Our Privacy Policy

This policy explains how we (Derby and Burton Hospitals Charity) collect, use and store your personal data, how we protect your privacy when doing so, and your rights and choices regarding this information. We promise to respect the personal information you share with us and keep it safe.

We may change this policy from time to time by updating this page. You should check this page periodically to see the latest version of our policy.

This policy was last updated on 18th March 2026.

This Privacy Policy takes into account the recent changes under the Data (Use and Access) Act 2025.

The Data (Use and Access) Act 2025 (DUAA) introduces a "charitable purpose soft opt-in" from 5 February 2026, allowing charities to send electronic marketing (email/text) to supporters without prior consent. This applies when contact details were collected during interactions like donations or volunteering, provided a clear opt-out is offered.

In light of the above changes, we may use your email address or telephone number to send you updates about our work, fundraising appeals, and opportunities to get involved, provided you gave us these details directly when engaging with us. We do this to further our charitable purposes. We will always provide a clear, free, and simple way to opt out of these messages at the time we collect your data and in every subsequent message. If you prefer not to receive these updates, you can opt out at any time by clicking the unsubscribe link or contacting us.

If you are using NHS services provided by University Hospitals Derby and Burton NHS Foundation Trust it has its own privacy policy.

Who we are

Derby and Burton NHS Hospitals Charity (“we” and “us”) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe. We aim to be clear when we collect your data and not do anything you would not reasonably expect.

In carrying out our day to day activities we are required by law to adhere to, amongst other things, the General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations 2003 (PECR) and the Data Protection Act 2018. We take our responsibilities under these Regulations very seriously and we aim to ensure that the personal information we obtain is held, used, transferred and otherwise processed in accordance with the law.

The data controller is Derby and Burton Hospitals Charity, a registered charity in England and Wales (1061812). Our registered office address is Royal Derby Hospital, Uttoxeter Road, Derby DE22 3NE. The www.dbhc.org.uk website is operated by the charity.

The Data Protection Officer is: 

Rowland Agidee, Data Protection Officer. Email  uhdb.dataprotectionofficer@nhs.net

  • When you provide it to us directly:

    • You may provide personal information by electronic means (email and website), by letter, by phone, or in person. Examples include when you call Derby & Burton Hospitals Charity regarding our activities, register online to participate in a fundraising event, or make a donation at the Fundraising Hub.
    • We only collect the minimum amount of information required and use it for the purpose(s) for which you have consented. You may choose not to provide us with personal information, although this may affect our ability to provide you with the required service or your ability or participate in the activity in question.

    When you provide it to us indirectly:

    • We may receive information about you from third parties – but only if you have given them permission to share your information with us.
    • Examples include your information being shared with us by professional fundraising agencies, independent event organisers, for example the London Marathon or sites like Just Giving or Facebook donations.
    • Subcontractors acting on our behalf who provide us with technical, payment or delivery services and search/analytics providers used on our website.
    • These independent third parties will only do so when you have indicated that you wish to support Derby & Burton Hospitals Charity and with your consent.
    • You should check their Privacy Policy when you provide your information to understand fully how they will process your data.

    Via Social Media

    • Communication, engagement and actions taken through external social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.
    • Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or X, you might give us permission to access information from those services, for example when you publicly tag us in an event photo.
    • Due care and caution are advised when using social media platforms with regard to your own privacy and personal details.

    From third party organisations

    • We may also receive data which you have agreed to share with charities, or that you have submitted to receive another service, and you have agreed for the information to be shared with others. Examples of this include using the Royal Mail National Change of Address Update service, where you request your mail to be redirected and for organisations who contact you to be updated with your new address details.

    When you have made your information available publicly

    • This may include information found in places such as the electoral register, information published in articles/newspapers, on charity or company websites, or on public social media accounts.

    When we collect it as you use our website or apps

    • Like most websites, we use cookies to help us make our site – and the way you use it – better. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
    • Our cookies contain no data specific to an individual, so that your privacy remains protected. They contain neither your email address, nor do they tell us who you are. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
    • You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
    • We use web visitor analytics (e.g. Google Analytics) to understand how people use our website so we can make it more effective. Web analytics tools collect anonymous information about what people do on our website, where they have come from, and whether they have completed any tasks on the site, for example, signing up to donate or take part in an event. Analytics tools track this information using cookies which are text files placed on your computer. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by internet companies on servers that may be outside the EU. This information is used for the purpose of evaluating your use of the website and compiling reports on website activity.

    If you do not want cookies to be stored on your PC it is possible to disable this function without affecting your navigation around the site although some of the functionality of our website may be affected.

    We also use data from Interest-based advertising or 3rd-party audience data (such as age, gender, and interests) with our web analytics.