This policy relates to our website
Age UK Croydon Group is committed to protecting and respecting your privacy and security. Whenever you provide us with your personal information via our website "Site(s)", we will treat that information in accordance with this policy, our terms and conditions and current UK Data Protection legislation. By using the Site and any services we offer via our Site, you are agreeing to be bound by this policy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy may change from time to time, so please check this page periodically.
Age UK Croydon is a registered charity (number 1081013) and company limited by guarantee (number 3921436). The registered address is Age UK Croydon, 81 Brigstock Road, Thornton Heath, CR7 7JH.
Cookies are tiny software files that are stored on a computer or mobile device when an individual visits a website. Cookies allow websites to recognise that a user on an individual computer has previously visited the site. The cookies save some information about that user for when they access the site again in the future. You can find out what cookies the Age UK Croydon website uses in the table below.
For more information about the different types of cookie, visit the About Cookies website.
|UserSetting||This functional cookie remembers the individual's colour and location preferences so that next time they use the site these are displayed rather than the sites default settings.|
|ASP.Net_SessionId||When you access this website a cookie is generated with a unique session ID. This cookie will expire when the browser is closed.|
|vidi||This cookie enables Age UK's Intellitracker software that helps us analyse information such as visitor numbers and browser usage so we can continue to improve your experience of our website.|
|BCSI-CS-5B059C53EB35D97E||The information in this cookie is used to track the activities of individuals who have visited this site via third-party websites.|
|__utma / __utmb / __utmc / __utmz||Age UK uses a tool called Google Analytics to give us statistical data on the performance of our website. These cookies are placed by Google Analytics.|
The Age UK Croydon Group would like to keep in touch with you to let you know about the vital work we do for older people, our products and services. By submitting your email, address and phone number(s) on our Site, you are agreeing to being contacted in these ways by Age UK Croydon and its group of companies. You can unsubscribe from these communications at any time.
If you do not wish to continue receiving information from us or carefully selected third parties please email us at DPO@ageuksutton.org.uk or telephone us at 0208 915 2233.
Occasionally, we may share your data with other organisations that we work with. We will usually inform you (before collecting your data) if we intend to share your data with any third party. You can exercise your right to prevent such processing by ticking (or not ticking where applicable) certain boxes on the forms we use to collect your data. You can also exercise your right to ask us to stop processing your data in this way at any time by contacting us at DPO@ageuksutton.org.uk.
Age UK Croydon and a number of its trading and associated companies are registered as a Data Controller with the Information Commissioner. Age UK Croydon is the Data Controller for the purposes of collecting your information on our Site(s).
1. What personal information is collected from you
When you visit the Site we collect various personal information which may include your name, address, contact details, IP address, and information regarding what pages are accessed and when. If you make a donation online or purchase a product from us, your card information is collected by our partner organisation Charities Aid Foundation (CAF), but is not held by us. If you supply such information we are legally bound by the Data Protection Act 1998.
2. How your information is used
We may use this information in the following ways :
•Process orders submitted by you;
•to carry out our obligations arising from any contracts entered into by you and us;
•verify your identity;
•seek your views or comments on the services we provide;
•notify you of changes to our services;
•improve our services or marketing purposes;
•send you communications which you have requested and that may be of interest to you.
These may include information about campaigns, appeals, other fundraising activities, promotions of our associated companies goods and services.
3. Who has access to your information
We are committed to protecting the personal data of our supporters, customers and members. Any details you give us will be held in accordance with the Data Protection Act 1998. Age UK Croydon (including its associated and subsidiary company) is the sole owner of the information collected on this Site. We will not sell, share, or rent this information to third parties, unless we have your explicit permission to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. Where you have given us permission we may contact you about other services and products or pass your details to similar organisations.
4. Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it is treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL.
When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Age UK Croydon Group cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
5. Stipulations regarding use of the discussion boards
Any communication or material that you transmit to, or post on, any public area of the Site including, but not limited to, any data, questions, comments, suggestions, reviews, or the like, is, and will be treated as, non-confidential and non-proprietary information. When entering the discussion forum, you agree not to publish, post, disseminate distribute or otherwise transmit any defamatory, offensive, infringing, indecent or otherwise unlawful or objectionable material or information.
