Privacy Policy
1. Scope
All data subjects (a living individual) whose personal data is collected, in line with the requirements of the General Data Protection Regulation (GDPR).
2. Responsibilities
2.1 The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to Inspire processing their personal data.
2.2 All Employees of Inspire who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention. All data subjects are required to review this privacy notice and agreeing to the lawful reasons for processing.
2.3 Data subjects reserve the right to object to processing at any time.
3. Privacy notice
WHO ARE WE?
Inspire is a charity recognised and valued for the work undertaken with young people experiencing severe disadvantage and social instability, who need opportunities for purposeful reintegration into society. The charity works at the forefront of helping young people to overcome challenges onto positive next steps in their lives back into employment and further training.
Thousands of people have benefitted from the Inspire’s services since our inception – providing opportunities that they may not otherwise have access to, to help better their life chances.
For Data Protection (GDPR) queries, please contact:
- Email address: info@inspiresuffolk.org.uk
- Telephone number: 01473 353193
PERSONAL INFORMATION
Inspire is committed to the responsible handling and protection of personal information.
Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
We collect, use, disclose, transfer, and store personal information when needed to provide our Services and for our operational and business purposes as described in this Privacy Notice. We want to be clear about our privacy practices so that you can make informed choices about the use of your information.
HOW WE USE YOUR INFORMATION
This privacy notice tells you how we, Inspire, will collect and use your personal information to enable us to provide our services.
Why does Inspire need to collect and store personal information?
Inspire processes (collect, store and use) personal information for the following purposes:
- Participant information for booking and running programmes
- Recording participation and qualifications, including case studies and analysis
- Managing and recording financial transactions
- Maintaining mailing lists to ensure customers are kept up to date with relevant information
- Fundraising events
- Employee and volunteer management
We are committed to ensuring that the information we collect and use is appropriate for these purposes and does not constitute an invasion of your privacy.
SPECIAL CATEGORY INFORMATION
Occasionally we process what may be considered special category information (sensitive personal information).
Sensitive personal information is a subset of personal information and is generally defined as any information related to racial/ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, other medical information including biometric and genetic data, or sexual life preferences.
We will only process this information if it is necessary to support you whilst you are an Inspire customer or employee. If we wish to pass your sensitive personal information onto a third party we will only do so once we have obtained your consent unless we are legally required to do otherwise.
LAWFUL PROCESSING
We must have a valid lawful basis in order to process your personal information. This ensures that the processing is necessary and applies to one of the purposes listed above.
The following information explains what personal information we process and the lawful basis for processing against each purpose.
1. Provision of Sport, Education and Facilities Services
Lawful basis – Contract
When you come into contact with Inspire we will ask you to provide personal information that is necessary to manage and support (sustain) the services that we provide. When you contact us, we will update and add notes to our computer systems and manual files. Access to your personal information will be limited to members of Inspire requiring information to carry out our business. We may pass your personal information on to third-party service providers contracted to Inspire, or to whom Inspire is Contracted to. Any third parties that we may share your information with are obliged to keep your details securely, and to use them only to fulfil the services they provide on our behalf.
- Personal details including:
Full name, DOB, sex, age, health-related issues, disabilities and vulnerabilities, communication needs, next of kin, correspondence address, NI number, payment methods, direct debit details, diversity information including nationality, sexual orientation, first language, ethnic origin and religion. - Communication with Inspire including:
- Processing of internal and external mail (external via third party
- Website bookings
- Fundraising details
- Customer, Volunteer and employee contact details
- Financial Details including:
- Payment details and records
- Supplier records
- Customer and Stripe Customer Records
- Employee payment records
Lawful basis – Legitimate Interest
We process personal information for certain legitimate interests related to the business purposes listed above. ‘Legitimate Interest’ means the interest of our company in conducting and managing our business (to enable us to give you the best service in the most secure way).
- Advise by phone, post, text or email
- Whistleblowing for the protection of staff and students
- CCTV surveillance for the protection of property and staff
- Share forwarding address to utility company if outstanding balance on accounts
Lawful basis – Legal obligation
We process personal information for certain legal obligations. This is where the processing is necessary to comply with legislation or the law.
