Why This Policy
At South Brent & District Caring, we take your privacy seriously and we keep our procedures to safeguard your data under constant review. The law on data privacy is changing and from May 2018 the UK will enact the EU General Data Protection Regulations (GDPR) which places a greater burden on organisations which gather and hold your personal data, and which more accurately details your rights (see the table below for those rights and how they relate to SBADC).
There are a limited number of discrete reasons under which organisations may collect, retain and process your data. SBADC does so to pursue its legitimate interests in support of you, and/or by specific consent (see below). If you are a client and we judge that we need your consent and if you ask us to, we will meet with you individually to explain and obtain that consent.
How We Will Make This Work
At SBADC we consider the letter of the GDPR the minimum remit and we will strive always to be better than the minimum standards. Our focus is always on the dignity and independence of our team and the clients they support; the safe custody and management of your private information is at the heart of this objective.
The Data We Hold
SBADC holds data on four groups of people; each has slightly different rationale for retention, use and sharing within SBADC management and with outside agencies (where applicable) to ensure we can meet our charitable objectives. Generally, except as detailed below, we will not share this information with anyone else for any purpose. If we receive a request for your data from any external organisation or individual, we will refuse, but if we feel the request has merit we will contact you with the request and invite you to contact them directly if you desire.
Privacy protocols and data procedures for information relating to SBADC office staff will be laid out and agreed within their contracts.
We will keep a record of your name, address, contact details (phone and email where appropriate) and of your membership subscriptions, particularly to reclaim Gift Aid where applicable. We will hold your data to pursue our legitimate interests in keeping you in touch with SBADC, advising you of events and collecting subscriptions.
We will not share this information with any other person or organisation, except directly with HMRC and only the information required to claim Gift Aid and only if you have indicated we can claim it.
This data is kept securely by the SBADC Office team as password-protected computer files and for some purposes as hard copy in the office. The data will also be available to members of the Management Committee and Trustees to the minimum level required in pursuit of their duties.
We will keep a record of your name, address, contact details (phone and email where appropriate) as well as your reports (verbal or written) of your interactions with the clients you support (under the clients’ records). For transport volunteers we will also keep records on such journeys as you undertake with clients, as well as records of your acceptance of the T&C of driving for SBADC. We will hold your data to pursue our legitimate interests in keeping you in touch with SBADC, advising you of volunteer events and matching you with clients.
We will not share this information with anyone for any purpose.
This data is kept securely by the SBADC Office team as password-protected computer files and for some purposes as hard copy in the office. The data will also be available to members of the Management Committee and Trustees to the minimum level required in pursuit of their duties. Any client-related data originating from you as a volunteer will be held under the client protocols below.
We will keep a record of your name, address, contact details (phone and email where appropriate) as well as records of your personal circumstances necessary for us to give you the best support we can. We hold this data to pursue our legitimate interests in supporting you. For some clients in addition this will include medical history and current health data. Given that health data is a special category under GDPR we will need those clients’ explicit consent to hold, process and where necessary share your data. For current clients we will gain your consent after explaining to you what we hold and why, for new clients after 25 May 2018 we will ask for this consent in advance when you join us.
We will share your data only when necessary and with legitimate local health care and support organisations to best support you.
This data is kept securely by the SBADC Office team as password-protected computer files. Where hard copies are made for temporary use (e.g. meetings with other legitimate bodies) they will be securely shredded on completion. The data will also be available to members of the Management Committee and Trustees to the minimum level required in pursuit of their duties.
SBADC does not use any cookies on its website; we retain no record of your visits. You should be aware, however, that your web browser or search engine may track your visit to our website and hold data relating to your visit over which we have no control. We advise you to become knowledgeable about the behaviour of the systems you use to access the web and use your privacy controls to best reflect your wishes.
Your Rights Under the GDPR
As a not-for-profit organisation we will remain unregistered with the Information Commissioner’s Office, but we will remain compliant with the General Data Processing Regulation (GDPR) which come into force on 25 May 2018. As such you, as the “data subject” within the regulations have eight rights, the first seven of which have applicability to SBADC.
It should be noted that, in common with most legislation, there is considerable detail in the rights and if you plan to exercise one of them (particularly those marked *) it would be good to have a look at the full details at this link. In all circumstances we will do our best to assist you in exercising your rights or suggesting an independent adviser in the unlikely event of any conflict.
These seven rights apply to SBADC:
|How you exercise it with SBADC
|The right to be informed
|The right of access
|simply send us an email, phone or write to us to ask what we hold
|The right to rectification
|having seen what we hold, you can tell us to change it if it is wrong
|The right to erasure
|you can ask us to erase the data we hold at any time; your data will also be erased within two months after you leave SBADC for any reason
|The right to object if for any reason you feel the data we hold is causing you concern
|although that is unlikely given that we only hold the above data - you can object to us, and if you are still not happy, to the Information Commissioner
|The right to restrict processing
|we only process your data internally for your benefit as a member, volunteer or client; you can at any time ask us about this and if you desire, restrict what we do
|The right to data portability
|Although we have no direct equivalence in other organisations we cannot rule out there may be a need for us to transfer your data (at your request) to a similar organisation.
The right which doesn’t specifically apply to SBADC:
|Right which doesn’t apply
|Why it doesn’t apply
|Rights in relation to automated decision making and profiling
|we do not conduct these activities
For further detailed information on the new rules concerning Data Protection please refer to the Information Commissioner’s Office website