Raise is committed to protecting your privacy. We are conscious of our responsibilities under the General Data Protection Regulations 2018 (GDPR) and we endeavour to ensure that the personal information we obtain will always be held, used and otherwise processed in accordance with those regulations and all other applicable data protection laws and regulations.
This statement explains how we will handle the personal information you provide to Raise. We may periodically modify, add or remove sections of this privacy statement so you may like to check this page from time to time.
Categories of personal data: what personal information do we collect?
Personal information is information that can be used to identify you. It can include your name, date of birth, email address, postal address, telephone number and credit/debit card details. We collect some personal information when you donate money, undertake fundraising activities, ask about our activities, order products and services (such as publications and email newsletters), or otherwise give us personal information online, in paper or electronic form, over the phone or face to face.
We only collect your debit/credit card details if you provide them to us to make a donation. The card details are redacted or destroyed once the donation is processed. We only collect bank account details if you set up a direct debit or standing order payment for regular donations to us. These details are held securely.
By giving us your personal details you agree that all personal data you submit may be processed in the manner and for the purposes described below.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you, including geo-demographic information and measures of affluence, when it is available from external sources to help us do this effectively. This helps us understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. If you do not wish your data to be used in this way or have questions about this, please get in touch with the charity office.
To comply with our legal obligations under CC20, as well as regulation such as the Charity Commission’s Know Your Donor Policy and the Fundraising Regulator’s Code of Practice, we may also undertake due diligence research to assess the source of funds for donations and to ensure that we are robustly considering ethical and reputational risks to our organisations. We consider this processing to be a legal obligation and thus are relying on this as a lawful basis for processing data under GDPR.
Why and how do we use your information and keep it safe?
We process your data as described in this policy because we have a legitimate need to do so to deliver our fundraising ambitions. Some processing of data may be carried out to perform a contract with you or it is required by law, such as the completion of due diligence or obligations for processing Gift Aid on your donations. We would only use your email or text information to contact you about fundraising and marketing if we have consent to do so and you will always have the opportunity to opt out of communication from any channel at any time.
We do not and never will sell or swap your data. We will use your personal information to provide you with the support or information you have requested, for administration purposes and to further our charitable aims, including for fundraising activities. We may need to share your information with our service providers such as external mailing houses that process our appeals. We have strict data protection arrangements in place with these fulfilment organisations and they will comply with GDPR regulations too.
Any information we collect is stored and processed in the UK apart from our e-newsletter service provider who is based in the US and covered by the Privacy Shield Framework. We reserve the right to share your personal information if we are legally obliged to and to enable us to apply our terms and conditions and other agreements. This includes exchanging information with other organisations for fraud and credit risk reduction and for police investigations.
We will ensure that there are appropriate technical controls in place to protect your personal details and our hospitals’ network is protected and routinely monitored.
How we collect information about you
We collect information about you in the following ways:
When you give it to us directly – You may give us your information when you sign up to one of our events, tell us your story, make a donation or communicate with us. Sometimes, when you support us, your information is processed by an organisation working for us (such as a mailing house), but we are responsible for your data at all times.
When you give it to us indirectly – Your information may be shared with us by independent organisations, for example fundraising sites like JustGiving. These independent third parties will only do so when you have indicated that you wish to support Raise and with your consent. You should check their privacy policies when you provide your information to understand how they will process your data.
When you give permission to other organisations to share it, and depending on your settings or the privacy policies for social media and messaging apps like Facebook and Twitter, you might give us permission to access information from those accounts or services.
We may combine information from these sources with that which you provide to us directly. We also use this information to gain a better understanding of our supporters to improve our fundraising methods, products and services.
The accuracy of your data and keeping it up to date
We ask that you please let us know when you move house or change your contact details, then we can keep our records up to date. If mail (postal or electronic) addressed to you is returned to us as ‘moved away’ (or something similar) then we may use publicly available sources, such as the Post Office’s National Change of Address database, to double-check and update your details.
While we endeavour to ensure that the information we hold about you is accurate and, where necessary, kept up to date, we shall assume that in the absence of evidence to the contrary, the information you provide us with is accurate. Should there be any inaccuracies in the information of which you inform us, or of which we become aware, it shall be promptly rectified by us.
How long will we keep your data?
We will keep your information active for as long as required to enable us to operate our services, but we will not keep your information active for longer than necessary. We will take into consideration our legal obligations and tax and accounting rules when determining how long we should keep your information active.
In most cases, this will mean your data remains active for two years after your last interaction with us. An interaction could be making a donation, attending an event, contacting our office, or opening an email from us – anything that implies that you are still interested in our fundraising. After this time, we will cease to use your data to contact you.
However, in some cases there will be reasons for your data to remain active after this time: for example, if you have claimed Gift Aid and we need to hold your details for tax purposes. In this case, we will cease to send you marketing communications after the initial two year period since your last interaction with us, and will only continue to use your data for administrative purposes.
If you have pledged a legacy gift, it will be necessary to retain your data until your gift is received, so that we can identify the gift against the pledge.
We may contact you by mail from time to time, to keep you up to date with hospital news, appeals, events and how supporters like you are transforming patients’ lives. We invite you to tell us how you want us to communicate, in ways that suit you. We will also include information on how to opt out of future marketing. If you don’t want to hear from us, then we understand.
If we run an event in partnership with another named organisation then your details may need to be shared. We will be very clear what will happen to your data when you register.
We do not have access to patients’ health records.
If you are aged 16 or under, please get your parent or guardian’s permission before giving us your personal details.
You have the right to:
- update or amend the information we hold about you if it is wrong
- change your communication preferences at any time
- request a copy of the information we hold about you
- ask us to remove your personal information from our records
- object to the processing of your information for marketing purposes
- raise a concern or complaint about the way in which your information is being used
If you wish to talk through anything in our privacy statement, please contact Raise office where the Director will be happy to help.
Complaints, comments and compliments
If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services. If you would like to make a complaint, compliment or comment then please get in touch with the Charity Director.
Raise (West Hertfordshire Hospitals Charity)
Sycamore House, Watford General Hospital
We recognise there may be times when you would like an independent body to investigate your concerns. The Fundraising Regulator is the independent regulator of charitable fundraising and one of its roles is to investigate cases where fundraising practices have led to significant public concern. In order to ask the Fundraising Regulator to investigate, you must first have given us the opportunity to resolve your concern or complaint through our own internal processes.
The Fundraising Regulator
167 City Road
London, EC1V 1AW
0300 999 3407