Data Privacy

This policy will be updated shortly to reflect changes to our website arrangements

The Friends of Woking Community Hospital (FWCH) Registered Charity 1178417 Data Privacy Policy

1. Introduction This privacy policy relates to Personal Data, that is to say, data specific to a living natural person (“Data Subject”). These provisions do not apply to deceased persons or organisations. The detail of this policy depends on the Data Subject. One person may be in more than one class of Data Subject, for instance an FWCH member may also be a donor or a contact at the Hospital.

The policy is intended to ensure FWCH’s compliance with UK data privacy law, which incorporates the EU General Data Protection Regulation (“GDPR”). Its wording reflects the terms of that law, under which FWCH is a Data Controller and a Data Processor.

Personal Data can only be Processed (the term is defined as including holding and transmitting, as well as using, data on a limited number of lawful bases, from which the Data Controller can choose one or more.

Purpose of Processing Personal Data The only purpose for which FWCH Processes Personal Data is to enable the activities of FWCH in pursuit of its constitutional objective.

So far as these activities involve use of Personal Data, they are: communicating with members and donors and people within other parties, progressing and checking on payment of subscriptions, and of our own donations and other payments, keeping accounts and archives, reporting in confidence to the Trustees, and claiming Gift Aid tax recovery. The other parties mentioned above are our suppliers, the bodies involved in running Woking Community Hospital, political representatives interested in the Hospital’s affairs, the media, and Attend, which is the body to which we are affiliated.

2. Personal Data on Members Scope and Lawful Basis (a) Legitimate Interest The following Personal Data on Members is Processed on the basis of Legitimate Interest: i. Name ii. Postal Address iii. amount of subscription iv. Standing Order information (where provided), namely name, postal address, bank name and address, bank account number and sort code, amount v. Gift Aid declaration (where provided), namely name, postal address, assertion of tax status

This is justified under GDPR because the information is necessary for FWCH to function satisfactorily, it is only used for that purpose, and its Processing does not prejudice the interests of the Member providing it. The names and postal addresses of Members (which all Members provide) are the least intrusive reliable means of communicating with Members. All Members provide this data. The amounts subscribed are a necessary part of our accounts and of Gift Aid claims. The Standing Order and Gift Aid information is provided only by those Members who choose to do so, and is only used for the specific purpose for which it is provided and, in the case of the Standing Order information, to avoid unnecessary requests for subscriptions.

(b) Consent The lawful basis under which FWCH Processes i. Telephone Number(s)(where provided) ii. e-mail address (where provided) of Members is Consent – which requires demonstrable explicit consent. This consent will be obtained on a form which also allows for consent to be given for FWCH to use the data to communicate with the Member.

The data listed in paras (a) and (b) above is the only Personal Data which FWCH intends to Process on Members, and FWCH intends to obtain this data solely from Members.

3. Personal Data on Donors Most personal donations to FWCH come either directly or through individuals who fundraise for us, either off-line or using websites such as BTMydonate. Where they come directly, the legal basis and scope of the Donor’s Personal Data processed by FWCH is as for Members, except that some donors are anonymous, and some state only their name . Otherwise, the only Personal Data processed by FWCH is that of the fundraiser. In the case of donations in memory of a deceased person, the undertaker normally asks for thanks to be sent to a named relative, and it is that person whose data is processed by FWCH on the same basis as for other donors.

4. Personal Data on Trustees Trustees must also be members. FWCH is legally obliged to hold Declarations from the Trustees in formats prescribed by HMRC and the Charity Commission that they are fit and proper persons to be trustees.

5. Retention of Personal Data on Members and Donors The retention period for the Personal Data on members and donors is mainly determined by the legal requirement to retain accounting and tax records. Principal exceptions are that: i. in the case of donations, FWCH wishes to retain a permanent record. This is believed to be an appropriate mark of gratitude to the donors, and to be harmless to them. ii. In the case of Gift Aid declarations which cover all future donations or subscriptions, FWCH will retain the declarations until we are informed that they are invalid. iii. In the case of Standing Order information, when the first payment has been made under the Standing Order the bank account detail will be destroyed. What will be retained is a note identifying that the member has a Standing Order in place, and the amount payable. Personal Data will be held on paper and/or on personal computers by the Chairman, Secretary and Treasurer as appropriate for their functions.

