Data Privacy Policy

This policy is written for anyone who comes into contact with Chapter’s services and activities as a service user, volunteer, stakeholder or donor. It sets out why we collect your ‘data’ (the information we hold on you), how it is kept safe, and your rights relating to your data.

Chapter is committed to protecting and respecting your privacy.  We review this policy and its associated policies regularly, in line with the Data Protection Act 1998 and the GDPR (General Data Protection Regulation) guidelines and appraise its level of appropriateness according to the size of our organisation, the resources we are able to access, the nature of the data gathered and any new guidelines or legislation issued.

This policy (together with our Confidentiality Policy) sets out the basis on which we use or store any personal data we collect from you, or that you provide to us, how it will be processed by us, by whom and about its storage.

To view our cookies policy click here.

 

Data Protection Principles

We will comply with data protection legislation, which states that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

 

Information we may collect – service users

A “service user” is defined as any individual who accesses or takes part in a service at Chapter. We may collect and process the following data about you:

  • Your name and contact details such as address, telephone, and email
  • Date of birth
  • Nationality
  • Gender
  • Contact details of your designated emergency contacts
  • Medical information
  • Information about your family or personal circumstances where this is necessary to provide the best possible service to you
  • information provided at the time of registering to access our services
  • information you choose to share with Chapter staff
  • if you contact us, we may keep a record of that correspondence
  • we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them
  • information collated if you access one of our training courses.

 

Some of the personal information we hold about you may be collected from other sources. For example, we may collect information from referral agencies, your GP or other health professionals.

Special Category Data

Special category data is data that is likely to be more sensitive. We may collect special category data about you such as information about your physical or mental health, sexual health and orientation, religious or philosophical beliefs, political opinions and your racial ethnic origin; information relating to criminal offences and/or convictions.

We will use this data to:

  • Consider your suitability to access our services
  • Provide the best possible service to you and tailor our service to your needs as required
  • To comply with any regulatory requirements
  • To ensure we can adequately assess any risk posed to Chapter and our community.

 

Information we may collect - donors

We may collect and process the following data about you:

  • information that you provide by filling in forms on our website or hard copy paperwork, including sensitive data such as your name, address and bank details
  • information provided at the time of your donation
  • information you choose to share with Chapter staff, such as your interests and hobbies or employer
  • if you contact us, we may keep a record of that correspondence
  • we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them
  • information collated if you access one of our training courses.

 

Information we may collect - Stakeholders

A ‘stakeholder’ is defined as someone with an invested interest in Chapter, this includes partners, volunteers, supporters, service providers, contract holders and other agencies or organisations we work with.

We may collect and process the following data about you:

  • information that you provide by filling in forms on our website or hard copy paperwork, sometimes including sensitive details such as your bank account details or place of work address
  • information you choose to share with Chapter staff, such as your email address
  • if you contact us, we may keep a record of that correspondence
  • we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them
  • information collated if you access one of our training courses.

 

Where we store your personal data

The data that we collect from you is transferred to, and stored on our database which is called Lamplight, and is hosted at an external site. By submitting your personal data, you agree to this transfer, storing or processing of your data.

Our database’s servers are hosted by Amazon Web Services (AWS), and all of its resources are located in the London region.  The data-centre is accredited to ISO27001, and other security and Information Governance standards.

When Chapter staff accesses the data on our database, remote access uses encrypted connections, using non-standard logins and public/private key authentication (and encrypted private keys).  Authorisation and access control across the database defaults to ‘no access’ unless a Chapter staff member is logged in and has the appropriate permissions.  All data transferred between our database’s main server and our Chapter computers is encrypted using 256-bit SSL.  Databases are encrypted on disk, as are backups, using AWS standard key management by Lamplight’s management staff.  Files uploaded are stored on AWS S3 and are encrypted at rest.

 

What we may do with your information/data

We may use information held about you in the following ways:

  • to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
  • to carry out our obligations arising from any contracts entered into between us and partner agencies
  • to notify you about changes to our services.

We may also use your data or permit selected third parties to access parts of your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.

We will specifically seek out your permission to contact you in this way or to pass your details on to third parties.

We do not disclose information about identifiable individuals to our funders or to the press, but we may provide them with overview information about our service users (for example, we may inform them that 50 men aged over 30 attended a certain activity on a certain month).

We may also use personal quotes by a service user to promote our services. We may change some information such as names to prevent an individual from being identified. Where we use an individual’s real name we will seek their permission first.

We may use a false name or identification number to let a funder know someone attended different activities.  For example, we might tell a funder that service user ID 4565 attended an arts group as well as the gardening club in the same week.

 

Disclosure of your information

We may disclose some or all of your personal information to third parties under the following circumstances:

  • If Chapter’s assets are acquired by a third party, such as in the event of Chapter closing or services being taken over by another organisation, in which case personal data held by us about our service users will be one of the transferred assets. We will make every possible effort to let you know about this in advance
  • If we are under a duty to disclose or share your personal data in order to ensure a service user’s personal safety or mental wellbeing, comply with any legal obligation, or to protect the rights, property, or safety of Chapter, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

How long we store data

We retain data for as long as necessary to fulfil the purposes for which it was collected and in line with any necessary legal, financial accounting or reporting requirements.  In most cases the retention will be seven years following the date that an individual stops accessing our services or their connection to Chapter ends.

 

Your rights

  • You have the right to ask us not to process your personal data
  • We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes
  • You have the right to access the information we hold about you (see below).

 

People responsible for Chapter’s data within our organisation

The Data Controller is Chapter (West Cheshire Ltd), Stanlaw Abbey Business Centre, Dover Drive, Ellesmere Port, CH65 9BF.

Our Board of Trustees are responsible for overseeing that Chapter is meeting its legal requirements, including relevant guidelines such as GDPR.

The Data Protection Officer is the Chief Executive Officer is responsible for ensuring the data is managed appropriately at an operational level.  The Chief Executive Officer can be contacted on 01244 344 409.

Staff and volunteers at Chapter have access to data where access is required to carry out their duties.

 

 

Last Updated: 1st June 2020