Privacy policy, copyright & cookies
Citizens Advice Rotherham & District: Data Protection Policy
Citizens Advice Rotherham & District (CARD) is fully committed to compliance with the requirements of the General Data Protection Regulation (GDPR), Data Protection Act 1998 and any successor legislation (together, the ‘data protection legislation’). Citizens Advice is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data and special category personal data.
CARD will, therefore, follow procedures which aim to ensure that all employees and volunteers, and others who have access to any personal data held by or on behalf of the local office, are fully aware of and responsible for the handling of personal data in line with the data protection legislation.
In order to operate efficiently, CARD has to collect and use information about people with whom it works. These may include current, past and prospective clients; current, past and prospective employees; current, past and prospective volunteers; and our suppliers.
Data protection legislation and in particular Article 5 (1) of the GDPR requires that personal data shall be used in accordance with the following principles:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Article 5 (2) of the GDPR requires that:
“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
Lawful basis for processing personal data under the data protection legislation
CARD primarily uses legitimate interest to process client personal data.
CARD also process personal data under the following lawful bases:
Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Lawful basis for processing special category personal data.
Citizens Advice Rotherham & District processes special category personal data under the following lawful bases:
Explicit consent: the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
2. Handling of Personal Data and Special Category Personal Data
CARD will, through appropriate management and the use of appropriate controls adhere to the following in regard to our use of personal data and special category personal data;
- Provide up to data privacy notices to data subjects.
- Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with legal requirements.
- Ensure the quality and accuracy of information when collected or received and during its use.
- Apply checks to determine the length of time information is retained.
- Take appropriate technical and organisational security measures based on risks to data subjects.
- Not transfer outside the EEA without suitable safeguards.
- Ensure that any information incidents are reported to national Citizens Advice and where appropriate the data subject and the Information Commissioner’s Office.
- Mitigate risks to the data subjects in the event of an information incident using an appropriate data breach policy.
- Ensure that the rights of our data subjects can be appropriately exercised.
These rights include:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erase
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision-making and profiling.
In addition, we will ensure that:
There is someone with specific responsibility for data protection in the organisation. The post responsible for data protection is Chris Griffin Organisational information and in particular, privacy risks are risk assessed, documented and controlled.
Everyone managing and handling personal data and special category personal data understands that they are responsible for following good Information Governance / Assurance practices and for complying with the data protection legislation.
Everyone managing and handling personal data and special category personal data is appropriately trained and supervised to do so.
Queries about processing personal data and special category personal data are promptly and courteously dealt with within the requirements of the data protection legislation.
Data sharing and processing is carried out under an appropriate written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures.
All employees and volunteers are to be made fully aware of this policy and their duties and responsibilities under it. All employees and volunteers will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure.
3. Client Management Systems
As part of our membership of Citizens Advice, CARD will use the relevant case management system provided by Citizens Advice, (currently Casebook) and by doing so agrees to adhere to the data sharing agreement between the respective parties.
Citizens Advice and each individual local Citizens Advice are joint data controllers for the personal data and special category personal data within the Casebook application and therefore each have a joint responsibility to ensure compliance with data protection legislation.
Casebook is used to process information, personal data and special category personal data provided by clients in the course of seeking advice and guidance from the Citizens Advice service.
All information, personal data and special category personal data is to be regarded as being confidential between the individual and the Citizens Advice service unless expressly indicated otherwise.
Data sharing is required so that both the client and Citizens Advice have flexibility in where, how and when clients receive the service and the need to only enter this client data once. The data protection legislation provides the legal framework under which personal data and special category personal data can be processed.
Data is shared to provide the service to clients, to refer clients to other organisations, for following up with the client for feedback, to enable Citizens Advice to act on behalf of the client when authorised, to understand trends and carry out research to enable policy work. The data shared will always be the minimum necessary required to carry out the business purpose.
In all cases the relevant consent must be obtained, or alternative lawful basis determind, for any processing or sharing of client personal data and special category personal data.
4. Relationship with Existing Policies and Supporting Documentation
This policy has been formulated within the context of a range of policies such as those relating to IT security, confidentiality and information assurance.
Disclaimer
Citizens Advice Rotherham & District (CARD) has tried to ensure that the information on this website is accurate. However, CARD will not accept liability for any loss, damage or inconvenience arising as a consequence of any use of or the inability to use any information on this website. CARD endeavours to provide a service of the highest quality. However, we cannot guarantee that our service will be uninterrupted or error-free. We are not responsible for claims brought by third parties arising from your use of this website.
CARD assumes no responsibility for the contents of linked websites. The inclusion of any link should not be taken as an endorsement of any kind by CARD of the linked website or any association with its operators. Further, we have no control over the availability of the linked pages.
Copyright
Material on this website, including text and images, is protected by copyright. It may not be copied, reproduced, republished, downloaded, posted, broadcast or transmitted in any way except for your own personal, non-commercial use. Prior written consent of the copyright holder must be obtained for any other use of material. Copyright in all materials and/or works comprising or contained within this website remains with CARD and other copyright owner(s) as specified. No part of this site may be distributed or copied for any commercial purpose.
