At Redcar & Cleveland Mind we want everyone who supports us, provides a service to us or who receives a service from us, to feel confident about how we use and protect any personal information that you share with us. Any personal data provided by you to Redcar & Cleveland Mind through any means (verbal, written, in electronic form, or by your use of our website) will be held and processed in accordance with the data protection principles set out in the Data Protection Act 1998 and the General Data Protection Regulation for the purposes for which you have given consent, to provide the services you have requested from us, and to meet the legitimate interests of the charity.
This policy only applies to data collected by Redcar & Cleveland Mind staff and volunteers, and via our own forms and website. Third party agents, and websites which are linked to ours, are not covered by this policy. If you have any queries concerning your personal information or any questions on our use of the information, please contact Redcar & Cleveland Mind’s Data Protection Officer (details on page 4).
When you make a request to use our client services, become an employee or volunteer with us, make a donation to us, apply to attend training or an event hosted by us, or otherwise provide your personal details to us, you will be asked to consent to our processing of your data under the terms of this policy. We are committed to protecting your personal data and making sure that we collect only the data that we need, that it is processed in a fair, transparent and lawful manner, that it is kept no longer than necessary and that it is thereafter securely destroyed.
What information do we collect?
- Access to Services Requests: Registering with us to request access to our client services can be done online, in writing, on the telephone or in person. Our request process involves providing us with your name, address, telephone numbers and email. We may also request information on your availability, reasons for contacting us, and other details which we deem relevant to processing your request.
- Initial Assessment Appointments: At an initial appointment we ask about your current personal, social, medical and financial circumstances. We may also ask about your background and family history, health issues as well as the issues which are affecting you now. We require this information so that we can decide about our services offer to you, to assign you to a worker, and to manage the service we provide to you.
- Volunteer Placements: All volunteers may apply for placements by form, letter, or email. They may also be interviewed. We may ask about your background, qualifications, experience, and professional memberships. We also ask for your name, address, telephone numbers, email address, and address and telephone details for referees and people we may need to contact for you in emergencies.
- Employment: In order to apply for job opportunities advertised on our website and elsewhere, and to become an employee of the charity, you will be required to provide your contact details and other personal information on an application form (such as employment history, qualifications), as well as contact details of referees. This information is only processed for the purpose of considering your application, making an offer of employment, and administering your contract of employment.
- Training/Events: The information you give us when completing an application to attend training or events may include your name, postal address, email address, phone number.
- Donors/Fundraisers: The information you give us when making a donation may include your name, postal address, email address, phone number, amount donated, Gift Aid status, and messages.
- Website: We use Google Analytics to collect anonymous data relating to user behaviour and ‘web traffic’ statistics. The collection and use of this data by Google Inc. is subject to their own Privacy Policies.
- Other Forms: The information you give us on our forms (including all enquiry and application forms) may include your name, postal address, email address, phone number and other messages to us.
What do we use your information for?
We use information held about you in the following ways:
- To provide you with information that you have specifically requested or that we have asked if you would like to receive
- To provide clients with the professional mental health service requested from us
- To offer suitable appointments, and to allocate clients to the appropriate services
- To notify you about changes to your appointments and changes to our services
- For monitoring and evaluation of our service and reporting to funders
- To seek feedback from you on your experience with us
- To improve our service to ensure that it is provided in the most effective manner for you and for us
- To enable us to offer suitable opportunities and support to our staff and volunteers
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions
- To administer our service, including for financial control, data analysis, research, anonymous statistical and survey purposes
- To keep in touch with those who consent to this, for the purposes of organisational, service and professional development
- To fulfil our administrative, legal and contractual obligations as an employer
We may also collect and use information about your mental health in order to provide you with the service. This is ‘special category’ data, and we will treat it with extra care and confidentiality. The lawful basis under which we process special category data is that we are providing health and/or social care services, and we process this data only so far as is necessary for the provision of these services.
If we have an agreement or contract with you to provide a specific service, for example a training programme, the lawful basis on which we collect and process data is ‘contract’. This means that we are processing data in order to fulfil – or determine if we are able to fulfil – our obligations to you under the agreement.
We will only use personal and special category data to provide and evaluate the services we provide. We will not pass on the data we have about you to anyone else without your express permission except in exceptional circumstances, the lawful basis of which is ‘vital interests’. Examples of these circumstances might include information that suggests you might be a danger to yourself or someone else, or information about a child at risk of harm or neglect (see below ‘what information do we share’).
In addition we may use your information to inform you from time to time of other products and/or services we offer which we consider may be of interest to you. You may email us at any time at email@example.com to indicate that you do not want to receive information in this way from us.
What information do we share?
We will not share any information about you with other organisations or people, except in the following situations:
- Consent: We may share your information with other professional and statutory services or others whom you have requested or agreed we should contact.
- Serious harm: We may share your information with the relevant authorities if we have reason to believe that this may prevent serious harm being caused to you or another person.
- Compliance with law: We may share your information where we are required to by law or by the regulations and other rules to which we are subject.
And as part of the backups of encrypted data processed and held by professional IT security companies.
Sensitive Personal Information
A special note about the Sensitive Personal Information we hold
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
We will only use this information for the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide.
We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
How do we keep your information safe?
All information you provide to us is stored as securely as possible. All paper forms and correspondence are kept in locked filing cabinets on our premises. All electronic records are stored on our own on-site computer server, all access to which requires password-protected authentication, or by reputable service providers using secure internet ‘cloud’ technology.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your information using industry-standard protocols and encryption, we cannot guarantee the security of your data transmitted to us via email, including forms completed on our website which are transmitted by email; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Deleting Records/Personal Information
Client records and other related documentation are destroyed after 5 years.
Personnel records are destroyed after 5 years.
HMRC Payroll records are destroyed/deleted after 3 years.
HMRC Gift Aid declarations are destroyed/deleted after 6 years.
Company Accounts are destroyed/deleted after 7 years.
Other personal contact details are destroyed/deleted after 2 years of no contact or updates.
You have the right to ask us to provide a copy of the information held by us in our records and you also have the right to require us to correct any inaccuracies in your information. You may withdraw your consent for us to hold and process your data at any time. However, if you do this while actively receiving any of our client services, these services would have to end. You also have the right for your information to be erased where it is no longer necessary for us to use it or where we have no lawful basis for keeping it.
If you would like a copy of your information, require us to correct any inaccuracies, or to withdraw your consent or request that your information is erased; please contact Redcar & Cleveland Mind’s Data Protection Officer by:
- Writing to Redcar & Cleveland Mind, 6-8 West Dyke Road, Redcar, TS10 1DZ
- Calling us on 01642 296052
- Emailing to firstname.lastname@example.org
Your communications with our teams (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
Changes to this policy
We may edit this policy from time to time. If we make any substantial changes we will notify you by posting a prominent announcement on our website.