Jersey Hospice Care – Data Processing Notice

We are Jersey Hospice Care (Jersey Charity Number AJC 075), a charity that provides specialist palliative care for anyone who requires it, irrespective of the reason. In respect of personal data we process, we are also a Controller, as defined in the Data Protection (Jersey) Law 2018 (‘DPJL’), the law that we follow in Jersey for data protection matters. We take the governance and security of all personal data in our possession very seriously. This Notice sets out how we do that.

If you have any queries relating to how we approach our obligations under the DPJL, then please contact us at our registered address below or alternatively by emailing our Data Protection Officer at dataprotectionofficer@jerseyhospicecare.com

Our registered office address is:
Jersey Hospice Care
Mont Cochon
St Helier
Jersey
JE2 3JB

More information about your rights and our responsibilities under the JDPL can be found on the website of the Jersey Office of the Information Commissioner (our regulator in respect of data protection) at www.jerseyoic.org

We are required and are committed to processing all personal data in accordance with our obligations under the DPJL. Personal data is any information that identifies or can identify a natural, living person. Essentially therefore, data protection is about people protection.

The DPJL requires that personal data (ie personal information) shall be:

• Processed fairly, lawfully and transparently
• Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
• Limited to what is necessary for the purposes
• Accurate and where necessary up to date
• Kept only for as long as necessary for the purposes
• Processed with appropriate security

These are commonly known as Data Protection Principles. As the Controller we are accountable for ensuring compliance with these Principles.

We collect personal data for a number of different specific and lawful purposes, including, but not limited, to:

• Medical purposes, including the provision of care, treatment and/or services - we collect and hold information about patients and next of kin to enable us to give the correct care and treatment and to contact you and your loved ones
• Education – we collect and hold information on those who attend our courses
• Support for Jersey Hospice Care - we collect and hold information from donors and supporters so that, with their permission, we can inform them of how their support has helped Jersey Hospice Care and the surrounding community
• Website statistics - we automatically collect technical data from visitors to our website (using cookies) to ensure that content from our website is presented in the most effective manner for you and for your computer
• Visitors to Clarkson House - we collect identifying information from all visitors to our premises to ensure safety and security of everyone on site
• Visitors to our retail premises via CCTV – for security and health and safety purposes
• Employees and volunteers including Trustees of Jersey Hospice Care – as an employer, we collect and maintain information for the administration of human resources

Lawful basis

Personal data may only be collected and processed where there is a lawful reason to do so. We will collect personal information for a number of purposes as set out above, and each time we will consider our reason for doing so from the list below:

• Consent
• Contract
• Vital interests
• Public functions
• Legitimate interests

Where special category personal data are processed for the purposes set out above, we use a different list to consider our reason for doing so, which includes:

• Consent
• Other legal obligations
• Employment and social fields
• Vital interests
• Non-profit associations
• Public functions or Public interest
• Medical purposes
• Public Health
• Archiving and research
• Avoidance of discrimination
• Prevention of unlawful acts
• Protection against malpractice and mismanagement
• Counselling
• Insurance and pensions

We collect personal data at different points in time, including, but not limited, to:

• When our services are accessed by patients and other service users
• When you sign up for one of our courses
• When visiting our website to make a donation, sign up to an event or buy one of our products
• When you contact us to make a donation, sign up to an event or buy one of our products
• When we are contacted by you by any means with queries or complaints
• When you visit Clarkson House
• When information is required for health and safety purposes eg if there is an accident at any of our premises, and we need to complete an accident form
• When applications for a role with us are submitted (via website, post or using an agency)

To make our website work properly, we sometimes place small data files called cookies on your computer or device. Most websites do this too.

What are cookies?

A cookie is a small text file that our website saves on your computer or mobile device when you visit one of our sites. It enables our website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

Click here to find out more about how we use Cookies

We collect different elements of personal information depending on the purpose, as outlined above. Because of this, we provide a short data processing statement whenever we collect personal information (this is known as a data collection point) explaining a few key things specific to that particular data collection. This will include letting you know if your data is likely to be transferred outside of the EEA, for example where the relevant server holding the information is outside this area.

Only information which is relevant and necessary for the intended purpose is collected (ie the minimum amount that we need).

In some circumstances, we need to collect and process special category data (this is data which is particularly sensitive, such as health data) and all such information is afforded a higher level of protection.

Further details of how we deal with health records can be found here.

We take our obligations under the DPJL seriously, having robust policies and procedures in place to ensure that your information is protected and kept confidential. These include:

• ensuring access to systems containing personal information is restricted to only authorised staff who needs access in order to carry out their duties
• ensuring secure access to all transactional areas of our websites
• using appropriate technical and organisational measures (such as those specified by Cyber Essentials) to protect your information against unauthorised or unlawful use and against accidental loss, destruction, or damage
• appointing a professional IT company to ensure our systems are protected, secure, and appropriately backed up
• appointing a Data Protection Officer to monitor our compliance with the DPJL, and to advise, train, and educate staff (including temporary staff and volunteers) on our Data Protection and Cyber Security obligations if they process your personal information

We will not disclose your personal information except where we have a lawful basis for doing so and we will not sell or rent your personal information to third parties.

Using the services of Processors

In order to provide our products and services, we may occasionally appoint someone else to process your personal information on our behalf. These may include organisations who support us with Information technology (‘IT’), event administration (such as Eventbrite), recording Donors and Volunteers information, incident reporting and secure destruction of data.

When you are using our secure online donation pages, your donation is processed by a third-party payment processor who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We only keep your information for as long as is necessary for the purpose for which it was collected. This is known as the retention period. We have an internal record of the personal information that we hold (known as a Data Inventory) and a Record Retention Schedule which sets out for how long each type of record will be held. At the end of the retention period your information will be securely deleted.

It is important that the information that we hold is accurate and, where necessary, kept up to date, so please let us know if anything changes.

You have certain legal rights regarding what we do with your information including getting access to your information, the right to withdraw any consent you may have given us eg if you have provided your details for marketing purposes, and the right to complain to a supervisory body. Full details are provided at www.jerseyoic.org.