Privacy Policy and Data Protection
Cookies
This website uses cookies. A cookie is a small file of letters and numbers that we put on your computer. These cookies allow us to record your preferences and those of other users of this website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
The cookies we use include ‘analytical’ cookies. They allow us to recognise and count the number of visitors to our website and see how those visitors move around the website. This helps us to improve the way our website works, for example by making sure users can find what they want more easily.
In your web browser, you can set your preferences to either accept all cookies, notify you when a cookie is issued, or not receive cookies at all. Note that opting not to receive cookies means you may not be able to take full advantage of all the features of a website. As each web browser works differently, you will need to look in the ‘Help’ menu of the browser you use to find out how to change your cookie preferences.
Can I refuse or opt out of cookies?
Most browsers automatically accept cookies, but you can usually change your browser settings to limit or prevent cookies. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies as soon as you visit our website. If you set your browser to not accept cookies, it may result in certain sections of our website not working properly and certain personalised services not being provided to users of your computer.
More information about cookies generally can be found at http://www.allaboutcookies.org/.
You can find out how to opt out of being tracked by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
Note:
These policies only cover this website (www.citizensadvicerotherham.org.uk); other websites linked from this website are not covered by these policies. Once you have accessed another website via one of our links you will be subject to the security and privacy policy of that site.
Citizens Advice Rotherham & District Privacy Policy
At Citizens Advice we collect and use your personal information to help solve your problems, improve our services and tackle wider issues in society that affect people’s lives.
We only ask for the information we need. We always let you decide what you’re comfortable telling us, explain why we need it and treat it as confidential.
When we record and use your personal information we:
- only access it when we have a good reason
- only share what is necessary and relevant
- don’t sell it to anyone
At times we might use or share your information without your permission. If we do, we’ll always make sure there’s a legal basis for it. This could include situations where we have to use or share your information:
- to comply with the law – for example, if a court orders us to share information. This is called ‘legal obligation’
- to protect someone’s life – for example, sharing information with a paramedic if a client was unwell at our office. This is called ‘vital interests’
- to carry out our legitimate aims and goals as a charity – for example, to create statistics for our national research. This is called ‘legitimate interests’
- for us to carry out a task where we’re meeting the aims of a public body in the public interest – for example, delivering a government or local authority service. This is called ‘public task’
- to carry out a contract we have with you – for example, if you’re an employee we might need to store your bank details so we can pay you. This is called ‘contract’
- to defend our legal rights – for example, sharing information with our legal advisors if there was a complaint that we gave the wrong advice
We handle and store your personal information in line with the law – including the General Data Protection Regulation and the Data Protection Act 2018.
This page covers how we, as your local charity, handle your information locally in our offices.
Citizens Advice Rotherham & District Privacy Policy
At Citizens Advice Rotherham & District (CARD), we collect and use your personal information to help solve your problems, improve our services and tackle wider issues in society that affect people’s lives.
This privacy policy explains how we use your information and what your rights are. We handle and store your personal information in line with data protection law and our confidentiality policy. The following pages tell you more about how we use your information in more detail.
Our network
Citizens Advice is a membership organisation made up of the national Citizens Advice charity and many local offices across England and Wales, including CARD. CARD is an independent charity and a member of the national Citizens Advice charity.
All members of the Citizens Advice network are responsible for keeping your personal information safe and making sure data protection law is followed.
Members of the network also run some jointly designed services and use some of the same systems to process your personal data. In these instances we are joint data controllers for these activities.
Jointly controlled data
All offices in the Citizens Advice network use some joint systems to carry out our activities. These include joint case management systems, telephony platforms and more.
Staff from a different local Citizens Advice can only access your personal information in a joint system if they have a good reason. For example when:
- you go to a different office to seek advice
- more than one office is working together in partnership
- they need to investigate a complaint or incident
We have rules and controls in place to stop people accessing or using your information when they shouldn’t.
Tell an adviser if you’re worried about your details being on a national system. We’ll work with you to take extra steps to protect your information – for example by recording your problem without using your name.
National Citizens Advice has a privacy notice available on their website that covers general advice and nationally managed systems, including our case management systems. This policy covers the processing we carry out in our office.
How we use your data for advice
This section covers how we use your data to provide you with advice.
For general advice and nationally funded advice programmes please see the national Citizens Advice privacy notice.
Our confidentiality policy
At Citizens Advice we have a confidentiality policy which states that anything you tell us as part of advice will not be shared outside of the Citizens Advice network unless you provide your permission for us to do so.
There are some exceptions to this such as needing to share:
- to prevent an immediate risk of harm to an individual
- In select circumstances if it is in the best interests of the client
- where we are compelled to do so by law (e.g. a court order or meeting statutory disclosures)
- where there is an overriding public interest such as to prevent harm against someone or to investigate a crime
- to defend against a complaint or legal claim
- to protect our name and reputation for example to provide our side of a story reported in the press
How we use your data for research, feedback and statistics
This section covers how we use your data to carry out our research, feedback and statistical work..
National Citizens Advice covers their use of data for this purpose in their privacy notice.
How we use your data for fundraising and donations
This section covers how we use your data to carry out our fundraising activities.
