Barts GuildBarts Guild

The Guild of the Royal Hospital of St Bartholomew – Privacy Notice

Last Reviewed 20/10/2025. A PDF version is available to view and download.

The Guild of the Royal Hospital of St Bartholomew (registered charity number 251628) (“the Guild”) is committed to protecting your privacy and keeping safe any personal information you share with us, or that we receive from other organisations.

This Privacy Notice (“Notice”) gives you detailed information about why and when we collect your personal information, how we use your personal information, how we keep it secure, and how you can let us know if you would like us to change how we manage it.

This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how and why we use your personal information.

The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services may be impaired. For example, you will not be able to volunteer with or join the Guild or make a donation.

1. What personal information do we process?

Personal information is any information that relates to an individual. It does not include information where the identity of the individual has been fully and effectively removed (anonymous data).

We may collect, store and use the following kinds of personal information:

  • Personal details such as your name and contact details, including postal address, telephone number, email address and, where applicable, social media identity.
  • Financial information, such as bank details or credit/debit card details and donation information.
  • Photographs and their captions.
  • Information that we collect as part of our research on our current and potential supporters.
  • Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location.
  • Information about our services which you use/which we consider of interest to you.
  • Information about purchases made from our online shop.
  • Information about our interaction with you that we record when you contact us.

Do we process sensitive personal information?

The UK General Data Protection Regulation (“UK GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions. We will only process your sensitive personal information if there is a valid reason for doing so and where the UK GDPR allows us to do so.

2. Where we obtain your personal information

We obtain your personal information in several ways. We may get your information from you directly, indirectly through social media platforms we use, services we provide or from a third party, from publicly available sources or (in the case of technical information), we may collect your information when you visit our website.

When we collect your personal information from you directly

This includes, for example, personal information that you give us by filling in forms on our website (including for grants, membership, corporate support, fundraising and/or volunteering), communicating with us by phone, email or letter, purchasing a product via our online shop or filling out a survey.

When we receive your personal information indirectly

This includes, for example, information we receive about you if you use any of the social media platforms we use or services we provide. In this case, we will have informed you when we collected that information if we intend to share it internally and/or combine it with information collected on this website, and the purpose for doing so.

Your information may also be shared with us by third parties including, for example, our business partners; sub-contractors in technical, payment and delivery services; advertising networks; analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive information about you from them and tell you how and why we intend to use that information.

When your personal information is contained in publicly available sources

Your personal information may be available to us from external publicly available sources. For example, geo-demographic information, measures of affluence from public registers such as listed directorships, information from the electoral roll, reliable print and broadcast media and company websites and biographies. In addition, depending on your privacy settings for social media services, we may access information from those accounts or services.

When your personal information is collected when you visit this website

When you visit this website, we automatically collect the following personal information: Technical information, including the internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.

Information about your visit to this website, including the uniform resource locator (URL) clickstream to, through and from the site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.

We also collect and use your personal information by using cookies on our website – please see our Cookie Notice – www.bartsguild.org.uk/cookies-notice – for further information.

3. How and why will we use your personal information?

Your personal information, however provided to us, will be used for the purposes specified in this Notice.

In particular, we may use your personal information to:

  • provide you with services, products or information which you request (for example, to enable you to volunteer with the Guild, or become a member of the Guild, or to inform you about fundraising activities);
  • allow you to purchase goods and process your donations;
  • communicate with you, including circulation of news of the Guild or other relevant communicates that may be of interest;
  • send other types of communications to you, for example to notify you about any changes to our services or to answer any enquiries;
  • administer this website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • improve your interactions with this website, for example by ensuring that content is presented in the most relevant and effective manner for you and for your computer;
  • report on the results and impact of our work and services, for example the number and value of donations received, the number of members and value of subscriptions, details of online sales and the number of grant and volunteer applications received;
  • keep this website and internal operations safe and secure;
  • measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • conduct research into the impact and effectiveness of our work and services and for profiling our supporters and those who we are in contact with (see section 4 below);
  • handle the administration of payments received from you, for example donations or purchases of items from our online shop;
  • administer expressions of interest for volunteering;
  • deal with enquiries and/or complaints made by or about you;
  • audit and/or administer our accounts;
  • satisfy legal obligations which are binding on us, for example arising from contracts entered into between you and us or in relation to regulatory, government and/or law enforcement bodies with whom we may work;
  • prevent fraud, misuse of services or money laundering; and/or
  • enforce legal claims.

4. Supporter research/profiling

We undertake in-house research and profiling of supporters so that we can better understand our current supporters and identify potential supporters who may have an interest in, and financial ability to, support the Guild’s mission.

We may analyse your personal information and create a profile of your interests and preferences. This allows us to ensure communications are relevant and timely, and provide you with an improved user experience. It also helps us understand the background of our supporters so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds sooner and more cost-effectively. We rely on the legitimate interests legal basis to conduct this research (see further below).

You will always have the right to opt out of us processing your personal information for research and profiling purposes. If you would prefer us not to use your data in this way, please email us at contact@bartsguild.org.uk requesting that the Guild stops processing your data in this context.

5. Communications for marketing/fundraising

We may use your contact details to provide you with information about our work, products and/or services which we consider may be of interest to you (for example, about goods or services you previously purchased or used, or updates about the Guild’s fundraising appeals and volunteering opportunities).

Where we do this via email, SMS or telephone (if you are registered with the telephone preference service), we will not do so without your prior consent. We will provide you with the option to opt-out of this processing in our correspondence.

6. Donations and other payments

All financial transactions (donations, purchasing membership and/or purchasing a product from our souvenir store) are processed by a third-party company, Stripe. We recommend that you read Stripe’s privacy policy – https://stripe.com/gb/privacy – prior to effecting any transactions with us.

The Guild does not receive any credit/debit card details entered during any such transactions. Receipts for these transactions are provided by Stripe and not the Guild; however, once payment has been received, the Guild will acknowledge receipt to you.

7. Our lawful bases

The UK GDPR requires us to rely on one or more lawful grounds to process your personal information. Most commonly, we will use your personal information in the following circumstances:

  • Where you have provided your consent to us using your personal information in a certain way. For example, we will ask for your consent to use your personal information to send you electronic direct marketing/fundraising and for profiling and targeted advertising; and we may ask for your explicit consent to share sensitive personal information with us.
  • Where necessary so that we can comply with a legal obligation to which we are subject. For example, where we are obliged to share your personal information with regulatory bodies who govern our work and services.
  • Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract. For example, if you purchase something from our online shop.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we have a legitimate interest in processing donations, administering events, taking expressions of interest from those wishing to volunteer and undertaking research and profiling to identify individuals who may be interested in supporting us.

In the unlikely event that we collect and use sensitive personal information about you (such as your health information) we will obtain your explicit consent beforehand.

8. How long do we keep your personal information

We will not keep personal information for longer than necessary, and the appropriate retention period will vary according to the intended purpose for which we collected the personal information.

In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.

If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.

9. Will we share your personal information?

We do not share, sell or rent your information to third parties for marketing purposes.

We may share your personal information with third parties, including the following:

  • departments of St Bartholomew’s Hospital, Barts Health NHS Trust and His Majesty’s Revenue and Customs;
  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • advertisers and advertising networks that use the personal information to select and serve relevant adverts to you and others. Where required, we will obtain your consent to share your personal information for this purpose. You have the right to opt out of your personal information being used for advertising purposes by, for example, changing your browser settings. Please see our Cookie Notice – www.bartsguild.org.uk/cookies-notice – for more information.
  • analytics and search engine providers that assist us in the improvement and optimisation of our operations and website; and/or
  • The Charity Commission, with whom we share aggregated information about use of our services and website.
  • in the event that we sell or buy any business or assets, we will disclose your personal information to the prospective seller or buyer of such business or assets;
  • with our professional advisors, lawyers, accountants and auditors;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to satisfy our obligations under, enforce or apply terms of relevant agreements, for example our Terms of Use – www.bartsguild.org.uk/terms-of-use – or Terms of Sale – www.bartsguild.org.uk/terms-of-sale – or to protect the rights, property, or safety of the Guild, visitors, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and/or
  • with your consent or as otherwise disclosed at the time of data collection or sharing.

