The Hospital of St Mary the Virgin (Rye Hill and Benwell) Almshouses Charity
Data Privacy Notice
Approved by Trustees: September 2018
Next Review: not later than September 2021
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).
Who are we?
The Board of Trustees of the Hospital of St Mary the Virgin (Rye Hill and Benwell) is the data controller. This means we decide how your personal data is processed and for what purpose.
How do we process your personal data?
The Hospital of St Mary the Virgin (Rye Hill and Benwell) complies with its obligations under GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of personal data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data (see “Storing your personal data” below:
We use your personal data for the following purposes:
• To keep you safe by having knowledge of your medical conditions and Doctor contact
• To have knowledge of your next of kin contact in case of emergency
• To manage our employees
• To maintain our own accounts and records
• To regularly update and inform our Trustees and Clerk
What is the legal basis for processing your personal data?
• Processing is necessary for carrying out statutory obligations under employment and company/Charity law
• Processing is necessary for statutory communication with Housing Benefit and Council Tax offices
• Processing is necessary for carrying out obligations under social security and/or social protection law
• Processing is necessary for day to day running of the Almshouses
• The processing relates only to residents, former residents, employees and, in emergency situations, next of kin and legal representatives
Sharing your personal data
Your data will be treated as strictly confidential and will only be shared with others where we are legally required to do so by law. Your data will not be disclosed to third parties without your consent.
Storing your personal data
Your data is stored in a locked filing cabinet in the Business Manager’s office and a copy is kept in a locked cabinet the Warden’s office/home and the key is available only to the Business Manager, Warden and the Chair and Clerk to the Trustees. Your data is also stored electronically on the main computer in the Business Manager’s office which is passworded, Firewalled and virus protected and stored on encrypted memory sticks held by The Chair and The Clerk to the Trustees.
How long do we keep your personal data?
Your data is kept for as long as is necessary to comply with UK Company law and Inland Revenue requirements and residents’ data is kept for as long as is necessary for transferring or handing over residency/care to others or to notify Housing Benefit and Council Tax Offices of new address.
Your rights and your personal data
• Unless subject to exemption under GDPR, you have the following rights with respect to your personal data:-
• The right to request a copy of your data held by us
• The right to request that we correct any mistakes in data or to request that it is updated
• The right to request that your data is erased where it is no longer necessary to be retained by us
• The right to withdraw your consent to processing at any time
• The right to request that the Data Controller provide you with your personal data and where possible to provide data directly to another Data Controller (known as the right to data portability)
• The right, were there is a dispute in relation to the accuracy of the data to request a restriction is placed on further processing
• The right to object of the processing of data
• The right to lodge a complaint with the Information Commissioner’s Office
If we wish to use your personal data tor a new purpose, not covered by this Data Protection Notice, then we will provide you with revised notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the Business Manager
You can contact the Information Commissioner’s Office on 0303 1231113 or via email at https://ico.org.uk/global/contact-us/email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF