Privacy Notice

This document is about your data. It describes what we may do with your data, why we need your data and your rights under the General Data Protection Regulations (GDPR) of 2018.

Data Controller

Hope Community Project is the ‘data controller’. Hope Community Project determines the purposes and means of processing personal data.

Hope Community Project is a company, registered in England and Wales under number 7334536. It is also a charity, registered with the Charity Commission under number 1139362. We are registered with the Information Commissioner. Our reference number is ZA319725

Our contact details are below.

Hope Community Project

40 Ling House

Long Ley

Heath Town

Wolverhampton

WV10 0HH

01902 556645

 

enquiries@hope-cp.org.uk

Data Processing

This means collecting, recording, organising, altering, storing or using personal data. The majority of the data Hope Community Project holds is processed on our behalf by PSIAMS Systems ltd. Hope Community Project is also a data processor as we still hold some individual records on paper and electronically.

Why does Hope Community Project process data?

Hope Community Project processes personal data only when it has a lawful basis. These bases are:

  • Legitimate interests. Hope Community Project supports people in their time of need and relies on data for its daily operation. An example of this is data on individual donors, who support the charity financially.
  • Sometimes an individual will give clear consent for us to process their personal data for a specific purpose. This will include people who have allowed us to use their photograph on one of our leaflets.
  • We may need to process data to carry out a contract. This will include an employment contract or a contract to provide a service.

Hope Community Project aims to ensure the data we have about individuals is accurate and not excessive.

Special categories of personal data

Some personal information can be especially sensitive. Examples include biometrics, ethnicity, genetics, health, political views, race, religion, sex life, sexual orientation and trade union membership. We will only process such data if we have one of the six legal bases listed above or:

  • Where this data is manifestly made public by the individual.
  • Where it is necessary for a legal claim or judicial procedure.
  • Where it is needed on medical grounds, including occupational health.
  • Where a reasonable level of archiving is necessary to enable scientific or historical research in the public interest.

Transfers to third countries

Our database provider (PSIAMS Systems) operates servers in the UK and the EU where the GDPR also applies.

For how long will we keep your data?

Your data will be deleted or disposed of securely when we no longer have a legal basis to hold it. We have set retention periods for certain types of data.

  • Personal data (name, address etc.): delete after two years unless there is a valid reason for further retention.
  • Accident books: destroy 25 years after the last entry.
  • Creditors, debtors and staff or volunteer expenses: destroy six years after the end of the financial year to which these matters relate.
  • CCTV: Overwritten automatically after 21 days, unless needed as evidence in an investigation or as required by the Care Quality Commission.

Your rights

You have eight rights under the GDPR. Hope Community Project respects your rights.

The right to be informed

You have the right to be informed about the collection and use of their personal data. This document forms part of that information. We will provide specific information when we collect personal data from an individual.

The right of access

You have the right to obtain access to the personal data we hold on you. Unless your request I manifestly unfounded or excessive, we will provide this data free of charge within a month of your request. The data will be in an accessible format (see ‘the right to data portability’ below). Please contact the manager of your service in the first instance. If you are not satisfied with their response, please contact any member of staff or volunteer

The right to rectification

If the data we hold about you is incorrect or incomplete, please let us know – verbally or in writing – and we will correct it or complete it within one month. Please contact any member of staff or volunteer.

The right to erasure

If you wish to be ‘forgotten’ we will delete your data within one month of asking. Please contact any member of staff or volunteer. If your request is manifestly unfounded or excessive, we may charge a reasonable fee for this request. We may refuse your request if:

  • We need your data to exercise the right of freedom of expression and information.
  • We need your data to comply with a legal obligation or for the establishment, exercise or defence of legal claims.
  • We need your data to perform a task carried out in the public interest or in the exercise of official authority.
  • Archiving your data is in the public interest, to benefit scientific or historical research or for statistical purposes.
  • We need your data for public health purposes in the public interest.

The right to restrict processing

In some cases, you may wish us to keep hold of your data but not to use it in certain ways. For example, you may allow us to keep your photograph, but not to post it on our website. Or you may allow us to keep your address details, but not send you our newsletter. These are just two examples. If you want us to restrict processing, please contact any member of staff or volunteer.

The right to data portability

With electronically stored personal data that you have provided with consent, or personal data needed to carry out a contract, we will ensure the data can easily be transferred to you or a third party when required. We will send the data in a format (such as Word or PDF) that can be read by almost all computers, without the need for a particular software package.

The right to object

You have the right to object to your data being used for any of the following:

  • Processing that is in the legitimate interests of Hope Community Project.
  • Performance of a task in the public interest.
  • Direct marketing.
  • Processing for purposes of statistical, scientific or historical research.

Please contact any member of staff or volunteer.

Rights in relation to automated decision making and profiling

Some organisations use computer algorithms to make decisions or assumptions about people. If we ever do this we will let you know and you will be able to challenge the decision or refute the assumption with a human being. Please contact any member of staff or volunteer.

Sources of data

In most cases, when we have your data it is because you have given it to us. In these cases we will inform you of your rights when the data is obtained.

In some cases, we may have received your data from other sources. In these cases we will inform you of your rights when we are first in contact.

The data we have

We keep the data of a variety of people for the reasons listed earlier. These people include:

  • Contacts at companies, trusts and other supporting organisations.
  • Contacts at companies that do business with Hope Community Project.
  • Contacts at partner organisations.
  • Members of the public who make enquiries.
  • Members of staff, past and present.
  • Parish priests and other clergy in the Archdiocese.
  • People who apply for our jobs.
  • People who access our services.
  • Supporters of our work.
  • Volunteers, past and present.

The data we keep on individuals will vary from person to person. We take strides to ensure this information is accurate and not excessive. The data may include:

  • Name, address, telephone number and e-mail address.
  • Qualifications and work experience, for staff, volunteers and job applicants.
  • General case notes, for staff, volunteers and people who access our services.
  • Financial details, for people who give or receive money from us.
  • Interests and life stories, for people who access our services.

Data storage

We will store your data securely in locked cabinets and password-protected computers and/or “cloud-based” computer systems. Members of staff will have access to your data on a need-to-know basis. If we transfer your data, we will encrypt it. When there remains no justification to keep your data, we will delete it from our computers and shred any paper copies.

Designed by Helen Jones 2018

Translate »