Privacy Policy
DATA PRIVACY NOTICE
This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them. If you have any questions regarding our Privacy Notice and our use of your personal data, or would like to exercise any of your rights, please get in touch via the following information:
Email us: kiran@thedashcharity.org.uk
1. Who Are We?
We are the Dash Charity and for the purposes of UK Data Protection Law, we are registered with the ICO. The Dash Charity is a member of the Women’s Aid Federation for England (WAFE). Dash is also a company limited by guarantee. We have been providing safe emergency accommodation in Slough and Windsor & Maidenhead for women and their children escaping Domestic Abuse (DA) for over 40 years.
We have been commissioned to provide a range of Domestic Abuse services under contract to RBWM Council. Our services currently comprise places of refuge for women and children who have experienced or are at risk of DA, a community based advocacy service with helplines for victims and professionals, development programmes and training and a volunteer programme. We work collaboratively with local and regional agencies and other relevant organisations to achieve our aims and strategic objectives.
2. Personal data collected, how and why we collect it, and on what lawful basis
Please click on the relevant appendices below
3. Your Rights
3. Your Rights
Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. If you would like to exercise your rights, please get in contact with any of the details listed above. Here is a summary of the rights we think apply:
a. Right to be Informed
You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out however if you would like further information, please get in touch.
b. Right of Erasure – also known as the right to be forgotten
You may ask us to delete some or all of your information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.
c. Right to Object
You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.
d. Inaccurate personal information corrected
Inaccurate or incomplete information we hold about you can be corrected. The accuracy of your information is important to us and we are working on ways to make this easier for you to review and correct the information that we hold about you. If any of your information is out of date or if you are unsure of this, please get in touch through any of the contact details listed in this notice.
e. Right of restriction
You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.
f. Right to Access your information
You have a right to request access to a copy of your personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge and proof of identity is required.
g. Automated decision making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you.
h. Portability
You can ask us to provide you or a third party with some of the personal information that we hold about you.
i. Right to withdraw consent
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data
4. Transferring your information outside of the United Kingdom
Where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to the UK Addendum used in conjunction with the EU Standard Contractual Clauses (SCCs), or UK International Data Transfer Agreement (IDTAs). Such safeguards will be subject to Transfer Risk Assessments (TRAs).
5. Complaints procedure
If you are unhappy with the way we process your data, please get in touch by using one of the contact methods above. You can also make a complaint to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. They can be contacted by at 0303 123 1113 or you can write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
6. Changes to our Privacy Notice
This privacy notice is kept under regular review. If we make any significant changes to the way in which we process your information, we will let you know by either reaching out to you or posting a banner on the website.
4. Transferring your information outside of the United Kingdom
Where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to the UK Addendum used in conjunction with the EU Standard Contractual Clauses (SCCs), or UK International Data Transfer Agreement (IDTAs). Such safeguards will be subject to Transfer Risk Assessments (TRAs).
5. Complaints procedure
If you are unhappy with the way we process your data, please get in touch by using one of the contact methods above. You can also make a complaint to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. They can be contacted by at 0303 123 1113 or you can write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
6. Changes to our Privacy Notice
This privacy notice is kept under regular review. If we make any significant changes to the way in which we process your information, we will let you know by either reaching out to you or posting a banner on the website.
APPENDIX 1 – Human Resources Privacy Notice Freelancers, job applicants and current and former employees, trustees and volunteers
Freelancers, job applicants and current and former employees, trustees and volunteers
1. How and when do we collect information about you?
You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment/engagement.
In some cases, we will collect data about you from third parties, such as employment agencies or former employers when gathering references.
2. What types of information is collected about you and who provides it?
We keep several categories of personal data on our employees/freelancers/job applicants/trustees and volunteers in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each individual and we also hold the data within our computer systems, for example, our holiday booking system.
Specifically, depending on your type of engagement with the Dash Charity, we may process the following types of data:
a. personal details such as name, address, phone numbers
b. name and contact details of your next of kin
c. your photograph, your gender, marital status
d. footage of the organisation events where you may appear
e. information of any disability or other medical information you have disclosed
f. right to work documentation
g. information gathered via the recruitment process such as that included in a CV, cover letter or application form, references from former employers, details on your education and employment history etc
h. National Insurance number, bank account details and tax codes
i. information relating to your employment with us (e.g job title, job description, salary, terms and condition of the contract, annual leave records, appraisal and performance indication, formal and informal proceedings involving you such as letters of concern and disciplinary, disciplinary and grievance proceedings.
j. internal and external training modules undertaken
k. information on time off from work including sickness absence, family related leave etc
l. IT equipment use including telephones and internet access
m. your biography and picture for the website (if applicable).
We may also process special category of data which include health information, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data. We may also process criminal records information if the role involves DBS check.
3. How is the information used?
We are required to use your personal data for various legal and practical purposes for the administration of your contract of employment or your volunteer/trustee agreement, without which we would be unable to employ you. Holding your personal data enables us to meet various administrative tasks, legal obligation or contractual/agreement obligation. We process information in relation to the DBS for our safe recruitment practices.
4. Lawful basis for processing
We mainly use ‘contractual obligation’ as a lawful basis for processing personal data for employees, job applicants and freelancers. We mainly use ‘legitimate interest’ for trustees and volunteers. We may also have legal obligation in order to process and share your data, for example we need to share salary information to HRMC or use some of your data to enrol a new employee on a pension scheme.
