South Derbyshire CVS (SDCVS) is a company registered in England, Registration Number: 4958843.
Our registered office is: Top Floor Unit G, Sharpe's Industrial Estate, Alexandra Road, Swadlincote. DE11 9AZ. We are also a registered charity, Charity Number: 1101450.
We provide a number of services including:
Befriending support and social contact groups.
Home from Hospital
Volunteering information and recruitment
Office facilities and equipment for community use
Food Bank and Community Food Projects
Details of all services can be found on or primary website SDCVS.
In order to provide our services, we may need to process Personal Data about you. This Privacy Notice explains how we will use the personal data we hold about you in line with the General Data Protection Regulations (GDPR).
We respect your privacy and are committed to maintaining the security of your personal information. This notice outlines how and why we collect and use personal data. We want to ensure you are informed and in control of your personal data. Please be assured that we will never sell your personal data.
If you have any questions about this Privacy Notice, feel free to send an email to our Data Controller (the Chief Executive Officer) on email@example.com or call on 01283 219761.
To reduce the use of technical terms in this document, we talk about SDCVS as the Data Controller. We talk about you as the Data Subject and your data as Personal Data.
If you are reading this document in your capacity as a parent or guardian of someone who uses our services, please understand that “you” covers both you and the beneficiary.
Please note that a glossary of GDPR terms is included at the end of this page.
WHO DO WE HOLD PERSONAL DATA ABOUT?
We hold Personal Data about the following people:
People who use our services
Their emergency contact/next of kin or other household/family members if appropriate
Contacts who refer people to our services, or who we refer people to
Representatives or contacts for other agencies (other voluntary organisations, statutory services, etc.)
Our staff and volunteers
WHAT PERSONAL DATA WILL WE COLLECT?
To ensure that we can provide a service to you we need to collect some or all of the following information about you:
Your contact details and if appropriate, those of an emergency contact or next of kin,
If appropriate, details of family members or others in your household who are also beneficiaries of services provided
If you are employed by or volunteer with us, information that we need to fulfil our responsibilities as an employer / volunteer manager, and to deliver our services effectively
Additional information about you, your circumstances that we need to make sure that you’re eligible to receive a service, and to enable us to provide a service to you. Depending on the service we are providing to you, this may include Special Categories of Personal Data - these may include health data, sexual orientation, race, and religious or philosophical beliefs.
WHY DO WE COLLECT AND USE THIS DATA?
We hold and process Personal Data about you
To make sure you are eligible to receive a service
To enable us to provide services to you effectively
To report and monitor service delivery (e.g. to report to those who fund our services)
To fulfil our legal requirements as an employer / volunteer manager
WILL WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?
To enable us to provide a service to you, we may also need to share your data with other people or organisations:
1. With statutory bodies that have a legal right to demand the information from us, e.g. the Police.
2. With relevant authorities, in the event that we feel that you are vulnerable or at risk of abuse, or to prevent or report a crime
3. With organisations with whom we work in partnership to deliver services and with whom we have a data sharing agreement
4. With other organisations or services that might be of benefit, but only where you have given your consent for us to pass your details on
WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
It is our policy to ensure that your data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.
WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?
Your data will be held on our server and/or using third party servers (within the EU) managed by our software providers. We only use servers in the European Union. Access to IT systems is password protected, and file access is restricted to designated staff. Paper files are locked away securely when not in use.
FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We will generally retain your data for as long as you use our services and for a maximum of 2 years after you have stopped using our services. The only exception to this is where there is a legal or contractual obligation to retain data for a longer period. After this period the data is securely destroyed.
WHAT RIGHTS DO YOU HAVE ABOUT THE PERSONAL DATA WE COLLECT AND HOLD ABOUT YOU?
You have the following rights:
1. The right to be informed about what Personal Data SDCVS collects and stores about you, and how it’s used.
2. The right to request a copy of the Personal Data we hold, as well as confirmation of:
(i) the purposes of the processing;
(ii) the categories of personal data concerned;
(iii) the recipients to whom the personal data has/will be disclosed;
(iiv) for how long it will be stored; and
(iiiv) if data wasn’t collected directly from you, information about the source.
3. The right to require SDCVS to correct any Personal Data held about you which is inaccurate or incomplete.
The right to have your data erased from our records – unless we need to retain the data under circumstances specified by the GDPR.
4. The right to request that SDCVS restricts the processing of your data. The GDPR specifies the circumstances where this right applies.
5. Right of portability: the right to have the data you have given us to be transferred to another organisation.
6. The right to object where processing is carried out for direct marketing purposes.
7. The right not to be subject to a decision based solely on automated processing.
WHO DO YOU COMPLAIN TO IF YOU ARE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?
If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Controller at our registered address (as above) or by email to: firstname.lastname@example.org
You can also submit a complaint to the Information Commissioner’s Office. For further information please visit the ICO website: https://ico.org.uk/make-a-complaint/
This Privacy Notice will be reviewed in line with our Data Protection Policy.
GLOSSARY OF GDPR TERMS IN THIS PRIVACY NOTICE
'Controller' is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it.
'Data Subject' means the individual who can be identified from the Personal Data.
'GDPR (General Data Protection Regulation)' is Europe's new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.
'Lawful Basis' – There are six lawful reasons defined in the GDPR for which personal data can be processed.
'Personal Data' means data which can be used to identify a living individual. This could be a name and address or it could be a number of details which when taken together make it possible to work out who the information is about.
Special Categories of Personal Data means details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.
Published 9th February 2023