Privacy Policy and Data Protection Statement


Southmead Hospital Charity is committed to protecting your privacy, personal information and confidentiality and we take our data protection responsibilities very seriously. This policy sets out how we collect and use the personal information that you provide whether that is online, by email, letter, by phone or other correspondence.

We promise to keep safe any personal data you share with us, or that we get from other organisations. When we collect data from you we aim to be clear and transparent with how we use that data.

Collecting and using information from our fundraisers, donors and supporters allows us to develop a better understanding of our supporters which informs how we can fundraise more efficiently and communicate better, ultimately enabling us to raise more money and support more services at North Bristol NHS Trust. 

All our communication methods are reviewed regularly to ensure we give the best and most transparent way of communication to our supporters.

If you would like to receive communications from us about the work that we do, the projects that we fund and ways to fundraise or support us please opt in via

By using our website, social media, online fundraising platforms or providing us with any personal information we will assume you are agreeing to your information being used and disclosed in the ways described in this policy.


In carrying out our day to day activities we process and store personal information relating to our fundraisers, donors and supporters and we are therefore required to adhere to the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR)..

We take our responsibilities under this act very seriously. We ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with applicable data protection laws and regulations including, but not limited to, the Privacy and Electronic Communication Regulations.

Under the Data Protection Act 2018 and the GDPR, we will ensure that personal data:

·      Is treated fairly and lawfully;

·      Is obtained and processed only for specific and specified purposes;

·      Is adequate, relevant and not excessive;

·      Is accurate and up to date;

·      Is not retained for longer than necessary;

·      Is processed in accordance with the individual’s rights;

·      Is held with appropriate levels of security;

·      Is not transferred abroad without ensuring adequate levels of legal protection.

What type of personal information do we collect?

Personal information is information that can be used to identify you. We currently collect and process the following information which can include the following:

·      Your name

·      Date of birth

·      Email address

·      Postal address

·      Telephone number

·      Mobile telephone number

·      Fax number

·      Bank account details

·      Credit/debit card details

·      Whether you are a UK tax payer so that we can claim Gift Aid

·      Work place

·      Family members

·      Emergency contacts

·      Relevant medical history

We collect personal information about you when you register with us to receive communications, ask about our activities and events, make a donation to us, register for an event or to fundraise with us, engage with our social media or online forums, order products and services (such as fundraising materials, leaflets, publications and email newsletters), or otherwise give us personal information.

We also gather information on how people access and use our website and social media activity, such as which pages are most visited and which events or activities are of most interest. This information can be used to help us improve our website and services.  Wherever possible, the information we use for this purpose will be aggregated, pseudonymised or anonymised.

We sometimes may need to collect sensitive personal information regarding your health or fitness, when relevant, such as for participation in an event where we need this information to ensure we provide safe and appropriate facilities for you.

We also sometimes collect personal information from public sources, for example when conducting high value fundraising research. This is explained in more detail below.

If you tell us about your experiences of the hospital and health services provided by North Bristol NHS Trust, we may collect health information – for example if you provide a case study for us or act as an example of good care.

Why do we collect and how do we use your information?

Southmead Hospital Charity has a broad interest in conducting and managing our communications to enable us to give our supporters the very best and most secure experience.  

For example, we have an interest in making sure our marketing communications are relevant for our supporters, so we may process your information to send you marketing that is tailored to your interests and favoured areas of funding.

We may collect your information for a number of reasons, for example:

·      To process any donation(s) or fundraising from you

·      To ask for your support to help us raise money or to ask you to donate money to our Charity, in accordance with the Fundraising Regulator’s Fundraising Promise.

