Privacy and cookies

Introduction

Guy’s & St Thomas’ Foundation (‘we’, ‘us’, ‘our’), registered charity number 1160316, with a registered office at 9 King’s Head Yard, London SE1 1NA, will be the controller of your personal data. This statement explains how personal data is collected, used and disclosed when you access gsttfoundation.org.uk (the ‘website’) or register, make contact with us or send feedback via this website, and your rights in relation to the personal data we hold.

This policy was published on 25 March 2021. We keep our policy under review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes your relationship with us. 

Contact us

Our data protection lead is our Director of Data and Analytics. If you have any questions about how we use your personal data or if you wish to exercise any of the rights set out in the “Your Rights” section below, you can contact us at: info@gsttfoundation.org.uk.

You can find out more about your rights under data protection legislation at www.ico.org.uk. If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance. 

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which identifying details have been removed (anonymous data).

The personal data we collect, use, store and transfer depends on how you use our website and otherwise engage with us. This may include the following personal data:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes address, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy statement.

We do not usually collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) via this website. Nor do we collect any information about criminal convictions and offences via this website. If we do intend to actively collect special categories of personal data or information about criminal records, you will be provided with additional privacy information.

How we collect your personal data

We use different methods to collect data from you and about you including through:

  • Direct interactions e.g. You may give us your Identity and Contact Data when you submit feedback or enquiries through a form on our website, sign up for a newsletter, or apply to work with us.
  • Automated technologies or interactions e.g. Technical Data will be collected as you interact with our website to help us improve your user experience.
  • Third parties or publicly available sources e.g. Technical Data from analytics providers such as Google; Identity and Contact Data from publicly available sources such as Companies House.

How we use your personal data

We may use your personal data for one or more of the following purposes:

  • to send you email newsletters (in accordance with your marketing preferences);
  • to respond to you if you send us an enquiry or email via our website;
  • to process your application to work for Guy’s & St Thomas’ Foundation;
  • to keep records of our operations and activities;
  • ensuring our internal policies and procedures are adhered to; and/or
  • where necessary to comply with a legal obligation.

The basis for processing your personal data

We will only use your personal data when the law allows us to. The legal bases we may rely on include:

  • consent: where you have given us clear consent for us to process your personal data for a specific purpose;
  • contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take
  • specific steps before entering into a contract
  • legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
  • vital interests: where our use of your personal data is necessary to protect you or someone else’s life
  • legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests). These legitimate interests include the operation and administration of our organisation, checking that make sure we are following our internal policies and procedures, preventing and detecting activities which could be damaging for us and for you, sending marketing material regarding our activities, and analysis and improvement of the website.

Keeping your personal data safe

Data security

We will take all appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. This includes procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Transferring and processing your data

When you share data with us it may be necessary for us to share it with a third party supplier, potentially including those located outside of the United Kingdom. In these circumstances, your personal data will only be transferred on the basis that the supplier is able to meet the data security and processing standards as required by UK.

Sharing your information with others

We will never sell your personal data, however, we may share your data with others in order to fulfil the purpose for which it was collected or the delivery of a service you expect of us. These include our agents and contractors where there is a legitimate reason for their receiving the information (e.g. suppliers of IT and online services) or professional advisers; and with other parties when we are legally required to do so (e.g., by a court, government body, law enforcement agency or other authority of competent jurisdiction).

We have contracts in place with all our third-party suppliers to make sure they protect and respect your information with the same commitment as we do.

How long will we keep your data?

We will retain your personal data no longer than is necessary for the purposes for which it is collected and processed. This purpose is set out in the ‘How do we use your personal information?’ section above. For example, we will keep your email address stored for as long as you are signed up to receive our email newsletter.

Personal data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Your rights

Under data protection legislation you have several rights concerning your personal data. These are:

  • the right to be informed what personal data we hold about you and/or to obtain access to it;
  • the right to rectification of personal data we hold about you if it is inaccurate;
  • the right to erasure of your personal data (in certain circumstances);
  • the right to restrict processing (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
  • the right to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • the right to object on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

You can find out more about your rights under data protection legislation at www.ico.org.uk.

Cookies policy

The Guy’s & St Thomas’ Foundation website, gsttfoundation.org.uk, puts small files known as cookies on to your device to collect information about how you browse the site.

What are cookies?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Consent to cookies and changing settings

When accessing the site for the first time you will see a message asking for your consent to set cookies. No cookies will be set unless you consent through this message. You can change your consent, including which cookies you wish to allow, or withdraw your consent at any time by clicking on the cookie icon in the bottom left corner of our website. It may be necessary to refresh the page for the updated settings to take effect.

If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.

For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.

Our use of cookies

We use Google Analytics to collect information about how you use gsttfoundation.org.uk. Google Analytics is software that allows us to monitor our websites performance across a range of metrics. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

Google Analytics stores information about:

  • the pages you visit on gsttfoundation.org.uk
  • how long you spend on each gsttfoundation.org.uk
  • how you got to the site
  • what you click on while you’re visiting the site.

We don’t allow Google to use or share our analytics data. We don’t collect or store your personal data (e.g. your name or address) so this information can’t be used to identify who you are.

You can opt out of Google Analytics cookies.

Third-party cookies

Cookies are also set by third-party domains when we embed content and tools from these domains. These include: