Privacy policy

Martha Trust respects your privacy and is committed to protecting your personal information and being transparent about what we do with it. We are committed to using your personal information in accordance with all applicable laws concerning the protection of personal information and not to do anything with your information you wouldn’t reasonably expect.

1. Introduction

This is Martha Trust’s Privacy Notice.

As part of the services we offer, we are required to process personal data about our staff, our service users and, in some instances, the friends or relatives of our service users and staff and our supporters. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.

We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.

If you have any concerns or questions, please contact us at contact@marthatrust.org.uk or call 01304 615223.

2. Service Users and Care Enquiries

What data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:

  • Your basic details and contact information e.g., your name, address, date of birth and next of kin;
  • Your financial details e.g., details of how you pay us for your care or your funding arrangements.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data.
  • We may also record data about your race, ethnic origin, or religion.

Why do we have this data?

We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
We process your data because:

  • We have a legal obligation to do so under the Health and Social Care Act 2014 and Mental Capacity Act 2005.

We process your special category data because:

  • It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
  • It is necessary for us to provide and manage social care services;
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We may also process your data with your consent, or the consent of your advocate. If we need to ask for your permission, we will offer you and your advocate a clear choice and ask that you or your advocate confirm to us that you or your advocate consent. We will also explain clearly to you and your advocate what we need the data for and how you or your advocate can withdraw your consent at any time.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • You or your advocate have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses)
  • We have a legal requirement to collect, share and use the data
  • The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).

Where do we process your data?

So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.

Third parties are organisations we might lawfully share your data with. These include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
  • The Local Authority;
  • Your family or friends – with your/your advocates permission;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.

3. National Data Opt Out

We review our data processing on an annual basis to assess if the national data opt-out applies. This is recorded in our Record of Processing Activities. All new processing is assessed to see if the national data opt-out applies. If any data processing falls within scope of the National Data Opt-Out we use MESH to check if any of our service users have opted out of their data being used for this purpose.

At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.

4. Staff

What staff data do we have?

So that we can provide a safe and professional service, we need to keep certain records about you. We may record the following types of data:

  • Your basic details and contact information e.g., your name, address, date of birth, National Insurance number and next of kin;
  • Your financial details e.g., details so that we can pay you, insurance, pension and tax details;
  • Your training records.

We also record the following data which is classified as “special category”:

  • Health and social care data about you, which might include both your physical and mental health data – we will only collect this if it is necessary for us to know as your employer, e.g., fit notes or in order for you to claim statutory maternity/paternity pay;
  • We may also, with your permission, record data about your race, ethnic origin, or religion.

As part of your application, you will be required to undergo a Disclosure and Barring Service (DBS) check (Criminal Record Check). We do not keep the certificate once we’ve seen it but we do record the DBS number and date of certificate.

Why do we have this data?

We require this data so that we can contact you, pay you and make sure you receive the training and support you need to perform your job. By law, we need to have a lawful basis for processing your personal data.

We process your data because:

  • We have a legal obligation under UK employment law;
  • We are required to do so in our performance of a public task;
  • We have a legitimate interest in processing your data – for example, we provide data about your training to Skills for Care’s Adult Workforce Data Set, this allows Skills for Care to produce reports about workforce planning.
  • We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.

We process your special category data because:

  • It is necessary for us to process requests for sick pay or maternity pay.

If we request your criminal records data it is because we have a legal obligation to do this due to the type of work you do. This is set out in the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975. We do not keep a record of your criminal records information (if any). We do record that we have checked this.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

Where do we process your data?

As your employer we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.

Third parties are organisations we have a legal reason to share your data with. These include:

  • His Majesty’s Revenue and Customs (HMRC);
  • Our pension and healthcare schemes provide details of external companies providing this resource;
  • Our external payroll provider;
  • Our external HR support – Sussex HR;
  • Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
  • The police or other law enforcement agencies if we have to by law or court order.
  • The DBS Service provide details of the umbrella organisation used if not the DBS service directly

5. Friends/Relatives

What data do we have?

As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:

  • Your basic details and contact information e.g., your name and address, phone number and email address

By law, we need to have a lawful basis for processing your personal data.

We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service and keeping emergency contact details for our staff.

We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.

Where do we process your data?

So that we can provide high quality care and support we need specific data. This is collected from or shared with:

  1. You or your legal representative(s);
  2. Third parties.

We do this face to face, via phone, via email, via our website, via post, via application forms, via apps delete or insert as appropriate all of the methods you use to communicate with your service users.

