The Nottinghamshire Crisis Sanctuaries recognises its responsibility to comply with the General Data Protection Regulations (GDPR) 2018 and is committed to safeguarding the privacy of anyone who uses our services. This statement sets out how we will treat your personal information.
The GDPR sets out high standards for the handling of personal information and protecting individuals' rights for privacy it also regulates how personal information about people, electronically or on paper is processed.
Your acceptance of this policy, and our right to change it.
By using The Nottinghamshire Crisis Sanctuaries services and providing your information, and/or using our webpage or social media pages, you consent to our collecting and using the information you provide as set out in this policy. Do not use our services, website or social media if you do not agree to the terms set out in this policy.
Changes and updates may be made to the policy, these changes will apply from the time that we upload them. The policy was created in September 2022.
The Crisis Sanctuaries are delivered through a partnership of Framework, Turning Point and Nottinghamshire Mind to collectively support the communities of Nottinghamshire by using the expertise of each partner data is shared between these 3 organisations through a shared data system.
What information do we collect and why?
Personal data is data that can be used to identify individuals, separately or combined.
We collect 2 types of data:
Personal data; this includes data such as your name, address phone number, date of birth (if appropriate), email address, your interests and hobbies etc. This data when used on its own or when combined with other information will enable identification of individuals.
Sensitive data: this is data that reveals racial or ethnic origin, political opinions, religious beliefs, trade union membership, data relating to your health or sex life and sexual orientation. This data due to its nature must be treated with extra security.
We may collect, use, store and transfer personal and sensitive data about you, we will only collect data that we need, this may include data that will help us improve and develop our service.
We may collect Non personal data: this includes data such as IP addresses (the address that identifies your device on the internet) this data helps us determine how many people visit our sites and pages which ones are being viewed so that we can monitor and improve our service. This information allows us to measure the effectiveness of the service we provide and how it can be developed.
How we obtain your data?
We use different methods to collect your data:
Direct interaction ─ This may be filling in forms or verbally sharing information with us. We record any contact we have with you;
Third parties ─ We may receive your personal data from third parties who refer you to our service. This is usually with your explicit consent but could be because there is a legal obligation that applies to the third party;
Via automated technologies/ interactions ─ This data is non personal and is collected by the use of the website, it lets us see browsing actions and patterns.
What we do with your personal data and why?
to carry out research on the demographics, interests and behaviour of our clients to help us gain a better understanding of them and to enable The Nottinghamshire Crisis Sanctuaries to improve its services. This research may be carried out internally by the partnership employees or we may ask another company to do this work for us.
communicate with wider stakeholders and supports to market the Nottinghamshire Crisis Sanctuaries.
if you have agreed to it, provide you with information that we think may be of use to support you.
When dealing with personal data we will ensure that:
Data is fairly processed, lawful and transparent, this means that data should only be collected if the staff member has been open and honest about why they want the information;
Data is processed for specific purposes only, this means that data is collected for specific, explicit and legitimate purposes only;
Data is kept no longer than needed. Data that is no longer needed will be shredded, deleted or securely disposed of;
Data is accurate and kept up to date. Data is processed in accordance with your rights, these include, the right to be forgotten, the right to access information that the service hold about you, the rights to have inaccurate data rectified, be erased or destroyed.
Data is kept securely.
Both the UK GDPR and DPA give rights to individuals in respect of their own personal data held by others, these rights are:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure (in certain circumstances);
- The right to restrict processing;
- The right to data portability (in certain circumstances);
- The right to object;
- Rights in relation to automated decision making and profiling.
Correcting your details.
If you would like us to correct or update any of your information that we hold about you please email us at firstname.lastname@example.org or 0800 470 0203 or write to Nottinghamshire Crisis Sanctuaries Partnership Manager, Nottinghamshire Mind, 6 Hardy Street, Worksop, Notts S80 1EH.
Sharing your information.
We will only share your information if:
We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court;
If we believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or websites;
We are working with a carefully-selected partner that is carrying out work on The Nottinghamshire Crisis Sanctuaries.
What we don't do with your information?
We will never share or sell your information to other parties to use for their own purposes.
Security of personal data.
The Crisis Sanctuaries Partnership will continually make every effort to ensure the safety of your personal data. We will take reasonable precautions and steps as required by law to protect your personal data that that comes into our possession from misuse, unauthorised access, modification and disclosure.
Use of the website.
GDPR defines a personal data breach as a ‘breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Nottinghamshire Crisis Sanctuaries takes the security of personal data seriously, computers are password protected and have up to date security software.
A breach of personal data may result in a loss of control of personal data, discrimination, identify theft or fraud, financial loss, damage to reputation, loss of confidentiality of personal data, damage to property or social disadvantage. Therefore, a breech, depending on the circumstances of the breech, can have a range of effects on individuals.
Nottinghamshire Crisis Sanctuaries duty to report a breach.
If the data breach is likely to result in a risk to the rights and freedoms of the individual, the breach must be reported to the individual and ICO without undue delay and where feasible not later than 72 hours after having become aware of the breach. The Data Protection officer must be informed immediately so they are able to report the breach to the ICO in the 72-hour timeframe.
Records and Files retention and archive.
There is a legal requirement that certain information stored by the Nottinghamshire Crisis Sanctuaries is kept for a minimum of 6 years. The following will therefore be retained for this period of time from when they cease to be active:
All financial information including correspondence with the bank and bank statements;
Any legal documents including Trustee minutes;
All personnel information for former members of staff including evidence that;
Income Tax and National Insurance has been properly deducted and appropriate payments made;
All personal information including referral forms and application forms for former Service Users and Volunteers.
Archive files are stored at the Head Offices of the 3 partners; Notts Mind, 6 Hardy Street, Worksop, Notts, S80 1EH. Turning point, Haven House, 222 Porchester Road, NG3 6HG. Framework HA, Val Roberts House, 25 Gregory Boulevard, Notts, NG7 6NX.
DBS Disclosure handling and storage.
The DBS help assess the suitability of applicants for positions of trust, each partner for the Nottinghamshire Crisis Sanctuaries fully comply with the DBS Code of Practice regarding the correct handling, use, storage, retention and disposal of information. Disclosure information should be kept securely, in lockable, non-portable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties.
Once employment or volunteering ceases Nottinghamshire Crisis Sanctuaries will ensure that any Disclosure information is destroyed.
Who to contact?
We are committed to ensuring full compliance to ensure the safety of your personal information. If you have any questions or queries about this privacy statement please email us at email@example.com or call 0800 470 0203 or write to Nottinghamshire Crisis Sanctuaries Partnership Manager, Nottinghamshire Mond, 6 Hardy Street, Worksop, Notts S80 1E.
For more information about your rights under the Data Protection Act please visit the Information Commissioners Office at www.ico.org.uk
If you are unhappy with The Nottinghamshire Crisis Sanctuaries response, then you have the right to take the matter further to the independent ombudsman. Please visit https://ico.org.uk/concerns