Home-Start Surrey – Privacy Notice
We occasionally collect different sets of data relating to those within or connected to our charity eg staff, volunteers, supporters and trustees. In addition, some of our staff have access to family data that is collected by our Home Start branches across Surrey although we do not collect or process this data – we merely report on anonymised data to funders or other stakeholders. Different sets of data are used differently. The new General Data Protection Regulation which comes into effect on 25 May requires us to advise people whose data we hold what data we have and what we do with it. We have ensured that those whose data we currently hold or have access to, are aware of how we use this data. We will ensure that when new data is collected in the future, the data owners are also aware of what is held and what is done with it.
What do we do with it?
We hold personal data solely for the purposes of running Home-Start Surrey. We do not sell any personal information to any third party or use it other than for our specified purposes. We do share some information with external service providers to do operational processing – eg our bank has our bank signatory information so that we can approve payments. We are satisfied that our external service providers similarly do not use the data for any purpose beyond that specified.
Protection of Data
All our data is appropriately protected: electronic material is password protected and paper files are kept secure.
Access to Data
Anyone whose data we hold has a right to request a copy of it. If you want to exercise this right, please write to:
Home-Start Surrey, Vernon House,
28 West Street,
Farnham. GU9 7DR
We seek to ensure that our data is kept up to date. Please let us know if any of the details we have on you need to be changed.
Withdrawal of data
Some categories of data we are obliged to maintain (eg details of, staff, volunteers, trustees).
Retention of data
We have a Retention Policy and procedures in place to ensure we do not keep data longer than is necessary.
If you have any queries about this Notice please contact us as set out above or use our contact us page
General Data Protection Policy (GDPR 2018) Home-Start Surrey
|Last updated||30th May 2018|
|Charity||means Home-Start Surrey, a company limited by guarantee and a registered charity (charity no:1154913) whose registered office is at Vernon House, 28 West Street, Farnham, Surrey, GU9 7DR|
|GDPR||means the EU General Data Protection Regulation and the UK’s Data Protection Act 2018.|
|Responsible Person||means Lisa Kent or other person appointed by the Charity who is the person responsible for data protection within the Charity.|
|Scheme/s||means the eight member Home-Start Schemes of the Charity: Home-Start East Surrey, Home-Start Elmbridge, Home-Start Epsom Ewell & Banstead, Home-Start Guildford, Home-Start Runnymede and Woking, Home-Start Spelthorne, Home-Start Surrey Heath and Home-Start Waverley.|
The Charity is committed to protecting the privacy and security of individual personal data in accordance with GDPR. Each Scheme is an operational Home-Start Scheme and also a member of the Charity, working together as a consortium in areas of mutual benefit such as funding. In the course of the Schemes providing support to their beneficiaries and monitoring and evaluating their needs, they collect and hold certain personal data. The Schemes will share data with the Charity (“we/us/our”) for analysis, reporting and development purposes. We will comply fully with the requirements of GDPR and will follow procedures which aim to ensure that all persons who have access to any personal data held by or on our behalf are fully aware of and abide by their duties and responsibilities under the legislation.
Each Scheme is subject to the requirements of the policies on GDPR and Information Governance provided by Home-Start UK which shall for the avoidance of doubt take precedence in matters where this policy might otherwise contradict.
All the Charity’s trustees, staff and volunteers who have access to personal information, will be expected to read and comply with this policy.
The Charity holds 2 types of personal data:
The Charity manages the operation of the external database platform, CharityLog, which has personal details of all the families supported by the Schemes in the Charity consortium. Each Scheme is a separate legal entity and collects data on its own families and has access only to that data. The Schemes are individually responsible for GDPR compliance in terms of lawfulness of data collection, security (other than on the CharityLog database), accuracy, retention periods, access requests for personal data.
Managing the database requires that the Charity’s nominated administrator and his assistant have access to details of all Schemes’ families. They are the only people who can access all this data. The Charity uses the data on CharityLog on an aggregated basis for reporting to funders and for operational monitoring or, anonymised, for use in case studies. Individuals cannot be identified in any processing done by the Charity. The Charity does not itself share or pass on personal data to any third parties. Any of the Charity’s volunteers or employees who have access to the Schemes data understand that all data is confidential and is never shared with other Schemes or funders apart from in an anonymised basis.
This data is collected for the legitimate interest of each Scheme in managing its data on families and the legitimate interest of the Charity in production of overview statistics on all Schemes.
The Charity is satisfied that CharityLog provides a secure database and does not use our data for any purpose. The Charity will be vigilant in ensuring that Charity Log maintains its compliance with GDPR requirements.
Director and Scheme Contacts
The Charity has personal data on Directors of the Charity (legal requirement) and on Managers of the Schemes (legitimate interest for operational purposes). This is largely in the public domain and not sensitive.
Review and accountability
The Charity is committed to understanding the requirements of GDPR and ensuring we are compliant. We, under the direction of the Responsible Person, will review our data protection obligations, including doing a data audit and reviewing this policy annually.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
END OF POLICY