Southmead Hospital Charity is the official NHS charity for North Bristol NHS Trust (NBT) and supports the Trust in a variety of ways, through donations and fundraising across these five areas:
Donations are given to support the above five areas over and above the levels already provided by the NHS Trust.
Southmead Hospital Charity is committed to protecting your personal information and respecting your privacy and we take our data protection responsibilities very seriously. This policy explains how we collect, use, store, and share your personal information.
We promise to keep safe any personal data you share with us, or that we receive from other organisations. When we collect data from you, we will be clear and transparent about how we use that data.
Collecting and using information from our fundraisers, donors and supporters allows us to develop a better understanding of our supporters which informs how we can fundraise more efficiently and communicate with you better, ultimately enabling us to raise more money and support more services at North Bristol NHS Trust.
Collecting and using information from NBT colleagues enables us to manage donations and deliver charitable projects more effectively.
If you would like to receive communications from us about the work that we do, the projects that we fund and ways to fundraise or support us please opt in via www.southmeadhospitalcharity.org.uk/keepinformed.
By using our website, social media, online fundraising platforms or providing us with any personal information we will assume you are agreeing to your information being used and disclosed in the ways described in this policy.
In carrying out our activities we process and store personal information relating to our fundraisers, donors, supporters and NBT staff, and are required to be compliant with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
We ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations.
Under the Data Protection Act 2018 and the GDPR, we will ensure that personal data:
Personal information is information that can be used to identify you. We currently collect and process the following information which can include the following:
We may need to collect sensitive personal information regarding your health or fitness when participating in an event to ensure we provide safe and appropriate facilities for you. We may also collect health information if you tell us about your experiences of the hospital and health services provided by North Bristol NHS Trust – for example if you provide a case study for us or act as an example of good care.
With your consent we may use your image in our fundraising materials, on social media or on our website.
We sometimes collect personal information from public sources, for example when conducting high value fundraising research. This is explained in more detail below.
Southmead Hospital Charity processes data to fulfil its charitable objectives in line with UK Data Protection law.
All data processing is undertaken under the appropriate legal basis. For example, data may be processed to perform a contract if you have signed up for an event or service or to fulfil legal obligations such as retaining Gift Aid records or completing due diligence.
We may collect your information for a number of reasons, including but not limited to:
Direct Marketing refers to communications which contain advertising or marketing material. Direct Marketing is covered by section 122 (5) of the Data Protection Act 2018 with electronic forms of marketing being covered by the Privacy and Electronic Communications Regulations (PECR).
With your consent we may contact you by email to ask for support or donations, or to provide updates on the impact the Charity has made.
Where we believe you’d reasonably expect contact from us, and it doesn’t override your rights we may send you marketing in the post or call you on the phone, using the lawful basis of ‘Legitimate Interests’. You will always be given the chance to opt out of receiving communications.
The type of communications and information you receive about our charity can be chosen by you, and it is your choice as to how to get involved with the Charity.
We will not use your information for marketing purposes if you have asked us not to do so. But we will retain some details on a suppression list to ensure that we do not continue to contact you.
We never sell your data and will always make it easy for you to opt out or change your communication preferences.
To opt out or change your preferences contact: hello@southmeadhospitalcharity.org.uk
Where significant sums of money are donated to us, to comply with our legal obligations as a charity, we must take reasonable and appropriate steps to know who our donors are.
Therefore, we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support, whether from an individual or organisation.
This will give assurances that the donation is not from an inappropriate source and act to safeguard our reputation. Information we collect for this purpose will only consist of what is necessary for us to meet such requirements and will be processed in line with your rights.
To enable us to fundraise for high value giving opportunities appropriately and effectively, we research individuals and organisations to help us identify suitable major donors, corporate partners, patrons, and committee or appeal board members.
This research helps to identify individuals or organisations who have the capacity to make substantial donations, who appear to have an interest in supporting our cause and who may be able to help us to raise funds through volunteer support for our appeals, events or partnership opportunities.
We use our legitimate interests to process your information for high value fundraising research.
The processing of your information in this way for high value fundraising is instrumental in enabling us to support large-scale projects and initiatives that benefit Southmead Hospital Charity. We appreciate that you expect us to conduct such processing in an efficient and professional manner whilst taking your right to privacy into account.
We are careful to ensure information collated is not excessive or intrusive and is sourced reliably and appropriately.
Any research is undertaken using only credible, publicly available information. This may include sources such as national and local press, Companies House, Charity Commission, social media sites such as LinkedIn, average house values and typical earnings in a particular sector. We will only use these where the data has been deliberately made public. We may also use appropriate third-party sources to identify and inform professional approaches to prospective donors, partners and volunteers.
We may on occasion use contractually bound trusted third parties to automate this research and assess the giving capacity of donors and supporters (sometimes known as ‘wealth screening’). Certain information obtained in these ways may, at our discretion, be appended to the individual records we hold on our database. Prospect research and wealth screening are standard practices across the charitable sector and they are vitally important in achieving the target level of fundraising.
These organisations are required to comply with data protection laws and should they process your information they are only allowed to do so in strict compliance with our instructions and data protections laws and regulations.
This process helps us to make appropriate requests to those who may be able and willing to give more than they already do. Profiling in this way helps the Charity raise more support and more cost-effectively. Using your personal information in this way is necessary for our legitimate interest of efficiently raising income to support our hospitals. Although there will be some impact on your rights, freedoms and expectations we do not consider it will cause undue harm because we have informed you of what we would do, and why. Targeting our resources effectively and efficiently is an issue donors tell us is a key priority for them and we believe using this targeted profiling approach will help counteract this concern.
