SiT Privacy Policy – Service Users
This notice applies to all Survivors in Transition (SiT) data subjects (a living individual, in this case a service user of SiT) whose personal data is collected, in line with the requirements of the General Data Protection Regulation (GDPR) 2018. SiT is a registered Charitable Incorporated Organisation (CIO) with the Charity Commission No. 1159782 and registered with the ICO ZA529178.
Responsibilities
Personal Information
SiT is committed to the responsible handling and protection of personal information.
Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
We collect, use, disclose, transfer, and store personal information when needed to provide our services effectively and for our operational and business purposes as described in this Privacy Notice. We want to be clear about our privacy practices so that you can make informed choices about the use of your information.
How we use your information
SiT processes (collects, stores and uses) personal information for the following purposes:
We are committed to ensuring that the information we collect and use is appropriate for these purposes and does not constitute an invasion of your privacy.
Special Category Information
Occasionally we process what may be considered special category information (sensitive personal information).
Sensitive personal information is a subset of personal information and is generally defined as any information related to:
We will only process this information if it is necessary to support you whilst you are a SiT service user. If we wish to pass your sensitive personal information onto a third party we will only do so once we have obtained your written consent unless we are legally required to do otherwise.
Lawful Processing
We must have a valid lawful basis in order to process your personal information. This ensures that the processing is necessary.
The following information explains what personal information we process and the lawful basis for processing against each purpose.
1. Provision of support, therapy and group activities
Lawful basis – Contract
When you come into contact with SiT we will ask you to provide personal information that is necessary to manage and support (sustain) the services that we provide. When you contact us, we will update and add notes to our computer systems and files. Access to your personal information will be limited to members of SiT requiring information to carry out our business. We may pass your personal information on to third-party service providers contracted to SiT, or to whom SiT is contracted to. Any third parties that we may share your information with are obliged to keep your details securely, and to use them only to fulfil the services they provide on our behalf.
Personal details will include:
Full name, DOB, gender, age, health-related issues, disabilities and vulnerabilities, communication needs, next of kin, correspondence address, diversity information including: nationality, gender, sexual orientation, first language, ethnic origin and religion/beliefs, pregnancy/maternity, gender re-assignment, age, marriage or civil partnership.
Communication with SiT including:
Lawful basis – Legitimate Interest
We process personal information for certain legitimate interests related to the business purposes listed above. ‘Legitimate Interest’ means the interest of our charity in conducting and managing our business (to enable us to give you the best service in the most secure way).
Lawful basis – Legal Obligation
We process personal information for certain legal obligations. This is where the processing is necessary to comply with legislation or the law.
2. For the welfare of our service users
3. Legal proceedings
4. Feedback from research and surveys on how we can provide better services
5. Communication with our service users to provide updates relating to our business, appointments and services
6. Information, system, network, and cybersecurity
7. General corporate operations and due diligence
How long we keep your personal information
We will hold your personal information securely while you are a service user with us.
Records will be held in line with retention legislation, following which we will delete all personal information unless you owe us any money, have ongoing legal proceedings with us, or where there is a logged complaint.
Document | Time retained | |
Service users - | If alive | If deceased |
Counselling records | 20 years | 8 years |
Psychological therapies/assessment | 20 years | 8 years |
Video/voice recordings | 8 years | 8 years |
Post suicide | 10 years | |
Referral letters | 20 years | 8 years |
Not taken on | 2 years |
How we secure personal information
SiT takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our data processing, data protection and IT policies and procedures are closely aligned with widely accepted standards and are reviewed annually and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
Policies and procedures
We have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data including the following:
Your rights as a data subject (service user of SiT)
At any point while we are in possession of your personal data you, the data subject, have the following rights:
GDPR gives you greater control over your data held by us.
You may express your rights, in writing or verbally, by addressing your request to SiT, by:
We may need identification or other information to confirm who you are. This will clarify your right to access the data and exercise your rights and avoid incorrect disclosures.
Valid forms of identification may include a passport, driving licence or birth certificate.
SiT will respond to your request within one calendar month.
Normally, no fee will be charged unless the request is excessive.
If we are unable to fulfil your request (for example, a legal obligation), or need to take longer to process your request, we will explain why.
Complaints about SiT mishandling your information
Right to judicial review: if SiT refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the Information Commissioner’s Office (ICO) details below:
Information Governance department
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Policy Monitoring Matrix:
Original Policy Prepared by: | F Ellis | |
Date of 1st Issue | 05/2018 | |
This Version | 4.0 | |
Last Date Reviewed & Board Ratified | 06/2021 – F Ellis | |
Further information to assist with implementation of this policy | ||
Distribution | All volunteers, staff and trustees have signed a compliance statement stating they have read and will adhere to this policy / procedure |
Failure to comply with SiT policies and procedures will be addressed without delay and may ultimately result in dismissal/exclusion from the organisation.
We are grateful for your support, all donations and fundraising go directly towards the costs of supporting survivors - you can easily donate to us here.
Charitable Incorporated Organisation Registered with Charity Commission No. 1159782