Third parties are organisations we have a legal reason to share your data with. These may include:

  • Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals;
  • The Local Authority;
  • The police or other law enforcement agencies if we have to by law or court order.

6. Our Supporters

How Martha Trust may obtain your personal information

We collect data in the following ways:

  • When you give it to us directly
    You may give us your information in order to make a donation or sponsorship, volunteer, register to fundraise or sign up for one of our events, sign up to receive Martha news or other information from Martha, buy merchandise or enquire about our care services.
  • When you give permission to other parties to share it with us.
    Your information may be shared with us by independent event organisers, for example the London Marathon or fundraising sites like Just Giving. These independent third parties will only do so when you have indicated that you wish to support Martha Trust with your consent.
    You should check their Privacy Policy when you provide your information to understand fully how they will process your information. We may also obtain information about you from a family member or a friend who contacts us on your behalf or if a fundraiser passes on your details to us.
  • When your information is available publicly or from other external sources.
    We may combine information that we already have about you with information available publicly or information available from external sources in order to gain a better understanding of you and to improve our fundraising methods, products and services.

What information do we collect?

The type of information we collect and how it is used will depend on why you are providing it to Martha Trust.

Supporters

If you support Martha we would usually collect:

  • Your name
  • Your contact details.
  • Your bank or credit card details – when making a donation/sponsorship, paying in monies raised, registering for an event or buying merchandise from us

Where it is appropriate, we may also ask for:

  • Your date of birth – certain Martha fundraising events maybe for over 18s only.
  • Your passport details – passport details are required for anyone registering to take part in our annual car challenge event so we can organise travel and accommodation.
  • Why you have decided to donate to us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.

How do we use your information?

How we use your information would largely depend on why you are providing it. We may use your information in the ways set out below:

  • To provide you with the services and information you asked for.
  • To administer your donation or support your fundraising including the processing of Gift Aid with HMRC.
  • To keep a record of your relationship with us and for internal administrative purposes such as our accounting and records.
  • To investigate, and respond to, complaints, legal claims, or other issues.
  • To ensure we know how you prefer to be contacted and so we can tailor our communications accordingly.
  • To manage and fulfil events you have signed up for.

If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, we may contact you to see if we can help with any problems, you may be experiencing with the form or our websites.

We may also use your personal information to detect and reduce fraud and credit risk.

We use personal data to carry out statistical analysis and research to help us to understand how we are performing and how we can improve our services and meet the needs of people that require our help.

We may also use your personal information for other purposes which we specifically notify you about and, where appropriate, obtain your consent.

Direct marketing

With your consent, we may use your information to send you communications about our work, latest news from Martha, information about our campaigns, volunteering and fundraising activities and events and how you can donate to us.

You can let us know if you would prefer not to receive these communications at any time by emailing fundraising@marthatrust.org.uk, calling us on 01304 610448, or writing to our Data Protection Officer at Martha Trust, Homemead Lane, Hacklinge, Deal, Kent. CT14 0PG

We do not sell or swap your details with any third parties, but in order to carry out our work we may need to pass your details on to services companies authorised to act on our behalf.

Building profiles and targeting communications

We use profiling techniques to ensure communications are relevant and timely.

Profiling our supporters in this way, also allows us to target our resources effectively, it allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters who may be able and willing to give more than they already do. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would. Such information could be for example, socio-demographic and lifestyle information and information about previous donations you have made.

Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp, Instagram, LinkedIn, you might give us permission to access information from those accounts or services.

We may also obtain information about you where it is publicly available and found in places such as Companies House, Land Registry website and information that is published in articles and newspapers.

To understand how we use information about the communications devices you use, such as IP address (the location of the computer on the internet) and cookies, please see ‘How we use cookies’ section.

In order to create a profile for you, we (or our trusted service providers) may use the information which you give us and which we collect from external resources, including information that is publicly available about you. This sort of profiling can include us using information such as your age, where you live, your job, directorships, your financial circumstances, networks and any previous donations you have made, to assess how likely it is that you would be interested in donating to us and the level of donation that you may be able to give.

We may also use this information to help us determine whether and in what ways you might be interested in getting involved in our other fundraising activities. You can let us know if you prefer us not to profile you in this way by emailing fundraising@marthatrust.org.uk or call 01304 610448 or writing to our Data Protection Officer.

