If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
If you have any queries about this policy or would like to request the information we hold on you or the deletion of it you can do so by contacting Anne Nixon, Home-Start Leith & North East Edinburgh, 247 Leith Walk, Edinburgh EH6 8NY or email firstname.lastname@example.org
What is GDPR? The GDPR (General Data Protection Regulation) is the primary law that regulates how companies protect EU citizens’ personal data. To comply with GDPR a company must have a lawful basis for processing the personal information of an EU citizen. There must also be procedures in place regarding the storage and use of data in compliance with GDPR and clear information given on requests of such data and the right to be forgotten. For more information on GDPR see the Wikipedia article on General Data Protection Regulation
The lawful basis under which we may process personal information are as follows.
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Your Individual Rights
Under the GDPR your rights are as follows, depending on the lawful basis (see above).
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You can read more about your rights in detail here on the ICO (Information Commissioner’s Office) website You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.
What We Collect
We may collect the following information when you are using our website, completing our contact form, emailing or calling us.
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to service user surveys and/or offers
What We Do With Information We Gather
Information is often used to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our services.
- We may periodically send promotional emails (if we have prior permission to do so) about new services, special events or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail, if you have guven us permission to do so.
Who We Share Your Data With
We won’t ever share your data with a 3rd party, though some 3rd parties may get some data when using our website from 3rd party cookies used in things such as social sharing buttons. Our cookie control (cog icon bottom left of this site) gives options for disabling these.
Our website is built on WordPress CMS which does use some essential cookies but does not gather any personal data.
How Long We Retain Your Data
Any data from our websites contact form can be retained for no more than 2 years, without your permission.
Any data from Google Analytics shall be retained for no more than 2 years, if we choose to analytics sometime in the future. Currently we do not use any sort of Analytics and there are no Analytical Cookies in use.
Where there is no child protection / safety concerns
The family file is retained for 12 months from the date of ending Home-Start support. The file is stored securely and is marked with the date (month/year) it should be destroyed. The file will be securely destroyed at the appropriate date.
Where a child protection concern was referred by Home-Start, or the family were subject to a Child Protection Plan
The family file is retained for 6 years from the date of ending Home-Start support. The file is stored securely and is marked with the date (month/year) it should be destroyed and stored securely. The file will be securely destroyed at the appropriate date.
The volunteer file is retained for 12 months after the volunteer has ceased to be a Home-Start volunteer. Sufficient info in order to provide a reference may be retained. Exception: if an allegation has been made about the volunteer, the volunteer file should be retained until the volunteer reaches normal retirement age or for 10 years if that is longer.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic managerial procedures to safeguard and secure the information we collect.
A cookie is a small file which is placed on your computer’s hard drive. The cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies also allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Links To Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling Your Personal Information
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under GDPR. If you would like a copy of the information held on you please contact Anne Nixon, Home-Start Leith & North East Edinburgh, 247 Leith Walk, Edinburgh EH6 8NY or email email@example.com