Personal data means any information that may be used to identify you on its own or when combined with other information, will enable identification. Sensitive data is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation. We may collect, use, store and transfer different kinds of personal and sensitive data about you which we have grouped together as follows:
a) Identity Data includes first name, last name, username or similar identifier, date of birth and gender and NHS number.
b) Contact Data includes your address, phone number and email address.
c) Health Data includes any information about your physical or mental health from how you use our Services.
d) Usage Data includes information about how you use our services.
Your personal data is required to effectively assess you for the appropriate support at START. In addition key data may be used to support our safeguarding / risk responsibilities and other statutory obligations. We also require your data to measure the effectiveness of the services we provide and how they can be improved. This uses aggregated statistics which does not identify you.
We use different methods to collect data from and about you including through:
a) Direct interactions: You may give us any of the categories of data identified in section 2 by filling in forms or by corresponding with us by, phone, email or otherwise.
b) Third Parties: We may receive your personal data from third parties who are referring you to our services. This is typically performed with your explicit consent but could be because there is a legal obligation that applies to the third party.
All of the data gathered is processed to effectively assess you for our services and support you accordingly. Our lawful reasons for processing data are detailed in the table below along with the type of data. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
| To register you as a new member or volunteer |
(a) Identity (b) Contact |
Necessary for our legitimate interest (to provide our services to you) |
| To process and deliver your request for our services. |
(a) Identity (b) Contact (c) Health |
a. Necessary for our legitimate interests (to provide our services to you) b. Necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality |
|
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy |
(a) Identity (b) Contact (c) Profile |
a. Necessary to comply with a legal obligation b. Necessary for our legitimate interests (to keep our records updated and to study how members and volunteers use our services) |
| To refer you to external organisations for additional services relevant to achieving your goals and aspirations |
(a) Identity (b) Contact (c) Health |
a. You have given clear consent b. The processing is necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality |
| To include your attributable information in data returns to organisation like Greater Manchester Integrated Care System to aid in the production of statistics for performance management and service improvement purposes |
(a) Identity (b) Health |
a. You have given clear consent b. Necessary to comply with a legal obligation |
| To comply with Information Sharing Agreements where the service is a member which can be for the purpose of Adult and Children Safeguarding, Anti-social behaviour, Criminal Justice orders, etc. |
(a) Identity (b) Contact (c) Usage |
a. You have given clear consent b. Necessary in order to protect the vital interests |
| To use data analytics to improve our services, relationships and experiences |
(a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of people for our services, to keep our services updated and relevant, to develop our business) |
| To use in photography and films to promote our services. We will ask for your permission before we record photographs, audio and films for this purpose |
(a) Identity (b) Usage |
a. You have given clear consent b. Necessary for our legitimate interests (to develop our business) |
| To record static and moving images and vehicle registration numbers on Closed Circuit Television (CCCTV) |
(a) Identity (b) Usage |
a. Necessary for our legitimate interests (to detect, prevent or reduce the incidence of crime) |
| To make recruitment decisions in relation to both volunteering and permanent employment |
(a) Identity (b) Contact (c) Usage |
Necessary for our legitimate interests (to assess suitability, arrange interviews and where necessary, carry out pre-employment checks) |
We also collect, use and share aggregated data such as statistical or demographic data for performance monitoring purposes. This is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We will not use the personal data you give us or which we collect from you for marketing purposes. We will only use your contact details to correspond with you about your support at START.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Data is shared within the organisation as part of our lawful basis to process and is only shared relevant to the processing requirement. We will not share data with third parties unless there is a lawful / regulatory / legal / contractual requirement or where you have given clear consent. We will aspire to share the minimum amount of data necessary for the purpose and restrict the use of data that directly or indirectly reveals your identify. This can include anonymising your data or producing aggregated statistics or demographic information.
Examples of where we share such information in line with the above include:
a. Contractual reporting
b. Mental Health and Social Care Datasets
c. A referral made on your behalf with your clear consent
d. A referral made for medical purposes including to protect your vital interests
We do not transfer any of your personal data outside of the European Economic Area.
Examples of third parties include but are not restricted to Greater Manchester Police, Local Authorities, Greater Manchester ICS including the Salford Locality Team, Public Health England (PHE), Greater Manchester Mental Health Trust, Salford CVS and other voluntary sector partners.
