Respecting your right to privacy is very important to GDA. That's why we have set out a revised Privacy Notice below, in readiness for the introduction of the new data protection law (GDPR) on 25th May 2018.
The changes do not in any way alter what we use your personal information for, but the new Notice sets out everything as fully as possible, to make it easier for you to find out how we use and protect your information.
GDA never has and never will sell your information for marketing purposes to other companies, and we use every reasonable means to ensure that we keep any personal information in a secure and confidential environment.
GDA has a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer, Sharon Bryant at firstname.lastname@example.org or by calling 01452 372999, or by text 07875 610860, and ask to speak with the Data Protection Officer.
Why we use your personal information.
Do you know what personal information is?
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details.
Did you know that some of your personal information might be 'special'?
Some information is 'special' and needs more protection due to its sensitivity. It's often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- sexuality and sexual health
- religious or philosophic beliefs
- physical or mental health
- trade Union membership
- political opinion
- genetic/biometric data
- criminal history
Why do we need your personal information?
We need to use some information about you to carry out the legitimate interest of our charity, and this is one of the lawful bases on which we rely. Having your information enables GDA to:
- delivery services and support to you;
- manage those services we provide to you;
- train and manage the employment of our staff and volunteers who deliver those services;
- help investigate any worries or complaints you have about your services;
- keep track of spending on services;
- check the quality of services; and
- to help with research and planning of new services
A second lawful basis on which we rely is contract. That is to say, we need your information in order that we may carry out the contracted of agreed services we do on behalf of a public health, education or social care provider, including but not limited to BSL interpreting, assessment and installation of listening aid equipment, and hearing aid maintenance.
Finally, but only where we have your consent, we may use your information to:
- let you know about forthcoming GDA social events;
- invite you to participate in any GDA fundraising appeals;
- share our latest news through our Hear for You newsletter
If we have consent to use your personal information, you have the right to remove it at any time. If you want to remove your consent, please contact email@example.com and tell us which service you're using we can deal with your request.
How the law allows us to use your personal information.
There are number of legal reasons why GDA needs to collect and use your personal information. Generally we collect and use personal information where:
- you, or your legal representative have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to protect someone in an emergency
- it is required by law
- it is necessary for employment purposes
- it is necessary to delivery health or social care services
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
We only use what we need!
Where we can, GDA will only collect and use personal information if we need it to deliver a service or meet a requirement.
If we don't need personal information, we'll either keep you anonymous if we already have it for something else, or we won't ask you for it. For example in a survey we may not need your contact details we'll only collect your survey responses.
If we use your personal information to report back on a grant-funded project, we'll always keep you anonymous or use a different name unless you've agreed that your personal information can be used.
What you can do with your information.
The gives you a number of rights to control what personal information is used by us and how it is used by us.
You can ask for access to the information we hold on you.
You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we've recorded about you.
However, we can let you see any parts of your record which contact:
- Confidential information about other people; or
- Data a professional thinks will cause serious harm to your or someone else's physical or mental wellbeing; or
- If we think that giving you the information may stop us from preventing or detecting a crime
This applies to personal information that is in both paper and electronic records. If you ask us, we'll also let others see your record (except if one of the points above applies).
If you can't ask for your records in writing, we'll make sure there are others ways that you can. If you have any queries about access to your information please contact firstname.lastname@example.org
You can ask to change information you think is inaccurate.
You should let us know if you disagree with something written on your file.
We may not always be able to change or remove that information but we'll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason why it was collected in the first place
- Where you have removed your consent for us to use your information (where this is no other legal reason for us for use it)
- Where there is no legal reason for the use of your information
- Where deleting the information is a legal requirement
Where your personal information has been shared with others, we'll do what we can to make sure those using your personal information comply with your request for erasure.
Please note that we can't delete your information where:
- we're required to have it by law
- it is used for freedom of expression
- it is used for public health purposes
- it is for scientific or historical research, or statistical purposes where it would make information unusable
- it is necessary for legal claims
You can ask to limit what we use your personal data for
You have the right to ask us to restrict what we use your information for where:
- you have identified inaccurate information, and have told us of it
- where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When information is restricted it can't be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it's for important public interests of the UK.
Where restriction of use has been granted, we'll inform you before we carry on using your personal information.
You have the right to ask us to stop using your personal information for any of our charitable services. However, if this request is approved this may cause delays or prevent us delivering that service.
Where possible we'll seek to comply with your request, but we may need to hold or use information because we are required to by law or under the terms of a contract.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
However this only applies if we're using your personal information with consent (not if we're required to by law)
It's likely that data portability won't apply to most of the services you receive from GDA.
Who do we share your information with?
GDA never has and never will sell your personal information to anyone else.
However, we do need to share your information with:
- other organisation and service providers that we work with or partner with from time to time including, for example, a local authority or NHS Trust
- our professional advisors
- any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with the legal or regulatory obligation, or otherwise to protect our rights or the right of any third party, and
- any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your information uses it in a manner that is consistent with this policy.
We may also share your personal information when we feel there's a good reason that's more important than protecting your privacy. This would happen rarely, but we may share your information:
- in order to find and stop crime and fraud; or if there are serious risks to the public, our staff or to
- other professionals;
- to protect a child;
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of those reasons the risk must be serious before we can override your right to privacy.
If we're worried about physical safety or feel we need to take action to protect you from being harmed in other ways, we'll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we'll make sure that we record what information we share and our reasons for doing so. We'll let you know what we've done and why if we think it is safe to do so.
How do we protect your information.
We'll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we'll only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what's called a 'cypher'. This hidden information is said to then be 'encrypted'
- Anonymisation and Psuedonymisation, meaning that we'll use a different name or delete any identifiers so we can hide parts of your personal information from view. This means that someone outside of GDA could work on your information for us without ever knowing it was yours
- Controlling access to systems and networks allows us to stop people who are not allowed view your personal information from getting access to it
- Lockable filing cabinets and cases for all paper records, with access only for authorised personnel
- A 'clear desk' policy, meaning all staff at GDA are expected to keep their desks and computer screens clear of all personal information even when we leave their desk for a few moments. At the end of the day, staff are expected to have filed away securely all personal information and if they do not, they will be subject to disciplinary action
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
Where in the world is your information?
GDA uses its own dedicated server to store personal information and we invested in a significant upgrade towards the end of 2017. We also licence to a UK and Cloud-based database system called CharityLog, which stores personal information in the UK.
GDA takes all practical steps to make sure your personal information is never sent to a country that is not seen as 'safe' either by the UK or EU Governments.
How long do we keep your personal information?
There's often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule.
For each service the schedule lists how long your information may be kept for. This ranges from months for some records to decades for more sensitive records.
Where can I get advice?
If you have any worries or questions about how your personal information is handled please contact our Data Protection officer at email@example.com or by calling 01452 372999 or text 07875 610860.
For independent advice about data protection, privacy and data sharing issues, you can contact the information Commissioner's Officer (ICO) at:
Information Commissioner's Office
Cheshire, SK9 5AF
Tel: 0303 1231113 (local rate) or 01625 545745 if you prefer to use a national rate number.
Cookies (not the edible ones) and how you use this website.
How you use this website (Google Analytics)
GDA uses Google Analytics to collection information about how people use this site. We do this to make sure our website is meeting peoples' needs and to understand how we can make the website work better.
Google Analytics stores information about what pages on this site you visit, how long you are on the site, how you got here and what you click on while you are here.
We do not collect or store any other personal information (e.g. your name or address) so this data cannot be used to identify who you are.
Other people's cookies
We use videos from YouTube and feeds from other websites such as Facebook and Twitter. These websites place cookies on your device when watching or viewing these pages.
Turning off cookies
You can stop cookies being downloaded on to your computer or other device by selecting the appropriate settings on your browser. If you do this you may now be able to use the full functionality of a website.
There is more information about how to delete or stop using cookies on AboutCookies.org. You can also opt out of being tracked by Google Analytics.
Further guidance on the use of personal information can be found at ico.org.uk.