1.1 Purpose and scope
1.3 Policy Statement
BCWA is committed to respecting and keeping safe any personal information we hold on you as a valued service user, employee, prospective employee or supporter of our work; and to being transparent in how we process it. We believe safety extends to the protection and safeguarding of all personal data i.e. information that can be used to identify you, as lives can depend on its security. BCWA operates in compliance with the UK General Data Protection Regulation.
Bromley & Croydon Women’s Aid is registered under the Data Protection Act 1998 as a Data Controller, number Z2075208. Bromley & Croydon Women’s Aid is a charity registered in England & Wales, charity number 1068007 and a company limited by guarantee, number 03320296.
How to Contact Us
1.4 The Data We Collect
The data we collect that is covered by this policy is any information that can be used to identify you. This can include personal details, such as contact details, date of birth, email address, telephone number, financial
details, Gift Aid information and equalities data. This is collected if you enter service with us, make a donation or fundraise for us. We may also log data regarding your visits to our website or resources you download.
We may use your data to contact you about future work, campaigns or services. This is only by consent and you can change your communications preferences with BCWA at any time via our web form or ‘unsubscribe’ link at foot of email communications.
If you are a service user you will be given the opportunity to consent in writing to the terms of any service you enter, as well as communications and sharing consent. Case files are managed via encrypted online database, with data processed here in the UK.
1.5 Obtaining Your Consent
The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. You may withdraw the specific consent you give to our processing your personal data at any time.
Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes, where we have a legal right to do so.
1.6 How We Collect Data
We obtain your personal information in the following ways:
Directly from you: when you access one of our services, ask us about our activities, seek advice on domestic abuse, make a donation to us, apply for a job vacancy or volunteering opportunity or otherwise provide us with your personal information. This may happen via telephone, email, website, drop-in centre, post or in person.
Through third parties: when you make a donation through a third party such as Just Giving or you apply to a job via Typeform, or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.
In order to tailor our communications and improve your donor journey we may collect information about you from publicly available sources.
1.7 Keeping your data up to date
To ensure we always have the most up-to-date information about how to contact you, we may also, from time to time, update your records to reflect any changes to your personal information. This information may come directly from you, or it may come from a third party that we consider is legitimate and trustworthy and in circumstances where it is appropriate and where you will have had a clear expectation that your details would be passed on for this purpose. You can at any time request we unsubscribe you from any mailing or newsletter list that we hold.
We may also combine the information you provide us with information we collect from trusted third parties and partners such as business partners, sub-contractors, analytics providers, as well as publicly available sources.
If you would like at any time to make changes to the way that we communicate to you by post, telephone or email, please contact us:
Phone 020 8313 9303
Post BCWA, PO Box 714159, London SE20 9BW
1.9 Sharing & Transferring Data
The information you share with us is strictly confidential and we will not share it with other organisations or agencies, unless you have consented for us to do so.
There are exceptions to this, which include:
Please note that BCWA’s website contains links to external websites. However, BCWA are not responsible for the privacy policies of other organisations or any content you share on other sites (e.g. if you opt-in to a partner organisation’s communications).
1.9.1 Safeguarding Children
If we consider a child is at risk, we have a duty to take appropriate action to minimise the risk of harm. This may include working with a client to contact Children’s Services or, where necessary, making a safeguarding referral ourselves.
1.10 How We Store Data
BCWA believes the security of your personal data is of the utmost importance and we take this duty very seriously.
We make every effort to keep your data secure, and have implemented appropriate physical, technical and organisational measures to protect the personal information that we have under our control from:
We store all the information we hold on bespoke, secure databases, all of which are UK-based.
For service users’ data including sensitive data we use an encrypted case management system to store securely, which is also password protected, and staff are appropriately restricted in terms of access.
If you have opted in to receive further updates from us, we may use Typeform, Mailchimp and other similar tools to communicate with you from time to time and to carry out surveys that may collect personal data relating to you. Data entered on some of these platforms may go outside the UK and European Economic Area (EEA) when processed digitally. Data provided through third-party giving websites may also be processed outside of the EEA. No other personal data is transferred outside of the EEA.
1.10.1 Retaining Your Data
BCWA will retain your personal data for a reasonable amount of time appropriate to the relevant activity. This will vary depending on your interaction with us i.e. if you are a service user, volunteer or donor. For specific details of the different retention periods, please get in touch using the contact details provided above.
1.11 Your Data, Your Rights
You are in control of the personal data BCWA hold and process. See the section on your rights below.
BCWA is committed to ensure we always have a legal basis to hold and process personal data, as required by UK General Data Protection Regulation.
Under current UK data protection law you, as an individual, have certain rights with regard to the personal information organisations hold on you and how to access it.
Your right of access:
If you ask us, we’ll confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information.
Your right to rectification:
If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified.
Your right to erasure:
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable).
Your right to restrict processing:
You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us processing it.
Your right to data portability:
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object:
You can ask us to stop processing your personal information, and we will do so, if we are relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing if necessary.
Your rights in relation to automated decision-making and profiling:
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you. BCWA does not apply ‘automated decisions’ to personal data in our operations.
Your right to withdraw consent:
If we rely on your consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office at www.ico.org.uk.