1. Home
  2. Privacy policy

Privacy policy

Who we are

“We” and “us” means Care for the Carers (CftC). We are a charity with registered charity no. 1074906. We support and represent unpaid carers in East Sussex.

Your privacy matters

At CftC we are committed to keeping your personal data safe and secure.
This notice sets out in detail the purposes for which we process information about you, who we share it with, what rights you have in relation to that information and everything else we think it’s important for you to know.
If you have any questions about the processing of your personal information, or you would like to exercise any of your rights, please reach out to us with the details mentioned below:
Email us: sofiya@hope-may.com / niyati@hope-may.com

How we process your information:

To understand how we process your personal information and to understand your rights, please visit the relevant appendix below:

Appendix 1: Service Users (Carers)

Appendix 2: Human Resources (Job applicants, employees, volunteers)

Appendix 3: Events, Donations, Fundraising and Marketing

Appendix 4: General Information (Complaints Procedure, Your rights)

Appendix 1: Service Users

(Carers that engage with us)

How and when do we collect information about you?

We collect your personal data directly from you, when you engage with us to use or enquire about our services. Our services include providing information, support and advice, engagement and representation, digital resources, counselling, carers’ groups and social wellbeing activities.

We may collect several pieces of information in this process through different channels, such as the ‘contact us’ form on the website, consent forms, case studies and any safeguarding information we record.

The information we collect includes the following: your name, postal address, email address, details about your circumstances (including health information, and age, ethnicity, religion). During the service, you may disclose information of other individuals (e.g. Individuals you are a carer for), which would also be recorded.

How is the information used?

We use this information to:

  1. Effectively provide our services to you
  2. Address any safeguarding concerns
  3. Facilitate your enquiries and help you use services
  4. Carry out internal evaluation and monitoring

What is our lawful basis for processing this information?

  1. To process your information when you use our services, or when we receive a referral from a professional, we rely on legitimate interest, read with substantial public interest and conditions from the Data Protection Act 2018 (DPA).
  2. Any information about any third parties that is shared with us when you use our services is processed on the basis of legitimate interest, read with substantial public interest and conditions from the DPA.
  3. For any safeguarding information that we record, we rely on legitimate or vital interest, read with substantial public interest and conditions from the DPA.
  4. For any case studies, and photography that we circulate, we rely on legitimate interest, and for surveys, we rely on your explicit consent (if they are not anonymous).

Who do we share your data with?

  1. We may use legitimate interest to share your personal data with adult social care, childrens services, or your GP/medical practitioner. Each organisation acts as an individual data controller of your personal information.
  2. Personal data is not shared with funders, except where such funders are joint controllers. Otherwise, Information shared with funders is shared only anonymously.
  3. To comply with our duty of care and safeguarding, we may need to pass some information raising safeguarding concern with the authorities. In such circumstances, we apply vital interest and legitimate interest as our lawful basis. Data subjects’ rights and other UK GDPR provisions may be restricted when concerning personal data processed in these circumstances. Exceptions and exemptions are applied on a case-by-case basis.

How we store your information and for how long

We keep your information for 7 years after the end of your engagement with us. For safeguarding information, we may keep this information for 7 years, except where it is a child involved, in which case we may keep the information for 25 years (if the child has a learning disability) or 18 years for any other child.

Appendix 2: Human Resources

(Job applicants and current and former employees, trustees, volunteers)

How and when do we collect information about you?

You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment/engagement. In some cases, we will collect data about you from third parties, such as employment agencies or former employers when gathering references.

What types of information is collected about you and who provides it?

We keep several categories of personal data to carry out effective and efficient processes. Specifically, depending on your type of engagement with us, we may process the following types of data:

  1. personal details such as name, address, phone numbers, marital status, date of birth
  2. name and contact details of your next of kin
  3. footage of the organisation events where you may appear
  4. information of any disability or other medical information you have disclosed
  5. right to work documentation, National Insurance number, bank account details
  6. information gathered via the recruitment process such as that included in a CV, cover letter or application form, references, details on your education and employment history etc.
  7. information relating to your employment with us (e.g. job title, job description, salary, terms and condition of the contract, annual leave records, appraisal and performance indication, formal and informal proceedings involving you such as letters of concern and disciplinary, disciplinary and grievance proceedings)
  8. your biography and picture for the website and identity badge (if applicable)

We may also process special category of data which include health information, sexual orientation, ethnicity. We may also process criminal records information if the role involves DBS check.

How is the information used?

We are required to use your personal data for various legal and practical purposes for the administration of your contract of employment or your volunteer/ trustee agreement, without which we would be unable to employ / engage you. Holding your personal data enables us to meet various administrative tasks, legal obligation or contractual/agreement obligation. We process information in relation to the DBS for our safe recruitment practices.

What is our lawful basis for processing this information?

We mainly use ‘contractual obligation’ as a lawful basis for processing personal data for employees, job applicants and freelancers. We mainly use ‘legitimate interest’ for trustees. We may also have legal obligation in order to process and share your data, for example we need to share salary information to HRMC or use some of your data to enrol a new employee on a pension scheme.

We may rely on our legitimate interest for processing activity such as keeping supervision and appraisal records; using your image, bio and videos/pictures of the organisation’s events where you may appear on our website or marketing/fundraising materials to promote the charity.

Some special categories of personal data, such as information about health or medical conditions is processed in order to carry out employment law obligations and for health and social care obligations (such as those in relation to colleagues with disabilities and for health and safety purposes). We may also process other special categories of personal data, such as information about ethnicity, sexual orientation, health or religion or belief on the basis of substantial public interest for the purposes of equal opportunities monitoring.

When processing criminal records (for example, in order to perform DBS check), the organisation relies on the lawful basis of legitimate interest and additional conditions of the UK GDPR and DPA 2018.

Who do we share your data with?

Personal Data in relation to your salary is shared with HRMC as part of our legal obligation. Personal Data may be shared with third parties for the following reasons:

  1. for the administration of payroll, pension, HR functions (for example the online holiday booking system), administering other employee benefits (such as the Childcare Voucher Scheme) and with building security teams for the issuing of any building access
  2. When sharing information with third parties, we have data sharing agreements, data processing agreements or contracts in place to ensure data is not These third parties implement appropriate technical and organisational measures to ensure the security of your data.

How long do we keep your data?

We only keep your data for as long as we need it for, which will be at least for the duration of your employment/engagement with us though in some cases, we will keep your data for a period of 6 years after your employment/engagement has ended. If you’ve applied for a vacancy but your application hasn’t been successful, we will keep your data only for 12 months.

Some data retention periods are set by the law. Retention periods can vary depending on why we need your data. Please get in touch by contacting us using the details above if you want to know more about retention period.

Data is destroyed or deleted in a secure manner as soon as the retention date has passed.

Appendix 3: Marketing and Fundraising

Events:

We host many events in a year, and your personal information is collected when you register for an event with us. We may collect basic personal information, such as your name, email, phone number. We rely on legitimate interest to administer your registration for the event. When we collect other information such as dietary information, we rely on your explicit consent.

If you have attended an event with us previously, we may reach out to you to invite you for our future events. We rely on consent (to send you emails) and legitimate interest (to call you on your registered number with us).

Donations:

Your personal Information is provided by you via a donation form on our website or via third party donation platforms (e.g. Just Giving. GoCardless and Virgin Money Giving). The information gathered may be name, email address, Gift Aid sign up, company name if donation made by an organisation, donation details, reasons to engage, postal address.

This information allows us to process your donation, and deal with any potential enquiry. We rely on our legitimate interest to process this data. If you agree that we can claim Gift Aid on your donations we are legally required to keep a record of the claim and your Gift Aid declaration. If you are donating using a third party, please also refer to the privacy notice published on their websites.

Fundraising and Marketing:

We may reach out to you for fundraising, if you have previously engaged with us in an event, made a donation, or if we believe that you may be interested in engaging with our organisation. We may also send you marketing communications if you have signed up for marketing emails. We use texts, email, and calls for marketing.

When we make calls for fundraising and marketing, we make these calls on the lawful basis of legitimate interest. However, we will screen your calls through the telephone preference service (TPS). If you would prefer to not receive these calls, please do let us know.

We rely on your consent to send your email communications (except where this is a business email address, whereby we rely on legitimate interest).
If you would like to change your marketing preferences, please reach out to us on the email address provided in the first section of this privacy notice, or you can simply unsubscribe with the option on the bottom of the emails.

We may also use post as a mode of sending you marketing communications, relying on legitimate interest. If you would like us to not send such communications, please do reach out to us.

Appendix 4: General Information (Complaints Procedure, Your rights)

Your rights

You have the following rights:

  • ‘Right to be informed’, which means we will be completely clear and transparent about how we plan to use your personal information.
  • ‘Right of access’, which means you can request details of the personal information we hold about you and how we use it. We will provide this within one month.
  • ‘Right to rectification’, which means you can ask us to update or amend the personal information we hold about you, if it is incorrect.
  • ‘Right to restrict processing’, which means you can ask us to change, restrict or stop the way we are using your personal information.
  • ‘Right to erasure’ (or ‘right to be forgotten’), which means you can ask us to remove your personal information from our records.
  • ‘Right to object’, which means you can object to us using your personal information for marketing purposes.
  • ‘Right to data portability’, which means you can obtain the personal information we hold about you and reuse it for your own purposes.
  • ‘Right not to be subject to automated decision making’, which means if we use systems to make a decision about you, you have the right to ask for a person to intervene, which may change the outcome.
  • Right to lodge a complaint with a supervisory authority, such as the Fundraising Regulator or the Information Commissioner’s Office (ICO), if you are not satisfied with our response to a request you make to us, or you feel we are not using your information correctly.

International Data Transfers

Where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to the UK Addendum used in conjunction with the EU Standard Contractual Clauses (SCCs), or UK International Data Transfer Agreement (IDTAs). Such safeguards will be subject to Transfer Risk Assessments (TRAs).

Complaints procedure

If you are unhappy with the way we process your data, please get in touch with the DPO using the contact details mentioned above.

You can also make a complaint to the Information Commissioner’s Office (ICO), which regulates the use of information in the UK. They can be contacted at 0303 123 1113 or, you can write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Share this page:

BROWSE CATEGORIES

Care For The Carers