- Safeguarding (protection of customers) and sharing relevant information with social services
- Processing of Subject Access Request (SAR)
- Where we require identification for proof of who you are to minimize Fraud
2. For the welfare of our customers
- Liaison with associated welfare services, advice and support
- Emergency contact details of customers, employees and volunteers
- Medical details of customers, employees and volunteers
3. For the prevention of fraud & Legal proceedings
- Share personal information with the relevant local authority for the prevention and detection of crime (case specific and relevant)
- Share personal information with the local safeguarding children’s board
- Sharing CCTV images for insurance and legal purposes
- Assessing and pursuing incidents of identified or suspected fraud and reporting matters of concern to the relevant authority
4. Feedback from research and survey on how we can provide better services
- Carrying out research
- Contact to complete surveys after you have received a service from us and use the information you provide to improve our services
5. Communication with our customers to provide updates relating to our business and services
- Email or Text customers with the promotion of our services
6. For the management, wellbeing and support of our employees
- Administration management of employment and/or the Company’s business. This includes information provided voluntarily as well as that collected as part of the recruitment process and during your employee journey. This includes:
- Pre-employment – Name, home address, email, phone no, medical details, next of kin, direct debit details, CV’s, emergency contact details, ethnicity details, driving license, birth certificate, marriage certificate, previous address history, previous convictions, NI number
- Right to work documentation
- Return to work
- Occupational health referrals and reports
- Doctors certificates
- Conflicts of Interest
- Disciplinary proceedings/details
- Grievance details
- Performance cases
- Sanctions, witness details and statements
- Payroll number & Bank account details
- Pregnancy, maternity & paternity details
- Employee children & partner details
- Sickness details
- Employee journey
- Salary details and bonuses
- Length of service
- Job title and contract type
- Employee changes/updates
- Responses to staff surveys
- Training, qualification and professional membership details
- Office access and operations
- Background checks (DBS) in line with the law
- Internal directories, employee share-point sites, internal websites (including H&S injuries) and other business cooperation and sharing tools
- License checks
- Court service
- Whistleblowing
- Employee training and sharing of information where necessary to accrediting and awarding bodies and training providers
- Process of levy returns for Apprenticeships and core construction skill roles and sharing of information with CITV
- Reporting of injuries, diseases and dangerous occurrences (RIDDOR) to HSE
- CCTV for the surveillance of property and safety of employees
7. For the management of financial services
- Processing of company pensions and sharing of relevant information with pension provider
- Processing of company payroll and sharing of relevant detail with employee bank
- Processing of credit and debit cards and sharing necessary information with third party and Bank
- Processing of Direct Debits and sharing necessary information with Bank
8. Information, system, network, and cybersecurity
- Overall information security operations of Inspire to prevent unauthorized access, intrusion, misuse of company systems, networks, computers and information, including prevention of personal data breaches and cyber-attacks (pen test)
- Detection and investigation of security incidents – processing of personal data of individuals involved in an incident
- Website security
- Monitoring access to systems and any downloads
- Use of information gathered from physical access control systems for investigation incidents
- Investigating and reporting of data breaches
9. General corporate operations and Due Diligence
- Sharing necessary and relevant personal information with external providers
- Monitoring physical access to offices, visitors and CCTV operations in reception and any other restricted areas legitimate
- Business intelligence
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION FOR?
We will hold your personal information securely while you are a customer with us.
Records will be held in line with retention legislation, following which we will delete all personal information unless you owe us any money, have ongoing legal proceedings with us, or where there is a logged complaint. We may also retain personal information regarding qualifications gained, and anonymized data to ensure accurate statistics and data can be reported.
We will hold employee data provided from the start of your employee journey and then in line with Data protection regulations, one year for unsuccessful applications and six years following termination of employment for employees. Once these timeframes have passed we will delete all personal information excluding confirmation of employment dates, or unless otherwise requested by yourself.
Financial records are held for seven years, following which they will be destroyed.
HOW DO WE SECURE PERSONAL INFORMATION?
Inspire takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
For example:
Policies and procedures
We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data including the following:
- We place appropriate restrictions on access to personal information
- We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
- We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
- Data Protection training for all employees who have access to personal information and other sensitive data
- We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
- We require, third-party contractors or sub-contractors to have appropriate agreements in place to ensure personal information is processed in line with the General Data Protection Regulation.
Automated decision making:
- We utilize automisation technology to help us manage and analyse data including:
- Cookies
- Mail Chimp (to securely hold and contact customers on our mailing lists)
- Google Analytics
- Hotjar
YOUR RIGHTS AS A DATA SUBJECT (CUSTOMER OF INSPIRE)
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to withdraw consent at any time.
COMPLAINTS
Lodge a complaint with the supervisory authority
Right to judicial review: if Inspire refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the Information Commissioner’s Office (ICO) details below:
Information Governance department
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
The table below highlights where we may receive personal information about you from someone else.
Personal data type: | Source: | |
Full Name, DOB, Age, Current Address, Contact Details, Medical Information, Qualification Information, Emergency Contacts | Colleges, Princes Trust, NCS |