From the 23rd May 2018, new data protection regulations came into effect. Allsorts has reviewed our data protection policy and privacy statement to ensure we are compliant with the new law.
• To ensure our policy is clear about what data we hold on you and why we hold that data
• To let you know you have increased rights to access data we hold about you
• To ensure our personal data is held securely and never passed on to a Third Party without your consent
• To ensure the use we put that data to is compliant with the law and best practice
So you know who to speak to, and under the guidance of the new law, we have appointed Katie Vincent as our Data Manager (also known as a ‘data controller’). Their email is: firstname.lastname@example.org. Please be in touch if you have an enquiry. Their job is to be responsible for, and control the processing of, personal information.
PERSONAL DATA WE COLLECT
We only collect personal data that is deemed essential for the care and well-being of our services users and parents and facilitates smooth communication between our colleagues, staff, trustees and volunteers. Any information we hold for anyone else who receives other services, such as guidance on youth inclusion, training, events, donors, sign up for social media, communication through the website, e-newsletter sign up and any consultations of stakeholders we may engage in is hold on a strictly need to know basis.
For example, we might hold:
• Your full name and date of birth
• Your postal address, email address and phone number
• Your NHS number
• Your current living situation
• Your current interests and activities insofar as they are relevant to your engagement with Allsorts.
We will also collect and hold information about:
• meetings with staff, key issues and actions when providing services to you
• contact preferences
• donor and Gift Aid status
• details of correspondence sent to you, or received from you
• any other information provided by yourself at the request of Allsorts
Gift information, including payment details where applicable. When you are using our secure online donation pages, your donation is processed by Virgin Giving and/ or Just Giving who specialise in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, contact Virgin Giving or Just Giving.
WHEN ACCESSING OUR WEBSITE
When you access our website we use traffic log cookies via Google Analytics to identify which pages are being used. Google Analytics collects information about your visit which may include your IP address, geographical location, browser type, referral source, length of visit and number of page etc.
This helps us analyse data about web page traffic and improve our website in order to tailor it to users needs. We only use this information for statistical analysis purposes only and is stored by Google.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us via your browser settings.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline & delete your cookie history if you prefer.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
SENSITIVE PERSONAL INFORMATION (ALSO KNOWN AS SPECIAL CATEGORY DATA)
We will not pass on your details to anyone else without your permission except in exceptional circumstances such as anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
WHAT WE WILL DO WITH YOUR DATA
When we ask you to provide your personal information we will let you know why we are asking, and how we will use your data, by directing you towards this notice.
Depending on your relationship with Allsorts, and the preferences you have indicated, data we hold may be used by us to send you promotional, marketing or fundraising information by post or electronic means. These types of communications can include:
o informing you of opportunities, services or events related to Allsorts, such as fundraising events, or training opportunities.
o news and updates about Allsorts and marketing or support e-newsletters if you have signed up to receive them.
o information about our fundraising activities, including occasional targeted requests to consider giving financial support to Allsorts, or to ask you to consider supporting us in other ways.
o dealing with enquiries and complaints made by you relating to the website.
o where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with your wishes.
o other relevant communications based upon your relationship with Allsorts.
LAWFUL BASIS FOR USING YOUR INFORMATION
There are lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that that Allsorts may have a ‘legitimate interest’ in processing your information.
Whenever we process your Personal Information under the ‘legitimate interest' lawful basis we make sure we take into account your rights and interests and balance those against our ‘legitimate interest’. For example, we may need information about your health and well-being in order to provide you with the best service. This information is called ‘special category data’ but we will not share this unless with your express consent.
LAWFULLY SHARING YOUR INFORMATION
• to the extent that we are required to do so by law (safeguarding)
• in connection with any legal proceedings or prospective legal proceedings
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
SECURITY OF YOUR PERSONAL DATA
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Your data will be stored securely in locked filing cabinets and electronically in password protected files and data bases.
We also store all the personal information you provide on our secure password- and firewall- protected servers. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
We are committed to ensuring the privacy of our users and the security of the data provided to us. Allsorts Youth Project regularly reviews processes and procedures to ensure we are up to date with the latest security practices and holds all data in line with GDPR.
HOW LONG WILL WE KEEP YOUR DATA?
If you are a service user we keep your data for 7 years after you have finished working with us and then we shred and delete. If you are a donor/supporter etc. we will also keep your data for as long as you give us permission to hold it but otherwise for 7 years after our first contact with you.
We do not give out, sell or trade our mailing list data with third parties. The information you provide will be used primarily to deliver services to you, to further our charitable aims including fundraising activities, to gather feedback and also keep you informed about Allsorts’ activities. If at any time you no longer wish to receive communications from us or for any other query, please contact our Data Manager email@example.com. You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, https://ico.org.uk/:
Access to your personal information
You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with and how long we keep it for. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
Right to object
You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
You can ask us to change or complete any inaccurate or incomplete personal information held about you.
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.