Privacy Policy

About Us

NHS Lothian Charity aims to improve the physical and mental health of the people of Scotland, in particular in Edinburgh and the Lothians. We provide funding, deliver projects and make grants to support projects and initiatives not normally funded by the health service.

We are committed to ensuring that your privacy is protected. When we collect personal information about you, we promise to keep this information safe.

In accordance with the Data Protection Act 2018, our privacy statement sets out how we collect and use personal information and why this is important in enabling us to fulfil our charitable objectives.

If you are asked to provide personal information, you can be sure that it will only be used in accordance with this statement.

We have registered with the Scottish Fundraising Standards Panel and are proud to work to the Fundraising Guarantee.


This section explains how we collect information about you. For further information on how we keep this information secure and how you can opt out of direct marketing, please see the sections entitled ‘Where we store information’ and ‘Direct marketing and how to opt out’.

We collect information in the following ways:

When you give it to us DIRECTLY

You may give us your information when, for example, you make a donation, fundraise, sign up to or take part in an event, sign up to hear from us by email or text, apply for a grant, make an enquiry or communicate with us.

When you give it to us INDIRECTLY

Your information may be shared with us by independent event organisers, for example third party promoters or fundraising sites like JustGiving. These independent third parties will only do so when you have indicated that you wish to support NHS Lothian Charity. You should check the privacy policy of other organisations.

When you give permission to OTHER ORGANISATIONS to share or it is available publicly.

We may combine information you provide to us with information available from external sources in order to keep information up to date, gain a better understanding of our supporters and improve our engagement strategies. The information we get from other organisations may depend on your privacy settings or the responses you give, so you should check these settings regularly. This information comes from the following sources:

Third party organisations
You may have provided permission for a company or other organisation to share your data with third parties, including charities. This could be when you buy a product or service or enquire or register for an event.

Social Media
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp, Instagram, YouTube, Twitter, etc you might give us permission to access information from those accounts or services.

Information available publicly
This may include information found in places such as Companies House, information that has been published in articles, newspapers, journals, websites, social media, annual reports or other publicly available information. This information helps us organise our fundraising as efficiently as we can.

We may also use publicly available sources to carry out due diligence on supporters or potential supporters in line with our Ethical Fundraising Policy and to meet money laundering and other regulations.

When we collect it as you use our WEBSITES OR APPS

We use cookies and tags (collectively “Cookies”) on our website in order to help improve our website, improve your online experience and provide you with a more personalised service.

A cookie is a small data file that certain websites write to your hard drive when you visit them. This site uses different types of cookies to carry out the functions described above and provide information about your visits for statistical purposes only. These cookies will be stored in your browser. You have the option to opt-out of cookies that are not essential for the basic functionality of the website although opting out of some of these cookies may affect your browsing experience. Usage information is anonymised but may include information related to your computer such as IP address, unique IDs, device IDs, etc. Information that could be used on its own to directly identify, contact or precisely locate an individual such as email addresses, mailing addresses, phone numbers, full names or usernames, or precise locations (such as GPS coordinates) is not collected through cookies.

Google Analytics
We use Google Analytics, a popular web analytics service provided by Google, Inc. Google Analytics uses cookies to help us to analyse how users use the site and to understand who our audiences are to help us improve the usage and effectiveness of our website.

The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Usage information is anonymised but may include information related to your computer such as IP address, unique IDs, device IDs, etc. However, Google does not collect information that could be used on its own to directly identify, contact or precisely locate an individual such as email addresses, mailing addresses, phone numbers, full names or usernames, or precise locations (such as GPS coordinates).

Depending on your account settings, Google may associate your activity on the NHS Lothian Charity site and other sites and apps with your personal information in order to improve Google’s services and the ads delivered by Google. You have choices regarding the information that is collected and how it is used by Google. As well as updating your account settings, you may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. By using the website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

Google Adwords
We also use Google AdWords remarketing to tailor our marketing to better suit your needs and personalise our online communications with you based on what parts of our website you have visited.

Opting out of Google Analytics and Adwords
You can opt out of personalised ads in your Ads Settings. Your opt outs will apply across both Google ads services (eg: Search ads) and the 2+ million websites and apps that partner with Google to show ads. You can do this by visiting:

You can also opt out of Google Analytics and Google Analytics for Display Advertising, and customise the Google Display Network ads by visiting the Google Ads Settings page and installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (gtag.js, analytics.js) that is running on websites from sharing information with Google Analytics about visit activity.

Using the Google Analytics opt-out browser add-on does not prevent NHS Lothian Charity from using other tools to measure site analytics. It does not prevent data from being sent to the website itself or in other ways to web analytics services.

Social Media Cookies
These cookies allow you to share what you have been doing on the website on social media such as Facebook, Twitter, Instagram or WhatsApp. Please refer to the privacy policies for these sites for how their cookies work and how you can opt out.

More about Cookies
If you wish to restrict or block the cookies which are set by our website, or indeed any other website, you can do this through your browser settings. Search in your cookie folders for to find our cookie and the Google Analytics cookie if you wish to delete them. If you chose to restrict or block any cookies, this may result in certain features of the website not being provided and you may not be able to take full advantage of the websites features and functionality.

More information about cookies, including how to block them or delete them, can be found at


The type and quantity of information we collect and how we use it depends on why you are providing it. We want to get in touch in the way you’d prefer – be it by email, on the phone or in writing – and may ask you to let us know your preferred option.

If you support us, for example make a donation, leave a legacy, fundraise, sign up to or enquire about an event, take part in a raffle/lottery/prize draw, volunteer, apply for a grant, sign up to hear from us or enquire about how to support us, etc we will usually collect:

  • Your name
  • Your contact details
  • Your gender
  • Your date of birth to confirm if you are over 18
  • If you are under 18 we may collect the name and contact details of a parent or guardian and, where appropriate, the name and location of your school.

Where it is appropriate, we may also ask for:

  • Job title and employer
  • Reason for supporting us
  • Your bank or credit card details
  • Confirmation of whether or not you are a taxpayer – to allow us to claim gift aid
  • Next of kin, if taking part in events where this information is necessary
  • Information relating to your health, for example if you are taking part in a high-risk event
  • T-shirt or running vest sizes to allow us to send you branded merchandise
  • Information relating to your hardship grant application – i.e. financial situation, employment and benefit status

We will use your data to:

  • Provide you with information you asked for
  • Process your grant application
  • Administer your donation, legacy or support your fundraising including processing gift aid
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Send you correspondence and communicate with you
  • Process applications for funding and for administration of our role in the projects we fund
  • Monitor website use to identify visitor location, guard against disruptive use, monitor website traffic and/or personalise information which is presented to you
  • Meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies
  • Respond to or fulfil any requests, complaints or queries you make to us
  • Understand how we can improve our services, products or information by conducting analysis and market research
  • Check for updated contact details against third party sources so that we can stay in touch if you move
  • Further our charitable objectives

If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our websites.

We may use your email address and phone number to match to your account on Facebook or other social media sites to be able to show you content relating to NHS Lothian Charity while you are using these sites. We will only do this where you have opted in to receive updates by email or text, and your personal data is kept secure at all times. We may also use your email address and phone number to link to Facebook or other social media sites to be able to identify other users of these sites whom we believe would be interested in NHS Lothian Charity, and we may then show them our content.

We may also use your personal information to detect and reduce fraud.

Collecting Data from Children Under 18

We collect and manage information from children and aim to manage it in a way which is appropriate to the age of the child. Where possible and appropriate we will seek consent from a parent or guardian before collecting information about children. Information is usually collected when children attend our events or fundraise for us, but it can also be sensitive personal data.

If in certain circumstances children over the age of 12 may be able to give their consent to their data being and held and processed. Where this is the case, this information is managed separately from other data provided to the charity.

Some events have specific rules about whether children can participate, and we‘ll make sure advertising for those events is age appropriate.

Direct marketing and how to opt out

If you have provided us with your postal address we may contact you to let you know about progress towards our charitable objectives and/or to ask for donations or other support. We will always seek your consent to contact you via email or text/SMS for marketing or fundraising purposes. You can change your contact preferences at any time. Our forms also have clear emarketing preference questions and we will always include information on how to opt out when we send you marketing by email or text.

If you have previously given us your permission to contact you and have now changed your mind, you can let us know by emailing [email protected] or by calling 0131 465 5850.

If you request that we do not contact you again for marketing or fundraising purposes, we will respect your wishes. It may take up to 28 days for us to update our records and for you to stop receiving marketing communications from us. After this time, we may still send you administrative communications, for example in relation to payments you have made or events you have signed up to take part in.

If you ask not to receive any marketing or fundraising communications from us, please be aware that your personal information may still be retained and marked to prevent you from receiving any communications and to allow us to have our work independently audited. You have a right to ask us to remove your personal information, and if it’s not necessary for the purpose you provided it to us for, we will do so. In doing so, we will be unable to guarantee that you will not receive communications in the future, because we will have deleted your data and will therefore have no record of past requests from you.

If you want to guarantee that you will not receive communications from us, it is in your best interests for your data to be retained on our system so that your contact preference is recorded and adhered to.

