GDPR Privacy & Data Protection
Holloway Neighbourhood Group - Privacy Notice
1. AIM & INTRODUCTION
This Privacy Notice aims to support Holloway Neighbourhood Group’s (HNG) commitment to maintaining your confidence and trust while protecting the privacy of your information.
HNG’s privacy policy is compliant with General Data Protection Regulations (GDPR) and UK GDPR from 2021, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations. For the purpose of this notice HNG is the Data Controller and is entered on the Data Protection Register (certificate number Z1056966).
People about which we hold information are referred to in this policy as Data Subjects. Organisations that store our information are called Data Processors.
2. WHAT INFORMATION DO WE COLLECT?
We collect certain information about you to provide you with services and/or support. The type of information we collect can vary depending on which Data Group you are a part of, and which service you are enquiring about/accessing. We only collect data that is relevant.
The information that we collect sometimes includes special categories or sensitive personal information (including ethnicity, gender and health). This kind of information is vital to the service we are providing and asked for by funders.
In some certain circumstances we receive information about a person from other sources, such as referrers. In those circumstances we will contact that person within 30 days to tell them what information we have and from whom we got it.
3. OUR LEGAL BASIS FOR HAVING YOUR INFORMATION
There are six legal grounds for processing data. We only need to apply one of these principles to have your information. These are:
We use a variety of these legal grounds and record what legal ground we’ve used to hold your data. These are, but not limited to:
· Performance of a contract: We use this when people are paying to use our services or buildings.
· Complying with legal obligations: We use this to hold employees’ and some volunteers’ information.
· Legitimate Interest: We use this lawful basis – especially regarding ‘special interest’ categories of the people who use our services. Legitimate interest is information that we need to achieve our organisational aims – taking into account your right to privacy.
Please do remember you have the right to remove consent at any time.
We will, in all circumstances, keep your data safe. See section 7 for more information regarding this.
4. HOW YOUR INFORMATION WILL BE USED
We collect information about you when you enquire or engage with our services to ensure that you receive a good & safe service. For example, we may use the information we have collected to contact people to remind them to attend an activity and provide details of how to find us. We use information about your activity with us so we can feed back to our funders, or prospective funders, and demonstrate the impact of our services.
The information we keep also helps us to decide how well our services are working and what new ones we need to deliver. The reasons outlined here may also reflect our legitimate interest to process your data.
5. HOW LONG YOUR INFORMATION WILL BE KEPT
Your data will be kept for seven years, unless we deem it unnecessary to keep in which case we will delete it. We’ve chosen this period as it is the length of time commonly required by funders, Her Majesty’s Revenue & Customs (HMRC) and the Charity Commission. Following that period your data will be deleted or anonymised – meaning information that would identify an individual to the data is removed. We may keep sensitive (special category data) about you for less time than other personal data.
6. HOW WE SHARE YOUR INFORMATION
We will only share your information in rare circumstances. These are:
7. SECURITY OF YOUR INFORMATION
An individual’s personal information is stored with very controlled restricted access on secure third party servers, or in manual filing systems under lock & key. Internally, access to HNG’s IT databases is very restricted and is treated as confidential. Our passwords are regularly changed to minimise any risks.
We regularly check the security standards and their GDPR compliance of the third parties that process our data to ensure your privacy.
Should we suspect there has been a breach of security, and it is likely to risk an individual’s rights and freedoms, we will inform the Information Commissioners Office and affected individuals within 72 hours, where feasible. All breaches will be recorded.
8. MARKETING
At times we want to let you know about our services and other HNG related news. We will never pass your information for marketing purposes to any third party.
You have the right, at any time, to stop us contacting you for marketing purposes.
9. ACCESS TO YOUR INFORMATION AND CORRECTION
Individuals have the right to request a copy of all the information that we hold about them. If you would like a copy of this information please contact us. We will complete this request within one month. Will keep a record of all requests and how quickly we respond to them.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate.
10. COOKIES & OTHER WEBSITES
When using our website, cookies will track the pages you visit. Cookies are standard text files placed on your computer to collect standard Internet log information and behaviour. The information is used to track visitor usage of our websites and to compile statistical reports on website activity.
You can set your browser to not accept cookies. For more information visit www.aboutcookies.org
Our website links to other websites. This privacy policy only applies to our websites (www.hng.org.uk & www.stressproject.org.uk).
11. CHANGES TO THIS NOTICE
We will change this Privacy Notice from time to time by posting a revised version on our websites. The revised version will be effective on the date of publication at www.hng.org.uk/privacy. Your continued use of our services constitutes your acceptance of any changes to this Privacy Notice.
12. HOW TO CONTACT US OR TO MAKE A COMPLAINT
If you have any questions or issues regarding this Privacy Notice please contact us at;
Holloway Neighbourhood Group
The Old Fire Station
84 Mayton Street
London N7 6QT
020 7607 9794
website@hng.org.uk
To make a complaint to the ICO, please visit https://ico.org.uk/make-a-complaint/ or call 0303 123 1113
13. OTHER RESOURCES
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
1. AIM & INTRODUCTION
This Privacy Notice aims to support Holloway Neighbourhood Group’s (HNG) commitment to maintaining your confidence and trust while protecting the privacy of your information.
