Your privacy is of the highest importance to us. Sussex Community NHS Charity is committed to keeping your personal data safe and being transparent about what personal data we hold and how we use it.
We ensure that your information is processed in accordance with all applicable laws concerning the protection of personal data. This policy explains:
We are Sussex Community NHS Charity, the official charity of Sussex Community NHS Foundation Trust. Our registered charity number is 1051763, our registered address is, Floor 2, Arundel Building, Brighton General Hospital, Elm Grove, Brighton.
This privacy notice sets out how we process personal data that we collect from you, or that you provide to us, in line with current data protection legislation and other applicable laws. We will treat all your personal data as confidential, however we reserve the right to disclose this data in ways set out in this privacy notice.
Personal Information (or “data”) is any information that can be used to identify you. It can for example, include your name; date of birth; email address; postal address; phone number; payment card details and medical information.
Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal data and covers health information, racial or ethnic origin, religious beliefs and political opinions. We do not usually collect such sensitive personal data about our supporters unless there is clear reason for doing so, such as participation in a half marathon, marathon or similar fundraising event to ensure we provide appropriate facilities and support.
The ways in which we use your data depend on why you have provided it. We may use your data in the ways set out below:
We want to ensure we are contacting you with tailored and appropriate communications, ensuring we direct our resources and fundraising activities as effectively as we can and provide the level of support you would expect from us. We also want to communicate with you from time to time to thank you for your support and tell you what we have achieved with the help of your donations or time.
At Sussex Community NHS Charity we want to ensure that you receive the level of marketing communications from us that are right for you, and contain the information you want to receive. The ways in which we market through various channels are set out as follows:
You can update your preferences to tailor the information you want to receive, by clicking the ‘update my preferences’ link at the end of our marketing emails or by getting in touch at email@example.com. You can opt out of these communications at any time by getting in touch at firstname.lastname@example.org, or by clicking the unsubscribe button at the bottom of our marketing emails.
We retain your personal data securely and only for as long as is required to operate our services in accordance with legal and tax requirements. Once we no long require your data to fulfil a service you have asked for, to provide you with the customer service and communication that you would expect, or to satisfy legal requirements we will delete it in a secure manner.
If we are relying on consent for a particular method of data processing, we will contact you to renew consent at reasonable intervals.
We will retain personal data for the following durations in line with best practice and applicable regulations:
Sussex Community NHS Charity may disclose your personal data to third parties in the following circumstances:
We will only share your personal data with third parties who comply with relevant data protection legislation, and we will ensure appropriate controls are in place. We regularly monitor their activities to ensure they continue to comply with law and with our policies.
We will never share, sell or swap your personal data with any third parties for the purposes of their own marketing unless you have explicitly consented to us sharing your data with specifically named third parties.
We will ensure your personal data is only accessible by appropriately trained staff or contractors.
For financial and technical reasons, we may use the services of a supplier or products or services outside of the European Economic Area (EEA), meaning that your personal data is therefore transferred, processed and stored outside of the EEA. Although this includes countries that the European Union authorities do not consider as providing adequate levels of protection of personal data, we will take reasonable steps to ensure that your personal data is kept safe and in accordance with this privacy notice. In such cases, the transfer will be carried out subject to a Data Transfer Agreement in compliance with Data Protection law. For further information, please contact email@example.com.
When we process your personal data, we will ensure this is done in accordance with at least one of the legal grounds stated within Data Protection Law. These consist of the following:
If you use your credit or debit card to make a donation to us, buy something or pay for registration in an event either online or in person, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard (PCI DSS). https://www.pcisecuritystandards.org/pci_security/.
We do not store your credit or debit card details at all after the transaction is complete. Only staff authorised and trained to take payments will do so.
If you send any inappropriate, offensive or defamatory content on our website or social media platforms, we may use your personal data to inform relevant third parties including your internet provider or law enforcement.
Under the EU regulation 2016/679 General Data Protection Regulation (“GDPR”), you have rights as individuals in relation to the information we hold about you. These are as follows:
You have the right to be informed about the collection and use of your personal data. This information must be concise, transparent, intelligible, easily accessible, clear and in plain language.
Where such data is collected from you directly, you will be informed of its purpose at the time of collection.
Where such data is collected from a third party, you shall be informed of its purpose either when the first communication is made, before a transfer of that data is made or as soon as reasonably possible no longer than one month after we obtain the data.
The information provided shall include details about us, the purpose for which the data is collected, the legal basis for collecting the data, the legitimate interests used to justify collection when applicable, the categories of data collected, the data to be transferred to third parties and details of those third parties, details of a transfer outside of the EEA if applicable, details of retention of the data, details of your rights, details of your right to complain to the Information Commissioners Office, details of any legal or contractual requirement necessitating the collection or processing of personal data and details of failure to oblige, and details of any automated decision-making or profiling that will take place using the personal data if applicable.
