In particular, this privacy notice provides information to individuals about how they can object to our use of their personal information, how they can withdraw any permissions they have given to us to enable us to process their personal information and how they can make a complaint. [/vc_column_text][/vc_column][vc_column width=”1/2″ tablet_width=”1″ css=”.vc_custom_1567093639874{background-image: url(https://cityhearts.global/wp-content/uploads/2017/10/neal-fagan-257183-e1524520934925.jpg?id=1839) !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}”][/vc_column][/vc_row][vc_row][vc_column][vc_tta_accordion][vc_tta_section title=”Who does this privacy notice apply to?” tab_id=”1567093765361-012d3755-a34a”][vc_column_text]This privacy notice applies to:
- Our clients;
In the sections below, when referring to the individuals listed above, we use the terms “you” or “your”. [/vc_column_text][/vc_tta_section][vc_tta_section title=”What’s our approach to privacy?” tab_id=”1567093765374-b036d066-3909″][vc_column_text]We take your privacy extremely seriously and want everyone who supports us or who comes to us for support to feel confident about how any personal information that they share will be looked after or used and to enable you to feel that your personal information is safe in our hands.
We will only use your personal information in accordance with data protection law applicable to England and Wales from time to time.
Under data protection law, when we use your personal information, we will be acting as a data controller. Essentially, this means that we will be making decisions about how we want to use your personal information and why.
Below, we summarise the main rules that apply to us under data protection law when we use your personal information:
We must be upfront about how we intend to use your personal information and must use your personal information fairly. Providing privacy information to individuals (such as in this privacy notice) is one aspect of using personal information fairly. | |
We must only use your personal information if we have a legal basis to do so under data protection law. These legal bases include:
|
|
We must only use certain types of sensitive personal information (such as information relating to your health, racial or ethnic origin or religion, sexual orientation) if we can also satisfy one of the conditions for processing this type of information set out in data protection law. These conditions include:
|
|
We are only permitted to share your personal information with others in certain circumstances and if we take steps to ensure that your personal information will be secure. | |
Generally speaking, we must only use your personal information for the specific purposes we have told you about. If we want to use your personal information for other purposes, we need to contact you again to tell you about this. | |
We must not hold more personal information than we need for the purposes we have told you about and must not retain your personal information for longer than is necessary for those purposes (this is known as the “retention period”). We must also dispose of any information that we no longer need securely. | |
We must ensure that we have appropriate security measures in place to protect your personal information. | |
We must act in accordance with your rights under data protection law. | |
We must not transfer your personal information outside the European Economic Area (“EEA”) unless certain safeguards are in place. One such safeguard is that [the personal data is only transferred to a country that has been approved by the European Commission as having an acceptable level of data protection law. |
In this section, we provide specific privacy information relating to the different categories of individuals that this privacy notice applies to.
Our Clients
What personal information we will use | Your name;
Your address; Your email address; Your telephone number; Your date of birth; Photograph; Your gender; Your religion; Your racial origin; Information concerning your health; Information concerning your personal history which may include other sensitive information such as sexual orientation; Details of any criminal convictions; Images of you on CCTV and dates and times you access City Hearts premises; Details of any complaints you have made in relation to City Hearts services. |
How we will obtain the personal information | Information will either be provided by you when you apply to access our services or information about you will be provided from an external agency (e.g. referring agencies, NHS, Probation, social services) when you are referred to a City Hearts programme.
