1 Policy Statement

1.1 This policy is intended to inform you how and whyFriends of In Touch uses personal informationfrom clients and other members of the public. When we refer to ‘we’ or ‘us’ in this policy we arereferring toFriends of In Touch.

1.2 We will abide by the General Data Protection Regulations (GDPR) dated May 2018.

2 Information we collect and hold about you

2.1 Clients

2.1.1 We will collect personal information about you when you contact us about providing any of ourservices to you (for example, your name, address, email contact details, telephone number). Wemay require further information before weprovide advice to you in order to comply with ourrequirements.

2.1.2 During the course of providing services to you, wemay collect information about you and/or anyother individuals you tell us about. Depending on the nature of the work we carry out for you, wemay collect and use special categories of personal data about you or a third party you tell usabout (for example, information about health, ethnic origin, religious or philosophical beliefs).

2.1.3 When you become a client ofFriends of In Touch, or when you enter into discussions to becomea client, we may add your personal data to our marketing database in order to send youinformation about our activities. We will always give you the opportunity to opt-out of thismarketing.

2.2 Marketing

2.2.1 If you are not a member ofFriends of In Touch, we will only send information about our servicesby email or other electronic means with your consent. If you consent to receive email marketingfrom us, we will add your personal information (your name and email contact details) to ourmarketing database.

2.2.2 You can contact us at any time at [email protected] to opt out, change your contactdetails or to update your communication preferences.

2.2.3 We may also send information by post if we are satisfied that we have a legitimate reason to doso, for example, a survey for members to help improve our services.

2.3 Visitors to our website

2.3.1 We will collect personal information that you voluntarily provide to us if you fill in a form on ourwebsite or apply for a vacancy through the website. This information may include your contactdetails including name, address, email, telephone number and, where you provide it, somecategories of personal data, for example, ethnic origin and religious beliefs.

2.3.2 We may also collect information about how you use our website and our web provider’s CookiesPolicy has information about how they use cookies on our website.

2.4 People who contact us via social media

2.4.1 If you send us a private or direct message via social media, we aim to deal with your enquiry in-house. We will not share messages with any other organisations without your prior consent.

2.5 Queries and complaints

2.5.1 If you send a query or complaint to us, we will use the personal information you provide to us (forexample, your name and the name[s] of any other individuals involved, plus your contact details)in order to process your query or complaint and respond to you.

3 How we use your information

3.1 We only ever uses your personal data if we are satisfied that it is lawful and fair to do so:

• because you have given your consent to us using your information for the specific purposesdescribed in this privacy notice.
• because it is necessary to enter into, or perform, a service with you.
• in order to comply with a legal obligation.
• for our own (or a third party’s) legitimate interests provided your rights don’t override theseinterests. We may use your anonymised data to identify usage trends and for data analyticsas this information will help us review and improve our services and under reasonableexpectation to provide you with information you would expect to receive or that would benefitand enhance our relationship.

 

3.2 We will only use special categories of personal data relating to you or to third parties you tell usabout when we have your explicit consent and/or where it is necessary to use the information forthe establishment, exercise or defence of legal claims.

3.3 We will never sell your personal data or share it with third parties who might use it for their ownpurposes apart from the exceptions in 4.1.

4 Sharing your information

4.1 We will not disclose any information you provide to any third parties other than:

• where you have given us consent to share the information.
• where we instruct professional advisors on your behalf e.g. Children’s Services.
• to other third parties where necessary to carry out your written instructions, where informationsuch as an email address is passed to our third party service providers, who provideoperational and technical support in order to make the delivery of our services more efficient.A list of our third-party service providers can be provided to you upon request. Operationaland technical support is provided through information and technology systems such as emailsystems and the monitoring of our website and other technical systems.
• in order to enforce any terms and conditions or agreements between us.
• to protect our rights, property and safety, or the rights, property and safety of others, e.g.Safeguarding concerns. For example:
  – Where a child or adult is felt to be at risk or harm either inside or outside of Friends of In Touch. Staff and volunteers will follow our Safeguarding policy (Ref: FOIT 01).
  – Where anyone usingFriends of In Touch or a volunteer is at risk of physical violenceand/or abuse. An incident report will be completed and sent to the referrer (Ref: F002)

 

4.2 We may share results of research that we carry out into the use of our services with third partiesbut this information will always be anonymised and will not contain your personal information.

