| Personal data collected: | When we collect it: |
|---|---|
| Name, address, contact details (telephone number, email address), taxpayer status (for Gift Aid). | When you make a donation to our charity or request to be kept up to date on news and events. |
| Name, address, contact details (telephone number, email address). | If you are a funder or potential funder. |
| Name, address, contact details, NRM number, health history, legal status, ethnicity. | When you are referred to us through an external organisation for the purpose of receiving support from us. |
| Name, unique identification number, medical information (wellbeing, emotional and mental health scores). | When we develop a support plan for you. |
| Name, address, date of birth, contact details, career history, education and qualifications, health information, criminal convictions relevant to the role (to fulfil our legal obligations under relevant legislation including the Safeguarding Vulnerable Groups Act 2006). | When you apply for a job with us as a volunteer. |
| Name, address, date of birth, contact details, career history, education and qualifications, NI number, proof of address, address history. | If you apply to be one of our trustees. |
| Name, address, date of birth, contact details, career history, education and qualifications, health information, proof of right to work in the UK, criminal convictions relevant to the role (to fulfil our legal obligations under relevant legislation including the Safeguarding Vulnerable Groups Act 2006). | When you apply for a job with us as a paid member of staff. |
| Name, address, contact details, bank details. | When we purchase services from you and we need to pay your invoice. |
| Name, address, contact details, Photo ID, Proof of address, passport number, address history, NI number. Relevant criminal conviction history shared in line with DBS policy. | When you complete a DBS check. |
| Name, contact details. | When we work with external companies and need to contact you. |
| Name, address, contact details, bank details, NI number. | When you work for us as a paid member of staff. |
| Name, address, date of birth, contact details, career history, education and qualifications, health information, copy of University DBS certificate. | When you are a student doing a placement with us. |
3.4.1 When we collect personal data about you, we may ask for information which is considered sensitive or classed as ‘special category data’ under data protection laws. This includes information relating to your racial or ethnic origin, physical or mental health, political opinions, religious or philosophical beliefs, your sex life or sexual orientation. Special category data also includes the processing of genetic data or biometric data for the purpose of uniquely identifying a natural person.
3.4.2 We will only collect this type of data if you have given us explicit consent, or we have a legal basis for doing so.
3.4.3 There may be occasions where inadvertently we identify special category data about you. For example, your racial or ethnic origin, physical or mental health, political opinions, religious or philosophical beliefs, your sex life or sexual orientation may be evident from:
3.4.4 Rebuild East Midlands acknowledges that we need to take extra care of any special category data we hold about you, so we will make sure it is adequately protected and secured in line with data protection requirements.
4.1 We collect personal information about you from various sources which may include:
4.2 We may collect personal information about you via our website www.rebuildeastmidlands.org, through online or paper forms, telephone calls, face to face meetings, email, or social media.
5.1 We only use your personal identifiable information where laws that protect your privacy rights allow us to. This will be when:
5.2 Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See Section 10 ‘What if I don’t want to provide certain information to you?’ for details about how to withdraw your consent to marketing.
5.3 Certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, or criminal convictions or allegations. We will only use this kind of personal information where:
5.4 We may use your personal data for the following purposes:
| Purposes of data use: | Specifically: | Our lawful basis for doing so: |
|---|---|---|
| Processing transactions | If you have decided to donate to our charity, this will enable us to process the transaction. | Performance of a contract. |
| Keeping you informed | To enable us to provide you with useful and important information relating to our services. | Legitimate interests. |
| To enable us to share information about our services including marketing communications. | Consent. | |
| To notify you about changes to our terms or updates to our Privacy Notice. | Legal obligation. | |
| Supporting you | To enable us to provide you with relevant support. | Performance of a contract. |
| To enable us to deal with a safeguarding issue we may need to share certain information with external agencies e.g. the police or social services. | Legal obligation. | |
| Managing your employment contract | To enable us to manage our contract of employment with you (including paying you) we will need to process personal information about you. | Performance of a contract. |
| Keeping your details up to date | To ensure we are holding up to date details for you. | Performance of a contract and legal obligation. |
| Trustees | To comply with charity governance and functions. | Performance of a contract and legal obligation. |
5.5 We may also need to use your information to assist with the delivery of audit and assurance reviews, assist us with fraud investigations and comply with other legal requirements.
6.1 All personal information you provide to us is stored on our secure servers within the UK. However there may be occasions where your information may need to be stored in or sent to companies, service providers, agents, subcontractors and regulatory authorities in countries outside of the European Economic Area (‘EEA’) which may not have the same level of security and protection as we have under UK legislation. If we have to do this, we will make sure that suitable security measures are in place.
6.2 We take data security matters on our individuals’ information very seriously. With this in mind we treat your data with care and take a best practice approach to protect it wherever possible.
6.3 We secure all of our websites using ‘https’ technology and we regularly monitor our systems for possible vulnerabilities, threats and attacks to ensure your data remains protected.
