UK GDPR came into force on January 1st, 2021, and outlines the main principles, rights, and requirements that businesses and organisations must follow in processing UK residents’ personal data. UK GDPR is an adaptation of EU GDPR.

If you require this document in any other format or language, please contact Association of carers using the details below.

Who we are and how to contact us

We are Association of Carers: (Registered Charity no. 1159551) and we can be contacted using the following details:
Contact name: Louise Vladi
Email: [email protected]
Phone: 01424 722309
Address: Association of Carers, 104 Sedlescombe Road North, St. Leonards on sea, Hastings, TN37 7EN

We are committed to ensuring that your personal data is processed in accordance with this policy so please read it carefully and let us know if you have any queries.

How we will process your Personal Data

1) Lawfully, fairly and transparently

We are processing your data under one of the following legal reasons:

1. i) you have provided us consent by agreeing to this policy. (You can withdraw your consent at any time by contacting us using the contact details in this policy);
   ii) we have a legitimate interest to do so in order for us to continue to provide you services;
   iii) to meet our legal requirements.

2) Why are we holding your data?

We will only process your personal data for the following purposes.

1. a) to enable us to provide you with a service,
   AND any of the following purposes for which you consent:
   b) to keep you updated with our latest news
   c) to refer you to approved 3rd party service providers which are relevant to the services you require
   d) applying for grant funding for you
   e) targeted fundraising activities for Association of Carers
   f) promotion and/or an invitation to upcoming event

g)If you are a volunteer and we are applying for a reference on your behalf

1. h) If you are a volunteer and we are applying for a Criminal record check

3) What data are we holding?

We will only hold sufficient personal data to enable us to undertake each of the purposes set out in clause 2 above. The level of data we hold is dependent on the services we provide to you. If you believe the personal data we are holding is excessive then please contact us.

If you are a Carer please only provide us with personal data on the person you are caring for if you have permission to do so or if it is required for us to provide you the services. This does not prevent you from discussing any relevant issues about the person you are caring for with an advisor. You should advise us or your advisor that you do not have permission or do not wish their personal data to be processed in any way.

Consent and capacity, Association of Carers will assume a person has capacity to give consent until its clear they do not. (In such cases where we take person detail of the cared for person we would ask the Carer if they have power of attorney for the person and if they will consent on their behalf.

4) Is all the Personal Data we hold relevant?

We shall only hold the amount of data necessary to provide you with services, or for any of the purpose you have consented to. Please note in respect to funding and 3rd party referral services some of the personal data required from you has been requested from such 3rd party or funder. If you feel that any Personal Data we request is excessive, or you do not understand why it has been requested then please contact us and we will be happy to discuss.

5) Keeping your Personal Data accurate

You are responsible for ensuring that all personal data provided by you is accurate and advise us as soon as possible of any amendments required. We may request that you confirm the accuracy of your personal data, which you are required to respond to within 14 days. Failure to provide or keep your personal data up to date may result in us ceasing to provide the services to you.

6) Storing and deleting your Personal Data

We shall store all electronic personal data on a separate database, which is cloud based. We shall not store your personal data on any hard-drive of any IT hardware owned or used by us. We keep a limited amount of personal data on paper. Such data is stored in a locked filing cabinet in a secure office.

We shall store your personal data for durations set out below:

• If you are a Carer – 6 years from the date you last received services from us
  • If you are an employee – 6 years from the date you last worked for us
  • If you are a volunteer – 3 years from the date you last worked for us

If you wish your personal data to be deleted prior to the timescales above, you should contact us and we will action such request within 7 working days

7) Protecting your Personal Data

We have developed organisational and technical processes meaning that protecting your personal data is a high priority throughout our organisation. Trustees, employees and volunteers are all committed to complying with UK GDPR and this policy. We will continue to monitor our IT hardware and software to ensure your personal data is protected.

What to do if you believe there is a Personal Data Breach

If you suspect, there has been a potential or actual breach of personal data then you should contact us as soon as possible detailing the nature of the breach (Notice of Breach). We will acknowledge your Notice of Breach within 3 working days and investigate the breach within an additional 7 working days.

If through the investigation we determine that there has been a personal data breach, then we will take all necessary action in order to rectify the situation and minimalise any potential or actual damage caused through such a personal data breach.

• We will communicate with you regarding the action being taken.
  • We will comply with any guidelines issued by the Information Commissioners Office (ICO) in relation to Personal Data Breaches, including notifying the ICO when required to do so.

Do we share your Personal Data?

We shall not transfer or share your personal data with any 3rd parties except as follows;
• Volunteers who are vetted by and work with us, and who have agreed to comply with this policy
• 3rd party referral services
• Bright HR, who provide human resources advice
• Charitylog, who run our databases
• Tetrabyte who provide our IT support

We may use the following software to process your personal data:
• Outlook, which is our e-mail system, Mailchimp which is our newsletter and mailing communication software
• Quickbooks, which is a finance software programme
• Survey Monkey and Smart Survey, which are survey software
• WordPress , which hosts our website

• Mailchimp, our communications software

We will use reasonable endeavours to ensure that the 3rd parties stated above comply with UK GDPR and we will advise you if any 3rd parties change.

 

When we act as a Data Processor for you

When you are the Data Controller who has permitted us to process personal data held by you, then you shall ensure that you have the full consent/rights of the personal data being passed to us. You are fully responsible for ensuring that the personal data processed by you and passed to us complies with all principles of UK GDPR. If you are a business or organisation then by signing this policy your business / organisation is committed to being UK GDPR compliant and has taken all reasonable actions to achieve this.

 

Changes to this Policy

We reserve the right to amend this policy at any time.

Association of Carers is a CIO (Charitable incorporated organisation) and Charity No.1159551 Registered Office: Association of Carers, 104 Sedlescombe Road North, St. Leonards on sea, Hastings, TN37 7EN