Privacy Policy

Why This Policy

At South Brent & District Caring, we take your privacy seriously and we keep our procedures to safeguard your data under constant review. The law on data privacy is changing and from May 2018 the UK will enact the EU General Data Protection Regulations (GDPR) which places a greater burden on organisations which gather and hold your personal data, and which more accurately details your rights (see the table below for those rights and how they relate to SBADC).

There are a limited number of discrete reasons under which organisations may collect, retain and process your data. SBADC does so to pursue its legitimate interests in support of you, and/or by specific consent (see below). If you are a client and we judge that we need your consent and if you ask us to, we will meet with you individually to explain and obtain that consent.

How We Will Make This Work

At SBADC we consider the letter of the GDPR the minimum remit and we will strive always to be better than the minimum standards. Our focus is always on the dignity and independence of our team and the clients they support; the safe custody and management of your private information is at the heart of this objective.

This privacy policy has been approved by our Trustees and there is a lead Trustee and this on all issues of data management and protection. We are not required to appoint a Data Protection Officer, but this Trustee will act to safeguard all our interests in this regard. We will review this policy when appropriate and at least once a year.

The Data We Hold

SBADC holds data on four groups of people; each has slightly different rationale for retention, use and sharing within SBADC management and with outside agencies (where applicable) to ensure we can meet our charitable objectives. Generally, except as detailed below, we will not share this information with anyone else for any purpose. If we receive a request for your data from any external organisation or individual, we will refuse, but if we feel the request has merit we will contact you with the request and invite you to contact them directly if you desire.

Office Staff

Privacy protocols and data procedures for information relating to SBADC office staff will be laid out and agreed within their contracts.

Members

We will keep a record of your name, address, contact details (phone and email where appropriate) and of your membership subscriptions, particularly to reclaim Gift Aid where applicable. We will hold your data to pursue our legitimate interests in keeping you in touch with SBADC, advising you of events and collecting subscriptions.

We will not share this information with any other person or organisation, except directly with HMRC and only the information required to claim Gift Aid and only if you have indicated we can claim it.

This data is kept securely by the SBADC Office team as password-protected computer files and for some purposes as hard copy in the office.  The data will also be available to members of the Management Committee and Trustees to the minimum level required in pursuit of their duties.

Volunteers

We will keep a record of your name, address, contact details (phone and email where appropriate) as well as your reports (verbal or written) of your interactions with the clients you support (under the clients’ records).  For transport volunteers we will also keep records on such journeys as you undertake with clients, as well as records of your acceptance of the T&C of driving for SBADC.  We will hold your data to pursue our legitimate interests in keeping you in touch with SBADC, advising you of volunteer events and matching you with clients.

We will not share this information with anyone for any purpose.

This data is kept securely by the SBADC Office team as password-protected computer files and for some purposes as hard copy in the office. The data will also be available to members of the Management Committee and Trustees to the minimum level required in pursuit of their duties. Any client-related data originating from you as a volunteer will be held under the client protocols below.

Clients

We will keep a record of your name, address, contact details (phone and email where appropriate) as well as records of your personal circumstances necessary for us to give you the best support we can.  We hold this data to pursue our legitimate interests in supporting you. For some clients in addition this will include medical history and current health data.  Given that health data is a special category under GDPR we will need those clients’ explicit consent to hold, process and where necessary share your data.  For current clients we will gain your consent after explaining to you what we hold and why, for new clients after 25 May 2018 we will ask for this consent in advance when you join us.

We will share your data only when necessary and with legitimate local health care and support organisations to best support you.

This data is kept securely by the SBADC Office team as password-protected computer files. Where hard copies are made for temporary use (e.g. meetings with other legitimate bodies) they will be securely shredded on completion. The data will also be available to members of the Management Committee and Trustees to the minimum level required in pursuit of their duties.

Website Cookies

SBADC does not use any cookies on its website; we retain no record of your visits. You should be aware, however, that your web browser or search engine may track your visit to our website and hold data relating to your visit over which we have no control. We advise you to become knowledgeable about the behaviour of the systems you use to access the web and use your privacy controls to best reflect your wishes.

MailChimp

SBADC uses the MailChimp service to send emails to all our volunteers, members and clients; without it every email would have to be sent at least three times to reach you all owing to address caps on email.  To make this work we hold your email address (but no other information) on the MailChimp servers.  MailChimp is fully GDPR compliant and you can find their privacy policy here.

Your Rights Under the GDPR

As a not-for-profit organisation we will remain unregistered with the Information Commissioner’s Office, but we will remain compliant with the General Data Processing Regulation (GDPR) which come into force on 25 May 2018.  As such you, as the “data subject” within the regulations have eight rights, the first seven of which have applicability to SBADC.

It should be noted that, in common with most legislation, there is considerable detail in the rights and if you plan to exercise one of them (particularly those marked *) it would be good to have a look at the full details at this link. In all circumstances we will do our best to assist you in exercising your rights or suggesting an independent adviser in the unlikely event of any conflict.

These seven rights apply to SBADC:

Your rightHow you exercise it with SBADC
The right to be informed through this privacy policy
The right of access simply send us an email, phone or write to us to ask what we hold
The right to rectification having seen what we hold, you can tell us to change it if it is wrong
The right to erasure you can ask us to erase the data we hold at any time; your data will also be erased within two months after you leave SBADC for any reason
The right to object if for any reason you feel the data we hold is causing you concernalthough that is unlikely given that we only hold the above data - you can object to us, and if you are still not happy, to the Information Commissioner
The right to restrict processingwe only process your data internally for your benefit as a member, volunteer or client; you can at any time ask us about this and if you desire, restrict what we do
The right to data portabilityAlthough we have no direct equivalence in other organisations we cannot rule out there may be a need for us to transfer your data (at your request) to a similar organisation.

The right which doesn’t specifically apply to SBADC:

Right which doesn’t apply Why it doesn’t apply
Rights in relation to automated decision making and profilingwe do not conduct these activities

For further detailed information on the new rules concerning Data Protection please refer to the Information Commissioner’s Office website