Website Privacy Statement
The purpose of this privacy statement is to explain how Age UK Norfolk processes personal data to fulfil our data protection responsibilities in general terms. The scope covers all related activities by our staff and volunteers when responding to anyone seeking our support, whether directly or on behalf of someone else. This statement is provided for information only and is not conditional for the use of our services.
Our role in data protection terms is that of a data controller where we determine the purpose and use of the personal data being processed. It is the responsibility of our privacy manager (PM), contactable using firstname.lastname@example.org, to ensure it is processed in accordance with the UK’s latest data protection legislation.
The sort of personal data we process will be contact details sufficient to answer your immediate enquiries. It may also be necessary to ask for data concerning health depending on your needs. Although the information we ask for will be kept to a minimum, if you do not provide this, we may not be able to fulfil our obligations to you.
Age UK Norfolk’s duty of confidentiality means that our staff will treat your personal data with respect and in confidence. It will only be disclosed to those that need to know it. We also expect the same duty of confidentiality of all third parties with whom we share your personal data. We use appropriate organisational and technical measures to secure all company information. All processing takes place on-site with routine back-ups performed on UK based servers.
We always process your personal data against a lawful basis in instances described below:
- To comply with our legal obligations where they apply
- To respond to your general enquiries and stay in touch with you after you have finished using our services, we will do so in pursuit of our legitimate interests
- When necessary for the performance of a contract with you and its prior preparation
- When processing for a pre-defined purpose for which your consent will be sought typically this happens when we ask to use your stories/ experience with Age UK N for our promotional material and/or possibly to use your health related information
Please note you may withdraw your consent at any time by contacting the PM although in some circumstances, this will impact the way we provide our services to you
In all cases we will process your personal data in accordance with the principles of data protection as set out in the UK data protection legislation.
We will share personal data, but only when necessary, with some or all of the following:
- The Inland Revenue (HMRC) for invoice purposes
- Solicitors appointed by us to handle any client matters if necessary
- An IT support company which is subject to a data processing agreement
- Accountants appointed by us for payment handling and related record keeping
- Contractors for outsourced services who are subject to a data processing agreement
- Other relevant organisations with whom we must liaise to provide a complete service
Age UK Norfolk follows a retention schedule to determine the length of time it holds different types of personal data. The personal data we collect from you for the provision of our services will be retained indefinitely. Paper copies for which an equivalent electronic record has been made, will be destroyed after 7 years. Please note that this does not affect your rights and all requests will be considered and actioned appropriately.
When required, we will either return, destroy, or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, we will put it beyond operational use. We allow ourselves up to one month after the request has been received to complete this action.
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations). For convenience, these are shown below:
- Right to be informed as to how your personal data is being processed by us – this is done through this statement or specific privacy notices when issued separately
- Right to access your personal data held by us which is done by making a Data Subject Access Request to our PM
- Right to rectification of your personal data if you believe we have collected or recorded it incorrectly, or it needs to be updated
- Right to erasure of your personal data for which we no longer have a legitimate purpose to process or where your interests outweigh our own
- Right to restrict processing during which time your personal data will be held but not used operationally until the related matter is resolved
- Right to data portability of your personal data in a machine-readable version, as you have provided but only applicable to data provided with your consent or under contract
- Right to object to us processing your personal data for which there is no associated legal or contractual obligation
- Rights related to automated decision making and profiling however Age UK Norfolk does not use these techniques in its decision making
Raising concerns, exercising rights, or making queries about our processing of your personal data can be done by contacting the PM. Please be aware that we need to be sure of your identity before responding fully, therefore, you may be asked for proof of your ID. In any event, you have the right to contact the ICO directly over any concerns you may have, using the details provided above, but naturally we would welcome the opportunity to handle any concerns you have first.