We do not have any access to your medical records. We will not sell or lease your personal information to third parties. We will not share your information with a third party for their own purposes unless required by law to do so. In certain circumstances, such as to process offers of free tickets, we may share details you have provided with third parties in order for them to administer this service, however, this will only be done with your consent. You may request details of personal information which we hold about you under Data Protection Law. If you would like a copy of the information held on you, please request this by submitting a Subject Access Request as outlined in the ‘Amending Your Records’ section. If you believe that any of the information we are holding on you is incorrect or incomplete, please contact us as soon as possible, so that we can correct the information.

We appreciate your support and aim to ensure that your privacy is treated with respect at all times, in compliance with the current Data Protection Laws.

Building profiles of supporters and targeting communications

We use profiling and screening techniques for communication, fundraising and marketing purposes. We do this to ensure communications are relevant and timely, and to provide an improved experience for our supporters. This allows us to understand the background of the people who support us and helps us to make appropriate requests to supporters.

When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you. See Information available publicly above.

Third Parties

We may share information with third parties for the purposes of events; event providers (for example, Kiltwalk, Edinburgh Marathon), fundraising platforms (for example, JustGiving, etc), or event management (for example Eventbrite).

We may use third party organisations to carry out work on our behalf such as fundraising, processing donations, marketing, market research, processing or analysing data, or to support the delivery of our programmes. We will always have a contract or agreement in place with any third party agency that includes how they manage your data on our behalf and will only provide these companies with the information they need to deliver the service.

As the main beneficiary of our charitable objectives, we may share your information with NHS Lothian for example if you have donated or raised money, left or are planning to leave a legacy or have applied for a grant.

We may share your information with Local Authorities or other partners to enable us to process your grant application.

We may share your information with HMRC to process gift aid claims.

If you are a legator we may share information with co-beneficiaries and/or professional advisors.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will never sell personal details to third parties for the purposes of marketing.

Payment process

NHS Lothian Charity does not collect payments directly and at no time collects or stores any card details.

Our website payment processes are completed on secure sites provided by a third parties. Our payment service providers include Stripe and Access PaySuite.

We respect the privacy of every individual who visits our site. Any personal information submitted through the website, excluding payment card or bank details, is securely stored on our systems.

By using the online payment facility, you accept and consent to your personal data being provided to the Service Provider for sole purpose of offering and administering the online payment.

Accessing or concluding transactions through these third party sites is entirely at your own risk and you should take every precaution to ensure you are on the intended payment site before entering any details.

NHS Lothian Charity will never ask individuals for their usernames or passwords for any third party sites. Always check the legitimacy of any emails received from NHS Lothian Charity or third party payment providers, particularly in relation to clicking links to update details, providing details etc.

Sharing your story

Some grant recipients, donors, fundraisers or legators choose to tell us about their activities or interest in NHS Lothian Charity and are happy for us to use their stories and photographs for publicity. We will always seek your prior explicit consent for any publicity of this kind.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We secure the Personal Information you provide to us in our CRM and finance systems on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.

Our online forms are always encrypted and our website is securely hosted, protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.

NHS Lothian Charity has no control over third party sites linked to from our website. These sites will have separate terms of service, privacy and data collection practices and legal policies independent of NHS Lothian Charity. Accessing, using or concluding transactions through these third party sites is entirely at your own risk.

NHS Lothian Charity will not be responsible for devices used to conclude transactions on our site.

How long do we keep your data on record?

We will keep and delete your information according to our Records Management policy and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal and regulatory retention requirements (e.g. tax or health and safety requirements) and operational considerations.

Amending your records

You can amend your records or preferences with us at any time. For example, if you have moved house, or you have changed your mind on how you would like us to contact you.

Please call 0131 465 5850 or email [email protected]

If you want to access any information we hold about you please make a NHS Lothian Charity Subject Access Request Form.


We aim to resolve any complaints as swiftly as possible. Please have a look at our Complaints Policy for more information.

If your complaint is in regards to data protection issues, you should send it in the first instance to NHS Lothian Charity using the following details:

By email: [email protected]

By telephone: 0131 465 5850

By post:
NHS Lothian Charity,
Waverley Gate,
2-4 Waterloo Place,
Edinburgh EH1 3EG

Please clearly mark your complaint as a complaint.

The data controller for NHS Lothian Charity is:

Data Protection Officer
Information Governance
Woodlands House
74 Canaan Lane
Phone – 0131 465 5444


We reserve the right to change this statement and will update the information on this page accordingly. Any significant changes will be highlighted on our website or we may contact you directly.

This policy was last updated in June 2023.