Privacy notice: Carers’ Support East Kent (CSEK)
This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.
If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following information:
Email us: firstname.lastname@example.org
Telephone: 0300 302 0061
Write to us: Data Protection Officer, Innovation House, Discovery Park, Ramsgate Road, Sandwich, Kent CT13 9ND
If you are unhappy with the way we process your data, you can also make a complaint to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. They can be contacted by:
Telephone the ICO: 0303 123 1113
Write to the ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Or by going online to: www.ico.org.uk/concerns
If you are based outside of the UK, the complaint should be directed to the relevant Data Protection Supervisory Authority in that Country.
1. Who are we?
We are Carers’ Support East Kent and for the purposes of UK Data Protection Law we are registered as a Data Controller under registration number Z2453970. Carers Support East Kent offers a wide range of support services to provide Carers with the information and support they need.
You may not think of yourself as a Carer, but our services are available to you if you look after a relative or friend, who due to physical or mental illness, age-related difficulties, disability, or an addiction, cannot manage without our support.
In this Notice, Carers’ Support East Kent ‘we’, ‘us’, ‘our’ means: Carers’ Support East Kent (CSEK), Charity registration number: 1136904, Company registration number: 7213672, ICO number: Z2453970, Location and Registered address: Innovation House, Discovery Park, Ramsgate Road, Sandwich, Kent CT13 9ND.
2. How do we collect information from you?
Information you give us directly
For example, we may obtain information about you when you enquire to receive help and support from us, if you make a referral to us by phone, email, text, on our website and in person, if you attend one of our events, when you apply to work with us, if you volunteer for us, or if you are employed by us, or if you make a one time or recurring donation, or if you fundraise for us.
We may occasionally collect information when it is available publicly from external sources and may help us to provide a better service or raise funds to continue our work.
When you visit this website
We may, like many organisations, automatically collect the following information when you visit our website:
Technical information, including the type of device you’re using, your IP address, domain name, the date and time of your visit, the pages you accessed, documents you downloaded, the previous website you have visited and type of browser you are using.
Personal information may be collected through our website when you use the following website services: call me back button; contact us links; consultations; donations page; forms; shopping page; and social media pages including our website, Facebook and Twitter.
When you interact with us on social media platforms such as Facebook and Twitter, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.
3. What type of information is collected from you?
In order to carry out our work and to reach the charity’s objectives, we collect personal information about our volunteers, supporters, funders and service providers as well as the individuals and children (and their families) we support.
This may include:
- Your name and contact details (including postal address, email address and telephone number).
- Your date of birth.
- If you volunteer for us
- If you have donated with us or make an ongoing donation, we may have records of previous support and donations
- If you attend our events, we may have records of events bookings, including volunteers, supporters and beneficiaries. We may hold an image of you in a photo or video to use on our website or in other fundraising and marketing materials to promote the charity.
- A photo will be necessary for staff and volunteers to be used for DBS and right to work checks.
- Your bank or credit card details if you work with us in order to pay your salary. Your card information is not held by us, it is collected by our third-party payment processors, who specialize in securing your information and processing of debit/credit card transactions.
- Any other personal information that may be shared with us and information to assist us in providing our services.
- If you use one of our services we may collect information such as your Nationality, Religious or philosophical beliefs, sexual orientation, health conditions or disabilities, information about you and your circumstances, relevant health and safety concerns, your needs and wishes.
Data protection laws recognise certain categories of personal information as sensitive or ‘special categories of data’ and therefore requiring greater protection, for example, information about your health, religion, or sexual orientation.
In the nature of what our charity does, we actively collect special category data from beneficiaries to achieve the objectives of the charity and to provide the help and support we give. Such data is collected with only your explicit Consent and/parent or guardian Explicit Consent is handled with great care. Exemptions may apply to certain data in order for the charity to carry on offering help and support to services users for health and social care purposes.
4. How and why is your information used?
We may use your information for a number of different purposes, which may include:
- Keeping a record of your relationship with us.
- Carrying out our obligations under any contracts entered into between you and us.
- Providing you with the services or information you asked for.
- For internal administrative purposes, and to let you know about changes to our services or policies that may affect you.
- Checking for updated contact details against third party sources so we can stay in touch if you move (please refer to section ‘keeping your information up to date’).
- Seeking your views or comments on the services and information we provide.
- Notifying you of any changes to our services.
- Sending you communications which you have requested and that may be of interest to you. These may include information about events we may organise.
- Processing applications for volunteer opportunities.
- Processing applications for job opportunities.
- Record an event that you attend.
5. How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we keep your information for is determined upon our legal, contractual, and operational considerations. For example, we are contractually obligated to keep Carer assessment forms and all other documents linked to services delivered for 7 years after the service contract end date.
An example where we are legally required to hold certain types of information to fulfil our statutory and regulatory obligations would be from Employment law, Health and Safety and tax/accounting purposes.
We review our retention periods on a regular basis and update our Records of Processing Activities (RoPAs) accordingly. If you would like to know more about how long we hold your personal information for, please email: email@example.com
6. Who has access to your information?
We do not sell or rent your information to third parties. We do not share your information with third parties for marketing purposes unless we have your consent to do so.
Authorised employees will have access to your information where it is necessary, all employees have undertaken data protection training and understand their obligations when taking care of information on behalf of Carer’ Support East Kent.
Third parties working on our behalf
We may pass your information to our third-party service providers, suppliers’ subcontractors, and other associated organisations for the purposes of completing tasks and providing services to you on their behalf, for example, to process employment payroll.
Please be assured that your data will not be processed by these third parties for any other reason than that stated unless you have requested us to do so, or we are required to do so by law. For example, for the purposes of prevention of fraud or other crime or any other requirement by law.
