All data subjects (a living individual) whose personal data is collected, in line with the requirements of the General Data Protection Regulation (GDPR) 2018.
2.1 The Person responsible for data (Project Manager) is responsible for ensuring that this notice is made available to data subjects prior to Survivors in Transition processing their personal data.
2.2 All Employees and volunteers of Survivors in Transition who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention. All data subjects are required to review this privacy notice and agreeing to the lawful reasons for processing.
2.3 Data subjects reserve the right to object to processing at any time.
- PRIVACY NOTICE
Who are we?
Survivors in Transition (SIT) is a charity for men and women (eighteen+) who have experienced any form of sexual abuse in their childhood.
We support men and women who have experienced sexual abuse in childhood, through a range of trauma informed, psycho-educational activities including one to one and group therapy, counselling, advocacy, research and training to become empowered and improve self esteem and resilience.
Thousands of people have benefitted from the SIT services since our inception – and our targeted, individually centred provision operates within 4 key strategic areas:
- Services & Support (Direct therapeutic work (includes 1:1 trauma focused therapy and counselling, targeted group work, outreach, welfare visits & calls, phone and online support, Indirect therapeutic support (peer support, workshops, themed group sessions)
- Influence (campaigning, public and professional awareness, feeding into key local, regional and national strategy and decision making)
- Research & Education (annual research projects, conferences and workshops and training for professionals and psycho-education for survivors and their families)
- Developing & Strengthening the Charity (Continually reviewing our strategies, using the most efficient systems and investing in robust governance)
Our Ipswich town centre base is open 5 days per week; most of our one to one and group sessions take place from here where demand is highest but we do work in other parts of the county on a demand based system. We are also able to work with individuals online and over the phone.
SIT is committed to the responsible handling and protection of personal information.
Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
We collect, use, disclose, transfer, and store personal information when needed to provide our services effectively and for our operational and business purposes as described in this Privacy Notice. We want to be clear about our privacy practices so that you can make informed choices about the use of your information.
HOW WE USE YOUR INFORMATION
This privacy notice tells you how we, SIT, will collect and use your personal information to enable us to provide our services.
Why does Survivors in Transition need to collect and store personal information?
SIT processes (collect, store and use) personal information for the following purposes:
• Participant information for booking and running programmes, one to one therapy and support services
• Employee and volunteer management
We are committed to ensuring that the information we collect and use is appropriate for these purposes and does not constitute an invasion of your privacy.
SPECIAL CATEGORY INFORMATION
Occasionally we process what may be considered special category information (sensitive personal information).
Sensitive personal information is a subset of personal information and is generally defined as any information related to racial/ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, other medical information including biometric and genetic data, or sexual life preferences.
We will only process this information if it is necessary to support you whilst you are a SIT service user or employee. If we wish to pass your sensitive personal information onto a third party we will only do so once we have obtained your written consent unless we are legally required to do otherwise.
We must have a valid lawful basis in order to process your personal information. This ensures that the processing is necessary and applies to one of the purposes listed above.
The following information explains what personal information we process and the lawful basis for processing against each purpose.
- Provision of Support, Therapy and Group activities
Lawful basis – Contract
When you come into contact with Survivors in Transition we will ask you to provide personal information that is necessary to manage and support (sustain) the services that we provide. When you contact us, we will update and add notes to our computer systems and files. Access to your personal information will be limited to members of SIT requiring information to carry out our business. We may pass your personal information on to third-party service providers contracted to SIT, or to whom SIT is contracted to. Any third parties that we may share your information with are obliged to keep your details securely, and to use them only to fulfil the services they provide on our behalf.
Personal details including:
Full name, DOB, gender, age, health-related issues, disabilities and vulnerabilities, communication needs, next of kin, correspondence address, , , diversity information including: nationality, gender, sexual orientation, first language, ethnic origin and religion.
- Communication with SIT including:
– Processing of internal and external mail (external via third party)
– Website bookings
– Service user, Volunteer and employee contact details
- Financial Details including:
– Payment details and records
– Supplier records
– Employee payment records
Lawful basis – Legitimate Interest
We process personal information for certain legitimate interests related to the business purposes listed above. ‘Legitimate Interest’ means the interest of our company in conducting and managing our business (to enable us to give you the best service in the most secure way).
- Advice by phone, post, text or email
- Whistleblowing for the protection of staff and service users
Lawful basis – Legal obligation
We process personal information for certain legal obligations. This is where the processing is necessary to comply with legislation or the law.