CCTV images will be captured by automated CCTV recording cameras. |
What purposes we will use the personal information for | We will use your name, address and other contact details to:
We will use your name, date of birth, gender, information concerning your health, information concerning your personal history which may include other sensitive information such as sexual orientation to:
We will process your personal data (including special category data) if required by law to do so, for example to comply with applicable laws, regulations, codes of practice or in response to a request from a competent authority. We use the information you provide about your religion and racial origin to enable us to support and facilitate your cultural and religious observations as part of our equality and diversity policy. If you are in the Restore programme we use this information to facilitate your development if you opted into the Spiritual Stream of the program. We use your criminal conviction information to ensure the safety of other staff and clients. We use images of you on CCTV to ensure the safety of yourself and other residents. |
The legal bases for processing we rely upon | Our use of your personal information to communicate with you, for administrative purposes and to communicate with you is based on our legitimate interests in ensuring that our services are run properly;
Our use of your personal information to understand your needs as a client is based on your and our legitimate interests in ensuring that you are given the appropriate advice and support. Our use of your personal information to inform our practices, policies and procedures is based on your and our legitimate interests in ensuring that our services are appropriate and fit for purpose. Our use of your personal information for legal or regulatory purposes is necessary to enable us to comply with our legal and regulatory obligations. Where we use special category information about you to:
Processing is carried out in the course of our legitimate activities as a not-for-profit charity. On the condition that the processing relates solely to clients, former clients or persons who have regular contact us. Where we process your special category data which is relevant for the purposes of equality monitoring with 3rd party organisations outside City Hearts we will rely on the fact the processing is necessary for reasons of substantial public interest, namely, equal opportunity or treatment. If we consider that you or another individual may be at risk and we are required to process your special category personal data with a 3rd party organisation outside City Hearts we will where appropriate rely on the fact that:
In other circumstances where it is necessary to share your special category personal data with 3rd party organisations outside City Hearts we will obtain your explicit consent, save for where sharing your information is necessary to enable City Hearts to establish, exercise or defend a legal claim. For information about how to withdraw your explicit consent please go to this section. In relation to CCTV images we rely on legitimate interest in ensuring that you, other residents and our staff are safe. |
How long we retain the personal information and why | We usually keep records relating to clients for 7 years [after the end of your involvement with us]. This retention period is either required by law or is with the limitation period from bringing a contractual or personal injury claim.
If there are any safeguarding issues relating to your involvement with us we will retain this information for 50 years [after the end of your involvement with us]. In accordance with the terms set out in our Insurance Policy. |
Consequences of not providing/permitting us to obtain personal information | Without the personal data we have outlined above we will be unable to provide you with access to our services.
|
Engagement with us on social media
Any social media posts or comments you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they’re written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. So, before you make any remarks or observations about anything, you should review the terms and conditions and privacy policies of the social media platforms you use. That way, you’ll understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you’re unhappy about it.[/vc_column_text][/vc_tta_section][vc_tta_section title=”When will we use your personal information for direct marketing?” tab_id=”1567093823369-b980cdb8-3b38″][vc_column_text]In addition to data protection law, if we use your personal information to send you information for marketing purposes, we may also be subject to additional rules that regulate direct marketing. The term “direct marketing” essentially means directing marketing material or advertising at a particular individual.
To ensure compliance with both data protection laws and the specific rules relating to direct marketing, we will only use your personal information to tell you about what we are doing. This may include letting you know about services we offer now and hope to offer in the future; providing you with information which may be of interest to you, news and events; and/or providing you with fundraising updates. We will do this with your consent and you can change your mind and remove or add your consent at any time (see how to unsubscribe below).
We will retain your personal information unless and until you inform us that you no longer wish to receive direct marketing information from us.
You can ask us to stop sending direct marketing to you at any time by [contacting us using the details set out here or going to the “unsubscribe” section of our website.
Information about automated decision making
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention.
We do not undertake any processing activities which involve making decisions about you using automated means.[/vc_column_text][/vc_tta_section][vc_tta_section title=”When will we share your personal information with others?” tab_id=”1567093855546-b29cd766-88d2″][vc_column_text]Sometimes, we will need to share your personal information with others. This section sets out details of who we will share your personal information with and why. It also tells you about our legal basis for doing so under data protection law and steps we will take to protect your personal information.
We will never sell your personal information on to third parties.
Our service partners
Information about our service partners |
|
Why we need to share your personal information with our Service Partners | The purpose for sharing your personal data with our Service Partners is to facilitate the services we provide to you and to ensure that you obtain the advice and support you need. |
The legal bases we rely upon when sharing your personal information | Sharing of personal data with our Service Partners will be:
|
What precautions do we take? |
|
Providers of information technology services
Who will we be sharing your personal information with? |
|
Why we need to share your personal information with such providers |
|
The legal bases we rely upon when sharing your personal information |
|
What precautions do we take? |
|
Other third parties
We may also need to share your personal information with others in the following circumstances:
Legal or regulatory requirements | On occasion, we may be required to disclose your personal information to organisations such as the courts or the police to comply with legal obligations we are subject to and/or to prevent fraud or crime. |
Protecting our organisation | From time to time we may need to disclose your personal information in connection with steps we need to take to protect our organisation’s interests or property. |
Professional advice and legal action | We may need to disclose your personal information to our professional advisers (for example, our lawyers and accountants) in connection with the provision by them of professional advice and/or the establishment or defence of legal claims. |
- clients details are stored on our secure computer system and only those who work with you have access to it.
