Sue Young Cancer Support in Leicestershire
Data Protection, Privacy and Communications Policy
Sue Young Cancer Support in Leicestershire and Rutland (SYCS) is a registered charity in England and Wales and our registration number is 1124057.We are a company limited by guarantee registered in England and Wales under company number 6362972.
Our registered office is at Helen Webb House, 35 Westleigh Road, Leicester LE3 0HH.
SYCS takes the privacy of our staff, service users, volunteers, fundraisers, donors and supporters very seriously. At SYCS, we are strongly committed to protecting your privacy and every reasonable effort is taken to ensure that your information is kept secure and intact. This policy describes how SYCS collects and uses personal information about the people who access our services, assist in the delivery of our services and otherwise generally support our charity, whether this be in person, visiting our social media sites namely the website or Facebook, give us their data over the phone, face-to-face, and in writing. This policy also states how and why we use data, how we store it and how individual personal preferences can be amended.
The terms of this policy may change, so please check it from time to time. This version published on 25th May 2018, supersedes all previous data protection policies.
By accessing our services through any of the means above and signing the Data Protection Notice, which is appended as Appendix 1 to this Policy, you are accepting and consenting to the practices described in this policy.
If you have any queries about this policy please contact:
The Operations Manager Sue Young Cancer Support in Leicestershire and Rutland Helen Webb House 35 Westleigh Road Leicester
SYCS, as the Data Controller, is registered with the Office of the Information Commissioner under the Data Protection Act 1998, registration no. Z616936X.
SYCS’s Privacy Statement
· Your personal information is only used for the purpose for which we collect it.
· Only information that we need is collected. Fundraising communication will be limited to a
maximum of 6 years if we do not hear from you during this time.
· Your personal information is only seen by those who need it to do their jobs.
· We will only disclose data when we have your consent, or where we are obliged to disclose personal data by law, or as expressly permitted under the GDPR (through contract; legal obligation, vital interests; public task; or legitimate interests).
· We will keep your information up to date. Inaccurate or misleading data will be corrected as soon as possible.
· Personal information is retained only for as long as it is required for the purpose collected.
· Your information will be protected from unauthorised or accidental disclosure and processed in an appropriate manner to maintain its integrity and confidentiality.
· We will provide you with a copy of your personal information on request (please see below for information on access rights and requests).
· These principles apply whether we hold your information on paper or in electronic form.
How do we collect information?
If you provide services to SYCS, we will collect information in line with your contract/agreement for services.
We also gather general information about the use of our website, such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in emails.
We obtain personal information from you when you enquire about or access and support our services and activities, whether as a volunteer, donor, service user, fundraiser and any other way in which you may support the activities of SYCS. This includes registering with us, sending or receiving emails to and from us, making a donation to us, fundraising for us, enquiring after our services and activities and/or any other manner in which you may provide us with personal information.
We may also receive information about you from third parties, for example family members, cares, health professionals and other referral agencies.
We will only ever collect the information that we need, including data that will be useful to help improve our services. The information is needed either to fulfil your request or to enable us to provide you with a more personalised service. You do not have to disclose any of this information to browse our sites.
What information do we collect?
The personal information we collect might include name, date of birth, email address, postal address, telephone number, employment and financial details including credit/debit card details. We do not store any sensitive payment card data in our systems.
We may also collect special categories of personal data such as information about your health if this is required for the purpose you have SYCS. We collect special categories of personal data only if we are permitted to do so by data protection law, and we have additional measures in place to protect this data.
Why do we collect this information?
We collect this information for promoting the aims of the Charity, providing the services sought, fulfilling volunteer enquiries and assistance and communicating effectively and appropriately with our staff, service users, volunteers, fundraisers, donors and supporters.
The lawful basis for which we process your information is:
· your consent for the purpose of accessing our services;
· processing is necessary for the performance of a contract/agreement to which you are a party. If you fail to provide this information we may be unable to perform the contract/agreement;
· processing is necessary for compliance with our legal obligations, for example to comply with our obligations as an employer to disclose employee salary details to HMRC;
· processing is necessary to protect your interests or that of another person;
· processing is necessary for the performance of a task carried out in the public interest;
· processing is necessary for the purpose of the legitimate interest pursued by us or a third party, except where your rights as a data subject override our legitimate interest. The legitimate interest we rely upon is subject to an assessment based on the specific context and your personal circumstances.