We have performed a Third-Party Supplier assessment on all our suppliers and have identified a low risk for these organisations. Such decisions are assessed on a regular basis and our findings are kept for record purposes. If you would like to know more about which third parties we use please see here for more information. (coming soon).
7. Lawful Processing
Data protection law requires us to rely on one or more lawful basis for processing your personal information. Please see the following lawful grounds we use and believe are relevant and lawful under data protection laws:
Specific and informed Consent
Where you have provided your consent to use your personal information for a certain purpose, for example:
- to provide beneficiaries with help and support.
- to participate in a project such as research purposes for the charity.
- to process a form you fill in on our website.
- to send you marketing email communications.
- to use a photo or video to promote our charitable purposes
Where it is necessary to achieve our and others’ objectives as a charity with good reason as long as we can demonstrate that the use is fair and with your reasonable expectations. This might include but is not limited to:
- send you communications through the post which we believe might be of interest to you.
- personalise, enhance, modify and improve our services and communications to you to benefit our customers.
- understand how people interact with our website, the effectiveness of our services, our promotional marketing campaigns, and our advertising
Whenever we use Legitimate Interest to process data, we perform a Legitimate Intertest Balancing Assessment (LIA) to enable us to consider any potential impact on you (both positive and negative), and your rights under data protection laws. Your information will not be processed if our interests as a charity override your fundamental rights and freedoms according to the law.
We will use this condition to process personal information where we are required by law, such as to process information about employees.
Performance of a contract
Where we are entering into a contract with you, for example where you purchase a ticket and attended to an event we have organised.
Where it is necessary to protect your life or your health. An example would be in the case of a medical emergency by an individual attending one of our events.
We may use our Legitimate Interest to send you marketing communications by post. If you prefer not to hear from us this way, please get in contact and let us know by any of the contact details listed in the ‘Your Choices’ section below.
If you have provided us with your telephone number or email address, for example, when you contacted us directly and expressed interest in our charity, we may get in contact with you via phone, email, or text to provide you with further information about our services. If the nature of your enquiry relates to marketing, we will ask for your consent to continue to process your data.
We will only send you fundraising and marketing communications by email, text and telephone if you have explicitly provided your consent. You may opt-out of our fundraising and marketing communications at any time by clicking the unsubscribe link at the end of our fundraising and marketing emails. Alternatively, you can get in touch via any of the contact details listed in the ‘Your Choices’ section below. Your contact details may be used to provide you with information about our newsletter, or other marketing campaigns.
When you give us consent to receive fundraising and marketing communications, we will monitor consent and ensure that you still wish to receive such communications by occasionally reaffirming your consent with us. Our approach is designed to uphold your privacy and information rights, to respect your choices, and to ensure we are not intrusive.
We respect and value your choices. You have a choice whether or not you wish to receive information from us and we are committed to putting you in control of your data. You are free to change your marketing preferences at any time, including if you do not want to receive further contact in regard to marketing purposes. Please contact us and we will be sure to amend your preferences:
Email us: dataprotection@Carersek.org.uk
Telephone us: 0300 302 0061
Write to us: Data Protection Enquiry, Innovation House, Discovery Park, Ramsgate Road, Sandwich, Kent CT13 9ND
8. Your Rights
Under data protection laws in the UK, you have certain rights over the personal information that we hold about you. Here is a summary of the rights we think apply:
Right to be Informed
You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out however if you would like further information or feel that your rights are not being respected please get in contact with any of the details listed above.
Right of Erasure
You may ask us to delete some or all of your information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.
Right to Object
You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.
Right to have inaccurate personal information corrected
Inaccurate or incomplete information we hold about you can be corrected. The accuracy of your information is important to us and we are working on ways to make this easier for you to review and correct the information that we hold about you. We will also carry out an annual accuracy check. If any of your information is out of date or if you are unsure of this, please get in touch through any of the contact details listed in this notice.
Right of restriction
You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.
Right to Access your information
You have a right to request access to a copy of your personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge and proof of identity is required.
Automated decision making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you. We do not currently undertake automated decision making.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured. Commonly used, electronic form so it can be easily transferred.
9. Keeping your information safe
We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to ensure that your personal information is secure when under our control, both on and offline, from improper access, use, alteration, destruction, and loss.
Any sensitive information (such as your credit or debit card details or any information that is classed as sensitive or ‘special category data’) is encrypted and protected. All debit and credit card details are passed securely to our payment processing partner, according to the Payment Card Industry Security Standards.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This Privacy Notice does not cover the information practices of those websites or advertisers.
10. Use of 'cookies'
Like many other websites, this website uses ‘cookies’. ‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device such as your computer, mobile phone or tablet. Cookies allow websites recognise your device so that the sites can work more efficiently, and also gather information about how you use the site.
The Cookies we use
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide. We use all four categories of Cookies:
- Strictly necessary Cookies are essential for you to move around our website and use its features.
- Performance Cookies collect anonymous information about how you use our site, like which pages are visited most.
- Functionality Cookies collect anonymous information that remembers choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
- Targeting or Advertising Cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit: www.aboutcookies.org or www.allaboutcookies.org
No Cookies, please
11. Transferring your information outside of the United Kingdom
When data is transferred outside of the UK, appropriate safeguards, and standard contractual clauses (SCC) are in place to ensure adequate levels of security and are in line with data protection laws. Your data is normally processed within the UK but may on occasion be processed outside of the UK.
All processing is secure, and agreements exist between us and the data processors to safeguard and secure your information. All non-UK processing may take place within the European Union, or Outside of the European Union.
12. Changes to this notice
Any changes we may make to this policy in the future will be posted on this website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes, we’ll make this clear on our website or we may contact you.
13. Review of this notice
We keep this policy under regular review. This notice was last updated March 2022.