Reviewed and revised: June 2022
This policy explains how SIFA Fireside processes personal data in order to provide the best possible service to individuals experiencing homelessness or who are vulnerably housed in Birmingham. We may collect personal data about people who are accessing our services to provide them with appropriate support or from people who are involved in our work in another way such as supporting through donations or volunteering. We are committed to protecting your privacy and data and this policy outlines how we safeguard that data, what data we collect and what your rights are in relation to your personal data.
1. Why we collect your data
How you are involved with SIFA Fireside will inform how we collect and process your personal data, and may be for the following reasons:
- to provide you with support and access to our services that you have requested or been referred to;
- to process, record and communicate with you about donations you make to SIFA Fireside, including administering Gift Aid information;
- for our own internal purposes to keep a record of our relationship with you;
- to process job and volunteer applications and student placements;
- to find out what you think about our services or activities;
- to address and resolve complaints;
- to comply with applicable laws and regulations and requests from statutory agencies or funders.
2. The information we collect
When you interact with us, we may collect your:
- full name & contact details – including your email address, postal address and telephone number;
- company;
- bank account details;
- date of birth;
- donation history and Gift Aid details;
- records of your engagement with us;
- information you enter on our website or through our social media platforms;
- photos, video or audio recordings you have uploaded to our social media platforms e.g. for fundraising;
- employer’s information and National Insurance number if you are a payroll donor;
- copies of your solicitor’s details if you’ve pledged a legacy.
If you are a client of one of our services, we may also collect the following sensitive personal information (which includes Special Category Data and Criminal Offence data) about your:
- current housing status and housing history;
- racial or ethnic origin and or/nationality;
- physical and/or mental health;
- sexual orientation;
- actual or alleged criminal offences.
If you’re a job applicant or volunteer we may collect the following additional information about your:
- work history;
- education and training history.
3. How we collect your data
We may use the following methods to collect this information:
- completion of paper or electronic forms;
- telephone, webchat, email, face to face communication;
- website forms or online surveys;
- third party companies like Virgin Money Giving, JustGiving, CAF donate;
- publicly available sources;
- messaging via social media.
If you are homeless or vulnerably housed client of SIFA Fireside, we may also receive information from local authorities, for example social care or housing teams or other professionals such as health practitioners or offender managers.
4. Our Legal Basis for Processing Personal Data
Depending on how you are involved with SIFA Fireside we may process your information on these bases:
- your consent (for example, to send you direct marketing by email or SMS. You can withdraw your consent at any time);
- to protect your vital interests (for example, if there is a risk of significant injury or harm);
- a contractual relationship (for example, if you are a volunteer at SIFA Fireside);
- processing that is necessary for compliance with legal and statuary obligation (for example, to process a Gift Aid declaration);
- Legitimate interest (for example, to provide our services).
If you are a homeless or vulnerably housed client of SIFA Fireside, we may collect and process sensitive data (Special Category Data) and Criminal Offence data, we do so under the following lawful bases:
- When processing Health Data for completing assessments to establish the services provided and risk assessments for the appropriateness of services, we do so on the basis of substantial public interest (under Article 9(2)(g) of the UK GDPR); and substantial
public interest ground for safeguarding individuals at risk (under paragraph 18 of Schedule 1 to the DPA). - When processing Criminal Offence Data for employee risk assessments, we do so on the basis of carrying out our legal obligation as an employer to take measures to keep our employees safe (under paragraph 2 of Schedule 1 to the DPA);
- For the processing of Criminal Offence Data for sharing with other third parties, we do so on the basis of substantial public interest (under Article 9(2)(g) of the UK GDPR) and substantial public interest ground for safeguarding individuals at risk (under paragraph 18 of Schedule 1 to the DPA);
- For the processing of Equality Data, we do so on the basis of a substantial public interest (under Article 9(2)(g) of the UK GDPR) and equality of treatment (under paragraph 8 of Schedule 1 of the DPA).
