Faithworks is a local independent Christian charity, passionate about helping people not only get out of crisis or isolation,but ‘journeying’ with them until they thrive.
We are committed to protecting and respecting your privacy when you use our services, if you work for us or provide services to us.
This Policy explains how we collect, use and store your personal data. It sets out the basis on which any personal information provided will be processed and how we protect your privacy.
We have a process that makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Chief Executive Officer, who is responsible for our Data Control, on 01202 429037.
What is personal data & why do we need it?
Personal data is defined as any information relating to an identified or identifiable person (the ‘data subject’ in legal terms).
We may need to use some information about you to:
- Deliver services and support to you.
- To be able to offer our clients the best advice based on their circumstances.
- Manage those services we provide to you.
- Train and manage the staff and volunteers who deliver those services.
- Help investigate any worries or complaints you have about your services.
- Check the quality of services.
- Help with research and planning of new services.
- Maintain our own accounts and records, including the processing of gift aid claims.
- Keep people informed of news, events, activities and services run by Faithworks and its partners.
- Say thank you and to encourage support for and to us.
How the law allows us to use your personal data
All organisations need a legal reason to collect and use personal data. In accordance with GDPR, we can legally process your personal information because:
- We have received consent from you, or your legal representative, to be kept informed of our events, news, activities and services.
- Processing is necessary for carrying out our legal obligations in relation to Gift Aid, employment, social security or social protection law, or a collective agreement.
- If you are an employee, we will collect information related to your employment with us.
- If you are a volunteer, we will collect information related to the work you do with us.
- If you provide services for us, we will collect information related to the contract we hold with you.
- If you donate to us, we will collect information relating to this.
Processing your personal data
We collect personal data in order to be able to offer the best service to you. We will only use the personal information you have chosen to provide to us. We will also sometimes collect additional information from third parties, with your consent, in order to provide the best advice for your circumstances.
We will not use your personal data for any other purpose without your consent. We will not disclose your personal data to any third parties without your consent, except where we are required to do so by law, or where there is an immediate threat to you or someone else, the risk of which overrides your need for data privacy.
We will never sell or receive payment for licensing or disclosing your personal information.
Statistics gathered to monitor the service for the purposes of identifying any policy issues and to support funding applications will be anonymised to prevent identification of individual users.
Data protection principles
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate measures are in place to protect personal data.
What you can do with your information
The law gives you a number of rights to control what personal information is used by us and how it is used by us.
A. You can ask for access to the information we hold on you
You have the right to ask us for copies of your personal information. There are some exemptions, which mean you may not always receive all the information we process. You can read more about this below.
B. You can ask us to change any inaccurate or incomplete information
You have the right to ask us to correct any information we hold about you which you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. You can read more about this right below.
C. You can ask us to delete information
You have the right to ask us to delete your personal information in certain circumstances. This is also known as the ‘right to be forgotten’. You can read more about this right below.
D. You can ask us to limit how we process your information
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right below.
E. Your right to object to processing
You have an absolute right to stop the processing of your personal data for direct marketing purposes. However, we may still be able to legitimately continue using your data for other purposes. You can read more about this right below.
F. Your right to data portability
You have the right to ask that we transfer the information you gave us to another organisation, or give it to you. This right to only applies to electronically held data that you have provided to us and we are processing with your consent. You can read more about this right below.
G. Your right to withdraw consent
Where we are using your personal information based on your consent, you have the right to withdraw that consent at any time by contacting our Data Controller in writing.
H. Your right to complain
You have the right to be confident that we will handle your personal information responsibly and in line with good practice. If you have concerns about the way we are handling your information, please contact the Chief Executive on 01202 429037 in the first instance as we have a dedicated complaints procedure.
If you are unhappy with how your complaint has been handled by us or if we have failed to resolve your information rights concern, you can raise the matter with the Information Commissioner’s Office by calling them on 0303 123 1113 or by writing to the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. Alternatively see their website for more ways to contact them.
