Tel: 01723 351421 Email: general@saintcatherines.org.uk

Privacy Policy

  • Data Protection Notification

    Saint Catherine’s is a ‘data controller’ under the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation 2021 (UK GDPR) meaning that ‘We have notified the Information Commissioner (ICO) that we process personal data’. As such, we are registered as a ‘Data Controller with the ICO and our registration number is Z5653082. Full details are publicly available from: 

     

    Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF 

    Website: For the public | ICO 

     

    We can be contacted at: 

    Address: Saint Catherine’s Hospice, Throxenby Lane, Scarborough, YO12 5RE 

    Email: general@saintcatherines.org.uk 

    Telephone: 01723 351421 

     

    The Data Protection Officer is Bruce & Butler 

    The UK General Data Protection Regulation (UK GDPR) is a regulation that the European Parliament, the Council of the European Union and the European Commission have put in place to strengthen and unify data protection for all individuals.  

    The principle of UK GDPR is to give control back to citizens and residents over their personal data and to simplify and clarify how and why information about you might be used. 

    Under the UK GDPR, part of our obligations as a ‘Data Controller’ is to be open and transparent about what data we record and hold about our patients, the security we employ to keep it safe, what we do with it, who we might share it with, how long we keep it, and ultimately dispose of it and the lawful basis under which we process personal data. We also set out your right of access to the data we hold about you. 

    The following pages are set out in what we hope is an easily understood and easy to follow format, but that does not stop you contacting us via the above methods if you have any questions. 

  • Patient Information

    Saint Catherine’s Hospice is a specialist palliative care provider, to be effective and give you the best possible care across all the services we provide, we need to keep important information about our service users, patients and, where appropriate, their next of kin. 

    The privacy and confidentiality of our patient and service user data is an organisation wide priority. We follow the required national approach to this, called Information Governance. This requires us to have effective data protection measures in place, along with the correct processes for the handling of personal and sensitive information about all our service users including patients, fundraisers, donors, volunteers and staff, as well as how we work with any individual, business or organisation that supports us or partners with us in a different way. Correct Information Governance allows information to be managed legally, securely, efficiently and effectively. 

  • Why do we collect Personal Information about you

    To treat patients, fundraisers, donors and any other service users effectively, we collect personal information about your treatment, care and service user history in paper and/or electronic format. 

    Your information is used to ensure: 

    • Staff and services caring for you or managing your interactions within Saint Catherine’s have accurate, up-to-date information to guide provision of the best care or service experience for you 
    • We can contact you in relation to your care and treatment or other service use 
    • Treatment and services we provide meet local community needs 
    • Efficient and effective referral to other services and providers where needed 

     

    Your information may also be used for other purposes such as: 

    • Public health needs 
    • Review and audit of the quality of care we provide 
    • To teach and train healthcare workers 
    • Conduct research 
    • Investigation of complaints 
    • Preparation of statistics to commissioning bodies 
    • Monitoring health budget spending 

     

    If you do not want certain information shared please talk to the person staff providing your care your care. 

     

  • What personal information do we collect and hold

    We collect and hold various types of personal data to fulfil our services and obligations. The information we collect, hold and use is kept to the minimum necessary to achieve the specific purpose required. The types of personal data we may collect and hold include:  

    Personal Identification Information: 

    • Full name and title 
    • Date of birth 
    • Marital status 
    • Address(es) 
    • Telephone number(s) 
    • Email address(es) 
    • Next of kin, carer, and/or family members’ details 
    • Racial and ethnic background 
    • Religious or spiritual beliefs 

     

    Medical Information: 

    • NHS number & hospital number (if applicable) 
    • Medical records and test results 
    • Medications 
    • Troublesome symptoms that you tell us are important to be addressed 
    • Allergies 
    • Disability details 
    • GP’s name and surgery details 

     

    Demographic Information: 

    • Racial and ethnic background 
    • Religious or spiritual beliefs 

     

    Communication Records: 

    • Records of your communications with us, including telephone calls (whether made or received by us for quality, training, and monitoring purposes, including shops) 
    • Meetings and video calls made on platforms such as Microsoft Teams or Zoom (where appropriate) 