5. Who we share your information with
Depending on your involvement with SIFA Fireside we may share your personal data with the following parties and for these reasons:
- other homelessness organisations and partners in accordance with our charitable objectives;
- police or statutory services where there is a legal obligation to share data for the prevention or detection of crime.
6. Visiting our Website and the use of Cookies
If you visit our website we automatically record information. This includes:
- the pages you visit;
- how long you spend on our pages;
- how you were directed to our website;
- what kind of device you used to access our website.
Our website uses cookies. A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html. Most browsers allow you to reject all cookies. Blocking all cookies may have a negative impact upon the usability of many websites.
Cookie | Name | Purpose |
---|---|---|
Session cookie | SESS<…> | When required, cookies beginning with ‘SESS’ are used to track an individual’s persistent status, such as whether they are logged in. |
Google analytics | _utma _utmb _utmc _utmz | These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
JavaScript | has_js | We use this cookie to track which browsers are capable of processing JavaScript. JavaScript is a scripting language which provides enhanced interactivity and visual effects. |
Cookie acceptance | cookied-agreed-en | This cookie is used to record if a user has accepted the use of cookies on this website. |
7. How we store and protect your personal data
We use appropriate technical and organisational precautions to protect your personal data and to prevent the loss, alteration or misuse of your personal data. We store your data securely on paper files and electronic systems. Protection measures include:
- Data Protection training for all staff;
- Physical measures such as locked filing cabinets and door access controls;
- IT Security measures such as password protection, encryption and multifactor authentication.
We will store your personal data for an appropriate length of time to meet the purposes outlined in this policy. We will only hold your data for a longer period of time if it is permitted or required by law. The length of time that data is kept may depend on why we are processing it:
- Supporter and Donor information will be stored for a period of five years after our last interaction with you;
- Client information will be stored for a period of five years after leaving the service;
- Job applicant information will be stored for a period of six months after the selection process has been completed for unsuccessful candidates.
Once the retention period has passed, we will dispose of the data confidentially, anonymise it or permanently delete depending on the interaction you have had with us.
If you ask us not to contact you anymore, we will keep your basic details in order to ensure you do not receive unwanted materials in the future.
From time to time, clients, volunteers and supporters, may agree to give consent for their photo, video image or audio recording to be used in our promotional or fundraising materials (paper or electronic) such as annual reports, funding reports, website and promotional literature. We will not use any images or recordings without prior written or recorded consent. When we request consent, we will explain what it is for and how long the material will be in circulation. We will not use the material for any other purpose and unless further consent is given, we will stop using it after the following time period:
- six months for clients and service users (unless otherwise agreed)
- one year for volunteers and supporters.
Should you wish for the image or recording to be removed before that time we will remove it from our online publication and refrain from including it in any future written material.
8. Your rights
Under UK GDPR you have the following rights:
- Right to be Informed – we must tell you how we use your data and this is the purpose of this privacy notice.
- Right of Access – you can ask us for the personal data we hold about you.
- Right to withdraw consent – even if you have given consent previously, you can withdraw this at any time.
- Right to object – you can tell us you do not want your data processed e.g.
unsubscribing to our emails. - Right to restrict processing – you can pause or restrict the processing of your personal data in some circumstances.
- Right of erasure – you can ask us to delete all of your personal information in certain circumstances.
- Right of rectification – you can ask us to put right anything that is not correct about your information.
- Right to data portability – you can ask for your personal data to be transferred.
- Right to regulate automated decisions.
9. How to complain
If you are concerned about the way we have processed your personal data, please let us know by using the contact details at the bottom of this statement.
You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303-123-1113. ICO website: https://www.ico.org.uk.
10. Getting in touch
If you have any questions, concerns or would like to exercise your rights under UK GDPR, let us know using any of the details below:
Email: office@sifafireside.co.uk
Telephone: 0121 766 1700
Post: SIFA Fireside, 48-52 Allcock Street, Birmingham, B9 4DY
11. Review of privacy statement
This Privacy Statement will be reviewed on an annual basis and updated from time to time.