At Voluntary Action South West Surrey we collect information about our service users and we want to make sure you understand why we collect it and how we use it.  We recognise that it is important to you that we keep your personal information safe and we want to assure you that we respect your privacy and are determined to protect your personal data.

​

The purpose of this privacy notice is to inform you how we collect, process and look after your personal information when you interact with us. This includes when you use the services we offer as well as when you visit our website to access our projects and services.  The rules that we abide by are the UK General Data Protection Regulation (the “UK GDPR”) and the Data Protection Act 2018.  We also abide by other legislation that is relevant to your situation (for example safeguarding or healthcare related legislation or legal obligations).

 

Who we are

​

Voluntary Action South West Surrey are a Registered Charity (our Charity Number is 1116293) and we support the voluntary & community sector in Guildford and Waverley. 

​

Our contact details are:

Voluntary Action South West Surrey,

Suites G09 & G10,

Part Ground Floor,

Old Millmead House,

Millmead,

Guildford,

Surrey,

GU2 4BB

​

Phone: 01483 504626

E-mail: DPO@vasws.org.uk

Website: www.voluntaryactionsws.org.uk

Twitter -   @vasws

Facebook - www.facebook.com/volaction/    

 

We are registered with the Information Commissioner’s Office (the ICO) as a data controller because we collect and process information about those who use our services. This means that we decide how your personal data is processed and for what purposes. We are also registered with Companies House.

​

What information we collect about you

​

We obtain data either directly from you or from publicly accessible sources and from third-parties that agree to share data with us in order to perform our role.  We collect the following data about our service users:

• Identity Data includes first name, last name, title, date of birth, age, gender, organisation, access needs, role, relationship to referrers and/or clients, GP details, websites, emergency contact details, NHS number.

• Contact Data includes email address, telephone numbers, residential address.

• Technical Data includes IP address, login data, browser type and version, location, operating system and platforms.

• Marketing and Communications Data includes your communication preferences.

​

We also collect, use and share Anonymous Data such as statistical or demographic data. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

​

We do collect some data about you that falls into the Special Categories of Personal Data.  This data includes details about ethnicity and sexual orientation, information about physical and mental health, and genetic and biometric data.

​

How we collect your personal data

​

We use different methods to collect data from and about you including through:

• Directly: You may give us your identity, contact, financial, marketing and communications data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data and special categories of personal data you provide when you

  1. Apply for our services.

  2. Join our organisation.

  3. Interact with the organisation.

  4. Request correspondence from the organisation.

• Automated technologies or interactions: As you interact with our website and computer systems, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources for example if you are referred to our services by a health professional, governmental body or external agency.

​

Why we have your personal data

​

We need to collect information about you for the following legal reasons:

• We have a contractual obligation with you.

• To comply with a legal or regulatory obligation.

• To protect your vital interests.

• It is in our legitimate interest: We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We collect data to inform individuals of news, events or services which could be of use to you.

• We have your consent to do so: Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us on 01483 504626 or DPO@vasws.org.uk.

• The processing is necessary to perform a task in the public interest (in the area of public health).

• We have your explicit consent to process special category data.

• The data has been manifestly made public by you.

• Processing is necessary for reasons of preventative or occupational medicine, for assessing the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of data protection legislation or a contract with a health professional

​

It is important that the personal data we hold about you is accurate and current.

​

Why we collect and use data

​

We have set out below a description of all the ways that we plan to use your personal data, with the legal bases we rely on to do so.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact our Data Protection Officer for more information.

​

​

​

​

​

​

​

​

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​

 

 

 

 

Marketing and promotional materials

​

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

​

You will not receive marketing communications from us unless you have opted in to receiving marketing communications. In order to safeguard privacy, you will be automatically opting out of receiving marketing communications until you decide to opt in.

​

 

Changes of purpose

​

We will only use your personal data for the purposes for which we collected it, unless that reason is compatible with the original purpose. If we wish to use your personal data for a new purpose, then we will provide you with a new notice explaining why we need to use it and the legal basis which allows us to do so.

​

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

​

How we store your personal information

​

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, volunteers, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentialit.

​

We have put in place procedures to deal with any suspected personal data breach and will notify you and the regulator (the ICO) of a breach where we are legally required to do so.

​

We will only keep your personal data for as long as necessary to fulfil the purpose for which we collected it.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For information on how long we keep your information, please see our data retention policy (available on request).

​

When we no longer need your personal data we will dispose of it appropriately.  Hard copy data will be shredded and electronic files will be deleted from our systems and backups.

​

Sharing your personal data

​

Your personal data will only be shared when it is either necessary to fulfil the contract we have with you, to comply with legal obligations or it is necessary for our legitimate business obligations.

​

We may share data with:

• External Third Parties, including:

  • Providers, acting as processors, including Netbox, Viking Direct and Charity Log, based in the United Kingdom, who provide IT and system administration software, care planning software and company supplies.

  • Professional advisers, acting as processors or joint controllers including Quick Books, Langton London Insurance Brokers, WorkNest and CAF Bank, based in the United Kingdom, who provide finance, insurance, HR and Health and Safety Advice, and banking services.

  • Health, statutory, voluntary and charitable professionals and organisations, acting as processors or joint controllers, who provide health and additional referral services to clients

  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.

​

Please note that the list of third parties we share data with is not exhaustive and could change on a regular basis. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We will never sell your personal information to third-parties but we do allow our third-party service providers to use your personal data for their own purposes if it is part of a contracted agreement and in accordance with our instructions.

​

Marketing

​

We do not currently engage in third party marketing.

​

You can ask us or third parties to stop sending you marketing messages at any time by contacting Voluntary Action South West Surrey at DPO@vasws.org.uk. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of receiving a service from VASWS.

​

Cookies

​

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.  You can find our cookie policy on our websit.

​

Transfer of data abroad

​

We do not transfer data outside the UK

​

Automated decision making

​

We do not use any form of automated decision making in the business

​

Your legal rights

​

Data rights

​

Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:

1. The right to request a copy of the personal data which we hold about you;

2. The right to request that we correct any personal data if it is found to be inaccurate or out of date;

3. The right to request your personal data is erased in certain circumstances;

4. The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data;

5. The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable;

6. The right to restrict our processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

7. The right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

​

If you wish to exercise any of the rights set out above we request that you contact our Data Protection Officer. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you

​

When you make a request we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

​

How to complain

​

If you have any concerns about our use of your personal information, you can make a complaint to us.  Please in the first instance contact our Data Protection Officer, Ian Ross, on 01483 504626 or DPO@vasws.org.uk.

​

You can also complain to the ICO if you are unhappy with how we have used your data.

​

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

​

Helpline number: 0303 123 1113

​

ICO website: https://www.ico.org.uk