Privacy Notice

This privacy notice sets out how Douglas Macmillan Hospice (DMH) uses and protects personal information collected.

DMH is committed to ensuring that an individual’s privacy is protected under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) in force from 25th May 2018.  Specifically regarding information collected, by which an individual can be identified.

DMH may change this notice when necessary by updating this page.  You should check the latest version from time to time to ensure that you are content with any changes.

Please click here if you would like the privacy notice as a printable copy.

This privacy notice tells you what to expect regarding personal information collected:

We will require your personal identifiable information if you:

  • are patient accessing care services
  • are next of kin to a patient
  • support or engage with us by participating in events, initiatives and/or campaigns
  • donate money, services or goods to us
  • apply for a job
  • hold a contract of employment with us
  • apply for a volunteer role
  • volunteer your time on a formal basis
  • provide goods or services to us
  • make an enquiry or complaint
  • historically were engaged with us in a way detailed above

We may collect the following information:

  • Name and title
  • Contact address for personal and business use
  • Email address for personal and business use
  • Job title
  • Demographic information such as postcode
  • Other information relevant to the relationship held with the organisation
  • Financial information such as Credit/Debit card details
  • Date of birth
  • Gender
  • Next of kin and their contact details
  • Your association with the organisation e.g. staff, volunteer, patient, carer, donor (not exhaustive)

Additionally if you are a patient, we may collect information concerning your personal demographic data including ethnic origin, spiritual preferences and contact details regarding your carers and/or family members.

If you apply for a paid job or volunteer role we will request information regarding previous employment, education, and personal demographic data including ethnic origin.

We will collect your information on either paper, electronic forms or via the web and subsequently record and store this information on electronic information systems whenever you interact with us.  This may be when:-

  • Supporting and/or donating towards funding the care we provide
  • Registering for an event/campaign
  • Buying goods in our shops
  • Enquiring about our care services and accessing our care services
  • Applying for a volunteer role
  • Applying for a job
  • Working or volunteering for us
  • Submitting a general enquiry
  • Joining our Lottery
  • Participating in Retail Gift Aid Scheme
  • Making a complaint

We require this information to understand your requirements regarding your relationship with us and provide you with an excellent service, and in particular for the following reasons:

  • keep our information systems fit for purpose
  • meet employment and other contractual obligations
  • to improve our services
  • communicate with you for the reason given at the point of collecting your information
  • communicate with you when you opt in to receiving specific or general marketing information
  • observe your opt in preferences regarding email, phone or text
  • process your information for the reasons given at point of collecting your information

DMH is committed to ensuring your information is kept safe and secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to keep safe and secure the information we collect online and off line.  We use sector approved secure electronic databases to protect and store your personal information.

Specifically, financial information such as Credit/Debit card details collected online and off line are securely processed through our financial service provider, SAGE pay to the most up to date PCI DSS standards, and all card details recorded in a paper based form will be destroyed once the process is completed, using a cross shredder at DIN Level 4.

Information collected to facilitate sales transactions using card readers is similarly securely processed through our financial service provider, SAGE pay, and information on receipts is encrypted using industry standard methods.

We will never retain your financial information within our electronic database without applying encryption security.

We will only retain your information for the purpose it was collected, as stated at the point of collection. Your information will be kept for the period of time the purpose it was collected dictates and/or as long as we are legally bound to keep it – such as HMRC regulations.

We will never sell, distribute or lease your personal information to third parties.

We will only share your information with other healthcare services, when required as part of care being received.

We will only share your information with any other third party with your permission.

Data Subjects may request a copy of all information being held at any point and this will be provided in excel spread sheet format.  A formal written request will be responded to within 28 working days, which may be extended, if the request is numerous or complex, to 2 months.

Formal requests can be made in writing or using the Data Subject Access Request form provided at the end of this notice.

Where information being held is thought to be inaccurate, corrections will be made upon receipt of notification of the correct information by one of the contact options listed below.  We will correct any information found to be incorrect or remove information thought to be inaccurate.

Contact options:

  • By Phone – 01782 344300
  • By Email –
  • By post or in person: DMH, Barlaston Road, Stoke-on-Trent, ST3 3NZ

We have CCTV cameras in place around the hospice site in Barlaston and in one of our shops Meir. The footage recorded will be stored for 30 days before it overwrites itself.  In particular circumstances such as an investigation we may have need to keep a copy of the footage(s) for evidence. Once an investigation is completed the recordings will be securely destroyed.

Before we use any individual’s photographs and images we make sure we have obtained full consent from the individual, using appropriate consent forms.  We will ensure that these are captured and used, fairly and lawfully.

All photos and image recordings which include mean an individual can be identified will be treated the same way as any other format of personal data.

We will observe the requirement to have at least one of the six recognised lawful basis for processing data (personally identifiable information) always upholding an individual’s rights and interests, namely:-

  • You have given consent
  • We believe there is a legitimate interest
  • A contract exists between you and DMH
  • We are legally required, entitled or instructed to do so
  • We believe there is vital interest to protect someone’s life
  • Deemed to be lawfully in the public interest and part of our formal basis

If you are under 18 we will require permission from your parent or responsible guardian before we can collect any personal information about you; if we collect personal information from you unknowingly without such consent this will be immediately, securely destroyed.  We will also attempt to inform your parent or responsible guardian of this breach in our policy.  Therefore please ensure you have obtained consent from your parent or responsible guardian, and can demonstrate this at the point of giving any personal information to us.

The Hospice takes seriously the vulnerability of some individuals in society and continually raises the awareness of its representatives through training and informal conversations.  We will endeavour to recognise situations regarding vulnerable adults when they occur in relation to information collection activities and may refer to a carer or 3rd party agent to ensure an individual’s privacy is protected.

This privacy notice and any associated Data Protection Policies are approved by the Senior Executive Group and Trustee Board of DMH and reviewed at 3 year intervals, as a minimum.

The notice will be posted on our website, notice boards on our premises, our internal intranet and produced as a hard copy on request.

This notice can be made available to you in an alternative format that suits your specific needs upon request, such as a different language, brail or an auditory format.

Version 1 – 01/06/18

Please click here to open the Data Subject Access Request form.