HNG’s privacy policy is compliant with General Data Protection Regulations (GDPR) and UK GDPR from 2021, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations. For the purpose of this notice HNG is the Data Controller and is entered on the Data Protection Register (certificate number Z1056966).
People about which we hold information are referred to in this policy as Data Subjects. Organisations that store our information are called Data Processors.
2. WHAT INFORMATION DO WE COLLECT?
We collect certain information about you to provide you with services and/or support. The type of information we collect can vary depending on which Data Group you are a part of, and which service you are enquiring about/accessing. We only collect data that is relevant.
The information that we collect sometimes includes special categories or sensitive personal information (including ethnicity, gender and health). This kind of information is vital to the service we are providing and asked for by funders.
In some certain circumstances we receive information about a person from other sources, such as referrers. In those circumstances we will contact that person within 30 days to tell them what information we have and from whom we got it.
3. OUR LEGAL BASIS FOR HAVING YOUR INFORMATION
There are six legal grounds for processing data. We only need to apply one of these principles to have your information. These are:
- Consent
- Performance of a contract
- Complying with legal obligations
- Legitimate interest
- Performing a task in the public interest
- Protecting your vital interest
We use a variety of these legal grounds and record what legal ground we’ve used to hold your data. These are, but not limited to:
· Performance of a contract: We use this when people are paying to use our services or buildings.
· Complying with legal obligations: We use this to hold employees’ and some volunteers’ information.
· Legitimate Interest: We use this lawful basis – especially regarding ‘special interest’ categories of the people who use our services. Legitimate interest is information that we need to achieve our organisational aims – taking into account your right to privacy.
Please do remember you have the right to remove consent at any time.
We will, in all circumstances, keep your data safe. See section 7 for more information regarding this.
4. HOW YOUR INFORMATION WILL BE USED
We collect information about you when you enquire or engage with our services to ensure that you receive a good & safe service. For example, we may use the information we have collected to contact people to remind them to attend an activity and provide details of how to find us. We use information about your activity with us so we can feed back to our funders, or prospective funders, and demonstrate the impact of our services.
The information we keep also helps us to decide how well our services are working and what new ones we need to deliver. The reasons outlined here may also reflect our legitimate interest to process your data.
5. HOW LONG YOUR INFORMATION WILL BE KEPT
Your data will be kept for seven years, unless we deem it unnecessary to keep in which case we will delete it. We’ve chosen this period as it is the length of time commonly required by funders, Her Majesty’s Revenue & Customs (HMRC) and the Charity Commission. Following that period your data will be deleted or anonymised – meaning information that would identify an individual to the data is removed. We may keep sensitive (special category data) about you for less time than other personal data.
6. HOW WE SHARE YOUR INFORMATION
We will only share your information in rare circumstances. These are:
- In some circumstances we will share your data with certain partners. In those circumstances, we will have checked that those organisations are GDPR compliant. If you request it, we will provide you specific information.
- Due to a legal requirement, we will share some information about some people with the Charity Commission, Companies House, HMRC and other agencies such as the Police.
- In some circumstances, to protect the vital interests of our service users, we will share special category health information. We will have checked the GDPR compliance of the organisation information is passed to.
7. SECURITY OF YOUR INFORMATION
An individual’s personal information is stored with very controlled restricted access on secure third party servers, or in manual filing systems under lock & key. Internally, access to HNG’s IT databases is very restricted and is treated as confidential. Our passwords are regularly changed to minimise any risks.
We regularly check the security standards and their GDPR compliance of the third parties that process our data to ensure your privacy.
Should we suspect there has been a breach of security, and it is likely to risk an individual’s rights and freedoms, we will inform the Information Commissioners Office and affected individuals within 72 hours, where feasible. All breaches will be recorded.
8. MARKETING
At times we want to let you know about our services and other HNG related news. We will never pass your information for marketing purposes to any third party.
You have the right, at any time, to stop us contacting you for marketing purposes.
9. ACCESS TO YOUR INFORMATION AND CORRECTION
Individuals have the right to request a copy of all the information that we hold about them. If you would like a copy of this information please contact us. We will complete this request within one month. Will keep a record of all requests and how quickly we respond to them.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate.
10. COOKIES & OTHER WEBSITES
When using our website, cookies will track the pages you visit. Cookies are standard text files placed on your computer to collect standard Internet log information and behaviour. The information is used to track visitor usage of our websites and to compile statistical reports on website activity.
You can set your browser to not accept cookies. For more information visit www.aboutcookies.org
Our website links to other websites. This privacy policy only applies to our websites (www.hng.org.uk & www.stressproject.org.uk).
11. CHANGES TO THIS NOTICE
We will change this Privacy Notice from time to time by posting a revised version on our websites. The revised version will be effective on the date of publication at www.hng.org.uk/privacy. Your continued use of our services constitutes your acceptance of any changes to this Privacy Notice.
12. HOW TO CONTACT US OR TO MAKE A COMPLAINT
If you have any questions or issues regarding this Privacy Notice please contact us at;
Holloway Neighbourhood Group
The Old Fire Station
84 Mayton Street
London N7 6QT
020 7607 9794
website@hng.org.uk
To make a complaint to the ICO, please visit https://ico.org.uk/make-a-complaint/ or call 0303 123 1113
13. OTHER RESOURCES
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/