Who we are

Jessie May is a charitable company, limited by guarantee and registered in England (No. 04118341/ Reg. Charity No. 1086408)

Jessie May respects all data that we hold about you. Our aim is to be clear about the data we hold, how we use it and to keep it safe. This policy outlines how we collect and use personal data you provide to us.

Our website address is: www.jessiemay.org.uk.

Jessie May Privacy Notice

Introduction

As part of the services we offer, we are required to process personal data about our staff, volunteers, children and young people, families and supporters and, in some instances, the friends or relatives of our staff and volunteers. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

This privacy notice applies to Jessie May’s non-clinical services, including fundraising, finance, operations and Team Around the Family.

Privacy notices relating to nursing care must be directed to one of our partner organisations, depending on your location:

  • BNSSG area (Bristol, North Somerset and South Gloucestershire): Contact the UHBW PALS and Complaints Team.
  • BSW area (Bath and North East Somerset, Swindon and Wiltshire): Contact HCRG Care Group.

If you have any concerns or questions about our privacy notices that are non-clinical please contact us:

  • Email: info@jessiemay.org.uk
  • Post: Jessie May, 35 Old School House, Kingswood Foundation Estate, Britannia Road, Bristol BS15 8DB
  • Phone: Request to speak the Projects and Operations Manager office during working hours.

1.   Children, Young People and Families

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Your basic details and contact information e.g. your name, address, date of birth and next of kin;

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data.
  • We also record data about your race, ethnic origin and sex.

Why do we have this data?

We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.

  • We process your data because:
  • We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.

We process your special category data because

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
  • It is necessary for us to provide and manage care services;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses)
  • We have a legal requirement to collect, share and use the data
  • The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).

Where do we process your data?

So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.

Third parties are organisations we might lawfully share your data with. These include:

  • University Hospitals Bristol and Weston (UHBW) for families based in Bristol, North Somerset and South Glos (BNSSG) and HCRG Care Group for families based in Bath, North-East Somerset, Swindon and Wiltshire (BSW).
  • Other parts of the health and care system such as local hospitals, your GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • Your family or friends – with your permission;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

2.   National Data Opt Out

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.

3.   Supporters

Fundraising and Your Personal Data

We rely on voluntary donations to support our work and may contact you about fundraising activities if you have given us permission, or where we believe we have a legitimate interest to do so in line with data protection law.

To manage our fundraising activity, we may process the following types of personal data:

  • Your name and contact details (e.g. address, email, phone number)
  • Your communication preferences
  • Records of your donations or fundraising support
  • Notes on your interactions with us (e.g. event attendance, campaign interest)

We never sell your personal data, and we ensure that any use of your information is lawful, fair, and respectful.

Third Parties We May Use

We may share your data with carefully selected third-party providers who support our fundraising work. These may include:

  • Fundraising CRM systems, used to securely manage supporter records and communication preferences
  • Email marketing platforms, such as Mailchimp, which we may use to send fundraising emails (only if you have opted in)

All third-party providers are required to comply with data protection laws and may only process your data under our instruction.

Your Rights and Preferences

You have the right to control how we contact you. You can:

  • Change your communication preferences at any time
  • Ask us to stop contacting you for fundraising purposes
  • Use the Fundraising Preference Service (FPS) at fundraisingpreference.org.uk to manage your preferences

We are registered with the Fundraising Regulator and follow the Code of Fundraising Practice, which sets standards to ensure fundraising is legal, open, honest, and respectful.

4.   How do we store your personal information?

 

We store personal data securely in line with the NHS Records Management Code of Practice for Health and Social Care.

Clinical Data – Children & Young People

  • BNSSG: Clinical data for children and young people in the BNSSG region is held on secure systems managed by Jessie May
  • BSW: Clinical data for children and young people in the BSW region is held on secure systems managed by HCRG.

These systems comply with NHS-grade security and data retention practices and are reviewed regularly.

Paper Records

  • Archived off-site in a secure environment by a registered third party.
  • Disposal is carried out in strict compliance with the Records Management Code:
    • Digital data is securely wiped to legal destruction standards.
    • Paper records are shredded.
    • Archived records are maintained under confidentiality agreements until the end of retention periods, then securely destroyed.

We justify retention periods based on statutory guidance as outlined in the Code.  Disposal actions—including deletion, secure destruction, or archival—are clearly defined in our records management policy and the NHS Code.

Fundraising Supporters

  • We use a secure, ISO-certified system to manage supporter data.
  • We retain this data while you remain an active supporter. If there is no engagement for five years, your record will be deleted.

Our Website

In order to provide you with the best experience while using our website, we process some data about you.

We will collect this via:

  • Contact forms
  • Donation forms
  • IP address and browser user agent string to help spam detection.

 

 

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites you should read their own privacy policies.

We keep this policy under regular review and may change this policy from time to time. Any changes to this policy will be made clear on our website, with any significant changes being communicated to you directly.

If you have any questions regarding this policy or how we handle and process data please contact:

By post
Sophia Webb
Jessie May,
35 Old School House,
The Kingswood Estate,
Britannia Road,
Kingswood,
Bristol BS15 8DB

Email: info@jessiemay.org.uk
Telephone: 0117 9616840