At Age UK Somerset, we’re committed to protecting and respecting your privacy.
Age UK Somerset is a registered charity (number 1015900) and company limited by guarantee (number 2717676). The registered address is Age UK Somerset, Ash House, Cook Way, Bindon Road, Taunton TA2 6BY
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This policy is kept under regular review and may change from time to time.
If you have any questions around this policy, you should contact our Chief Executive who is the Data Protection Officer at email@example.com or in writing to the registered address: Ash House, Cook Way, Taunton, Somerset, TA2 6BJ.
Last policy update: May 2021
How do we collect information from you?
Information you give to us
We may collect and store information about you when you interact with us. For example, this could be when you:
- Support our work through a donation
- Fundraise on our behalf
- Register for an event
- Submit an enquiry
- Register for or use our services
- Give us feedback or make a complaint
- Apply for a job or register as a volunteer
Information you give us indirectly
Your information may be shared with us by third parties, which might include our service partners or from information gained through your interaction on our social media platforms. The information we receive will depend on the privacy preferences you have set on those types of platforms.
Information we get from your use of the website
Whenever you provide us with your personal information via our website “Site”, we will treat that information in accordance with this policy, our terms and conditions and current UK Data Protection legislation.
By using the Site and any services we offer via our Site, you are agreeing to be bound by this policy.
When you visit the Site, we collect various personal information which may include your name, address, contact details, IP address, and information regarding which pages are accessed and when. These are known as ‘Cookies’. Cookies are tiny software files that are stored on a computer or mobile device when an individual visits a website.
For more information about the different types of cookie or how to control and delete cookies, visit the ‘About Cookies’ website at: http://www.aboutcookies.org.uk/ .
What type of information is collected from you?
The personal information we collect might include:
- Name and contact details (including postal & email addresses and phone number)
- Date of birth
- IP address
- Other information relating to you personally which you may choose to provide
Data protection law recognises that certain types of personal information are more sensitive. This is known as ‘sensitive’ or ‘special category’ personal information and requires greater protection. We will only collect sensitive information about you if there is a clear and valid reason for doing so and data protection laws allow us to.
For example, we will ask for certain information relating to your health where this is necessary to protect your vital interests or for the provision of health or social care or treatment under contract with a health professional. Clear notices will be provided at the time we collect this information, stating what information is needed and why.
With your explicit consent, we may also collect sensitive information if you choose to tell us about other personal information, such as that relating to equality and diversity monitoring.
How is your information used?
We may use your information to:
- Process a donation that you have made
- Respond to your request or enquiry
- Provide goods or services
- Obtain your feedback to help us improve our service
- Monitoring and evaluating our services (to improve current and future delivery)
- Processing an application to work or volunteer with us
- Provide you with administrative information regarding your relationship with us
- Record and deal with a complaint
- Complete other essential internal record keeping purposes
- Collect your contact details for the purposes of NHS Track and Trace
- Protect your vital interests (where we reasonably think that there is a risk of serious harm or abuse to you or someone else)
- Comply with legal, regulatory and tax obligations
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for their marketing purposes.
In certain circumstances, it may be necessary to share your information with our technical support service providers who help us to manage our organisation’s infrastructure. These providers will only act under our instruction and are subject to contractual commitments containing data protection clauses.
It may be necessary to pass your information to a third party in order to process a service but we will only share the personal information necessary to deliver the service and where you have provided your consent for us to do so.
It may be necessary to share your information with a third party on the basis that we are jointly undertaking or being commissioned to fulfil a contract with them. This may include the requirement to quality audit our work. In many cases, this information is anonymised. Where individuals are identifiable, we will tell them prior to providing us with their data or we will seek their explicit consent before sharing with these third parties.
We will comply with requests where an information disclosure is required by law.
We may transfer your information to a third party as part of a sale of some or all of our business and assets.
We will maintain records of staff, clients and visitors to help identify people who may have been exposed to the Coronavirus and enable contact tracing to be carried out by NHS Test and Trace. Records will comprise the names of people attending our office or present at a service we are providing, with their contact details and date/time of arrival and departure. A record will only be shared with NHS Test and Trace if it is specifically requested by them. (You should inform us if you do not want your details to be shared). Where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit. NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order).
We may also share your information with the emergency services if we reasonably think there is a risk of serious harm or abuse to you or someone else.
The GDPR requires us to rely on one or more lawful grounds to process personal information. The following are the grounds we use:
- Consent – where you have provided specific consent to us using your personal information in a certain way. For example, storing your name and contact details to tell you about our other goods and services that may interest you
- Performance of a contract – in administering our personnel
- Legal obligation – where we must comply with a legal or regulatory obligation to which we are subject. For example, for the processing of gift aided donations
- Vital interests – where it is necessary to protect life or health (such as in the case of a medical emergency suffered by an individual who is using one of our services at that time) or a safeguarding issue which requires us to share your information with the emergency services
- Legitimate Interests – where it is reasonably necessary to achieve our or others' legitimate interests. We consider our legitimate interests to be providing quality information and services that meet the needs of our clients, whilst protecting the charity against risk and running an efficient and safe organisation. This may be to:
- Fulfil your request for information about our services
- Enable us to provide you with a specific service you have requested
- Provide data to our partners to support funding for service provision
- Comply with our duty of care to clients under health and safety provisions
- Administer our workforce
- Administer our suppliers
- Handle and respond to complaints
How long will we keep your information?
We will keep your personal information for no longer than necessary, but this may mean that we will continue to hold some information for a period of time after our relationship has ended. This is to comply with our legal and regulatory obligations to keep records of our relationship, resolve disputes or where it may be needed to defend potential future legal proceedings. How long we keep information is set out on our Retention Schedule, which is reviewed on a regular basis.
Keeping your information safe
When you give us personal information, we take steps to ensure that it’s treated securely. We have implemented appropriate technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access/use, alteration, damage, destruction and accidental loss.
Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our Site and you do so at your own risk.
Our Site may contain links to other websites. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by them. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
When you are using our online donation link, your donation is processed by Virgin Money Giving, who specialise in the secure online capture and processing of credit/debit card transactions.
Current data protection legislation provides the following rights for individuals, which our organisation provides to you:
- Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you free of charge. Please make all requests for access in writing to the contact details below.
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
- Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. This erasure may mean that if you wish to receive a service from us in future, you will need to re-submit any information we require before we can provide you with that service.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
- No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
We will respond within 30 days following receipt of your written request and once the identity of the person who has made the request has been verified.
To exercise any of the above rights, please contact our Data Protection Officer (Chief Executive) stating which of the above rights you would like to enforce and the personal information to which it relates.
Make your request to:
The Data Protection Officer
Age UK Somerset
Cook Way, Bindon Road
Somerset TA2 6BJ
Tel: 01823 345610
16 or Under?
If you are aged 16 or under‚ please get your parent / guardian's permission beforehand whenever you provide us with personal information.
If you want to make a complaint in relation to how we have handled your personal information, please follow our complaints procedure which can be found online at: https://www.ageuk.org.uk/somerset/about-us/making-a-complaint/ or ask us for a paper copy.
If you are not satisfied with the response you receive, you can raise your concern with the UK’s statutory body for data protection: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Alternatively, you can contact them by phone on: 0303 123 1113 or 01625 545745 or visit their website: https://ico.org.uk .
Age UK Somerset is registered with the Information Commissioner's Office as a Data Controller under registration number Z7669486.
Sign up to receive our newsletter by email.