     

    Financial Information: 

    • Donation and gift aid information 
    • Bank details (for setting up a standing order or direct debit) 
    • Card payment details (for donations, lottery membership, event entry, or merchandise purchase – card details are held only for a single transaction and are subsequently deleted) 

     

    Other Information: 

    • Information you elect to provide on our website 
    • Confirmation of your health status for so-called ‘extreme’ sports activities (fundraising events) 
    • Any other information you choose to share with us 

     

  • How do we collect personal information

    Personal information may be collected verbally via telephone or face-to-face consultation. Information may be collected electronically via methods including but not limited to online forms or email. Finally, information can be collected in physical written format via the completion of paper forms or submission of letters etc. Personal information may come to us directly or indirectly as below:  

     

    Directly: Personal information comes to us directly when for example you: 

    • Are referred to us as a patient or other service user, either from you, from your family, or from another health care professional involved in your care.  
    • Donate  
    • Register for an event  
    • Join our lottery  
    • Sign up to Gift Aid when donating goods to one of our shops  
    • Register as a Hospice volunteer  
    • Apply for employment  
    • Share your story with us we will collect details that enable us to process or administer our relationship with you.    

      

    Indirectly: Personal information comes to us indirectly when for example you:   

    • Use online fundraising sites – only if you agree to them sending us your details.  
    • Register for an event, or sign up for a newsletter, via our website or Customer Relationship Management (CRM) event pages – the details you submit are collected on our behalf by our website or CRM provider.  
    • Set up a standing order or direct debit – your bank will send us enough details to be able to process and administer your donations.  
    • Agree to let a friend or colleague give us your details when registering for an event. 

     

    The Hospice also utilises Closed-Circuit Television (CCTV) to record images of individuals and vehicles (using licence plate recognition technology) within our premises. We collect CCTV data primarily for the reasons listed below: 

    1. Security and Safety: To ensure the health, safety, and security of our employees, visitors, and service users. 
    1. Crime Prevention: To detect, prevent, or reduce criminal incidents. 
    1. Harassment and Disorder: To address and respond effectively to any form of harassment or disorder. 
    1. Emergency Situations: To aid during emergencies. 
    1. Legal and Insurance Purposes: For defence and support in legal or insurance claims if necessary. 
    1. Incident Investigation: To investigate any incidents or accidents that occur on the premises. 

     

    CCTV images or footage may be disclosed in the following circumstances: 

    • Law Enforcement: When required by law enforcement agencies for investigations. 
    • Legal Proceedings: In legal proceedings or insurance claims. 
    • Internal Investigations: For internal investigations (e.g., disciplinary matters). 

     

    CCTV images and footage are securely stored digitally and accessed only by authorised people.  

     

    Tracking Technologies and Cookies 

    We use Cookies and similar tracking technologies to track the activity on our service and store certain information. Tracking technologies used are beacons, tags and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include: 

    Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies. 

    Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity). 

    Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as You close your web browser. You can learn more about cookies on TermsFeed website article. 

     

    We use both Session and Persistent Cookies for the purposes set out below: 

     

    Necessary / Essential Cookies 

    Type: Session Cookies 

    Administered by: Us 

    Purpose: These Cookies are essential to provide you with services available through the website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. 

     

    Cookies Policy / Notice Acceptance Cookies 

    Type: Persistent Cookies 

    Administered by: Us 

    Purpose: These Cookies identify if users have accepted the use of cookies on the Website. 

     

    Functionality Cookies 

    Type: Persistent Cookies 

    Administered by: Us 

    Purpose: These cookies allow us to remember choices you make when you use the website, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the Website. 

     

    For more information about the cookies used and your choices regarding cookies, please visit our Cookies Policy. 