1) If you apply for a position with us, whether permanent or voluntary, we collect and process personal information to manage the recruitment process, assess your suitability, communicate with you regarding your application and comply with our legal obligations.
2) The personal information we may collect includes your contact details, CV, employment history, qualifications, references, interview notes, right-to-work documentation, assessment results and any other information you provide as part of your application. Where appropriate and permitted by law, we may also process special category data (such as health information relating to reasonable adjustments) and criminal conviction information where required for the role.
3) We process this information on the basis of our legitimate interests in recruiting suitable employees or volunteers, to take steps at your request before entering into an employment contract or volunteering agreement, to comply with legal obligations and, where required, with your consent.
4) If your application is unsuccessful, we will retain your information for 12 months following the completion of the recruitment process, unless we are required to retain it longer by law or you consent to us retaining it for future opportunities. If your application is successful, relevant information will become part of your employment or volunteering record.
5) We do/do not use automated decision-making as part of our recruitment processes.
The length of time we will retain your information depends on who you are and the type of information we hold. In general, we will retain the information you provide for the purposes set out in this notice for a period of not more than 8 years after the last contact with you. The circumstance where this may be different includes if you are under the age of 18 when you start receiving services from us or if you are subject to the Mental Health Act. CCTV data is reviewed regularly and is retained for a period of 3 months.
The following information is intended to help you understand you rights in relation to personal and sensitive data as provided by either the Data Protection Act (1998) or the General Data Protection Regulation 2016.
The right to be informed: This relates to what information we are required to provide you about data processing. This Privacy Notice represents the way in which we inform you of this information.
Right of access: You (i.e. the data subject) have the right to access particular personal and sensitive information that we hold about you. This is known as a Subject Access Request. We shall respond promptly (usually within one month from the point of receiving the request and all necessary information from you.) This provision is usually free of charge, however we retain the right to charge a reasonable fee when we believe a request is unfounded, excessive or repetitive.
Right to rectification: You have the right to obtain from us, without undue delay, the rectification of inaccurate or incomplete personal data that we hold concerning you.
Right to erasure: You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. We have the right to refuse to comply with a request for erasure and if this applies we will tell you the reason why.
Right to restrict processing: Subject to exemptions, you shall have the right to restrict processing where:
· You contest the accuracy of the information we hold and it is restricted until the accuracy is verified,
· You have objected to processing (where it is necessary for the performance of a public interest task / legitimate interest) and we are considering whether our grounds override your rights
· Processing is unlawful and you oppose erasure, requesting restriction instead,
· We no longer need the data, but you require the data to establish, exercise or defend a legal claim.
Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Right to Object: You have the right to object to processing on grounds relating to your personal circumstances. This provision applies to the processing that is undertaken for legitimate interests / the performance of a task in the public interests (includes personal profiling) and processing for purposes of scientific / historical research and statistics. In such cases we will stop processing unless we can demonstrate i) compelling legitimate grounds which override your interests, rights and freedoms ii) the processing is for the establishment , exercise or defence of legal claims. This right extends to processing for the purposes of direct marketing (including profiling) which must be stopped outright.
Right not to be subject to decisions based solely on automated processing: We do not carry out any automated processing which may lead to automated decision making based on your personal data.
Information accuracy: We take all reasonable steps to ensure the accuracy of the personal/ sensitive data that we hold and provide.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to sign up to any login area, order or download materials or get involved with us in any other way you may need to complete a form with your details.
If you register for an account with START, we need your details in order to keep you updated on the work we do, to keep you informed of other services that may be of interest to you and of opportunities to get involved with the organisation. We will only do this if you agree that you wish to be kept updated.
If you have any questions or concerns about this privacy notice, the data we hold on you, or you would like to exercise one or more of your data protection rights, please do not hesitate to contact us at:
START
Brunswick House
62 Broad Street
Salford
M6 5BZ
Email: info@startinspiringminds.org.uk
If you feel that we have not addressed your concern in a satisfactory manner or should you wish to report a complaint, you may contact the Information Commissioner’s Office at:
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 01625 545 745.
To read our Cookie Policy and Website Terms & Conditions please click here.