Wycombe Refugee Partnership (“WRP”) is a Charitable Incorporated Organisation No. 1168176. Its correspondence address is c/o All Saints Parish Office, 8 Castle Street, High Wycombe HP13 6RF
For the purpose of the General Data Protection Regulation 2016/279 (GDPR), and the Data Protection Act 2018, (together called the “Data Protection Rules”) WRP, through its Trustees, is a Data Controller in respect of your Personal Data.
Everyone has rights with regard to how their Personal Data is handled by organisations. WRP is committed to ensuring that Personal Data is properly and securely managed in accordance with the relevant Data Protection Rules, and believes this is an important part of achieving trust and confidence between WRP, its donors and supporters, and those whom it exists to help.
Please read this Notice to understand how we use and protect the information that you provide to us or that we obtain or hold about you, and to understand what your rights are in relation to information that we hold. This Notice applies to information about living identifiable individuals only.
2 WHAT PERSONAL DATA DO WE HOLD ABOUT YOU?
We may hold the following types of Personal Data – though it will be rare for us to hold all these types of data about any individual:
For trustees, staff, donors and supporters
Basic contact details - Name, Address, Email, Phone number
Credit/debit card information when making a donation
Bank account details when setting up a direct debit or reimbursing expenses
Contact consents i.e. whether you’ve said you’d like to hear from us by email
Taxpayer status for collecting Gift Aid
Date of birth, age, gender etc (where necessary for providing support or training in our services)
Basic contact details - Name, Address, Email, Phone number
Date of birth, age, gender, ethnicity, religion, health/medical etc (where necessary for providing support or accommodation and our other services)
Details of children's names, ages, health, education etc also we can help them.
Some of the data we hold will constitute “Special Categories of Personal Data” (see Section 10 – Glossary)
3 HOW AND WHY DO WE PROCESS YOUR PERSONAL DATA?
The Personal Data which we hold about you, whether it is collected directly from you or whether we receive it from a third party, may be used (“processed”) in a number of ways, for example:
- to communicate with you in relation to our activities, services and events, including seeking feedback and informing you of any changes to our services;
- to carry out the services that we offer, (accommodation, support, education, advice, job-seeking etc)
- to assist others in providing services that may help our guests
- to process donations that are made to us, or other payments where, for example, we receive grants or benefits to pass on to a guest
- to administer, support, and develop WRP's work, and to keep its accounts and records up-to-date to enable compliance with Charity law
- to carry out contractual obligations, e.g. for paying employees and suppliers
4 ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
Under the Data Protection Rules we must have a lawful basis for processing your information; this will vary according to the circumstances of how and why we have your information but typical examples include:
-the processing is within our legitimate interests in carrying out our charitable purposes and in ensuring the flow of charitable funds for these purposes
- you may have given consent (which can be withdrawn at any time by contacting us using the details below) for us to process your information (e.g. to send you communications by email or text) - we are carrying out necessary steps in relation to a contract to which you are party
- the Processing is necessary for compliance with a legal obligation (e.g. where we pass on information to a local authority for safeguarding or other reasons, or submit a tax refund claim)
- to protect your vital interests (e.g. if a guest or volunteer is ill, then we may pass on information to the NHS for treatment purposes and to family members).
If we process any “Special Categories of Personal Data” we must have a further lawful basis for the processing. This may include:
- where you have given us your explicit consent to do so (e.g. to cater for your medical or dietary needs)
- where the Processing is necessary to protect your vital interests or someone else's vital interests (e.g. passing on information about a crime to the Police)
- you have yourself made the information public (e.g. by disclosing personal details and beliefs on social media or the local press)
- where the Processing is necessary for the establishment, exercise or defence of legal claims
- where the Processing is necessary for carrying out WRP's employment and social security obligations
- where it is in the substantial public interest, and necessary for the safeguarding of children or vulnerable adults
5 WHO WILL WE SHARE YOUR INFORMATION WITH?
We will only use your Personal Data within WRP for the purposes for which it was obtained. However, in the case of our Guests especially, it will often be necessary to share some information about you with other people, and organisations, such as landlords, letting agencies, benefits offices, schools, Local Authorities, mosques and churches, our own volunteers, and other charities.
And we may be required to disclose information under the Data Protection Rules, or order of a Court, or the Police, or other authorised body according to UK law.
We may share your information with government bodies for tax-reclaiming purposes or law enforcement agencies for the prevention and detection of crime.
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the Personal Data that we hold.
In the course of processing your Personal Data, or disclosing it to the recipients referred to above, we will where practicable take steps to ensure that the transfers comply with the GDPR and that your Personal Data is appropriately protected. We do so by requiring them to satisfy us that they have a code of conduct affording an adequate degree of protection for your data, approved by a competent national or international supervisory authority.
6 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
Your information will be kept only for as long as is necessary and we will delete it when it is no longer needed. In particular, we will delete information about guests and their families once they leave our area or cease to be in receipt of our support. We will only retain such information so far as we judge it to be for the substantial benefit of our former guests, or for so long as it takes to resolve any ongoing issues.
7 YOUR RIGHTS
You have rights in respect of the Personal Data you provide to us. In particular:
(a) the right to request a copy of some or all of the Personal Data that we hold about you. We do not make a charge for this service; but a request needs to be made in writing, which can include e-mail or other media
(b) the right to withdraw your consent to us using your Personal Data
(c) the right to ask that any inaccuracies in your Personal Data are corrected
(d) the right to have us limit the processing of all or part of your Personal Data
(e) the right to ask that we delete your Personal Data where there is no compelling reason for us to continue to process It (erasure, or “the right to be forgotten”).
Please note that the above rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to retain and process your Personal Data. Also, we may need you to provide us with proof of identity for verification and data-security purposes before you can exercise your rights.
Please also note that parents / guardians / family members do not have a right to see information held about their children or other family members (or any other third parties) and rights may only be exercised by a individual (including children of 13 years or over), or with their expressed permission.
8 CHANGES TO THIS NOTICE
We may make changes to this Notice from time to time as our organisational practices and/or applicable laws change. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by the Data Protection Rules.
9 CONTACT DETAILS
- have any questions
- require further information about how we protect your Personal Data
- wish to exercise any of the above rights
- would like to provide feedback or make a complaint about the use of your information
please contact any operational manager or Trustee of WRP.
E-m: firstname.lastname@example.org Tel: 0845 643 2873
We hope that we can satisfy any queries you may have about the way in which we Process your Personal Data. However, if you have unresolved concerns you also have the right to complain to the Information Commissioner (‘ICO’) (www.ico.org.uk).
"Data Controller" means a person, organisation or body that determines the purposes for which, and the manner in which, any Personal Data is processed. A Data Controller is responsible for complying with the Data Protection Rules and establishing practices and policies in line with them.
"Personal Data" means any information relating to a living individual who can be identified from that information or in conjunction with other information which is in, or is likely to come into, WRP's possession. Personal Data can be factual (such as a name, address or date of birth) or it can be an opinion (e.g. a performance appraisal). It can even include a simple email address. A mere mention of someone's name in a document does not necessarily constitute Personal Data, but personal details such as someone's contact details or medical history (if it enabled an individual to be identified) would fall within the definition.
"Processing" means any activity that involves use of Personal Data. It includes obtaining, recording or holding the information or carrying out any operation or set of operations on it, including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring or disclosing Personal Data to third parties.
"Special Categories of Personal Data" (previously called sensitive personal data) means information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexuality. It also includes genetic and biometric data. Special Categories of Personal Data can only be processed under strict conditions and such processing will usually, although not always, require the explicit consent of the Data Subject.