10. Security/storage of and access to your personal information

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destructions, misuse, alteration, unauthorised disclosure of or access to your personal information. For example, your information is only accessible by appropriately trained staff, volunteers and contractors and only disclosed to relevant organisations or representatives who need to access it to perform their roles. We store personal data on our secure servers with features enacted to prevent unauthorised access.

However, unfortunately no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact us” section below.

11. International Data Transfers

In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (“EEA”).

However, we use agencies and/or suppliers to process personal information on our behalf. Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside the UK or EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the processing of your payment details and the provision of support services.

Please note that some countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the UK or EEA, we will take all steps reasonably necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses (approved by the UK Government and/or European Commission, as appropriate) to protect your personal information and that your personal information is treated securely and in accordance with this Notice. If you have any questions about such safeguards, please contact us (see section 15 below).

12. Your rights

Under certain privacy laws, you have rights relating to your personal information. You may have the following rights in relation to our processing of your personal information:

  • Right to be informed – you have the right to be told how your personal information will be used. We use privacy policies like this Notice to provide a clear and transparent description of how your personal information may be used.
  • Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply.
  • Right of erasure – you can ask us to delete your personal information from our records.
  • Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.
  • Right to restrict processing – you have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
  • Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests ground, (ii) using your personal information for direct marketing or (iii) using your personal information for statistical or profiling purposes.
  • Right to data portability – where we are processing your personal information (i) because you gave us your consent, or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, and the processing is carried out by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
  • Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing/fundraising by electronic means (for example to be unsubscribed from our email newsletter list).

To exercise any of these rights, please send a description of the personal information in question using the contact details in section 15 below. Where we consider that the information with which you have provided to us does not enable us to identify the personal information in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.

Please note that you may only use/benefit from some of these rights in limited circumstances, and we may be unable to provide these rights to you under certain circumstances, for example if we are legally prevented from doing so or can rely on exemptions. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO): https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in section 15 below.

You have the right to make a complaint to the ICO about us or the way we have processed your personal information. For further information on how to exercise this right, please see the guidance at https://ico.org.uk/make-a-complaint/data-protection-complaints/. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/contact-us-public/.

Please note that the Data (Use and Access) Act 2025 came into law on June 19th 2025 and, as a result, the ICO is in the process of amending and updating some of its guidance. For more information, please check with the ICO: https://ico.org.uk/about-the-ico/what-we-do/legislation-we-cover/data-use-and-access-act-2025/

13. Changes to this Notice

We keep this Notice under regular review and may update it from time to time, so we recommend that you check it regularly. Where necessary we may also notify you of changes by email. The Notice was last updated on 20/10/2025.

14. Third party websites

We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.

15. How to contact us

We are a charity registered in England and Wales with the Charity Commission. Our principal office is at
St Bartholomew’s Hospital, West Smithfield, London EC1A 7BE.

Please let us know if you have any questions or concerns about this Notice or about the way in which your personal information is being processed by contacting us via the following channels:

  • By email: contact@bartsguild.org.uk
  • By telephone: +44 (0)20 3765 8700
  • By post: St Bartholomew’s Hospital, West Smithfield, London EC1A 7BE

In each instance, please ask for or address your communication to the Chairman.

Please note that our office is not staffed every day, and therefore you may experience a slight delay before you receive a reply to an email, letter or telephone call/voicemail message. We aim to respond to all communications within three working days, although this may vary during vacations and public holidays. However, where your query is urgent, we will use our best endeavours to respond appropriately.