Age UK Croydon Group will not be responsible for the posting by any user of any defamatory, obscene or otherwise unlawful material. Age UK Croydon Group has the right to remove any material or posting you make on this Site at its discretion.
6. What happens when visitors link to another site?
We do not pass on any personal information about our visitors to any other site. In addition, if you linked to this Site from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site and contact the owner or operator if you have any concerns or questions.
7. 16 or Under
If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide personal information to the Site. Users without this consent are not allowed to provide us with personal information.
8. Contact us
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by sending an e-mail to us at DPO@ageuksutton.org.uk or telephone us at 0208 915 2233.
9. Transferring your information outside of Europe
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
This notice relates to information we gather in the organisation
1. About this document
1.1 During the course of our activities AGE UK CROYDON will process personal data (which may be held on paper, electronically, or otherwise) about our clients, staff and volunteers and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the General Data Protection Regulations (GDPR). The purpose of this notice is to make you aware of how we will handle your personal data.
2. Personal Identifiable Information
2.1 The Personal Identifiable Information on Age UK Croydon’s website: Information will be submitted through online forms on the Age UK Croydon website. There are two forms; contact us and room booking request. This information includes, title, first name, last name, telephone number, IP address and email address.
2.2 The Personal Identifiable Information collected on Age UK Croydon’s Advice Services Croydon Helpline; Name, title, address/contact details, email, telephone number, email, , Date of Birth, conflict of interest (where relevant to the enquiry), eligibility for service, nature of enquiry, carer details, Advice Plan (advice given, this could include any signposting to other organisations), Action Plan, Casework, Advocacy, Date of referral and Details of Referrer (if any). AUKC may ask for ethnicity, Gender, type of care (if applicable) Benefits check (where relevant) national insurance number (if applicable), Health conditions (where relevant), Hospital admission (where relevant) type of housing (where relevant), nature of support required.
2.3 The Personal Identifiable Information collected by the Advocacy project: Name, contact information (Address, email address, telephone number(s), Date of Birth, Health condition, Details of referral (date and details of referrer), nature of support required, Information and communication needs. We may ask for National Insurance number, GP details for the purpose of medical information, Next of kin, Income details, all details relating to financial situation, Ethnicity , Gender.
2.4 The Personal identifiable information collected by the Healthier Lifestyles project: Name, title, Address/Contact details, telephone number, email (if applicable), Date of Birth, Health Conditions and medication taken (where relevant), Details of weight and blood pressure checks, details of referral, details of referrer (if any), nature of support required, next of kin details / emergency contact (if applicable), Health professionals details, information and communication needs. Age UK Croydon may ask for Ethnicity, Gender.
2.5 The Personal identifiable information collected by Home Services project: Name, address, telephone number, email (if applicable), Date of Birth, Property access information, details of other support received, health conditions (where relevant), details of referral, details of referrer (if any), Nature of support required, next of kin details/emergency contact (if applicable), other property information. i.e resident and size, Information and Communication needs. Age UK Croydon may ask for the following Ethnicity, Gender and Marital Status.
2.6 The Personal Identifiable information collected by the Personal Safety project: Name, contact details, telephone number, Date of Birth, Gender, Health Conditions (where relevant), Date of referral, Details of referrer (if any), Nature of support required, next of kin details, property tenure (if applicable), details of benefits (where applicable), Ethnicity
2.7 The Personal Identifiable information collected by the Personal Independence Coordinator project: Title, Name, Address, telephone number, mobile number, Date of Birth, Information and Communication needs, Safeguarding concerns, Conflict of interest, Disability, GP Practice code, Source of referral, Health conditions, Mental Health Capacity, Personal goals, Any risks visiting the client, NHS number, Friends and Family survey, Mental wellbeing and loneliness score, services referred too, complaints. We may ask for Mental Health conditions, accommodations arrangement, professional involved, Carer, Primary contact (emergency contact) details, Engagement outcome (what happened as a result and paperwork), Financial and Social situation, Gender, Key Safe number, Ethnicity.