– Safeguarding (protection of service users) and sharing relevant information with social services or police
– Where we require identification for proof of who you are to minimize fraud
- For the welfare of our service users
• Liaison with associated welfare services, advice and support
• Emergency contact details of service users, employees and volunteers
• Medical details of service users, employees and volunteers
- Legal proceedings
• Share personal information with the Multi Agency Safeguarding Hib (MASH, Children’s or Adults Safeguarding Boards or police
- Feedback from research and surveys on how we can provide better services
• Carrying out research
• Contact to complete surveys / feedback forms after you have received a service from us and use information you provide to improve our services
- Communication with our service users to provide updates relating to our business, appointments and services
- Email or Text service users with the promotion of our services
- For the management, wellbeing and support of our employees
• Administration management of employment and/or the Charity’s business. This includes information provided voluntarily as well as that collected as part of the recruitment process and during your employee journey. This includes:
o Pre-employment – Name, home address, email, phone no, medical details, next of kin, direct debit details, CV’s, emergency contact details, ethnicity details, driving license, birth certificate, marriage certificate, previous address history, previous convictions, NI number
– Right to work documentation
– Return to work
– Occupational health referrals and reports
– Doctors certificates
– Conflicts of Interest
– Disciplinary proceedings/details
– Grievance details
– Performance cases
– Sanctions, witness details and statements
– Payroll number & Bank account details
– Pregnancy, maternity & paternity details
– Employee children & partner details
– Sickness details
– Employee journey
– Salary details and bonuses
– Length of service
– Job title and contract type
– Employee changes/updates
– Responses to staff surveys
– Training, qualification and professional membership details
– Office access and operations
– Background checks (DBS) in line with the law
– Internal directories, employee share-point / NAS sites, internal websites (including H&S injuries) and other business cooperation and sharing tools
– Licence checks
– Court service
– Employee training and sharing of information where necessary to accrediting and awarding bodies and training providers
– Reporting of injuries, diseases and dangerous occurrences (RIDDOR) to HSE
- For the management of financial services
• Processing of Charity pensions and sharing of relevant information with pension provider or accountant
• Processing of company payroll and sharing of relevant detail with employee bank and / or accountant
• Processing of credit and debit cards (donations) and sharing necessary information with third party and Bank
- Information, system, network, and cybersecurity
• Overall information security operations of SIT to prevent unauthorised access, intrusion, misuse of charity systems, networks, computers and information, including prevention of personal data breaches and cyber-attacks (pen test)
• Detection and investigation of security incidents – processing of personal data of individuals involved in an incident
• Website security
• Monitoring access to systems and any downloads
• Use of information gathered from physical access control systems for investigation incidents
• Investigating and reporting of data breaches
- General corporate operations and Due Diligence
• Sharing necessary and relevant personal information with external providers
• Monitoring physical access to offices, and any visitors
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION FOR?
We will hold your personal information securely while you are a service user, employee or volunteer with us.
Records will be held in line with retention legislation, following which we will delete all personal information unless you owe us any money, have ongoing legal proceedings with us, or where there is a logged complaint. We may also retain personal information regarding qualifications gained, and anonymised data to ensure accurate statistics and data can be reported.
We will hold employee data provided from the start of your employee journey and then in line with Data protection regulations, one year for unsuccessful applications and six years following termination of employment for employees. Once these timeframes have passed we will delete all personal information excluding confirmation of employment dates, or unless otherwise requested by yourself.
Financial records are held for seven years, following which they will be destroyed.
HOW DO WE SECURE PERSONAL INFORMATION?
SIT takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our data processing, data protection and IT policies and procedures are closely aligned with widely accepted standards and are reviewed annually and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
Policies and procedures
We have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data including the following:
- We operate a paperless office, and this keeps personal details etc in one safe environment.
- We place appropriate restrictions on access to personal information
- We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
- Data Protection training for all employees who have access to personal information and other sensitive data
- We take steps to ensure that our employees and volunteers operate in accordance with our data processing policies and procedures and any applicable contractual conditions]
- We require, third party contractors or sub-contractors to have appropriate agreements in place to ensure personal information is processed in line with the General Data Protection Regulation.
YOUR RIGHTS AS A DATA SUBJECT (SERVICE USER OF SIT)
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to withdraw consent at any time.
The GDPR gives you greater control over your data held by us.
You may express your rights, in writing or verbally, by addressing your request to SiT, by:
- Email: firstname.lastname@example.org
- Writing to, or dropping in at, 84 Fore Street, Ipswich IP4 1LB
- Calling 01473 232499
Providing an additional, appropriate security measure, we may need identification or other information to confirm who you are. This will clarify your right to access the data and exercise your rights and avoid incorrect disclosures.
Valid forms of identification may include a passport, driving licence or birth certificate.
SiT will respond to your request within one calendar month.
Normally, no fee will be charged unless the request is excessive.
If we are unable to fulfil your request (for example, a legal obligation), or need to take longer to process your request, we will explain why.
Lodge a complaint with the supervisory authority
Right to judicial review: if SIT refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the Information Commissioner’s Office (ICO) details below:
Information Governance department
Information Commissioner’s Office
The table below highlights where we may receive personal information about you from someone else
|Personal data type:||Source:|
|Full Name, DOB, Age, Current Address, Contact Details, Medical Information, Qualification Information, Emergency Contacts||Anyone making a referral (including GP, NSFT etc)|