Exercising your rights
You will not have to pay to access your personal information. However, we may charge a reasonable fee if your request for access is considered to be ‘manifestly unfounded or excessive’. Alternatively, we may refuse to comply with the request in such circumstances. You will be informed of this in writing, where this is the case.
We have one month to respond to your request. In certain circumstances we may need extra time to consider your request and can take up to an extra two months. If we are going to do this, we will let you know within one month that we need more time and why.
Please contact the Chief Executive if you wish to make a request to access your personal information held by Faithworks.
Retention periods for personal data
We remove personal data from our systems in line with the data retention periods quoted in Appendix 1. The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements.
Changes to this Privacy Notice
We reserve the right to review the way we process your personal information and will update this Privacy Notice if there are any changes.
Website Privacy Notice
Faithworks is committed to protecting and respecting the privacy of visitors to our website https://faith-works.org.uk/ and complies with the requirements of the General Data Protection Regulation (“GDPR”). Our website Privacy Notice tells you about the practices we follow to look after your personal data. It sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the notice carefully to understand our views and practices regarding your personal data and how we will treat it.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by completing our ‘contact us’ forms on our website. This includes information provided at the time of requesting information or ordering our goods or services. We may also ask you for information when you provide feedback to us about our site.
- If you contact us, we may keep a record of that correspondence.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.
- Information you provide by completing our ‘donate now’ form.
IP addresses and cookies
Where we are able to, we may collect information about your computer, including your IP address, operating system and browser type, for system administration purposes and in order to analyse visits made to our site. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites. You can find out more below.
Security of your personal data
The transmission of information via the internet should not be assumed to be totally secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
However, once we have received your information, we will use security features to try to prevent unauthorised access.
How we use your personal data
We may use information held about you in the following ways;
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
Links to other websites
Where we provide links to websites of other organisations, in our documents and on our website, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
Disclosure of your personal data
We will not share the personal information we collect via this website with any other organisation unless we have your consent to do so.
Changes to this Privacy Notice
Review of this policy
This policy will be reviewed regularly by the Faithworks trustees. Previous reviews/versions are shown below:
- Date of review – November 2021, reviewed at the Trustee Board meeting
Appendix 1. Data retention periods
- Data: Call log
Retention period: 6 months
Notes: We keep a record of calls made to our service so that we can return calls and handle any enquiries. We will keep details on our call log for a maximum of 6 months unless the individual becomes a client, volunteer or supporter.
- Data: Referrals from third parties
Retention period: 6 months
Notes: We receive personal information about potential service users from third parties who wish to refer individuals to us for support. We will hold the information we are given for a maximum 6 months unless the individual becomes a client or volunteer. This is to ensure we are able to respond to their enquiry and manage any missed appointments or subsequent actions, and for audit purposes.
- Data: Client records
Retention period: 5 years after case closure or the client has left our services (6 years in the case of CMA clients)
Notes: This is to ensure we can provide further assistance if a client subsequently needs our help again, and for regulatory and audit reasons to ensure that we are able to manage any future complaints or enquiries.
- Data: Staff and volunteer records
Retention period: 6 years
Notes: If someone becomes a member of our team, we will keep their personnel records for a maximum of 6 years after they cease working/volunteering for us in order to comply with employment regulations and for audit purposes.
- Data: Supporter/marketing records
Retention period: Until we receive a request to remove the person/s records
Notes: We will keep the contact details of those who have consented to receiving news and updates from us until they tell us that they no longer which to receive such information.
- Data: Recruitment records
Retention period: 1 year
Notes: Where you provide personal data and sensitive personal data when applying for a job or volunteering opportunity, such as the information on your CV, we will process, store and disclose this personal data to support the recruitment process. CVs and application details will be stored for a maximum period of 1 year for audit purposes before being deleted, unless the individual becomes an employee.
- Data: Donor records
Retention period: 6 years
Notes: We will keep the contact details of those who have donated to us no longer than 6 years after the last donation has been given.