2.8 The Personal Identifiable Information collected from Reablement – Home from Hospital project as detailed in Advocacy.
2.10 Complaints, Compliments and Comments – this will gather information from clients who have complimented us or made a complaint. This information is likely to contain name, email address and phone number, as well as sensitive information around a complaint, which could relate to an individual.
2.11 Personal Identifiable information on accounting software, Xero:. Information on Xero contains contact and financial information of the organisation. Includes sales and purchase invoices to govern the finances of the organisation. Includes clients name, address and sales invoice.
3. Data protection principles
3.1 We will comply with the eight data protection principles in the GDPR, which say that personal data must be:
(a) Processed fairly and lawfully.
(b) Processed for limited purposes and in an appropriate way.
(c) Adequate, relevant and not excessive for the purpose.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with individuals' rights.
(h) Not transferred to people or organisations situated in countries without adequate protection.
3.2 "Personal data" means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
4. Fair and lawful processing
4.1 We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the GDPR.
4.2 We will only process "sensitive personal data" about ethnic origin, political opinions, religious or similar beliefs, trade union membership, health, sex life, criminal proceedings or convictions, where a further condition is also met. Usually this will mean that you have given your explicit consent, or that the processing is legally required for employment purposes. The full list of conditions is set out in GDPR.
5. How we are likely to use your personal data
5.1 We will process data about staff for legal, personnel, administrative and management purposes and to enable us to meet our legal obligations as an employer, for example to pay you, monitor your performance and to confer benefits in connection with your employment.
5.2 We may process sensitive personal data relating to staff including, as appropriate:
(a) information about an employee's or volunteer’s physical or mental health or condition in order to monitor sick leave and take decisions as to the employee's fitness for work;
(b) the employee's or volunteer’s racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation;
(c) in order to comply with legal requirements and obligations to third parties.
6. Processing for limited purposes
We will only process your personal data for the specific purpose or purposes notified to you or for any other purposes specifically permitted by GDPR.
7. Adequate, relevant and non-excessive processing
Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
8. Accurate data
We will keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
9. Data retention
Clients that have not been in contact with Age UK Croydon for two years only minimal personal information will be kept. These details will be limited to: first initial, surname and name of project. This data will be used only for the purposes of identification in relation to legacies. Data related to their interaction with any projects will be preserved online, with any personal identifiable information permanently anonymised. This allows Age UK Croydon to continue reporting on project activity without risking personal identifiable data. Clients that have received financial advice will have record kept for 6 years.
We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required. For guidance on how long certain data is likely to be kept before being destroyed, contact DPO@ageukcroydon.org.uk
10. Processing in line with your rights
You have the right to:
(a) Request access to any personal data we hold about you.
(b) Prevent the processing of your data for direct-marketing purposes.
(c) Ask to have inaccurate data held about you amended.
(d) Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
(e) Object to any decision that significantly affects you being taken solely by a computer or other automated process.
11. Data security
11.1 We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
11.2 We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.
11.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
12. Providing information to third parties
We will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to the data. Where we do disclose your personal data to a third party, we will have regard to the eight data protection principles.
13. Subject access requests
If you wish to know what personal data we hold about you, you must make the request in writing. All such written requests should be forwarded to Data Protection Officer at DPO@ageukcroydon.org.uk
14. Breaches of data protection principles
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with your line manager. Any breach of GDPR will be taken seriously and may result in disciplinary action.
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.
16. Google analytics
The Google analytics settings for retention is 26 months. The timer is reset upon new user activity.
17. Purpose of the personal identifiable information
Accommodation arrangements - tailor the service to the need of the client
Advice and Action plan, casework and Advocacy is to ensure effective implementation of the Quality standard.
All details relating to your financial situation – for the purpose of establishing level of debt; assisting with money management / budgeting; writing to creditors on behalf of client; applying for funding; applying for exemptions.
Any risks visiting the client safeguard the client and AUKC employee and volunteers
Benefits check - eligibility for benefits and other services.
