This document refers to personal data, this is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR) which is EU wide and far more extensive, seek to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain such as Companies House data.
Legal basis for processing any personal data
To meet our obligations to support service users and provide you with the services, products or information you have requested, for administration purposes and to further our charitable aims, including for fundraising activities. Your consent to these services is the legal basis for processing.
We will not pass your details to other organisations without your prior consent, unless required to do so by law. For example, we reserve the right to provide your personal details to HM Revenue and Customs (HMRC) for Gift Aid purposes if appropriate.
We have a number of lawful reasons that mean we can use (or process) your personal information. One lawful reason is something called ‘legitimate interests’. Broadly speaking Legitimate Interests means we can process your personal information if:
- We have a genuine and legitimate reason.
- We are not harming any of your rights and interests.
How do we collect information?
We collect your personal information in a number of ways:
- When you provide it to us directly.
- When you provide permission to family members, professionals or other organisations to share it with us.
When providing permission for third party organisations to share your data you should check their Privacy Policies carefully to understand fully how they will process your data.
What we collect and why
We may collect the following information with consent:
To provide a service
- Names, addresses, emails, phone numbers and other contact information;
- Contact details for client’s next of kin or principle carer;
- Financial information to assist clients with Welfare Benefits and debt management;
- Equality information to monitor that we don’t discriminate and everyone who needs us can access our services;
- Information about client’s health and care so we can make sure they get the right service and our services are able to meet their needs;
- Information about a client’s medication to evidence their case for Welfare Benefits or to provide to paramedics if they were taken seriously unwell at the Independence and Wellbeing Centre;
- Information about those involved in their care so we can liaise with them when required;
- Information about any risks clients or their homes might present to our staff;
- Information conversations we have with clients and other people involved in their care, where it is important for us to have a record, and of any actions we have taken as a result;
- Information about clients’ interests and preferences so we can consider these when delivering and designing our services;
- Photographs, video and audio recordings to raise awareness and promote our service;
- Information about which of our services clients have accessed and when, for our funders, and in case anyone ever wanted to claim take a personal injury claim against us;
- Compliments and complaints so we can monitor and improve our services;
- Information about any incidents and accidents to meet Health and Safety Executive requirements.
- Information about the consent given to share information or for us to make contact about supporting us, or helping us to fundraise and to receive our newsletter;
- Names, addresses, emails, phone numbers and other contact information of our supporters;
- Information about amounts raised and how, for our financial records and to thank people;
- Information about whether consent has been given for us to make contact about supporting us in the future or helping us to fundraise and to receive our newsletter;
- Information about people’s tax status where provided for us to claim gift aid.
To work with volunteers
- Names, addresses, emails, phone numbers and other contact information;
- Contact details for client’s next of kin;
- Anonymised equality information to monitor that we don’t discriminate and everyone who needs us can access our services;
- Applications, references and DBs reference numbers so that we make sure that it is appropriate for the volunteers we recruit to have access to people who might be vulnerable;
- Health information so we can make sure we know what to do in an emergency and how to keep our volunteers safe;
- Bank details so we can cover expenses;
- Records of when volunteers supported us so we can provide references, in case anyone ever wanted to claim take a personal injury claim against us, and in order for those who chose to take part in local and national schemes so their contribution can be formally recognised;
- We are required to share key information about our volunteers with Cardiff and the Health Board because we operate within their site;
- Information about any incidents and accidents to meet Health and Safety Executive requirements;
- Photographs, video and audio recordings to raise awareness and promote our service and volunteering;
- Information about the consent given for us to share information about our organisation and fundraising with them.
Through agreeing to this privacy notice you are consenting to Headway Cardiff and South East Wales processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing email@example.com or by phoning 029 20577707 or writing to us at Headway Cardiff and South East Wales, Rookwood Hospital, Fairwater Road, Llandaff, Cardiff, CF5 2YN.
Headway Cardiff and South East Wales will store your data for the time that you actively engage with our service and then for up to 7 years after this because we are required by our funders to keep records for this length of time.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
All the personal data we process is processed by our staff in the UK. For the purposes of IT hosting and maintenance your information may be situated inside of the European Economic Area (EEA).
Your rights as a data subject
At any point whilst we are in possession of or processing your personal data, all data subjects, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
You can request information about the following
- Identity and the contact details of the person or organisation (Headway Cardiff and South east Wales) that has determined how and why they process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- The categories of personal data collected, stored and processed.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what Personal data is held
We will take reasonable steps to verify that the person making the subject access request is the data subject (e.g. ID verification check). If we are dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made to firstname.lastname@example.org or by phoning 029 20577707 or writing to us at Headway Cardiff and South East Wales, Rookwood Hospital, Fairwater Road, Llandaff, Cardiff, CF5 2YN.
In the event that you wish to make a complaint about how your personal data is being processed by us, you have the right to complain to our Director of Services. If you do not get a response within 30 days, you can complain to the ICO. The details for each of these contacts are:
Headway Cardiff and South East Wales, for the attention of the Director of Services
By email email@example.com or by post to Headway Cardiff and South East Wales, Rookwood Hospital, Fairwater Road, Llandaff, Cardiff, CF5 2YN.
ICO Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone 0303 123 1113 or email: https://ico.org.uk/global/contact-us/email/