National Citizens Advice covers their use of data for fundraising in their privacy notice.
How we collect your information
We collect donor information via donation forms, correspondence, and our JustGiving platform for fundraising purposes. When using JustGiving, your data is processed securely through their platform, and we access donor details provided to us for thanking supporters, managing donations, and reporting to funders.
Who we share your information with
We share your data with JustGiving as our fundraising platform provider. JustGiving processes donations on our behalf and shares necessary donor information with us.
Our lawful basis for using your information
We rely on legitimate interests and consent for processing data related to fundraising and donations, including through JustGiving.
How we use your data when applying to work or volunteer
How we collect your information
When you apply, we collect your personal information through your application form, interview or references so we can process your application. We have a ‘legitimate interest’ to do this under data protection law. This means it lets us carry out our aims and goals as an organisation. We need to use your personal information to recruit people and make sure our recruitment processes are inclusive.
What information we collect
We’ll collect personal information such as name, address, telephone number and email address, previous job history and experience, qualifications, and any support needs you may have.
We’ll also ask for diversity information like your gender, ethnicity and sexual orientation. You don’t have to tell us this.
We might collect other information depending on whether you’ve applied for a staff or volunteer role.
What we use your information for
The main reasons we ask for your personal information are to:
- check you’ve got the right skills for a role when you apply
- arrange an interview
- contact you to tell you the result of your application
- do checks when we make an offer, for example contacting your references or checking your right to work in the UK
- send you an offer letter or contract
We’ll only access your information for other reasons if we need to and we have a legitimate interest to do this under data protection law, for example to:
- investigate complaints
- send you copies of the information we have about you if you make a ‘subject access request’ – find out more about subject access requests on the Information Commissioner’s Office website
- get feedback from you about our services
- help us improve our services
We’ll treat any diversity information you give us as strictly confidential. We’ll anonymise this information and only use it to look at trends. This means we won’t look at your information individually or compare it to other people and we won’t use it as part of the recruitment selection process.
Who we share your information with
If you accept an offer to work for us we’ll:
- get your permission to share your information with your references
- add your information to our human resources and technology systems
We won’t usually share your personal information with anyone else in a way that could identify you. In some rare situations we have to share your information, for example if:
- we’re investigating a safeguarding issue
- the police ask for the information to help them investigate a crime
- a court orders us to share the information
We sometimes share anonymous statistics with organisations we trust so they can analyse the information.
How we use your data when using our website
How we use cookies on our website
Our website uses cookies. A cookie is a small file of letters and numbers that we put on your computer. These cookies allow us to record your preferences and those of other users of this website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
The cookies we use include ‘analytical’ cookies. They allow us to recognise and count the number of visitors to our website and see how those visitors move around the website. This helps us to improve the way our website works, for example by making sure users can find what they want more easily.
In your web browser, you can set your preferences to either accept all cookies, notify you when a cookie is issued, or not receive cookies at all. Note that opting not to receive cookies means you may not be able to take full advantage of all the features of a website. As each web browser works differently, you will need to look in the ‘Help’ menu of the browser you use to find out how to change your cookie preferences.
Can I refuse or opt out of cookies?
Most browsers automatically accept cookies, but you can usually change your browser settings to limit or prevent cookies. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies as soon as you visit our website. If you set your browser to not accept cookies, it may result in certain sections of our website not working properly and certain personalised services not being provided to users of your computer.
More information about cookies generally can be found at http://www.allaboutcookies.org/.
You can find out how to opt out of being tracked by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
Note:
These policies only cover this website (www.citizensadvicerotherham.org.uk); other websites linked from this website are not covered by these policies. Once you have accessed another website via one of our links you will be subject to the security and privacy policy of that site.
How long we keep your data for
National Citizens Advice is responsible for managing any data in joint client case records. For more information please see their privacy notice.
Third party processors
Third party processors are other organisations that carry out data processing on our behalf. Third party processors don’t use data for their own purposes and we have agreements in line with data protection law.
Processor name | Activities | Data hosting location |
|---|---|---|
Refernet | Referral processing | UK |
SBS | IT support Provider | UK |
Your data protection rights
You have rights in relation to your personal data that we hold. Your rights include being able to request:
- Access to copies of your data
- Corrections are made to inaccurate data
- Deletion of your personal data
- Object to how we use your personal data
These rights are not absolute and may not apply in every circumstance. For more information about your rights you can visit the ICO website.
To make a data protection rights request you can do so by emailing info@citizensadvicerotherham.org.uk.
Raising a concern about how we use your information
If you are concerned about how we have handled your personal information please contact us at info@citizensadvicerotherham.org.uk.
You can also contact the national charity if you are unhappy with how we have used your personal data or wish to raise a concern about how a local office has handled your personal data. To do so you can email us at DPO@citizensadvice.org.uk
Contacting the Information Commissioner’s Office (ICO)
You can also raise your concern with the Information Commissioner’s Office which regulates data protection law in the UK. if you are unhappy with how we have used your personal information. They will normally expect you to have made a complaint to us directly in the first instance.
- Visit the ICO website.
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Helpline number: 0303 123 1113