Version 2 – 19 Jun 18
Who are we?
The French Hospital is an Almshouse charity (Registered Charity Number 219318) incorporated by Royal Charter for the purpose of relieving need, through the provision of accommodation and in other ways, and the advancement of education in areas associated with the history of Huguenots.
This privacy notice describes how we may collect and use personal information about you when you engage with us, in accordance with the General Data Protection Regulation (GDPR).
It is your responsibility to review and understand this Privacy Notice prior to providing your Personal Data to us. If you do not accept and agree to the to the content of this Notice, please do not provide your Personal Data to us.
Collection of Personal Data
The Charity collects and processes Personal Data from its Beneficiaries and potential Beneficiaries, the public with whom we enter into correspondence, suppliers, commercial clients, Friends and supporters of La Providence, donors and potential donors, Staff and those who apply to be staff, Directors, and users of The French Hospital website.
We may collect information from you such as, but not limited to, your name, email address, mailing address, phone numbers, date of birth, gender, financial and payment information, medical details, education / qualification history, employment information, information related to your enquiries about becoming, or application to become, a beneficiary of the Charity, information about your use of our website (“Personal Data”).
You are not required to provide us with all of the Personal Data listed above, but if you do not provide certain data, we may not be able effectively to engage with you. In certain circumstances, you will need to provide us with specific categories of Personal Data (including name, email address and payment information) in order to enter into a contract with us and for us to perform that contract.
Why we collect and how we use your Personal Data
We may use Personal Data in, but not limited to, the following ways:
- To communicate with Applicants and potential residents regarding their enquiries or applications.
- To respond to requests and enquiries.
- For archival and historic research purposes.
- For charitable and educational purposes.
- To provide information including, but not limited to, newsletters, briefs, updates and other documents where appropriate.
- To make decisions about recruitment or appointments.
- To communicate and engage with residents as a part of our management function.
- For internal purposes associated with the management of, and engagement with, staff
- To determine eligibility for Directorship, staff appointments, volunteer and other opportunities.
- For fundraising purposes
- To process payments from Commercial clients, Donors or Friends of La Providence.
- To process payments to Staff, Directors and suppliers.
- For internal purposes, such as website and system administration or internal audits and reviews.
- To assist with procurement decisions and, more generally, decisions taken about the spending of The Charity’s money.
We process your Personal Data for the above purposes on the following legal bases:
- Where you have consented to the processing.
- Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation
- Processing is necessary in order to protect your vital interests or of another person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing is necessary for the purposes of legitimate interests, in which it would be reasonable for you to expect us to process your Personal Data for the purposes of providing and enhancing our services and information – except where such interests are overridden by the interests or your fundamental rights and freedoms which require the protection of personal data.
We may have to share your data with third parties, including third-party service providers. We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We require third parties to respect the security of your data and to treat it in accordance with the law.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Below is a list of the general categories of third parties:
- Statutory authorities, including HMRC
- Payment services providers and the Charity’s Banking facilities
- Payroll services and providers of employee benefits
- Building Surveyors
- Legal Counsel
- Hosting providers and website developers
- Publishers and printers
- Teaching and assessment centres, assessors and examiners
- Event, training and assessment venues
- Library and archive services
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions, for specific purposes, and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Subject Access/User Rights
As a data subject, you have the following rights:
- The right to access your personal data held by the Charity.
- The right to request the Charity to erase all data held in respect of you, in various circumstances.
- The right to have incorrect personal data about you corrected.
- The right, in certain circumstances, to access your data in machine-readable format and, where technically possible, to have your data transferred directly to another data controller.
- The right, in a number of specific circumstances, to object to having your personal data processed.
Ian Mackenzie – firstname.lastname@example.org