Settled data protection policy
At Settled we respect your privacy and are determined to protect your personal data. This policy explains how we use the information we collect about you. By submitting your information, you agree to the use of that information as set out in this policy.
Settled is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR), Data Protection Act 1998 and any successor legislation (together, the ‘data protection legislation’). We are also committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data. Settled will therefore follow procedures which aim to ensure that all employees and volunteers and others who have access to any personal data held by Settled, are fully aware of and responsible for the handling of personal data in line with the data protection legislation.
What information do we collect
In order to operate efficiently, Settled has to collect and use information about people with whom it works. These may include current, past and prospective service users; current, past and prospective employees; current, past and prospective volunteers; and other relevant parties. We will only collect and retain relevant and essential data.
Settled primarily uses legitimate interest to process client personal data. The processing of this data is necessary for Settled’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data, which overrides those legitimate interests.
Settled collects, uses and discloses personal information concerning our donors for the following reasons:
• To establish a relationship and communicate with donors
• To understand who our donors are and how we may improve our services to meet their preferences and expectations
• To process a donation (e.g. a credit card transaction)
• To issue a tax receipt
• To recognize contributions
• To meet requirements imposed by law
How do we collect data about you
We collect and process appropriate information only to the extent that it is needed to fulfil operational needs or to comply with legal and funding requirements.
We collect information which you provide us voluntarily. For example, we collect your name, your nationality, your gender, email address and vulnerability if you attend one of our group or one to one sessions.
You also provide us with your name, email address, phone number and vulnerability when you enter your details through the interactive chat bot and when you ask us to contact you. If we cannot deal with your query we can share this information with third parties, to provide you with the support you need, but will only do so with your explicit permission.
In the case of volunteers, we collect their personal contact details and ID for the purpose of OISC registration.
Client management database
In order to provide an advice service, Settled operates a confidential, password-protected case management database. This holds personal data about the people we help and the advice we have given.
How we use your personal data
Settled will, through appropriate management and the use of appropriate controls adhere to the following in regard to our use of personal data and special category personal data:
- Collect and process appropriate information only to the extent that it is needed to fulfil operational needs or to comply with legal requirements.
- Ensure the quality and accuracy of information when collected or received and during its use.
- Apply checks to determine the length of time information is retained.
- Take appropriate technical and organisational security measures based on risks to data subjects.
- Ensure that any information incidents are reported to Settled’s designated contact and where appropriate the data subject and the Information Commissioners Office.
- Mitigate risks to the data subjects in the event of an information incident using an appropriate data breach policy.
- Ensure that the rights of our data subjects can be properly exercised.
In addition, we will ensure that:
- There is someone with specific responsibility for data protection in the organisation. The post responsible for data protection is Kate Smart, CEO of Settled.
- Organisational information and in particular privacy risks are risk assessed, documented and controlled.
- Everyone managing and handling personal data and special category personal data understands that they are responsible for following good Information Governance / Assurance practice and for complying with the data protection legislation.
- Everyone managing and handling personal data is appropriately trained and supervised to do so.
- Queries about processing personal data and special category personal data are promptly and courteously dealt with within the requirements of the data protection legislation.
- Methods of handling personal information is assessed and evaluated regularly and;
- Data sharing and processing is carried out under an appropriate written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures.
- Paper files and other records or documents containing personal /sensitive data are kept in a secure environment;
- Personal data held on computers and computer systems is protected by the use of secure passwords; and individual passwords are such that they are not easily compromised.
Who do we share your personal data with
We will only share information with other organisations with your consent and if there is a tangible benefit to your situation.
The Trustee Board, the Manager and the Deputy Managers are responsible for leading and monitoring policy implementation. They will also have overall responsibility for:
- The provision of cascade data protection training for staff and volunteers within the Bureau; and
- Carrying out compliance checks to ensure adherence, throughout Settled’s network, with the Data Protection Act.
- All employees and volunteers are to be made fully aware of this policy and their duties and responsibilities under it. All employees and volunteers will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure.
Change of purpose
We will only use your personal data for the purposes for which we collected it.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Please keep us informed if your personal data changes during your relationship with us. It is important that the personal data we hold about you is accurate and current.
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information please contact Settled at [email protected]