5 Data security

5.1 We have appropriate security measures in place to prevent your personal information from beingaccidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

5.2 We hold data electronically in our secure laptops and on a securedDropbox file server. Ourlaptops are protected using firewalls and anti-virus/malware software.

5.3 Our Dropbox file can only be assessed by current trustees, Project Coordinator and Administrator. Access is controlled by the Chair of trustees.

5.4 We store personal data and other archived papers in lockable filing cabinets at Y-Zone YouthCentre. Only approved personnel holding appropriate keys can access those filing cabinets.

5.5 When necessary, we dispose of or delete your data securely.

5.6 We ensure that our contracted employees and volunteers are aware of their privacy and datasecurity obligations and we take reasonable steps to ensure that employees of third partiesworking on our behalf are aware of their privacy and data security obligations.

5.7 We limit access to your personal information to trustees and those contracted employees and volunteers who have a need to know.

5.8 The transmission of information via the internet is never completely secure. Although we will doour best to protect your personal data, we cannot guarantee the security of your electronicinformation transmitted to us and any transmission is at your own risk.

5.9 We will notify you and any applicable regulator of any suspected data security breach where weare legally required to do so.

6 Transferring your information overseas

7 Data retention

7.1 We will hold the information for as long as required by law or our regulatory obligations. Allinformation relating to families and volunteers, which has not been used for three years, will betreated as confidential waste and disposed of as such, unless a related incident has beenrecorded, in which case it will be kept until the individual is 21 or until they have leftFriends of InTouch (whichever is later). The disposal of any confidential waste will be undertaken by theProject Administrator with the prior approval of the Chair ofFriends of In Touch.

7.2 Please note that personal data held on our client files may be retained for longer periods as itmay be necessary to retain this data in order to allow our clients or third parties to protect theirlegal rights. See our Safeguarding policy, Appendix 3, section 7.

7.3 These retention periods may be extended or reduced if we deem it necessary.

7.4 We review the personal data (and the categories of personal data) we are holding on a regularbasis to ensure the data we are holding is still relevant to our business and is accurate. If wediscover that certain data we are holding is no longer necessary or accurate, we will takereasonable steps to correct or delete this data as may be required. The Project Coordinator isresponsible for these reviews.

8 Your rights

8.1 Under certain circumstances, you have the right to:

• request access to your personal information (commonly known as a ‘data subject accessrequest’). This enables you to receive a copy of the personal information we hold about youand to check that we are lawfully processing it.
• ask us to correct any information that we hold about you which is incorrect, incomplete, orinaccurate.
• ask us to erase your personal information from our files and systems where, in the opinions ofthe trustees, there is no good reason for us continuing to hold it.
• object to us using your personal information to further our legitimate interests (or those of athird party) or where we are using your personal information for direct marketing purposes.
• ask us to restrict or suspend the use of your personal information, for example, if you want usto establish its accuracy or our reasons for using it.
• ask us to transfer your personal information to another person or organisation.

 

8.2 If you have given your consent to us processing your personal information (for example, consentto receive information about our events), you have the right to withdraw your consent at any time.To withdraw your consent, please contact [email protected]. Once we have receivednotification that you have withdrawn your consent, we will, as soon as possible, no longerprocess your personal information and, subject to our retention policy, we will dispose of yourdata securely.

9 Queries and complaints

9.1 Our Project Coordinator oversees compliance with this privacy policy. If you have any questionsabout this privacy policy or how we handle your personal information, please contact[email protected].

10 Review of this policy

10.1 This will take place every 2 years. Additional changes are to take account of new legislation andpractice guidance.