We will not sell or swap your information with any third party.
We may share your information with our data processors or trusted partner organisations. Some of these third parties include but are not limited to:
We occasionally work with other organisations, charities and companies that provide merchandising, fundraising or event management services to us.
These organisations are required to comply with data protection laws and should they process your information they are only allowed to do so in strict compliance with our instructions and data protections laws and regulations.
We may disclose your personal information to third parties if we are required to do so through a legal obligation – for example to the police or a government body; to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.
We are committed to ensuring that all information we hold about you is accurate. We use publicly available sources such as the National Change of Address to keep your information up to date.
If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will amend and update that information as soon as possible.
If you use your credit or debit card to donate to us or pay fundraising into us online or over the phone, we will ensure this is done securely and in accordance with the Payment Card Industry Data Security Standard.
After the completion of your transaction, we do not store your credit or debit card details. Once your payment or donation has been processed, all card details are securely destroyed and only staff who are authorised to process payments will be able to see your card details.
Further information on PCI security standards can be found here- https://www.pcisecuritystandards.org/standards/
We process donations made in this way under the lawful basis of ‘Legitimate Interests’.
Your information is securely stored by North Bristol NHS Trust.
Any information you provide is processed and held securely by the Charity, North Bristol NHS Trust, and our authorised partner organisations, in full compliance with UK data protection legislation.
We will retain your information only for as long as necessary to deliver our services and meet our legal, regulatory, and operational obligations. This includes complying with tax, accounting, and other statutory requirements.
Once your information is no longer required, it will be securely and confidentially deleted or destroyed in accordance with our data retention and disposal policies.
Our website uses cookies to enable it to track information about how people are using it and to help us to deliver relevant and updated content. We also use Google Analytics for our web analytics to help us develop the website to improve it.
The specific cookies we use are as follows:
| Cookie name | Purpose |
| PHPSESSID | Used to identify the session between our website and your browser. No tracking or personal information is stored. This cookie is solely for the necessary functions of our website. |
| mmc-cookie-consent | Stores the user’s Cookie consent choice. |
| _ga | Records a particular ID used to come up with data about website usage by the user |
| _ga_# | Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions |
| _gat_UA-62841134-1 | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. |
| _ga_3KELSEBYTM | This cookie is used by Google Analytics to persist session state. |
| _fbp | Used by Meta to deliver a series of advertisement products such as real time bidding from third party advertisers. |
We use a secure server via North Bristol NHS Trust. We enforce strict security features to protect your information and prevent unauthorised access.
Our website may contain links to other websites belonging to third parties and we participate in and use content from social networking sites including but not limited to Facebook, Twitter, Instagram, and YouTube.
We would advise you to ensure that when you leave our website you read and understand other site’s privacy policies.
The information we collect and share via cookies is pseudonymised. It does not personally identify you; it does not contain your name, address, telephone number, or email address, but does enable you to be “singled out”
If you are aged 16 or under and would like to participate in a fundraising event for us, make a donation or otherwise get involved with our Charity, we will need to have the consent of your parent or guardian and contact details for your parent or guardian.
Staff or volunteers representing the Charity at schools will have DBS clearance and will not request any information about children without consent from a parent or guardian.
We understand the importance of protecting supporters who may be vulnerable and we follow the guidance issued by the Institute of Fundraising to ensure that anyone donating to the charity is in a position to make a free and informed decision.
This policy is correct as of March 2025.
We will regularly review and update this policy and Data Protection Statement and will update, modify, amend or remove sections at our discretion.
Any changes will be notified to you through an announcement on our website.
Your continued use of our website, our services and the continued provision of personal information after we have posted changes to these terms will be taken to mean you are in agreement with those changes.
This policy is an extension of the NBT Privacy Policy and Data Protection Statement, which can be found here: Privacy Policy and Data Protection | North Bristol NHS Trust
With effect from the 25 May 2018, the General Data Protection Regulation will ensure that all individuals have the following rights:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
For more information, please refer to NBT’s Subject Access Requests statement: Subject Access Requests (SAR) | North Bristol NHS Trust
Please contact us at hello@southmeadhospitalcharity.org.uk, 0117 414 0170 and or Southmead Hospital Charity, Kendon House, Southmead Hospital, Bristol, BS10 5NB if you wish to make a request.
If you have any questions or complaints about how we have processed your data in accordance with our policy, please contact us in the first instance.
The Charity’s address:
Southmead Hospital Charity
Kendon House
Southmead Hospital
Bristol
BS10 5NB
Tel: 0117 414 0170
Email: hello@southmeadhospitalcharity.org.uk
If you are unhappy with how we have used your data and we have been unable to resolve this for you, you can complain to the Information Commissioner’s Office (ICO).Please see below for more information:
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
For complaints related to patient care and service, please refer to NBT’s guidance for raising a concern or complaint: How to Raise a Concern or a Complaint | North Bristol NHS Trust
Please contact us at any time if you have any queries concerning our privacy policy or would like to change your marketing and communications preferences. Our contact details are as follows:
Southmead Hospital Charity
Kendon House
Southmead Hospital
Bristol
BS10 5NB
Tel: 0117 414 0170
Email: hello@southmeadhospitalcharity.org.uk
Please contact the Charity team if you have any queries concerning our privacy policy on hello@southmeadhospitalcharity.org.uk