6. Transfer of Personal Data to Third Parties Names and addresses of Gift Aid donors and members, and the related amounts of donations and subscriptions, will be transferred to HMRC when Gift Aid claims are made. Otherwise, Personal Data will not be made known to any third parties without the explicit consent of the subject person to that particular transaction.

7. Personal Data on other parties involved in our activities – our suppliers, the bodies involved in running Woking Community Hospital, political representatives interested in the Hospital’s affairs, media, and the body to which we are affiliated (Attend)

Lawful Basis The lawful basis for holding this data is the legitimate interests of FWCH. In no case is this believed detrimental to the legitimate interests of the other party. Personal Data held The Personal data held on this class of data subjects may include: name, organisation, role, postal address, telephone number, e-mail address. Purpose The purpose of holding this Personal Data is effective communication between FWCH and the other party. Retention This data will be retained so long as it serves its purpose. Some of it may also be retained within the accounts data which is subject to legal obligations for retention.

8. Personal data on Visitors to the FWCH website There is no facility for visitors to the FWCH website to enter data onto the site, except that they will enter their e-mail address when they use the “Contact” facility. The server on which the site resides, however, logs visits. Server Log data FWCH has a website hosting agreement with a hosting company. Under the contract, FWCH stands as Data Controller for all the Personal Data associated with the FWCH website, including, anomalously in our view, the log data on visitors to the site collected automatically, as is normal practice, by the server. This server log data includes IP addresses, pages accessed, the source of access to the Site, and browser version and operating system of the visitor. We are told that this data is retained for about a month. The server provider may make use of the log data to maintain network security – i.e. in pursuit of their legitimate interests. FWCH has no effective control over the collection, use or deletion of this data, nor will FWCH make any use of it which enables Persons to be identified. NB The above para has been amended in November 2019 to reflect the site being hosted by WordPress.

9. Rights in relation to Personal Data Persons who provide Personal Data have the following rights: i. The right to access one’s personal data ii. The right to have mistakes in one’s data rectified iii. The right to have processing of one’s data stopped while mistakes are rectified iv. The right to have one’s personal data erased v. The right to receive one’s personal data back in a common machine-readable format – in FWCH’s case an xls file. vi. The right to withdraw consent. vii. The right to lodge a complaint with the UK data protection supervisory authority, the Information Commissioner’s Office (ICO). Initial correspondence regarding an individual’s data should be with the FWCH Secretary. If this proves unsatisfactory the matter can be taken up with the ICO . The contact details for both parties are at the end of this paper.

10. Other matters Automated Processing and Profiling There will be no automated processing or profiling of Personal Data. Personal Data on the FWCH website. FWCH will not put Personal Data onto its website, without the specific consent of the Data Subject to each occurrence or related set of occurrences. The only exception, because it is excluded from the constraints of data protection law, is that we will continue to mention people, and show their photographs, in news items, having where possible and reasonable obtained their consent to this. Personal data sent to FWCH FWCH takes control of data sent to it only when it is received. The security of the data up to that point is the responsibility of the sender. In particular, FWCH cannot be held responsible for the security of incoming e-mails until they reach the e-mail boxes of the intended recipient. Electronic communication which could be deemed to be direct marketing In order to comply with Privacy and Electronic Communications Regulations (PECR), FWCH will obtain consent from members and donors for the use of e-mails or telephone numbers to contact them, and will not use text messages or faxes or other electronic means of communication. (Use of the website is not covered by these restrictions).

Contacts for issues related to Personal Data The FWCH contact by email is [ as on the Home Page] If contact with FWCH is believed inappropriate, or has not resolved the issue, the UK supervisory authority for data protection is : the Information Commissioner’s Office (“ICO”). Its contact details are : Wycliffe House, Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113 (local rate) or 01625 545 745 using a national rate number See also its website http://www.ico.org.uk

%d bloggers like this: