us’ being interpreted accordingly) are committed to protecting your privacy and personal information when we conduct fundraising and related activities. Personal information relating to you that either identifies you or from which you can be identified is called personal data (‘Personal Data’).
1.4 We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR‘) and the UK Data Protection Act 2018 (‘DPA‘) as well as the privacy and UK Electronic Communications Regulations (EC Directive) 2003 (together, ‘Data Protection Law‘).
- What Personal Data do we collect and use?
3.1 The Personal Data about you that we may collect and use in connection with our fundraising activities includes:
(a) your name, address, phone; email and other contact details, for example if you sign up to receive our newsletter;
(b) information that you provide to us when you make a donation (including whether or not you are a UK tax payer for Gift Aid purposes);
(c) information you provide about yourself, when you submit a question or comment to us;
(d) Personal Data contained in correspondence between you and us, which we may retain on file;
(e) information obtained through cookies or other tracking technology, including your IP address, when you browse this Website (see below);
(f) information about you which is provided when you sign-up to and/or attend one of our events;
as well as any other Personal Data that you may provide to us from time to time.
- How your Personal Data is collected
4.1 We collect Personal Data about you in various ways as follows:
(a) when you submit a form through our Website to make a donation or express your support to the Charity;
(b) if you respond to a campaign or volunteer to help us;
(c) if you engage with us through social media channels;
(d) when you browse and interact with our Website;
(e) you attend an event that we hold;
(f) through your relationship and communications with us as a supporter or donor; and/or
(g) if you provide information in person or via post and/or through our members of staff
- Please also note that occasionally, some of the Personal Data you supply and that we process may include what is known as ‘special category’ data about you, for example, this could include information regarding the fact that you were a patient at one of the hospitals in the Trust (which may also reveal data about your health) or information regarding your political, philosophical or religious beliefs.
- What we use your Personal Data for
Other than as stated above, we may use your Personal Data for one or more of the following purposes:
(a) to contact our supporters and donors, conduct fundraising campaigns and to raise funds for the Charity;
(b) to analyse information you provide to us so that we can better understand your main interests. This helps us to make communications more relevant to your main interests and make suggestions to you on how you can get involved in our work. Where we have received location information about you, we may use it to tailor our communications to you although we do this in a way that does not intrude on your privacy;
(c) to deal with any comments, enquiries or any requests that you submit;
(d) to send newsletters and other communications about what we and/or the Trust are doing such as new developments, projects and/or campaigns which may be of interest to you by post or phone. As required under applicable law, where we contact you by SMS, email, fax, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent first. You can object or withdraw your consent to receive direct marketing from us at any time, by contacting us using the email address below.
(e) to enforce and/or defend any of our legal claims or rights; and/or
(f) for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
- The lawful grounds on which we collect and process your Personal Data
7.1 We will process your Personal Data for the above purposes relying on one or more of the following lawful grounds:
(a) where you have freely provided your consent to receive e-newsletters and other electronic fundraising communications regarding the Charity and its work;
(b) where – other than where we are required to seek your consent for electronic communications as explained above – we need to use your Personal Data for legitimate purposes relevant to the Charity being able to communicate with supporters, administer our fundraising activities and also manage our affairs. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and, in particular, your right of privacy; and/or
(c) where we need to collect, process or hold your Personal Data to comply with a legal obligation, such a keeping transaction records for tax or accounting purposes.
7.2 If we process ‘special category’ data as referred to under paragraph 5 we will only do this with your explicit consent; or, where you have already publicised such information; or, where we need to use such data in connection with a legal claim that we have or may be subject to.
- Disclosing your Personal Data to third parties
8.1 We may need to disclose your Personal Data to certain third party organisations who are handling that data only on our behalf and in accordance with our instructions under contract (called ‘data processors‘) in the following circumstances:
(a) companies and/or organisations that act as our service providers (e.g. suppliers of IT, communications or data hosting services); and
(b) companies and/or organisations that assist us in processing and/or otherwise fulfilling transactions that you have requested (e.g. payment processors).
In relation to these data processors, we will make sure that they act only in accordance with our instructions and that adequate safeguards are put in place by them to protect your Personal Data in accordance with Data Protection Law.
8.2 We may also disclose your Personal Data to and/or obtain certain Personal Data about you from third party service providers. These third parties will make their own determination as to how they process your Personal Data and for what purpose(s) (and are therefore called ‘data controllers‘). For example:
(a) there are times when we need to check (or reconfirm) the name, date of birth, address and other details of our donors – particularly large donors – for due diligence purposes.