     

  • How do we use information

    After collection, how we use your personal information significantly depends on the purpose for which it was provided. Examples of some of the ways your personal information may be used, grouped by categories, are provided below:  

      

    Patients, service users and next of kin: 

    • To provide our patients and service users with quality care via our medical and clinical teams.  
    • Confirm who you are when we contact you or when you contact us 
    • Make decisions about your ongoing care and treatment 
    • Make sure your care is safe and effective 
    • Check the quality of your care 
    • Enable us to contact your carer/next of kin as directed or consented to by you 

     

    We may also use your data, in an anonymised format, where you will not be personally identifiable, for one or more of the following purposes: 

    • Check and report on how effective the hospice’s services are 
    • To improve and develop our staff as part of our training programme [you will always be given the option to choose whether to be involved or not and we will only do so with your consent] 
    • To help us manage and plan our services, and to constantly be able to review and improve 
    • Investigate complaints, legal claims or important incidents 
    • As part of a research project, to enable us to continually strive to offer the best possible care [your consent will be required first and you remain anonymous] 
    • Ensure that money is used properly to pay for the services we provide 
    • Make sure our services are planned to meet patients’ needs both now and into the future 

     

    Staff, volunteers and employment applicants: 

    • To administer your employment or voluntary work where you become an employee or volunteer and all that entails with your recruitment.  
    • To process your application for a job or volunteer role with us. 
    • To ensure adequate care is being provided and compliance with the organisations policies and processes.  

     

    Donors & Supporters: 

    • To keep a record of donations you make to Saint Catherine’s Hospice, actions you take, and our communications with you.  
    • To process credit and debit card donations you make.  
    • To process standing order or direct debit payments you make.  
    • To claim gift aid on your donations.  
    • To process your lottery draw entries.   
    • To support community-based fundraising you might be taking part in.  
    • To send you marketing information about our work and fundraising activities.  
    • To create an individual profile for you (including analysing demographic and geographic information) so that we can enhance your experience and relationship with us, understand and respect your preferences, and provide information and details of relevant offers and opportunities where you have agreed to receive them (occasionally we may engage third party organisations such as fundraising agencies to assist us). 
    • To comply with our obligations in accordance with the Fundraising Regulator’s Code of Practice.  

     

    Event participants: 

    • To process your entry for Saint Catherine’s Hospice events, manage your participation and communicate with you about it.  

      

    Retail/shop supporters: 

    • To process your purchase of merchandise from our online shop.  
    • To benefit from Gift Aid in the case of UK taxpayers donating goods for sale and agreeing to Gift Aid.  

      

    All persons: 

    • Our communications with you (provided you have given consent or we have legitimate interests to do so – see legal basis section below) will be tailored to match the contact preferences you have chosen. We will provide an opportunity to ‘opt out’ in our communications to you and you are free to change your contact preferences at any time (please refer to the “What are your rights section” for more information.  
    • To ensure we do not send unwanted information if you’ve informed us you don’t wish to be contacted; 
    • To comply with applicable law and regulations.  
    • To detect and reduce fraud and credit risk.  
    • To seek your opinion about our activities so that we can improve the products and services we offer.  

     

    Saint Catherine’s staff and volunteers are legally obligated to keep patient information strictly confidential. We may keep your information in written form or on computers or computerised system(s). The information held in these systems is primarily used for healthcare, fundraiser, donor and staff management purposes but may also be used for other non-healthcare related purposes. 

  • How do we maintain your information

    Personal information is stored in paper (hardcopy) and on electronic software systems such as SystmOne (patient clinical data), DonorFlex (supporter/donor data) and Staff Care (employee, volunteer data) amongst others.  

    Everyone working for the NHS (and at independent H&SC organisations which are wholly or partly commissioned by the NHS and regulated by the Care Quality Commission) must comply with the Common Law Duty of Confidentiality and related national and professional standards and requirements. Accordingly, we have a duty of care to: 

    • Maintain full and accurate records of the information we hold.  
    • Keep records confidential and secure.  
    • Provide information in a format that is accessible to you. 

     

  • Retention of personal information

    Patient and service users’ personal information is held for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care. Saint Catherine’s Hospice adheres to this and we will keep your personal data only as long as necessary for the purpose it was collected, and to comply with relevant legislation.  

