Embrace East Sussex – Revised Privacy Policy from 25th May 2018

 

What and why we are sending this to you

At Embrace, we take the safeguarding of your information very seriously. We have always adhered to the requirements of UK data protection legislation, and some of those requirements have changed as part of the General Data Protection Regulation (GDPR) that became law on 25 May 2018.

Embrace East Sussex is the data controller under GDPR and we are responsible for all of the personal data that we hold.

If you would like more details about the new regulations (GDPR) you can contact the office of the UK Information Commissioner (ICO) at: https://ico.org.uk

To explain how we deal with the information we hold about you and your family we give you below the details of our privacy policy.

This policy explains when and why we collect your information, how we use it, and how we keep it secure. Please read it through so you know what choices and rights you have about the information we ask you for or collect about you. If any significant changes are made in future, we will let you know straight away.

‘We’, ‘us’, ‘our’ etc.  refers to Embrace East Sussex and our employees, each of whom has been carefully vetted, trained and who complies with all the requirements of the GDPR.

 

The two types of information we collect

Personal (non-sensitive data)

These are your basic contact details such as name, address, telephone number(s), and email address(es).

Sensitive data

This section may include selected details of your banking arrangements, where you have opted to make payments to us by standing order or other banking processes.

However, due to the nature of our relationships with many of our members we often also hold data of a highly sensitive nature. This data can be very detailed, highly personal, and of course relate to several members of your family, and their physical and medical status.

 

Sharing of your information

We will only use your information where legally permitted to do so, and only share it with people or organisations that are legitimately involved in your situation, such as educational, medical and legal entities, and in every case, only with your permission.

Elements of your information may also be shared with our internal colleagues, but only where necessary to enhance the quality of our caring service.

Additionally, we would provide relevant elements of your data if required to do so to comply with a legal or regulatory obligation. In the unlikely event of this happening we would of course advise you immediately.

 

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. Where data has to be shared with our internal colleagues, as mentioned earlier, we will always ensure that it is treated with absolute integrity.

Where we are obliged to share your information with external bodies such as educational, medical and legal entities, whilst we will always expect similar levels of integrity, we cannot be held responsible for their data security, and for your peace of mind you may wish to view their privacy policies.

We have procedures in place to deal with any suspected personal data breach and will notify you immediately if we become aware of any such occurrence. In addition, we will notify the regulator (The Information Commissioner mentioned earlier) where we are required to do so.

 

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purpose for which we originally obtained it, including for the purpose of satisfying any legal requirements. If you decide to cease your relationship with us at any time, you can request that we erase your data from our records, and we will do so immediately and confirm to you that this has been done.

 

Links on our website that take you to another site

Occasionally our site may provide access to other web sites by linking to them. We are not responsible for the data policies (including data protection and use of cookies), content or security of these linked websites. So, it’s a good idea to make sure you refer to their privacy policies to ensure you know how they use your data.

However, any such links are likely to be related to buying tickets, or enrolling for external events, so the data you will be providing is most likely to be of the non-sensitive type.

 

Your legal rights

Under UK Data Protection Laws (including GDPR) you have rights in relation to your personal data. These include the right to:

  • Request access, correction to, or erasure of your personal data
  • Object to the use of your personal data
  • Request restrictions to our use of your personal data

You can find more information about your rights at: https://ico.org.uk

 

How we will use your data

Apart from the provision of our various services that you have requested, we would, from time to time, like to use your contact data to notify you of upcoming events relating to our caring services and fundraising activities. If you do not agree to this, please let us know and we will ensure that such communications are not sent to you.

 

How can you contact us?

If you have any questions regarding our use of your personal information, please call us on 01323 404 775

Or write to:

The Data Privacy Team, Embrace East Sussex

Suites 1 & 2, The Undercroft, 20 Wharf Road,

Eastbourne, BN21 3AW

Or email us at:   rebeccawhippy.embrace@gmail.com

If you have any concerns regarding our response to your questions, or believe our processing of your information doesn’t comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) at https://ico.org.uk/global/contact-us/