Who is responsible for my information?
Shenley Youth and Community Trust, is responsible for the collection, processing, storage and safe keeping of personal data and other information as part of our business activities. We manage personal information in accordance with the Data Protection Act 1998 and from May 2018, the General Data Protection Regulations.
Our approach to collecting, storing and using personal information
About the personal information we collect
As a customer of SYCT, the information we may collect about you and others could include, but is not limited to:
- Date of birth
- National Insurance number
- Contact details (phone/mobile/email)
- Communication preferences
- Racial or ethnic origin
- Religious or other beliefs
- Sexual orientation
- Physical or mental health or condition
- Convictions, proceedings and criminal acts
We will not collect information about you that we do not need and we will make sure that the personal information we collect is updated to our systems in a timely and accurate manner. All demographic information held by SYCT is used only for research purposes and is anonymised so you won’t be identified.
We may apply markers to your information (for example, in relation to your vulnerability or health status) to allow us to tailor services to you and/or if there is a need to protect the vital interests of our staff and customers.
How we use your personal information
We use your information to respond to your enquiries, provide you with services and manage your relationship with us
We will review the personal information we hold about you every 1-2 years and make changes to any service or information-handling processes when the law or the Information Commissioner request such changes. Your contact information will be reviewed more frequently with intermittent checks on telephone numbers and email addresses as and when you contact us.
How long will we keep your personal information
We will keep the personal information you provide to us for as long as you remain a visitor or user at SCH.
It is important that you keep us informed of any changes to your information. You may ask us to either remove or correct inaccurate information at any time.
Visiting our website
When you visit our websites, we collect standard internet log information for statistical purposes. In short:
- We do not make any attempt to identify visitors to our websites. We do not associate information gathered from our sites with personally identifying information from any source.
- Information provided by you on this website, will be used only in relation to your enquiry or so that we can provide a service to you.
Our websites contain links to various third party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our sites.
Applying to work at SYCT
If you submit an application to work for SYCT, we will use your personal information to process your application and to produce and monitor recruitment statistics. We will not take up references without your prior permission. We will not share or disclose your information unless you have given us your consent or we are required to by law. Where we are required to carry out a Disclosure and Barring Service check, we will comply with the law and your rights when carrying out these checks.
We retain personal information relating to unsuccessful applicants for no longer than 6 months, for use in the event of an appeal. We produce statistical information to assist with recruitment analysis. We will collect additional information when we make a person an offer of employment. This could include requesting and holding a copy of your passport, national insurance number and in some circumstances a valid driving licence.
How we share your personal information
We will only share your information with third parties with your consent, but there are occasions where we are required to share your information without your consent due to legal reasons. We may seek your consent directly, or may obtain it by telling you about how your information may be used at the time you provide information or enter into a contract with us.
Under no circumstances, would your information be shared outside of the European Union.
Our legal obligations
We will share specific and relevant information with law enforcement and government agencies or public bodies where we are legally required to do so. Examples may include:
- The prevention or detection of crime and fraud
- The apprehension or prosecution of offenders
- The assessment or collection of tax or duty owed to customs and excise
- Sharing in connection with legal proceedings
- Sharing in relation to the physical or mental health of an individual, where disclosure is required to protect them or others from serious harm
- Research and statistical purposes
We may also share your information with emergency services and local authorities, where this is necessary to help them respond to an emergency situation that affects you.
Sharing information with our partners
In some areas we may enter into partnerships with other organisations such as local authorities and the Police. We will enter into a data sharing agreement before any sharing takes place with a partner organisation.
Keeping your information secure
We store personal information both electronically and in paper form. We implement security policies, processes and technical security solutions to protect the personal information we hold from:
- Unauthorised access
- Improper use or disclosure
- Unauthorised modification
- Unlawful destruction or accidental loss.
When you contact us, we may ask you to provide us with some information so that we can confirm your identity. If other people (e.g. family members, support workers, solicitors) act on your behalf, we will take steps to make sure that you have agreed for them to do so. This may include asking them to provide us with supporting information to indicate your consent. We do this to protect you and to make sure that other people cannot find things out about you that they are not entitled to know.
Employees and third parties who have access to, or are associated with the processing of, your personal information will be required to ensure compliance with the Data Protection Act 1998 and make reasonable efforts to safeguard it.
Contacting us about your personal information
We will be transparent about what, why and how we collect, use and share your information. Please keep us informed if any of your information changes.
Finding out about the personal information we hold about you
You can ask us whether we are keeping personal information about you by writing to our Data Protection Officer.
The General Data Protection Regulations gives you a number of rights in relation to your personal information. You can find out about your rights, and get further guidance, on the ICO website.
Requesting a copy of your personal information
As part of our service to you, we will supply you with copies of specific pieces of information. If you want a copy of information we have received or shared with third parties or a copy of everything we have on record relating to you, you will be required to put this in writing. This is called a ‘subject access request’.
If you make a subject access request we will provide you with a readable copy of the personal information we hold about you. To make a subject access request you must:
- Make your request in writing/complete a Subject Access Request form
- Provide proof of your identity
If we do hold information about you, we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be disclosed to
- Let you have a copy of the information in an intelligible form
Please send your request to our Data Protection Officer, Shenley Court Hall, 200 Green Meadow Road, Selly Oak, Birmingham, B29 4ED.
Withdrawing your consent
You have the right at any time to ‘opt out’ of us processing your personal information for direct marketing purposes or to prevent processing that you feel is likely to cause damage or distress.
Your request will be actioned immediately.
Questions and complaints
If you are concerned about how we are collecting, using and/or sharing your personal information, you can contact our Data Protection Officer. You can also obtain more information on your rights and our obligations as a Data Controller by contacting the Information Commissioner. You can also apply to the Court for compensation for distress and/or damages due to non-compliance of the Data Protection Act.