How do we use this information?
We will use the information you provide (anonymised to protect your data unless you consent to non-anonymity) in the ways set out below:
· promote the aims of SYCS;
· to provide and personalise our services to service users;
· to communicate with our supporters, dealing with your enquiries and requests, recording any contact with you;
· to provide you with information that you have indicated an interest in, for example information about our campaigns, volunteering, fundraising activities and how you can donate to us;
· we may use this information to personalise the way our website is presented when users visit it, to make improvements to our website and to ensure we provide the best service for users;
· to claim Gift Aid on your donations;
· to conduct market research;
· for administrative purposes.
Do we share your information with anybody else?
We may share your personal information with other health professionals. In such cases, information is only shared for referring to other health agencies or other charities that can provide beneficial services on our behalf relating to communications, or agreements between yourself and SYCS.
We also may need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation.
We do not sell personal details to other charities or other third parties.
Our websites may include links to websites run by other organisations. SYCS is not responsible for the privacy practices of these other websites so you should read their privacy policies carefully before sharing any personal or financial data.
Storing and protecting your information
We recognise the concerns that many people have about giving personal information online and generally in writing or through face-to-face communication.
We place great importance on the security of all personally identifiable information associated with our staff, service users, volunteers, fundraisers, donors and supporters.
We have security measures in place to protect against the loss, misuse and alteration or destruction of personal data under our control. We store information on computers at our registered office only. We may also store information on paper files.
All of our online forms are protected by encryption. We also use a secure server when you make a donation or payment via our website.
However, no data transmission over the internet is 100% secure. As a result, whilst we cannot absolutely guarantee that loss, misuse or alteration of data will not occur while it is under our control, we use our best efforts to prevent this and protect your personal information.
We will keep your information only for as long as we need it to provide you with the services or information you have required, to administer your relationship with us, to inform our research or the preferences of our supporters, to comply with the law and tax accounting rules, or to ensure that we do not communicate with people who have asked us not to.
When your information is no longer required, we will always dispose of it securely, in accordance with our Retention of Records Policy
You have a right to object to SYCS processing your personal information (‘right to object’) at any time where we rely on our legitimate interests for doing so. Such a request must be sent to the Data Protection Officer at the above address.
You also have a right to object to our processing your data for the purposes of marketing. SYCS always acts upon your choices around what type of communications you want to receive and how you want to receive them. You have a choice about whether you want to receive information about the Charity’s work and fundraising and trading activities. We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing preference questions; if you do not want to hear from us then that is fine. We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted. You can change your marketing preferences for what you receive from us and how, at any time, by contacting us, at any time.
You have a right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’). There is a specific form to use for this, which is appended as Appendix 2 to this Policy. You can also use this form if you are requesting information on behalf of somebody else. We will ask you for proof of your identity before we can act upon your request. To obtain a copy of the personal information we hold about you, please write to us or submit your form to the Data Protection Officer, at the above address.
You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or complete information which is incomplete (‘right to rectification’). If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so they may update their own records. If your personal details change, please help us to keep your information up to date by notifying us at the address above.
You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You may wish to exercise this right for any reason, for example, where it is no longer necessary for us to continue holding or processing your personal data you may withdraw your consent. You should note that we are entitled to and reserve the right to retain your data for statistical purposes. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.
You have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
· you contest its accuracy and we need to verify whether it is accurate
· the processing is unlawful and you ask us to restrict use of it instead of erasing it
· we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims
· you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests.
· you exercise your right to restrict processing; we would still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons.
If you would like to exercise any of your rights above, please contact the Data Protection Officer at the address above, unless we have provided specific contact details in respect of one of the rights we have set out. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge.
You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113.
If you have any questions about this policy or how we use data please contact the Data Protection Officer at the above address.
Further information and advice about data protection is available from:
The Office of the Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: +44 (0) 01625 545 745 Website: www.ico.org.uk