You have the right to request that we delete your personal data and stop processing it, if this processing is no longer necessary for the purpose it was collected, if you withdraw your consent, if you object to us storing or processing your personal data (where there is no overriding legitimate interest which will allow us to do so), if the processing is unlawful or if the personal data must be deleted to comply with a legal obligation.
We must comply with all required to erase personal data unless we have reasonable grounds to refuse. You will be informed of the erasure within one month of us receiving the request from you. If further time is required, you shall be informed.
In the event that the personal data to be deleted, as per a request from you, has been shared with third parties, those third parties shall be informed (unless it is impossible or unreasonably difficult to do so).
You have the right to ask for a copy of the information we are processing about you by making a ‘subject access request’. We do not charge a fee for this service, however we reserve the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded, excessive or repetitive.
We follow the procedure set by Sussex Community NHS Foundation Trust.
You can make a subject access request to Sussex Community NHS Foundation Trust, by writing to us at:
Information Governance Team – Access to Records
Brighton General Hospital
Or emailing firstname.lastname@example.org
Full details can be found at: https://www.sussexcommunity.nhs.uk/contact-us/patient-records.htm
If we hold personal data about you, we will:
You have the right to obtain and reuse your personal data for your own purposes across different services.
You only have this right when the lawful basis for us processing this data is consent or for the performance of a contract, and if the data is processed by electronic means.
If these requirements are fulfilled, you may receive a copy of your personal data and/or have it transmitted to another company.
We may object to a request if it can be demonstrated that there is a legitimate reason that the transmission cannot take place, which adversely affects the rights or freedoms of others.
The personal data shall be provided in a format which is structured, commonly used and machine-readable.
If we hold inaccurate or out dated personal information relating to you, you have the right to ask us to rectify that information.
We shall rectify the information and inform you within one month of receiving the request or new information. If further time is required, you shall be informed.
In the event that the personal data to be rectified, as per a request from you, has been shared with third parties, those third parties shall be informed.
You have the right to request that we do not, or refuse us permission to, process your personal data for the purposes of marketing based on legitimate interests, direct marketing, profiling and for processing for scientific and/or historical research purposes.
Where you object to us processing their personal data based on legitimate interests, we shall stop processing your personal data immediately, unless we can prove legitimate grounds for such processing which override your interests and rights, or that is necessary for legal claims.
Where you object to us processing your personal data for marketing purposes, we shall stop processing immediately.
Where you object to us processing your personal data for scientific or historical research, you have an obligation under GDPR to demonstrate grounds relating to their particular situation. We might reject the request if the research is deemed necessary for the performance of a task carried out in the public’s interest.
We will inform you before collecting your data if it is to be used for marketing purposes or to be shared with third parties.
You have the right to ask us to cease processing the personal data we hold about you.
If such a request is made, we shall only retain the personal data that is necessary to ensure the personal data concerned is not processed further.
In the event that the personal data concerned is shared with a third party, those third parties shall be informed of the relevant restrictions to processing (unless such notification is impossible or unreasonably difficult to fulfil).
You can restrict processing of your personal data for marketing purposes by contacting us. Where you have opted in to receive marketing correspondence, you have the right to withdraw your consent at any time, or update your preferences of the types of marketing you receive. This can be done via the instructions contained in the marketing correspondence, or by contacting us directly.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or significantly affecting you.
If such processing is carried out, we shall provide you with specific information about the processing, take steps to prevent errors, bias and discrimination, and give you rights to challenge and request a review of the decision made by solely automated means.
You have a right to object to profiling. Such a request can be made by contacting us.
To speak to us about any of the above rights please get in touch.
For further information on your rights, you can also view the Information Commissioner’s guidance here.
This privacy notice is not applicable to links within our websites which link to other websites not owned by Sussex Community NHS Charity. Please read the privacy statements on other websites which you visit.
If you would like to make a complaint about the way we have processed your data, or the information provided in this notice, please contact us. Alternatively, you can contact the Information Commissioner’s Officer via their website.
We regularly review this privacy notice and will make any changes available on this page. If we make any significant changes, we will notify you by email. By continuing to use this website you will be deemed to have accepted such changes. This privacy notice was last updated December 2021.
We recommend that you check this page regularly to keep up-to-date.
Email us at: email@example.com
Call us on: 01273 266040
Write to us at: Sussex Community NHS Charity, J1 Brighton General Hospital, Elm Grove, Brighton, East Sussex, BN2 3EW.