Privacy Statement
What information do we collect and how do we use it?
What information do we collect and how do we use it?
We may obtain personal information from you and use it as follows:
Information requests
We use contact information from web forms, emails, mail and telephone to send you information or materials that you have requested or to provide you a service. Your contact information is also used to contact you when necessary, for example, to fulfil a query or to provide a service.
Orders/Event Bookings and donations
Any orders/event bookings and donations you make will require personal and financial information. We will collect your contact information (such as contact details) and financial information (such as account numbers).
Contact information and financial information from the order, donation forms or enquiries are used to fulfil orders or provide services. Your contact information is also used to get in touch with you when necessary, for example to be able to fulfil an order. Financial information that is collected is held securely and deleted on an ongoing basis.
We may sometimes contact you with offers from companies that benefit Sight Concern and may be of interest to you.We will not sell or exchange your details with other organisations other than where we have a duty to share your information with third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings.
Newsletters and Information Updates
Individuals have access to various newsletters and information updates from Sight Concern and can choose which communications they wish to receive. We will ask individuals to confirm that they wish to be opted into our newsletter communications. If you no longer wish to receive these communications, your information will be removed from our database.
Applying for a job or volunteering position
We will collect data about you, both personal data (such as your name and contact details) and also sensitive personal data (such as information in your CV). The personal data and sensitive personal data will be stored, processed, used and disclosed by us in the following ways:
- To facilitate the recruitment process
- To enable you to apply online for jobs
- To answer your questions and enquiries
- To third parties where we have retained them to provide services that we, you or our client have requested including references, qualifications and criminal reference checking services
- To use your information on an anonymised basis to monitor compliance with our equal opportunities policy
Using our services
We will collect data about you, both personal data (such as your name and contact details), sensitive personal data (such as information about your mobility requirements and health) and information about the support that we provide. The data will be stored, processed and used in the following ways to provide and administer our services;
- To answer your questions and enquiries
- To make sure the staff supporting you have accurate, up to date information to help them decide the best possible support for you
- To make sure that your concerns can be properly investigated if you have a complaint;
- To monitoring the quality of services provided
- To monitor our outputs and outcomes
- To use your information on an anonymised basis to monitor compliance with our equal opportunities policy
We also may need to share your personal information with a 3rd Party involved in the delivery of any support services to you. In some circumstances we may seek to use your information in case studies This will be discussed with you prior to doing so, so as to meet our commitments to delivering on your Right to be Informed.
Lawful Basis for Processing Your Information
Our lawful basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it.We will collect personal information from you only (i) where we have your consent to do so, (ii) where we need the personal information to perform a contract with you (iii) where the processing is in our legitimate interests and not overridden by your rights, or (iv) where we have a legal obligation to do so.
If you have opted in to receiving any Newsletter or Information Updates, we will use your data to provide these communications based on your opt-in consent. You can withdraw consent at any point.If you have provided a service to us, we will use your data as necessary to fulfil our contractual obligations, including to be able to process your request for payment and ensure timely payment.
In order to provide services to individuals we will use your data as necessary to fulfil our contractual obligations, including to deliver personalised support by email, phone and in person. We may collate personal information for example recording support provided, under our legitimate interests, enabling us to provide an effective and continuous service to you, improve our services in future and monitor our impact.
If you have used our services, we may still keep your personal information for up to three years after you have left under our legitimate interests. We wish to provide a quality experience which includes consideration of the services that we have provided to people. We always weigh the consideration of our legitimate interests against your privacy rights to ensure your rights are not overridden. If you wish to exercise your Right to Erasure (Right to Be Forgotten) we may discuss with you pseudonymising your records as an alternative to deletion/anonymisation
Your consent
By providing us with your personal data, including sensitive personal data such as on your health, you consent to the collection and use of this information in accordance with the purposes described above and this privacy statement, and you agree to allow us to share your details with other organisations that may fulfil your order or query on our behalf, or to provide you with additional support services in the administration of a support plan or action plan that we have agreed with you but are not able to deliver.