We may rely on our legitimate interest for processing activity such as keeping supervision and appraisal records; using your image, bio and videos/pictures of the organisations’ events where you may appear on our website or marketing/fundraising materials to promote the charity.
Some special categories of personal data, such as information about health or medical conditions is processed in order to carry out employment law obligations (such as those in relation to colleagues with disabilities and for health and safety purposes). We may also process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief for the purposes of equal opportunities monitoring. When processing criminal records (for example, in order to perform DBS check), the organisation relies on the lawful basis of legitimate interest. When processing special category of data and criminal records, we rely on additional conditions of the UK GDPR and DPA 2018.
5. How long do we keep your data?
We only keep your data for as long as we need it for, which will be at least for the duration of your employment/engagement with us though in some cases we will keep your data for a period of 6 years after your employment/engagement has ended. If you’ve applied for a vacancy but your application hasn’t been successful, we will keep your data only for 12 months.
Some data retention periods are set by the law. Retention periods can vary depending on why we need your data. Please get in touch by contacting us using the details above if you want to know more about retention period.
Data is destroyed or deleted in a secure manner as soon as the retention date has passed.
6. Confidentiality – who do we share your data with?
Data in relation to your salary is shared with HRMC as part of our legal obligation. Data may be shared with third parties for the following reasons: for the administration of payroll, pension, HR functions (for example the online holiday booking system), administering other employee benefits (such as the Childcare Voucher Scheme) and with the building security team for the issuing of you building access pass. When sharing information with third parties, we have data sharing, processor agreements or contracts in place to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
APPENDIX 2 – Service Users
1. How we collect information about you?
We may collect the following information about you when you engage with us as a service user to use our services: name, data of birth, gender, ethnicity, religion, contact details, health conditions, contacts of education provider, behavioural information, school attendance, life background, health information, safeguarding information
The information collected may include special category of data which include health information, sexual orientation, race, ethnic origin. They may also contain criminal records information.
2. How is your information used?
We may use your personal information to
• Carry out a thorough assessment of your needs;
• Provide an appropriate service which best meets your needs;
• Provide progress reports to funders;
• Claim payments from the funders;
• Monitor and manage risk;
• Protect yourself and the general public;
• Safeguarding;
• Collate anonymised or pseudonymised statistical information for funders, the charity and delivery partners
3. Lawful basis for processing
We mainly rely on legitimate interest or consent as our lawful basis for processing your personal data. When we process special category of data and criminal records, the lawful basis is substantial public interest read with conditions from the Data Protection Legislation.
4. How long do we keep your data for?
We retain the personal data of all service users for a period of in line with our retention periods. If you would like to know more about this, please contact us at the email address above.
5. Confidentiality, data sharing and safeguarding
• With your consent, we may share your data with agencies involved in providing support. Each organisation acts as individual data controller of your personal information and you should read their privacy notice in addition to this one/Third parties act as data processors and for that reason they will process your data on our behalf.
• To comply with our duty of care and safeguarding, we may need to pass some information raising safeguarding concern with the authorities. In such circumstances, we apply vital interest and legitimate interest as our lawful basis. Data subjects’ rights and other UK GDPR provisions may be restricted when concerning personal data processed in these circumstances. Exceptions and exemptions are applied on a case by case basis.
APPENDIX 3 – Fundraising and Marketing
Information we collect:
When you make a donation
Information is provided by you via a donation form on our website or via third party donation platforms (e.g Just Giving and Virgin Money Giving). The information gathered may be: name, email address, Gift Aid sign up, company name if donation made by an organisation, donation details, reasons to engage, postal address.
This information allows us to process your donation, and deal with any potential enquiry. We rely on our legitimate interest to process this data. If you agree that we can claim Gift Aid on your donations we are legally required to keep a record of the claim and your Gift Aid declaration. If you are donating using a third party, please also refer to the privacy notice published on their websites.
When you sign up to our fundraising event
Information is mainly provided by you via our website forms, via third party platforms (e.g Eventbrite) or in person during the events by paper forms. The information gathered may be: name, email address, company name if applicable, donation/payment details, reasons to engage, postal address, email address contact preference.
This information allows us to administer your sign up, process payments, and deal with any potential enquiry. We rely on the legitimate interest to process this data.
During these types of events, we may also take photographs and video recording of people attending where you may be included. This information allows us to showcase our work and have an effective external communication. We rely on our legitimate interest to process this data. If you are signing up to an event using a third party, please also refer to the privacy notice published on their websites.
When you show interest in supporting us (e.g through a gift in your will or a pledge) and you decide to contact us
Information is provided mainly by yourself, via online forms or phone/email conversation with us. The information gathered may be: occupation, title, details of any correspondence had with ourselves, date of birth, fundraising appeals responses, event participations with us, details of your reasons to engage with us. This information allows us deal with your enquiry and show you how to get engaged. We rely on our legitimate interest to process this data.
Marketing Communications:
Your contact details may be used to provide you with information about our services or our fundraising opportunities via email, text or other electronic message. We will only send you fundraising and marketing communications by email, text or other electronic message if you have provided your consent, or if you have been involved in a commercial transaction with us. You may opt-out of our fundraising and marketing communications at any time by clicking the unsubscribe link at the end of our e-marketing communication. Alternatively, you can let us know by using any of the contact details listed at the top of this notice.
