Privacy Statement for Service Users
1) About this statement
This statement outlines how Bury Involvement Group (‘BIG’) collects, stores, uses and disposes of personal information given to us by visitors and callers.
BIG is committed to protecting the privacy and security of personal information. This privacy statement explains:
- What personal data BIG processes about our visitors, the reason it processes that personal data, its legal basis for processing that personal data, and how long it will process it for;
- Who to contact if you have any queries relating to your personal data;
- Who BIG may share staff personal data with;
- What rights you have in relation to your personal data;
This privacy statement applies to service users who use or call the service.
It is important that you read this notice so that you are aware of how and why we are using such information.
2) Definitions
“Personal data” means any information about you (i.e. name, address) that identifies who you are.
3) Data Protection Principles
Data Protection law says personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
4) Contact Details
a) Data controller, address and registered number:
Bury Involvement Group is the “data controller”. This means we are the organisation that is processing your data.
We are a Charitable Incorporated Organisation registered in England under charity number 1166584, with our registered office is at Bury Business Centre, Kay Street, Bury, BL9 6BU.
b) Our data protection officer is Jordan Fahy, Chief Officer.
You can contact Jordan via telephone on 07758737616, by email on jordanfahy@buryinvolvementgroup.org or by mail at the Bury Involvement Group, address above.
You can also talk to any team member if you have any questions about data protection and they will contact Jordan on your behalf.
5) Processing of personal data
a) Legal Basis on which BIG processes your personal data.
BIG processes visitor/caller data on the legal basis of “Consent”
When you first visit the service, you will sign our privacy statement giving BIG permission to process their personal data.
b) What personal data we keep about you
We may record information about you on our breaches of confidentiality and safeguarding files. This does not identify you as we use only first names and anonymity numbers.
There may be times we record more detail (i.e. name, address) on a safeguarding or confidentiality form, i.e. if we were making a safeguarding referral and needed this data to make the referral.
When your first visit, you will have the option of giving us personal details (name, address, diagnosis, GP etc.) which go on our database. You do not have to give us these details if you don’t want to.
We may occasionally have additional information about you – i.e. a referral form we have filled in for another organisation. Every six months, service managers will go through all the places where we keep documentation (electronic and paper) and get rid of anything we no longer need.
c) Security.
Only staff and volunteer at BIG, who have been through our safe recruitment process can access the database, with sensitive personal information being locked by user level so only certain members of the team can access this and only when it is necessary for them to do so.
Our database is “encrypted.” This means that if computer system was stolen from the service, nobody would be able to get into the database or see the information on it.
All our filing cabinets are kept secure and our office door is closed when the service is open. BIG has policies to ensure safety and security of data.
d) People who see your data.
Access to your personal data will be only be by people who need it to carry out their job. For example, workers may access the database to get your contact details.
The management team also access the database to write reports about BIG (i.e. how many people have visited) but all data is anonymised.
We may share your personal data if this is necessary to protect you or another person. For example, if your life or someone else’s is at risk; or if there is risk of harm to a child or vulnerable adult.
6) Your rights (with effect from 25 May 2018)
From 25th May 2018, the new General Data Protection Regulations (GDPR) come in and extends your data rights under the Data Protection Act. The GDPR gives you the following rights:
a) You have the right to get your personal data from us, except in limited circumstances (i.e. it would compromise someone else’s confidentiality.
b) You have the right to require us to correct any inaccurate personal data we hold about you;
c) You may also have the right to have incomplete personal data completed, by means of providing us with an extra statement;
d) You have the right to require us to erase (get rid of) your personal data.
The legal basis for BIG holding your data is “consent.” If you withdraw your consent, we may still hold your data, i.e. if we needed it because there was an on-going safeguarding case involving you, or we needed it for some other reason to keep you or another person safe. In this case, “vital interests” would become the legal basis on which we were holding your data.
e) You have the right to require us to restrict the processing of your personal data on certain grounds. For example, if you disagree with the accuracy of the personal data and want us to stop processing your personal data while we check its accuracy;
If you would like to exercise any of these rights, please contact Jordan Fahy, Chief Officer, or speak to any team member who can put you in touch with Jordan.
7) If we can’t sort out an issue you have
Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk).
8) If you require further information
BIG has a Data Protection Policy, which is available for anyone requiring further information, please ask a team member if you would like to see either this policy.