We take your privacy and the security of your information very seriously. This policy sets out our approach to safeguarding the privacy of the personal information we hold.
Ashford Volunteer Centre (AVC) is responsible for collecting, processing, storing and safe-keeping personal and other information as part of our business activities. We manage personal information in accordance with the Data Protection Act 1998 and General Data Protection Regulation (May 2018), and are registered (registration number: Z7305419) as Data Controllers with the Information Commissioner’s office (https://ico.org.uk/).
We take your privacy and the security of your information very seriously. This privacy statement sets out our approach to safeguarding the privacy of any personal information we hold.
This privacy statement applies to all personal information collected by AVC, our subsidiaries and partners, and contractors acting on our behalf.
Our approach to collecting, storing and using personal information
We collect data under the lawful basis of “Legitimate Interest” (ICO Guidance) to ensure adherence to the General Data Protection regulation (25 May 2018). Your data is stored securely with access restricted and security principles applied through encryption and access control. Your personal information will not be shared with 3rd parties unless agreed with separately with you. All personal data is kept for 6 months, but may vary depending from project to project. You will be informed of any changes in this at the time you hand over your personal data.
About the personal information we collect
The information we may collect about you could include, but is not limited to:
Date of birth
Contact details (phone/mobile/email)
Racial or ethnic origin
Religious or other similar beliefs
Physical or mental health condition
Convictions, proceedings and criminal acts
Photographs and CCTV images
We will not collect information about you that we do not need and we will ensure that the personal information we collect is updated to our systems in a timely and accurate manner.
We may apply markers to your information (for example, in relation to your vulnerability or health status) to enable us to tailor and deliver services to you.
How we use your personal information
We use your information to respond to your enquiries, provide you with services and manage your relationship with us. We may also use your personal information for technical administration, research and development, customer administration, marketing and to identify areas where we can improve the services we provide. We only collect or use personal information for those purposes indicated in our notification with the Information Commissioner’s Office (https://ico.org.uk/).
We will regularly review the personal information we hold about you and make changes to any service or information-handling processes when the law or the Information Commissioner request such changes.
Visiting our website
When you visit our website we collect standard internet log information for statistical purposes.
When we collect personal information, for example via an online form, we will explain what we intend to do with it.
Our website contains links to various third party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.
Applying to work at Ashford Volunteer Centre
If you submit an application to work for AVC we will use your personal information to process your application and to produce and monitor recruitment statistics. We will not take up references without your prior permission. We will not share or disclose your information unless you have given us your consent or we are required to by law. Where we are required to carry out a Disclosure and Barring Service check we will comply with the law and your rights when carrying out these checks.
We retain personal information relating to unsuccessful applicants for no longer than 6 months, for use in the event of an appeal. We produce statistical information to assist with recruitment analysis.
How we share your personal information
We will not normally share your information without your consent unless we are required to by law. We may seek your consent directly, or may obtain it by telling you about how your information may be used at the time you provide information or enter into a contract with us.
Our legal obligations
We will share specific and relevant information with law enforcement and government agencies or public bodies where we are legally required to do so. Examples may include:
The prevention or detection of crime and fraud
The apprehension or prosecution of offenders
The assessment or collection of tax or duty owed to customs and excise
Sharing in connection with legal proceedings
Sharing in relation to the physical or mental health of an individual, where disclosure is required to protect them or others from serious harm
Research and statistical purposes
We may also share your information with emergency services and local authorities, where this is necessary to help them respond to an emergency situation that affects you.
Sharing information with our partners
In some areas we may enter into partnerships with other organisations such as local authorities and the police. For example, we may join a partnership to help prevent and control anti-social behaviour. We will enter into a data sharing agreement before any sharing takes place with a partner organisation.
Sharing information with our contractors and suppliers
There are some cases when we will share your information to support legitimate business purposes. We do this to ensure that we can meet your needs, and also to meet our health and safety obligations towards those delivering services on our behalf. This may include sharing information with our contractors and suppliers to enable them to carry out duties on our behalf or to meet contractual obligations we may have.
Keeping your information secure
We store personal information both electronically and in paper form.
We implement security policies, processes and technical security solutions to protect the personal information we hold from:
Improper use or disclosure
Unlawful destruction or accidental loss
When you contact us, we may ask you to provide us with some information so that we can confirm your identity. If other people (e.g. family members, support workers, solicitors) act on your behalf we will take steps to ensure that you have agreed for them to do so. This may include asking them to provide us with supporting information to indicate your consent. We do this to protect you and to make sure that other people cannot find things out about you that they are not entitled to know.
Employees and third parties who have access to, or are associated with the processing of, your personal information are obliged to make reasonable efforts to safeguard it.
How we use your telephone number
Contact via telephone provide a direct way to contact and share information with you about the services we can deliver to you.
We may use your telephone number that you have provided us to keep in contact with you by text. When we send SMS/text messages there may be someone in your household who may read the message before you are able to. You may like to inform the people who live with you that you may receive text messages from time to time.
Operational SMS/text messaging and calls
If you supply us with your telephone contact details, we may use them to call or send you operational text messages.
Examples of operational text messages include:
Sending a reminder about an appointment
Asking you to contact a named person
You cannot opt-out of the use of your telephone numbers for operational purposes.
Sharing your telephone number with third parties
We may pass your telephone number to third parties so that we can meet our contractual obligations with you. We may also share your telephone numbers if we are required to by law, in doing so we will comply with the Data Protection Act 1998.
We may supply the details to our approved marketing or third party contractors who are delivering or performing services on our behalf, and these companies must not use your information for any other purpose. We never share or sell your telephone numbers with telesales/marketing companies.
Contacting us about your personal information
We will be as open as possible with you about the personal information we hold about you, and if something is wrong we want to work with you to put it right.
Telling us about changes to your personal information
You have the right to have inaccurate/outdated information amended, deleted or destroyed. If any of your circumstances change please tell our customer service team.
Finding out about the personal information we hold about you
You can ask us whether we are keeping personal information about you by writing to our Data Lead who currently has responsibility for Data Protection and GDPR at: - Ashford Volunteer Centre, Berwick House, 8 Elwick Road, Ashford TN23 1PF
The Data Protection Act 1998 and GDPR (May 2018) gives you a number of rights in relation to your personal information. You can find out about your rights, and get further guidance, on the ICO website.
Requesting a copy of your personal information
As part of our service to you, we are happy to provide you with copies of specific document upon request on an informal basis. If you want to make a larger or more comprehensive request, you can do this formally by making a ‘subject access request’.
If you make a subject access request we will provide you with a readable copy of the personal information we hold about you. To make a subject access request you must:
Make your request in writing
Provide proof of your identity
Please send your requests to Ashford Volunteer Centre, Berwick House, 8 Elwick Road, Ashford TN23 1PF or contact the Data Lead at this link.
Questions and complaints
If you have a concern about any personal information we may hold about you, or how we use it.
We’ll do our best to help.
If, after contacting us, you are still not satisfied you can complain to the Information Commissioner. You can also apply to the Court for compensation for distress and/or damages due to non-compliance of the Data Protection Act and GDPR.
Keeping this policy updated