Brighton and Hove Speak Out Privacy Notice
This notice applies to all data subjects whose data is processed by Brighton and Hove Speak Out.
The Data Processor (Brighton and Hove Speak Out) is responsible for ensuring that all potential data subjects have sight of this notice prior to the collection and/or processing of their personal data by Brighton and Hove Speak Out.
All employees of Brighton and Hove Speak Out who interact with data subjects are also required to ensure that this notice is brought to the attention of all data subjects, securing their consent for the processing of their personal data. An easy read version is written into the consent form for people with learning disabilities.
- Privacy Notice
Brighton and Hove Speak Out will use the personal data collected from you for the following purposes:
- To carry out our direct project work with people with learning disabilities
- To support volunteers
- To meet funder requirements
- To promote our work
You hereby confirm that you are consenting to Brighton and Hove Speak Out’s use of your personal data for the aforementioned purposes(s) and are granting Brighton and Hove Speak Out permission to carry out those actions and/activities.
You may withdraw your consent at any time by reading our Right to Withdraw Consent Procedure 92017-I
- What is Personal Data?
The EU’s General Data Protection Regulation (“GDPR”) defines “personal data” as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The GDPR classifies certain data as belonging to “special categories”, as follows:
* Racial origin;
* Ethnic origin;
* Political opinions;
* Religious beliefs;
* Membership to a trade-union;
* Genetic data;
* Biometric data;
* Health data;
* Data concerning a natural person’s sex life;
* Sexual orientation; and
The GDPR requires that consent is provided by the data subject for all types of personal data, including those pertaining to the special categories set out above and otherwise. Consent must be explicitly provided.
When Brighton and Hove Speak Out requests sensitive data from data subjects, it is required to confirm why the information is required and how it will be used.
- Why does Brighton and Hove Speak Out need to collect and store personal data?
Brighton and Hove Speak Out is committed to ensuring that all personal information collected and processed is appropriate for the stated purpose(s) and shall not constitute an invasion of your privacy. We may share your personal data with third party service providers who are contracted by us and we shall ensure that they will hold your personal data securely and shall use it only in order to fulfill the service for which they are contracted. When there is no longer a service need, or the contract comes to an end, the third party will dispose of all personal data according to our procedures. We will never share your personal data with third parties until we have received your consent, unless we are required do so by law.
- How Brighton and Hove Speak Out uses your information
Brighton and Hove Speak Out will process your data (i.e. collect, store and use) according to the requirements of the GDPR at all times and shall endeavor to keep your personal data up-to-date, ensuring its accuracy and will not keep it for longer than it is required. In some situations, there are set legal requirements for the length of time that Brighton and Hove Speak Out will retain your personal data but usually Brighton and Hove Speak Out will use its discretion, ensuring that personal data is not kept outside of our usual business requirements.
We shall never be intrusive or invasive of your personal privacy and shall not ask you to provide data that is irrelevant or unnecessary and we will enact strict measures and processes to ensure that the risk of unauthorised access or disclosure of your personal data is minimised as much as possible.
We will only use your personal data for the following purposes:
- Direct project work: We collect the following information in order to maintain clear case records and be able to support people with learning disabilities through 1:1 and group advocacy and other direct projects. We collect name, address, telephone numbers, email address, date of birth, communication needs or issues plus any reasonable adjustment required, additional health details if relevant, details on presenting issues and/or advocacy support required, emergency contact information and, if needed, support requirements. Any professional assessment (e.g. care plans etc.), living arrangements if required in order to support but not as a rule
- Volunteers and staff: Information is collected in order to contact and support volunteers and staff in order to carry out their roles. Name, address, telephone number, email address, NoK and bank details (for pay and expenses)
- Special category personal data: this includes this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, information about your health (disability). No one is obliged to give this information to us, however, if people choose to share this information it is used to report equal opportunities information anonymously to funders (if required) and to improve our services by ensuring that we are reaching everyone we need to in the course of our work.
- Website & Newsletter Registration: contact info; (i.e. information such as name, address, telephone number, email address). This is used to send out newsletters and other information about our work and events in order to promote what we do.
- Document owner
The data processor is the owner of this policy document and must ensure that it is periodically reviewed according to the review requirements contained herein.
The latest version of this policy document dated 21st May 2018 is available to all employees of Brighton and Hove Speak Out in the GDPR policy folder