    For example: 

    1. Medical Records: Generally, most health and care records are kept for eight years after the last treatment. This ensures that there is a comprehensive record of the care provided, which can be important for ongoing legal purposes.  
    1. Deceased Patients: Records of deceased patients are typically retained for eight years after death allowing for any necessary follow-up actions, such as audits or investigations to be completed. 

     

    Note: Saint Catherine’s is in the process of going paperless and therefore medical records will be kept digitally. Digital records are not destroyed after eight years retention like paper records would be, instead, these are archived within the electronic system. Destruction of personal data which has expired or for which we no longer have a compelling justification to retain is achieved via shredding of paper documents by an accredited waste destruction company or by wiping of data prior to secure disposal in the case of digital information.  

    More information on The NHS Records Management Code of Practice for Health and Social Care can be found at: 

    Records Management Code of Practice – NHS Transformation Directorate 

     

  • Security of your information

    Saint Catherine’s take our duty to protect your personal information and confidentiality seriously. We place it as an organisation wide priority and are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible. This applies to both computerised and paper records. 

    Various roles within the organisation are responsible for this and between them, they are  responsible for the Use, Processing, Security and management of patient information and patient confidentiality. These roles include the following:   

    • The  Senior Information Risk Owner (SIRO) 
    • The Caldicott Guardian  
    • The Data Protection Officer  
    • The IT Manager 

     

    We also have governance committees that span the activity of Saint Catherine’s. These committee’s meet regularly, with part of their remit being to ensure all staff are aware of their information governance responsibilities, that Saint Catherine’s follow best practice guidelines, ensure the necessary safeguards and appropriate use of person-identifiable and confidential information are in place, followed and maintained. 

    All staff are required to undertake annual information governance training and are required to protect your information and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. 

    Additionally, all working at, or for Saint Catherine’s is subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by you as the data subject unless it is required or permitted under the UK GDPR or other legislation. 

     

  • Information sharing

    Sharing of sensitive personal information is strictly controlled by the UK GDPR. Saint Catherine’s is committed to informing you about who we share your information with. 

     

    Internal Sharing: Our clinical and administrative staff share your records to optimize your care and treatment. This includes those providing counselling, emotional, and spiritual support. Any staff member directly involved in your care is deemed to have a legitimate interest in your data. Sensitive data that you have consented to share will only be available to those you have nominated, unless required by the UK GDPR. 

     

    External Sharing: Your records may be shared with other healthcare professionals or organizations, such as your GP, consultants, or referring hospitals. Information may also be shared with trainee healthcare professionals for training purposes unless you withhold consent. 

    We may be required to share certain information with management or governing bodies, such as the Integrated Care Boards (ICB) and the Care Quality Commission (CQC). This data will only be used for audits, public health, and standards regulation. 

    When we transfer information, we ensure it is done securely and confidentiality is maintained, as required by the UK GDPR. We will never share recordings of telephone calls or transcripts with any third party without the explicit consent of all participants. 

     

    Sharing Your Information with Other Healthcare Providers and Organizations: We commonly provide information to your GP, hospital consultant, and other healthcare organizations involved in your care. We communicate by letter or email, providing referral details and discharge summaries. We usually ask if you would like a copy, and if so, we will send you one. 

    You have the right to consent to this sharing. If you have any concerns or reservations about sharing your information with a particular professional or organization, please discuss this with your clinical team. We will respect your decision. 

     

    Sharing Information Without Your Consent: There may be times when we are required by law to share your information without your consent. For example, if there is an infection control risk, a request from the CQC for audit data, a formal court or police order, or where a crime has been committed. Such exemptions are covered under the UK GDPR, and in these cases, we may be unable to respect your wishes not to share your data. 

     

    What is our legal basis for processing your personal information?  

    When our hospice handles your personal information, we follow strict rules to ensure your data is used lawfully and fairly. These rules are part of data protection laws, such as the UK GDPR. One key aspect of these laws is the legal basis for processing personal data. This means there must be a valid reason for using your information. 