·      To provide you with information about our work or our activities, that you have asked to receive

·      To provide you with the services, products or information you have requested

·      To invite you to take part in surveys or research, or to gain feedback to help us improve our services

·      For administration purposes;  for example we may contact you about a donation you have made or about an event that you have expressed an interest in or registered for

·      For management of feedback or complaints

·      Through North Bristol NHS Trust servers we may use IP addresses to record website traffic or to personalise the way our information is presented to you; for example to identify your location

·      Where it is required or authorised by law

We may contact you for marketing purposes by e-mail, telephone, social media or social messaging, text messaging or by mail.

We may send you communications about our services via e-mail, social media or social messaging.

We rely on the ‘Legitimate interests’ conditions to collect and use your personal data for some or all of the following reasons:

·      Where the processing enables us to enhance, modify, personalise or otherwise improve our communications for the benefit of our donors. We may also cross reference information about you with information that is available through other sources for example public registers or third party information or credit services.

·      To better understand how people interact with our websites

·      To provide postal communications which we think will be of interest to you*

·      To determine the effectiveness of promotional campaigns and advertising

·      To enhance the security of our network and information systems

* We rely on legitimate interests to contact some of our existing supporters and we have conducted a legitimate interests assessment (LIA) for using personal data on this basis.

The result of this LIA was that we strongly believe that using personal data to send content via postal is in the interests of the donor and they would be happy to receive the postal communications in question. We use this method of communication as we know the donor has previously given and therefore we strongly believe the donor has a keen interest in finding out more about Southmead Hospital Charity and how they can help raise funds.

The type of communications and information you receive about our charity can be chosen by you, and it is your choice as to how get involved with the Charity.

We will not use your information for marketing purposes if you have asked us not to do so. But we may retain your details on a suppression list to ensure that we do not continue to contact you.

Due diligence

Where significant sums of money are donated to us, to comply with our legal obligations as a charity, we must take reasonable and appropriate steps to know who our donors are.

Therefore we may conduct research, including accessing information which is already publicly available, on prospective donors, partners or volunteers to ensure it would be right for us to accept support, whether from an individual or organisation.

This will give assurances that the donation is not from an inappropriate source and act to safeguard our reputation. Information we collect for this purpose will only consist of what is necessary for us to meet such requirements and will be processed in line with your rights.

High value fundraising

To enable us to fundraise for high value giving opportunities appropriately and effectively, we will research individuals and organisations to help us identify suitable major donors, corporate partners, patrons, and committee or appeal board members.

This research helps us to identify individuals or organisations who have the capacity to make substantial donations, who appear to have an interest in supporting our cause and who may be able to help us to raise funds through volunteer support for our appeals, events or partnership opportunities.

Processing of information for high value fundraising

We use our legitimate interests to process your information for high value fundraising research.

The processing of your information in this way for high value fundraising is instrumental in enabling us to support large-scale projects and initiatives that benefit Southmead Hospital Charity. We appreciate that you expect us to conduct such processing in an efficient and professional manner whilst taking your right to privacy into account.

How we undertake research

We are careful to ensure information collated is not excessive or intrusive and is sourced reliably and appropriately.

Any research is undertaken using only credible, publicly available information. This may include sources such as national and local press, Companies House, Charity Commission, social media sites such as LinkedIn, average house values and typical earnings in a particular sector. We will only use these where the data has been deliberately made public. We may also use appropriate third-party sources to identify and inform professional approaches to prospective donors, partners and volunteers.

We may on occasion use contractually bound trusted third parties to automate this research and assess the giving capacity of donors and supporters (sometimes known as ‘wealth screening’). Certain information obtained in these ways may, at our discretion, be appended to the individual records we hold on our database. Prospect research and wealth screening are standard practices across the charitable sector and they are vitally important in achieving the target level of fundraising.

These organisations are required to comply with data protection laws and should they process your information they are only allowed to do so in strict compliance with our instructions and data protections laws and regulations.