(b) We may also collect publically available information to verify the details of donors.
(c) Some laws and regulations oblige us to disclose information to certain bodies with statutory powers. If at any time you do not provide us with satisfactory information about you or your circumstances required to comply with these laws and regulations, we may not be able to accept your donation.
8.3 The third party data controllers we use may handle your Personal Data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your Personal Data. Since these controller organisations are acting outside of our control, we have no responsibility for their data processing practices.
8.4 Other than as described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you, such as where there is a police investigation.
8.5 In all cases we always aim to ensure that your Personal Data is only used by third parties for lawful purposes and in compliance applicable Data Protection Law.
- International Transfers
9.1 We only collect and process data in the United Kingdom and do not transfer your Personal Data outside the European Union.
9.2 Our website usesGoogle Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
9.3 If we transfer your Personal Data outside the UK, we will only do this with your knowledge and express consent.
10.2 We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Website in order to tailor it to a visitor’s needs. We only use this information for statistical analysis purposes.
10.3 Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us any access to your computer or device nor does it provide us with any personal information about you or who you are, other than the data you choose to share with us if you then decide to enter it on a form or by submitting a message to us.
10.5 When we send you an email, we may use technology to measure the success of the emails we send so we know what stories and titles people like the most. While we can identify who opened an email and the stories viewed, however we do not sell or share this information with anyone else.
10.6 Third party cookies are also used as follows:
(a) Photo/video – We sometimes embed photos and video content from websites such as YouTube, Facebook, Twitter. As a result, when you visit a page with content embedded from such services, you may be presented with cookies from these websites. Our own Website does not control the distribution of these particular cookies. You should check the relevant third party website for more information about these.
(b) Google – These cookies are used by Google to provide different Google services for the user and to collect anonymous data about the user.
10.7 You can choose to accept or decline our Website cookies. Most web browsers (e.g. Google Chrome, Apple Safari or MS Internet Explorer) automatically accept cookies, but you can modify your own browser settings to decline cookies if you prefer. Please note, declining cookies may prevent you from taking full advantage of all the contents on this Website.
10.8 You can find more information about cookies and how to adjust your settings at www.allaboutcookies.org and www.youronlinechoices.eu.
- How long we retain your Personal Data for.
11.1 We only keep Personal Data for as long as we need it. We have a data retention policy that sets out the different periods we retain Personal Data for in respect of relevant purposes in accordance with our duties under Data Protection Law. The criteria we use for determining these retention periods include:
(a) you continuing to have a relationship with us as a donor or supporter;
(b) our need to perform obligations to you (or to enforce or defend contract claims);
(c) various legislative requirements, such as requirements to hold transaction records and Gift Aid information under tax law;
(d) the potential need to refer back to that data in the event there is a future claim or legal dispute; and
(e) guidance issued by the National Health Service (NHS) and relevant regulatory authorities, including but not limited to the UK Information Commissioner’s Office (ICO).
11.2 Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
12.1 We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
12.2 We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data). You should not send any financial information such as full credit card details to us by email.
- Your personal data rights
13.1 In accordance with your legal rights under applicable law, you have a ‘subject access request‘ right under which can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually we will have a month to respond to such as subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond.
13.2 We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request.
13.3 Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
(a) that we correct Personal Data that we hold about you which is inaccurate or incomplete;
(b) that we erase your Personal Data without undue delay if we no longer need to hold or process it;
(c) to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring;
(d) to object to our use of your Personal Data for direct fundraising or marketing purposes;
(e) to object to and/or restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it; or
(f) that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carries out by automated means.
13.4 If you would like to exercise any of the rights set out above, please contact us at the address below.
13.5 If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner’s Office (ICO) – see https://ico.org.uk/.
- Clinical Trial Participants
We will keep your identifiable information and contact details confidential and will not pass this information to other NHS sites or organisations. London North West University Healthcare NHS Trust will use this information as needed, to contact you about the research study, and make sure that relevant information about the study is recorded for your care, and to oversee the quality of the study.
Certain individuals from London North West University Healthcare NHS Trust and regulatory organisations may look at your medical and research records to check the accuracy of the research study.
London North West University Healthcare NHS Trust will only receive information without any identifying information. The people who analyse the information will not be able to identify you and will not be able to find out your name, or contact details.
If you have any queries regarding this Policy or wish to make a further request relating to how we use your Personal Data in connection with our fundraising activities as described above, please contact us at the following address:
Northwick Park Cardiac Research Charity,
Northwick Park Hospital,
Phone: 020 8869 2547