    Here are the main legal bases explained in simple terms: 

    1. Consent: You have given clear permission for your data to be used for a specific purpose. For example, you might agree to receive event information from the hospice. 
    1. Contract: Your data is needed to fulfil a contract you have with us. For instance, if you sign up for a service, we need your information to provide that service. 
    1. Legal Obligation: We must use your data to comply with the law. This could include reporting certain health information to government authorities. 
    1. Vital Interests: Your data is used to protect someone’s life. For example, in a medical emergency, sharing your health information could be crucial. 
    1. Public Task: Your data is used to perform a task in the public interest or as part of our official duties. This might involve public health activities. 
    1. Legitimate Interests: We have a valid reason to use your data in a way that you would reasonably expect, and it doesn’t override your privacy rights. For example, using feedback to improve our services. 

     

    Additional legal bases for processing special category data 

    Special category data includes sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (for identification purposes), health data, and data concerning a person’s sex life or sexual orientation. To process this data lawfully, we must identify both a lawful basis under Article 6 of the UK GDPR and a separate condition under Article 9. Here are the conditions under Article 9: 

    1. Explicit Consent: You have given explicit consent to the processing of your special category data for one or more specified purposes. 
    2. Employment, Social Security, and Social Protection: Processing is necessary for carrying out obligations and exercising specific rights in the field of employment, social security, and social protection law. 
    3. Vital Interests: Processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent. 
    4. Not-for-Profit Bodies: Processing is carried out in the course of legitimate activities with appropriate safeguards by a foundation, association, or any other not-for-profit body with a political, philosophical, religious, or trade union aim. 
    5. Public Data: Processing relates to personal data which are manifestly made public by the data subject. 
    6. Legal Claims: Processing is necessary for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity. 
    7. Substantial Public Interest: Processing is necessary for reasons of substantial public interest, based on Union or Member State law. 
    8. Healthcare: Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services. 
    9. Public Health: Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and medicinal products or medical devices. 
    10. Archiving, Research, and Statistics: Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes. 

     

    For a hospice, the main legal bases for processing personal data typically include: 

    1. Consent: Obtaining clear permission from patients or their representatives to use their data for specific purposes, such as receiving newsletters or participating in surveys. 
    2. Contract: Processing data to fulfil contractual obligations, such as providing healthcare services to patients who have signed up for hospice care. 
    3. Legal Obligation: Complying with legal requirements, such as reporting certain health information to government authorities or maintaining records for regulatory purposes. 
    4. Vital Interests: Using data to protect the life of the patient or another person, especially in medical emergencies where sharing health information is crucial. 
    5. Public Task: Performing tasks in the public interest or as part of official duties, such as public health activities or community outreach programs. 
    6. Legitimate Interests: Using data in ways that patients would reasonably expect and that do not override their privacy rights, such as improving services based on patient feedback. 

     

    For processing special category data, a hospice might rely on: 

     

    1. Explicit Consent: Obtaining explicit permission to process sensitive data, such as health information. 
    2. Healthcare: Processing data for the purposes of preventive or occupational medicine, medical diagnosis, or the provision of health or social care. 
    3. Vital Interests: Protecting the vital interests of the patient or another person in situations where the patient is unable to give consent. 
    4. Legal Claims: Processing data necessary for the establishment, exercise, or defence of legal claims. 
    5. Public Health: Processing data for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health. 

     

  • What are your rights

    Under the Data Protection Act (2018) and related legislation, you have several rights regarding your personal data: 

    • Rectification: If any information we hold is inaccurate or incomplete, you can request its correction or update. We encourage you to notify us promptly if your personal details change. 
    • Erasure: You can request the deletion of your data under certain conditions, such as when there is no longer a need for us to process it and the minimum retention period required by law has passed. This is also known as the “right to be forgotten.” 
    • Restriction: You can ask us to limit or restrict the processing of your data where appropriate. 
    • Objection: You can object to the processing of your data and how it is used. Unless there are overriding safety or safeguarding issues, this will usually result in the immediate suspension of data processing until a mutual agreement is reached. 
    • Portability: You can receive your data in a structured, commonly used format and request us to transfer your personal information to another organization in a safe and secure manner, provided we can do so. 
    • Access: You can request access to your personal data verbally, in writing or by completing a Subject Access Request (SAR) form, which we can provide upon request. This request can also be submitted digitally via email. Proof of identity must be supplied.  

