GDPR

GDPR stands for General Data Protection Regulations and is a new piece of legislation that will supersede the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed. This new law applies from May 25th 2018.

The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with), but strengthens many of the DPA’s principles. The main changes are:

• Practices must comply with subject access requests
• Where we need your consent to process data, this consent must be freely given, specific, informed and unambiguous

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

We know that there’s a lot of information here but we want you to be fully informed about your rights, and how the Friends of East Surrey Hospital uses your data.

All mailing data is stored on the MailChimp.com website and database. Access to the data, and data base is restricted to the person responsible for IT and mail/update distribution.

A further copy of volunteer names and telephone numbers are published in the rear area of the Tea Bar accessed only by trustees, volunteers and hospital employees with access to the pass code details.

These details are also held by the Trustee responsible to organising rotas.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

We may need to update this Privacy Notice from time to time and will notify you of any significant changes.

What data do we hold?

• Salutation
• First name
• Last name
• Email
• Telephone
• Postal address

What do we do with the data we hold?

• Use it to send you newsletters and updates, and arrange rotas.
• We do NOT disclose your data to any third parties.

Your rights over your personal data

• You have the right to request.
• Access to the personal data we hold about you.
• The correction of your personal data when incorrect, out of date or incomplete
• That we stop any consent-based processing of your personal data after you withdraw that consent.
• By providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Our commitment to you

• We will ensure that reasonable steps are taken to prevent third parties from accessing your personal data in any way that is not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
• We are committed to keeping your personal information secure and will take all reasonable precautions to protect it from loss, misuse or unauthorised access or alteration. However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information.