This process helps us to make appropriate requests to those who may be able and willing to give more than they already do. Profiling in this way helps the Charity raise more support and more cost-effectively. Using your personal information in this way is necessary for our legitimate interest of efficiently raising income to support our hospitals. Although there will be some impact on your rights, freedoms and expectations we do not consider it will cause undue harm because we have informed you of what we would do, and why. Targeting our resources effectively and efficiently is an issue donors tell us is a key priority for them and we believe using this targeted profiling approach will help counteract this concern.

Information sharing and disclosure

We will not sell or swap your information with any third party.

We may share your information with our data processors or trusted partner organisations, including, but not limited to, North Bristol NHS Trust.

We occasionally work with other organisations, charities and companies that provide merchandising, fundraising or event management services to us.

These organisations are required to comply with data protection laws and should they process your information they are only allowed to do so in strict compliance with our instructions and data protections laws and regulations.

We may disclose your personal information to third parties if we are required to do so through a legal obligation – for example to the police or a government body; to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.

The accuracy of your information

We are committed to ensuring that all information we hold about you is accurate and, where necessary, kept up to date.

If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will amend and update that information as soon as possible.

Credit and Debit card payment information

If you use your credit or debit card to donate to us, or pay fundraising into us online or over the phone, we will ensure this is done securely and in accordance with the Payment Card Industry Data Security Standard.

After the completion of your transaction, we do not store your credit or debit card details. Once your payment or donation has been processed, all card details are securely destroyed and only staff who are authorised to process payments will be able to see your card details.

Storing your information

Your information is securely stored at North Bristol NHS Trust.

The information you provide is processed and stored securely within the Charity, NBT and our partner organisations in accordance with UK legislation. 

We will keep your information for as long as it is required to enable us to operate our services but we will not keep your information for any longer than is necessary.

When considering how long we will keep your information, we will consider our legal obligations and tax and accounting rules.

When we no longer need to retain your information we will ensure it is securely disposed of from all of our records confidentially and professionally.

Our website

Our website uses cookies to enable it to track information about how people are using it and to help us to deliver relevant and updated content. We also use Google Analytics for our web analytics to help us develop the website to improve it. You can find out more in our Cookies Policy here:

We use a secure server via North Bristol NHS Trust. We enforce strict security features to protect your information and prevent unauthorised access.

Our website may contain links to other websites belonging to third parties and we participate in and use content from social networking sites including but not limited to Facebook, Twitter, Instagram and You Tube.

We would advise you to ensure that when you leave our website you read and understand other site’s privacy policies.

The information we collect and share via cookies is pseudonymised. It does not personally identify you; it does not contain your name, address, telephone number, or email address, but does enable you to be “singled out”

Children under the age of 16

If you are aged 16 or under, and would like to participate in a fundraising event for us, make a donation or otherwise get involved with our Charity, we will need to have the consent of your parent or guardian and contact details for your parent or guardian.

Vulnerable circumstances policy

We understand the importance of protecting supporters who may be vulnerable and we follow the guidance issued by the Institute of Fundraising to ensure that anyone donating to the charity is in a position to make a free and informed decision.

Changes to the policy

This policy is correct as of December 2020.

We will regularly review and update this policy and Data Protection Statement and will update, modify, amend or remove sections at our discretion.

Any changes will be notified to you through an announcement on our website.

Your continued use of our website, our services and the continued provision of personal information after we have posted changes to these terms will be taken to mean you are in agreement with those changes.

Your data protection rights

With effect from the 25 May 2018, the General Data Protection Regulation will ensure that all individuals have the following rights:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at, 0117 414 0170 or Southmead Hospital Charity, Kendon House, Southmead Hospital, Bristol, BS10 5NB if you wish to make a request.

How to complain

If you have any questions or complaints about how we have processed your data in accordance with our policy, please contact us in the first instance.  If you are unhappy with how we have used your data, you are able to complain to the Information Commissioner’s Office (ICO). Please see below for more information:

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Helpline number: 0303 123 1113

Thank you for your support – it makes a huge difference to our patients, their families and our staff.

Sign up for email updates