     

    • There is no fee for SARs unless the request is manifestly unfounded, disproportionate or excessive and we aim to respond within one month.  
    • In addition to subject access requests, under the Access to Health Records Act (1990), specific individuals can request access to the health records of a deceased person, provided they are the Executor or Executrix of the will, an Administrator of the Estate, or someone with a claim arising from the deceased’s estate. Proof of this status must be provided. 
    • You or your legal representative can request access to the data we hold about you. This can be done informally during a consultation or formally by calling or writing to us. Adequate authorisation will be asked for before any request can be fulfilled.  

     

    To make an application, please contact us using any of the following methods:  

    Email: general@saintcatherines.org.uk / Information.Governance@saintcatherines.org.uk 

    Phone: 01723 351421 

    Mail: The Data Protection Officer, Saint Catherine’s Hospice, Throxenby Lane, Scarborough, YO12 5RE 

    • Raise a Complaint: If you have concerns about how we handle your personal data, you have the right to make a complaint. To do this, please contact us directly with as much detail as possible, and we will acknowledge your complaint within two working days. We aim to investigate and respond within two weeks. If more time is needed, we will inform you of this. A senior manager, the Data Protection Officer (DPO) or Chief Executive will provide a full written response. Regardless of who the responder is, the Chief Executive will be informed of all complaints. If your complaint is upheld, we will explain the steps we are taking to prevent it from happening again.  

     

    To raise a complaint, please contact us via:  

    Email: general@saintcatherines.org.uk  

    Phone: 01723 351421 

    Mail: Saint Catherine’s Hospice, Throxenby Lane, Scarborough, YO12 5RE 

     

    If you are not satisfied with our response, you may write to the Chief Executive or the Chair of the Board of Trustees at the same address. 

    Contacting the Information Commissioner’s Office (ICO) 

    The ICO regulates data protection practices. For advice on information governance and personal data, or if you are not satisfied with our response to your complaint, you can contact the ICO: 

    Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF 

    Website: https://ico.org.uk/  

     

  • Information for job applicants

    Saint Catherine’s will process information provided by applicants for the management of their application and the subsequent selection process. This involves providing details to the short-listing and selection panels. Other details are kept helping fulfil our obligations to monitor equality and diversity within the organisation and in the application process. You can find more information about the use of personal data throughout the application process.

    Information will be retained on interview performance and the application in line with the retention periods of Saint Catherine’s. Our HR Department can provide you with more information should you have further questions on how we might use your personal information as an applicant. 

  • Supporter information

    As a registered charity, Saint Catherine’s Hospice is reliant on the support of businesses and other organisations and individuals who so generously donate and/or fundraise for us. We securely store all records and personal information about our donors and fundraisers on a data management system called DonorFlex. This information is kept strictly confidential and in accordance with the Data Protection Act 2018. 

    The DonorFlex database is completely separate from and has no interaction with any clinical system or how we manage patient information.  

    Your permission and authorisation (explicit consent) must be given before we can record your personal information on our supporter database and there is no access to any medical information if you are also one of our patients. 

    We will always ensure we respect your preferences on how and when we contact you. 

  • What if I do not want you to keep information about me

    You always have a choice and the right to change your mind or preferences at any time.
    However, for those under our care [patients, carers or family members] failure to provide ‘necessary’ medical and personal information could result in us being unable to care for you. Your safety and appropriate care and treatment means we must maintain an accurate record of necessary information about you. 

    If you have any concerns about providing information or how we share it with other healthcare providers, please discuss this with our staff who are here to support you in any way they can and to elevate any concerns you might have.  

    For those wishing to work with us or for us, failure to provide the necessary information could result in us being unable to process your application or bid to partner/work with us. 

 

 

Copyright © 2026 Saint Catherine’s Hospice. Charity Reg. No. 284701