Sharing your information without your consent
We will normally inform you and ensure you are happy for your information to be shared, but there are times when we may need to share your information without your consent. we may have to share your data without consent could include where we are legally required to do so, or the law allows us to do so in order to protect you or other people. Such situations include:
- Where there is a risk of harm or abuse to you or other people;
- Where a serious crime is being investigated or where it could be prevented
Data Retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable contract, legal, tax or accounting requirements).When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.
Information Security
We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data. Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your Rights
Under the General Data Protection Regulation, you have the following data protection rights:
- Right to be informed. We will strive to be transparent in how we collect and use personal data. This Privacy Notice sets out how we do that and is publicly available. We are happy to receive questions or comments about any information contained in this Notice.
- Right of access. If we store your personal data, you have the right to make a subject access request. We are required by law to make this information available to you within a month, unless the request is complex or there are numerous requests. This information will be supplied to you electronically in a format that is accessible to you. This will be free of charge.
- Right to rectification. If you become aware that we hold incorrect or incomplete information about you, you can contact us to provide us with the correct information. We have a duty to keep up to date information.
- Right to erasure (otherwise known as the ‘right to be forgotten’). If you withdraw your consent and it is our only legal basis for keeping your information, your personal information will be deleted upon your request.
If we no longer have a legitimate interest for keeping your data or the reason for keeping the information at the time you provided it is no longer applicable, we will delete your information upon request.There may however be situations where it is not possible, for example where we are required to by law. In these cases, we will explain to you why it is not possible to fulfil your request completely, however we will work with you to minimise any processing of that data.
Right to restrict processing. At this request, we will continue to store your data but will restrict any further processing. Decisions to restrict will be based on assessing whether legitimate grounds override individual rights or not.
Right to data portability. This is not applicable to us as we would not currently move your data to another organisations IT platform.
Right to object. You have the right to object to any direct marketing. Some of our direct marketing is done through our email briefings which we seek your consent for. If you withdraw consent, we will cease this marketing immediately. You also have the right to object to processing based on legitimate interests or the performance of a task in the public interest, exercise of official authority, or for purposes of scientific/historical research and statistics. At this point we will consider the weight of the legitimate need to process data again the individual’s privacy rights.
Rights regarding automated decision making and profiling. This is not applicable as we do not currently automate decision making nor carry out any profiling.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office Helpline on 0303 123 1113 or via the website at https://ico.org.uk/concerns/
What if I do not agree with this privacy policy?
If you do not agree to our processing of your data in the manner outlined in the policy, please do not submit any personal data to us.
Contacting Sight Concern
You can check the information that we hold about you by e-mailing us at info@sightconcern.co.uk
Further information and accessing your records
If you would like to know more about how we use your information you can:
- Speak to the person in charge of your support;
- Speak to the Chief Executive Officer who is our nominated Data Controller.
If you wish to see or have a copy of your records, contact the Chief Executive Officer /Data Controller as follows:
Jenny Gage, Chief Executive Officer, Sight Concern, The Bradbury Centre, 2 Sansome Walk, Worcester WR1 1LH. Tel: 01905 723245 Email: info@sightconcern.co.uk
The data controller must respond to these requests within 1 month.
Where a request for copy of personal data is made electronically, we are able to supply the data in a commonly used electronic format if requested, or unless otherwise requested.
In accordance with the GDPR there is no charge for supply of copies of records, although in certain circumstances you may be charged a reasonable administration fee, for example if you require several copies of the records.
You should be aware that in exceptional circumstances some information may be withheld to protect you from undue harm, or where a third party is involved.Changes to this privacy policy
If this privacy policy changes in any way, we will put an updated version on our website. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances.
Implementation, Monitoring and Review of this Policy
The Chief Executive Officer has overall responsibility for implementing and monitoring this policy, which will be reviewed on a regular basis following its implementation and additionally whenever there are relevant changes in legislation or to our working practices.