Introduction
On 25 May 2018, the General Data Protection Regulation (“GDPR”) came into force and any organisation that works with EU residents’ personal data is obliged to comply with its provisions.
North Tyneside Carers’ Centre (“we”) are committed to treating individuals’ personal data in an appropriate and lawful manner, in accordance with the GDPR.
Everyone has rights with regard to the way in which their personal data is handled and we recognise that the correct and lawful treatment of this data will maintain confidence in our organisation.
We are the ‘controllers’ of the information which we collect about you. Being controllers of your personal data, we are responsible for how your data is processed. The word ‘process’ covers most things that can be done with personal data, including collection, storage, use and destruction of that data.
This notice explains why and how we process your data, and explains the rights you have around your data, including the right to access it and to object to the way it is processed.
North Tyneside Carers’ Centre is a registered charity and our contact details are:
Floor 2, Wallsend Customer First Centre, 16 The Forum, Wallsend, NE28 8JR
enquiries@ntcarers.co.uk
0191 2496480
Our Data Protection Lead is Claire Easton, the Chief Executive, who you can contacted at the above address.
Changes
We may change this Privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website and/or by contacting you directly.
What information we collect
Personal information is any information that can be used to identify you. This data can include your name, date of birth, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. We will only collect sensitive information where there is a clear need to do so e.g. to ascertain what additional support you may require where your caring role is having a significant impact on your health. Before collecting sensitive personal information about you we will make it clear to you what information we are collecting and the purpose.
How we collect your personal information
We collect your personal data mostly through our contact with you, and the data is usually provided by you when you: enquire about our services; register as a carer with North Tyneside Carers’ Centre; tell us about your caring role, access services and attend events; donate or fundraise on our behalf or other things that we do in the course of our work. In some instances we may receive data about you from other people/organisations e.g. when they refer you to us for support.
How we use your information
Any information we collect about you will be stored securely and treated in accordance with the GDPR.
We will use the information that you give to us:
- To send you information that you have asked for
- To understand your situation so we can offer you individually tailored support to meet your needs
- To contact you about support services which may help you in your caring role, and inform you about events, fundraising, campaigning and our other work.
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Administer your donation or support your fundraising, including processing gift aid
Our lawful basis for processing carers’ information and sending you the information you have asked for is with your consent. You may withdraw this at any time by contacting us.
Who we will share your information with
We will not pass your personal details to other people or organisations without first obtaining your consent. However, where there appears to be a clear need to safeguard your welfare and/or your family it may be necessary to contact relevant authorities to address this. Where appropriate, we will inform you before we do so.
If you are 16 or under
We will seek permission/consent to store personal information on anyone aged under 16 from their parent / guardian.
How we keep your data safe and who has access
Your personal data is held in electronic formats. Electronic data, including emails, is stored on our software suppliers’ servers which are located in the UK/European Union.
We ensure that there are appropriate technical controls in place to protect your personal details. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and volunteers. However, the transmission of information via the internet is not completely secure. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only ever share your data if we have your explicit and informed consent.
Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to meet the needs of carers. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data Retention
We do not keep your personal data for longer than necessary, or for any other purpose than the reason we collected it in the first place. We will keep your information for three years after your last contact with us before it is deleted.
In some circumstances you can ask us to delete your data: see Right to be forgotten below for further information.
Your rights
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Queries and complaints
For any queries you may have, or for if you wish to make a complaint, please contact our Data Protection Lead, Claire Easton (Chief Executive) at North Tyneside Carers’ Centre.
Complaints to the Information Commissioner
You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.