Data Protection & Privacy Policy

Faithworks is a local independent Christian charity, passionate about helping people not only get out of crisis or isolation,but ‘journeying’ with them until they thrive.

We are committed to protecting and respecting your privacy when you use our services, if you work for us or provide services to us.

This Policy explains how we collect, use and store your personal data. It sets out the basis on which any personal information provided will be processed and how we protect your privacy.

We have a process that makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Chief Executive Officer, who is responsible for our Data Control, on 01202 429037.

Personal data is defined as any information relating to an identified or identifiable person (the ‘data subject’ in legal terms).

We may need to use some information about you to:

• Deliver services and support to you.
• To be able to offer our clients the best advice based on their circumstances.
• Manage those services we provide to you.
• Train and manage the staff and volunteers who deliver those services.
• Help investigate any worries or complaints you have about your services.
• Check the quality of services.
• Help with research and planning of new services.
• Maintain our own accounts and records, including the processing of gift aid claims.
• Keep people informed of news, events, activities and services run by Faithworks and its partners.
• Say thank you and to encourage support for and to us.

All organisations need a legal reason to collect and use personal data. In accordance with GDPR, we can legally process your personal information because:

• We have received consent from you, or your legal representative, to be kept informed of our events, news, activities and services.
• Processing is necessary for carrying out our legal obligations in relation to Gift Aid, employment, social security or social protection law, or a collective agreement.
• If you are an employee, we will collect information related to your employment with us.
• If you are a volunteer, we will collect information related to the work you do with us.
• If you provide services for us, we will collect information related to the contract we hold with you.
• If you donate to us, we will collect information relating to this.

We collect personal data in order to be able to offer the best service to you. We will only use the personal information you have chosen to provide to us. We will also sometimes collect additional information from third parties, with your consent, in order to provide the best advice for your circumstances.

We will not use your personal data for any other purpose without your consent. We will not disclose your personal data to any third parties without your consent, except where we are required to do so by law, or where there is an immediate threat to you or someone else, the risk of which overrides your need for data privacy.

We will never sell or receive payment for licensing or disclosing your personal information.

Statistics gathered to monitor the service for the purposes of identifying any policy issues and to support funding applications will be anonymised to prevent identification of individual users.

We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate measures are in place to protect personal data.

The law gives you a number of rights to control what personal information is used by us and how it is used by us.

You have the right to ask us for copies of your personal information. There are some exemptions, which mean you may not always receive all the information we process. You can read more about this below.

You have the right to ask us to correct any information we hold about you which you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. You can read more about this right below.

You have the right to ask us to delete your personal information in certain circumstances. This is also known as the ‘right to be forgotten’. You can read more about this right below.

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right below.

You have an absolute right to stop the processing of your personal data for direct marketing purposes. However, we may still be able to legitimately continue using your data for other purposes. You can read more about this right below.

You have the right to ask that we transfer the information you gave us to another organisation, or give it to you. This right to only applies to electronically held data that you have provided to us and we are processing with your consent. You can read more about this right below.

Where we are using your personal information based on your consent, you have the right to withdraw that consent at any time by contacting our Data Controller in writing.

You have the right to be confident that we will handle your personal information responsibly and in line with good practice. If you have concerns about the way we are handling your information, please contact the Chief Executive on 01202 429037 in the first instance as we have a dedicated complaints procedure.

If you are unhappy with how your complaint has been handled by us or if we have failed to resolve your information rights concern, you can raise the matter with the Information Commissioner’s Office by calling them on 0303 123 1113 or by writing to the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. Alternatively see their website for more ways to contact them.

You will not have to pay to access your personal information. However, we may charge a reasonable fee if your request for access is considered to be ‘manifestly unfounded or excessive’. Alternatively, we may refuse to comply with the request in such circumstances. You will be informed of this in writing, where this is the case.

We have one month to respond to your request. In certain circumstances we may need extra time to consider your request and can take up to an extra two months. If we are going to do this, we will let you know within one month that we need more time and why.

Please contact the Chief Executive if you wish to make a request to access your personal information held by Faithworks.

We remove personal data from our systems in line with the data retention periods quoted in Appendix 1. The length of time each category of data will be retained will vary on how long we need to process it, the reason it is collected, and in line with any statutory requirements.

We reserve the right to review the way we process your personal information and will update this Privacy Notice if there are any changes.

Faithworks is committed to protecting and respecting the privacy of visitors to our website https://faith-works.org.uk/ and complies with the requirements of the General Data Protection Regulation (“GDPR”). Our website Privacy Notice tells you about the practices we follow to look after your personal data. It sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the notice carefully to understand our views and practices regarding your personal data and how we will treat it.

We may collect and process the following data about you:

•  Information that you provide by completing our ‘contact us’ forms on our website. This includes information provided at the time of requesting information or ordering our goods or services. We may also ask you for information when you provide feedback to us about our site.
• If you contact us, we may keep a record of that correspondence.
• Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.
• Information you provide by completing our ‘donate now’ form.

Where we are able to, we may collect information about your computer, including your IP address, operating system and browser type, for system administration purposes and in order to analyse visits made to our site. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites. You can find out more below.

The transmission of information via the internet should not be assumed to be totally secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

However, once we have received your information, we will use security features to try to prevent unauthorised access.

We may use information held about you in the following ways;

• To ensure that content from our site is presented in the most effective manner for you and for your computer.
• To provide you with information, products or services that you request from us or which we feel may interest you.
• To carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service, when you choose to do so.
• To notify you about changes to our service.

Where we provide links to websites of other organisations, in our documents and on our website, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

We will not share the personal information we collect via this website with any other organisation unless we have your consent to do so.

Any changes we may make to our privacy policy in the future will be posted on this page.

This policy will be reviewed regularly by the Faithworks trustees. Previous reviews/versions are shown below:

• Date of review – November 2021, reviewed at the Trustee Board meeting

• Data: Call log
  Retention period: 6 months
  Notes: We keep a record of calls made to our service so that we can return calls and handle any enquiries. We will keep details on our call log for a maximum of 6 months unless the individual becomes a client, volunteer or supporter.
• Data: Referrals from third parties
  Retention period:  6 months
  Notes: We receive personal information about potential service users from third parties who wish to refer individuals to us for support. We will hold the information we are given for a maximum 6 months unless the individual becomes a client or volunteer. This is to ensure we are able to respond to their enquiry and manage any missed appointments or subsequent actions, and for audit purposes.
• Data: Client records
  Retention period: 5 years after case closure or the client has left our services (6 years in the case of CMA clients)
  Notes: This is to ensure we can provide further assistance if a client subsequently needs our help again, and for regulatory and audit reasons to ensure that we are able to manage any future complaints or enquiries.
• Data: Staff and volunteer records
  Retention period: 6 years
  Notes: If someone becomes a member of our team, we will keep their personnel records for a maximum of 6 years after they cease working/volunteering for us in order to comply with employment regulations and for audit purposes.
• Data: Supporter/marketing records
  Retention period: Until we receive a request to remove the person/s records
  Notes: We will keep the contact details of those who have consented to receiving news and updates from us until they tell us that they no longer which to receive such information.
• Data: Recruitment records
  Retention period: 1 year
  Notes: Where you provide personal data and sensitive personal data when applying for a job or volunteering opportunity, such as the information on your CV, we will process, store and disclose this personal data to support the recruitment process. CVs and application details will be stored for a maximum period of 1 year for audit purposes before being deleted, unless the individual becomes an employee.
• Data: Donor records
  Retention period: 6 years
  Notes: We will keep the contact details of those who have donated to us no longer than 6 years after the last donation has been given.