- We have implemented appropriate security measures to protect our IT infrastructure;
- Encryption of personal information;
- Pseudonymisation of personal information;
- Implementation of internal data security policies and training for members of staff in relation to such policies;
- Regular reviews of data security measures implemented by service providers who may handle your personal data.
- CCTV recordings will only be accessed by employees and DBS checked volunteers on a ‘need to know’ basis.
Your rights | What this involves | What our obligations are |
A right of access | This is a right to obtain access to your personal data and various supplementary information. | We must provide you with a copy of your personal information and the other supplementary information without undue delay and in any event within 1 month of receipt of your request;
We cannot charge you for doing so save in specific circumstances (such as where you request further copies of your personal information). |
A right to have personal data rectified |
|
We must rectify any inaccurate or incomplete information without undue delay and in any event within 1 month of receipt of your request;
If we have disclosed your personal information to others, we must (subject to certain exceptions) contact the recipients to inform them, that your personal information requires rectification. |
A right to erasure |
|
If this right applies, we must delete or remove your personal information without undue delay and in any event within 1 month of receipt of your request;
If we have disclosed your personal information to others, we must (subject to certain exceptions) contact then recipients to inform them that your personal information must be erased. |
A right to data portability | This is a right to obtain and re-use your personal information for your own purposes;
It includes a right to ask that your personal information is transferred to another organisation (where technically feasible). This right only applies in certain limited circumstances. |
If this right applies we must provide your personal information to you in a structured, commonly used and machine reasonable form;
Again, we must act without undue delay and in any event within 1 month of receipt of your request; We cannot charge you for this service. |
A right to object | This is a right to object to the use of your personal information.
The right applies in certain specific circumstances only. You can use this right to challenge our use of your personal information based on our legitimate interests; You can also use this right to object to use of your personal information for direct marketing |
If you object to us using your personal information for direct marketing, we must stop using your personal information in this way as soon as we receive your request.
If you object to other uses of your personal information, whether we have to stop using your personal information will depend on the particular circumstances. |
A right to object to automated decision making | This is a right not to be subject to a decision which is made solely on the basis of automated processing of your personal information where the decision in question will have a legal impact on you or a similarly significant effect. | Where such a decision is made, you must be informed of that fact as soon as reasonably practicable;
You then have 21 days from receipt of the notification to request that the decision is reconsidered or that a decision is made that is not based solely on automated processing; Your request must be complied with within 21 days. |
A right to restrict processing | This is a right to ‘block’ or suppress processing of your personal information.
This right applies in various circumstances, including where you contest the accuracy of your information. |
If we are required to restrict our processing of your personal information we will be able to store it but not otherwise use it.
We may only retain enough information about you to ensure that the restriction is respected in future. If we have disclosed your personal information to others, we must (subject to certain exceptions) contact them to tell them about the restriction on use. |
If you wish to exercise any of your rights you can make a request by contacting us using this email address Data.Protection@cityhearts.global
If you request the exercise of any of your rights we are entitled to ask you to provide us with any information that may be necessary to confirm your identity.[/vc_column_text][/vc_tta_section][vc_tta_section title=”When and how can you withdraw your consent?” tab_id=”1567093949683-fc78e1c7-fec8″][vc_column_text]If you have given us your consent to use any of your personal information, you can withdraw your consent at any time. To do so, please contact us using this email address Data.Protection@cityhearts.global.[/vc_column_text][/vc_tta_section][vc_tta_section title=”How can you get in touch with us and who is our Data Privacy Manager?” tab_id=”1567093971922-52c20446-daf6″][vc_column_text]We have appointed a Data Privacy Manager to oversee our compliance with data protection law and this privacy notice. Her details are set out below. If you have any questions about this privacy notice, how we handle your personal information or if you wish to make a complaint, please contact our Data Privacy Manager.
You can get in touch with us in the following ways:
Name | Louise Durham |
Email address | Louise.durham@cityhearts.global |
Phone number | +44 (0)114 213 2061 |