Who do we share your information with?

We do not sell or swap your details with any third parties, but in order to carry out our work we may need to pass your details on to services companies authorised to act on our behalf.

Keeping your information up to date

Please keep us informed of any changes to your contact details or if you wish to change your contact preferences.

To notify us of a change to your details please email fundraising@marthatrust.org.uk or call 01304 610448 or writing to our Data Protection Officer at Martha Trust, Homemead Lane, Hacklinge, Deal, Kent,
CT14 0PG

Under GDPR, you also have the right to be forgotten which means having all your details completely removed from our fundraising database. If you wish to be removed from our fundraising database completely then, please contact fundraising@marthatrust.org.uk with the subject title ‘Right to be forgotten’ or call 01304 610448.

7. How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:

  • Following the specified retention time period set out in our ‘Retention Schedule’, usually six or seven years dependent on the data type, your information is destroyed by commercial shredding contractors, who also securely store archived records for Martha Trust, when required, prior to shredding.

8. Our Website

In order to provide you with the best experience while using our website, we process some data about you.

Your information online

What we collect

We may collect the following personal information that can be used to identify you:

  • Name and Job title
  • Contact information including postal, email address and phone number.
  • Demographic information such as postcode, preferences and date of birth.

If you choose to make an online donation or payment for an event, we will also collect credit/debit card details.

Other information relevant to specific events bookings, care services enquiries and job applications.

How do we use your information?

  • We will use your information to better understand your needs and provide you with information.
  • We will use your information to process online bookings for our events and for purchases made in our online shop.
  • We may use your information to contact you or to provide you with information we think would be of particular interest. We will only do this if you have opted into receiving such information via our opt in boxes on our data capture forms.
  • Martha Trust is responsible for collecting your personal information. Any information we collect is stored and processed in the UK and is done so in accordance with the Data Protection Act 1998.

We do not sell or swap your details with any third parties. However, in order to carry out our work we may need to pass on your details to services companies authorised to act on our behalf.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and procedures to safeguard and secure the information we collect online.

However, no data transmission over the internet is 100% secure. As a result, while we can protect the personal information, we hold on you, Martha Trust cannot guarantee the security of any information as you transmit it to us and you do so at your own risk.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

9. Use of CCTV and Video Doorbells

We use video surveillance systems, including Ring doorbells, at some of our charity’s premises to help ensure the safety and security of our residents, staff, volunteers, visitors, and property. These devices may capture video and audio recordings of individuals in the vicinity of our entrances.

The legal basis for this processing is our legitimate interest in maintaining a safe and secure environment. Footage is stored securely and retained for a limited period, unless required for investigation of an incident or to comply with legal obligations. Access to recordings is restricted to authorised personnel only.

If you have any questions about our use of video surveillance, please contact us using the details provided in this notice.

10. Use of E-Reception Systems

We use electronic reception systems (“e-reception”) at some of our charity’s premises to manage visitor check-ins, appointments, and site access. These systems may collect personal data such as your name, contact details, company or organisation, time of arrival and departure, and the purpose of your visit.

The legal basis for processing this information is our legitimate interest in maintaining a secure and efficient visitor management process. Your data may be stored temporarily and accessed only by authorised personnel. It will not be shared with third parties unless required by law or for safeguarding purposes.

If you have any questions about how your data is handled through our e-reception systems, please contact us using the details provided in this notice.

11. Accessing and updating your personal information

You can request to see what information we hold about you by writing to our Data Protection Officer, Martha Trust, Homemead Lane, Hacklinge, Kent CT14 0PD.

To ensure the contact information we hold on you is up to date please let us know of any changes by emailing fundraising@marthatrust.org.uk or by writing to Director – Fundraising and Marketing, Martha Trust, Homemead Lane, Hacklinge, Kent, CT14 0PD.

12. Your rights

The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:

  1. You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
  2. You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
  3. You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines. If you do not follow these guidelines, you must provide people with your own retention schedule as you need to tell people how long you hold their data for.
  4. You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
  5. You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
  6. If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.

You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.

If you would like to complain about how we have dealt with your request, please contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

www.ico.org.uk/global/contact-us/

Changes to this Privacy Notice

Martha Trust may change this policy from time to time by updating this page. Please ensure you check this page periodically to ensure you are happy with any changes we have made to our privacy policy. This policy is effective from October 2025.

Martha Trust