6.4 We will only keep your personal information for as long as we need it to fulfil the purposes set out in this Privacy Notice, or as required by law. This might be for as long as you have a relationship with us, or longer where we need it for legitimate reasons such as legal, tax or regulatory purposes.
7.1 We work with third parties, including social network sites like Facebook, Twitter, Instagram, WhatsApp and YouTube. We use them to keep you updated on our products and services, share news stories and videos and to offer alternative ways for you to make contact with us.
7.2 All of these companies operate Third Party Sites. We cannot control how your data is collected, stored, used or shared by these Third Party Sites or to whom it is disclosed. Please be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a Third Party Site to share information about you, you must contact that site and determine whether it gives you the opportunity to opt-out of sharing such information. Rebuild East Midlands is not responsible for how these Third Party Sites may use information collected from or about you.
7.3 Social media posts on the Rebuild East Midlands website are publicly available and therefore you should not submit personal information about yourself using these channels. If you decide to use social media to contact us, you accept full responsibility for the security and use of the data provided. Any private messages sent using social media will only be stored for the duration of dealing with your enquiry and any information provided will not be used for any other purposes than customer support.
8.1 Rebuild East Midlands may share the information it collects about you with other companies or third parties in the following instances:
8.2 We will not sell your personal data onto third parties for marketing purposes.
8.3 We may share your information with the following groups:
8.4 Specifically, the third parties we share personal data with include:
9. Use of Google Analytics and Cookies
9.1 We use Google Analytics to collect anonymous information about use of our website. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve our website.
9.2 Although Google Analytics places a permanent cookie on your web browser to identify you as a unique user next time you visit our website, the cookie cannot be used by anyone but Google whose ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.
9.3 Google Analytics uses cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. First Party Cookies are used which means that the cookies are linked to a specific website domain and Google Analytics will only use that cookie for statistical analysis related to your browsing behaviour on that specific website.
9.4 If you wish to, you can opt out by turning off cookies in the preferences settings in your web browser or you can use Google’s opt out tool within Chrome.
10.1 We will be unable to provide you with products or services if you do not let us have certain pieces of personal information. But we’ll only ask you for what we really need.
10.2 In some cases providing personal information is optional, for example providing your contact details to receive marketing communications. We will make it explicitly clear if this is the case, so you can decide if you want to opt in or not. If you change your mind and decide you don’t want to receive marketing communications any more, you can let us know by emailing info@rebuildeastmidlands.org.
11.1 You have eight rights relating to the use and storage of your personal identifiable information. These are:
For further information as to your rights, see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
11.2 In brief, you have the right to be informed who is obtaining and using your personal information, how this information will be retained, shared and secured and what lawful grounds will be used to obtain and use it. You have the right to object to how we use your personal information in certain circumstances. You also have the right to obtain a copy of the personal information we hold about you. You can find out how to do this in Section 12.
11.3 In addition, you can ask Rebuild East Midlands to correct inaccuracies, and in some circumstances delete or restrict personal information or to provide some of your personal information to someone else. You can make a complaint if you feel we are using your information unlawfully and/or holding inaccurate, inadequate or irrelevant information which if used may have a detrimental impact on you and/or has an impact on your rights.
11.4 If you wish to exercise any of your rights or have a complaint on the way your personal information is handled, please contact info@rebuildeastmidlands.org or write to the The Rebuild CEO, Rebuild East Midlands, Rebuild Project, PO Box 8424, Derby DE1 9GH
11.5 If you are not happy with the way we deal with any complaint relating to the way we use your personal information you can refer it to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office, at Make a complaint | ICO
12.1 You have the right to request access to the personal data we hold about you.
12.2 If you would like to request a copy of your personal data, you can contact us via letter,
email info@rebuildeastmidlands.org, telephone or social media.
13.1 If any of your personal information changes, such as a contact number or email address, please let us know right away so we can update our records.
14.1 Our Privacy Notice will be regularly reviewed to ensure it accurately reflects how your personal information is being used. As it may change at any time in the future, we encourage you to check this Privacy Notice whenever you visit our website Microsoft Word – Privacy Notice new format (rebuildproject.org)
15. Who do I contact about data protection queries?
15.1 Rebuild East Midlands has a Voluntary Data Protection Officer (VDPO). If you have any questions, comments or concerns about this Privacy Notice or the way in which your personal data is being handled, you can email them at info@rebuildeastmidlands.org or by writing to The Rebuild CEO, Rebuild East Midlands, Rebuild Project, PO Box 8424, Derby DE1 9GH
Employees acceptance will be by using the Tick (under the Actions section in BreatheHR).
This equates to your signature and will demonstrate that you have read and understood this policy, and will act in accordance with it.
This policy will be reviewed every two years but more frequently if the circumstances in which Rebuild East Midlands operates changes significantly, or if relevant changes in legislation occur.
This policy will be reviewed at least every three years but more frequently if the circumstances in which Rebuild East Midlands operates changes significantly, or if changes in legislation occur.