Carer details – funders requirement: tailor advice and support.
Conflict of interest is to determine whether we are objectively support.
Date of Birth allows to keep statistics for funders and demographic of service user; case history; Collected for emergency incidents; to ensure that the service is meeting the needs of the people of the Borough of Croydon
Date of referrer and referral details - requirement from funder; to make referral for additional services to be delivered so clients can achieve their goals; collect reason for referral; continuity; Collected for quality checking of service; processing of referrals; Collected for provision of service; for contacting referrer
Disability – funder requirement; tailor service to the needs of the client
Eligibility of service to ensure comply with legislation.
Email to be able to offer accessible information promptly. For the purpose of Home Services Collected for contact in provision of service and for invoicing
Emergency contact/Primary contact - to use in an emergency or support the client through the service, support engagement needs
Engagement outcome - what happened as a result of the service; funder requirement to make sure the service delivers for the client.
Ethnicity to ensure representing demographic of Croydon and statistical monitoring for funders. Collected to ensure that the service is meeting the needs of people in the borough of Croydon; for information for Age UK Croydon funders
Financial and Social situation - to tailor the advice and support to the client.
Friends and Family survey - funder requirement, measure whether the service has met the persons needs
Gender, as described for date of birth but also statistical monitoring of service. Collected to ensure that the service is meeting the needs of people in the Borough of Croydon; for information for Age UK Croydon funders
GP Practice code - funder requirement and liaise with the practice to achieve best outcomes for clients
GP details - to request a medical report for the purpose of requesting a write-off of debts; adding GP details to the Power of Attorney form
Health condition relevance to advice plan. Health conditions and medication taken for consultation and exercise readiness; funder requirement; tailor and personally support client: Collected for efficient provision of service; for safeguarding clients; for emergency incidents; for qualification for VAT relief
Hospital admission – any referral to social services or certain attendance allowance and Personal Independence payments.
Income details - to establish any benefit entitlements; to draft a Financial Statement.
Information and Communication needs to comply with the Accessible Information Standard 2016. Collected for provision of service, contact, client accessibility
Key safe – to gain access to the client’s home when they cannot open the door, so the service can be delivered
Marital Status - Collected to ensure that the service is meeting the needs of people in the Borough of Croydon; for service provision
Mental health capacity – to safeguard the client
Mental Health conditions - tailor the service to the need of the client
Mental wellbeing score and loneliness score - funder requirement, measure whether the service has met the clients needs
Monitor health conditions (blood pressure, weight) - To ensure clients are fit to exercise, to keep a record of their health conditions and monitor blood pressure and weight
Name, Title, Address, telephone number and contact details: Purpose is to correspond with client and liaise with the client and identify client. For the purpose of Home Services, Name, Address telephone number collected for provision of service and for invoicing
National Insurance number – relevance for processing benefit application; to check benefit entitlement: to apply for a benefit; if referring to the GP for supporting statement; to check for any unclaimed pensions.
Nature of enquiry – how we assess a query and ensures effective implementation on Quality standard.
Nature of Support required to allow effective support geared to the individual; allow to asses how we give support; future support requirements
Next of Kin– in the event of a medical emergency. To arrange appointments through the next of kin, (perhaps due to the client not having a phone etc.); lacking elements of capacity; poor memory for the purpose of remembering appointments; discussing responsibilities of Power of Attorney. In an event of emergency during outreach work.
NHS number - liaise with health professionals to give the nest service to the client
Other property information i.e. residents and size – Collected for provision of service; for risk assessments
Personal goals - funder requirement to achieve the best outcome for the client
Professional involved - create integrated working so clients care can be linked up for the best outcome of the client
Property access information – Collected for provision of service
Property tenure – to ensure projects like the Personal Safety Project can make internal adaptions to client’s homes with the owners permission.
Services referred too - follow up and make sure clients receiving the agreed service
Source of referral – funder requirement
Type of care – to be able to assess and advice.
Type of housing – looking at eligibility for housing and other services.
Xero – information collected on Xero to ensure governance of the organisation’s finances.