This notice applies to the website, products & services delivered by Inspire (Partnership Through Life). Inspire is a Scottish Registered Company based in Scotland (SC000038) and considers Scottish law to be its lead supervisory authority. All significant decisions about data processing and policy implementation will be made using UK GDPR. This policy is set out to help you understand the types of data that we collect from you and/or your business and how that data is processed and managed.
Commitment
We are committed to protecting the privacy and security of your personal information, we continually monitor compliance through implementing policies & procedures to safeguard data and by setting regular reviews to manage these policies and procedures.
Data Controller
In accordance with ICO requirements of Data Controllers, Inspire is registered with the Information Commissioners Office (Z5249213). When you are using Inspire website products and services, Inspire is the Data Controller. Inspire is also in some cases a processor and a joint controller where services have been commissioned through contract with third parties.
How we get your personal information
Most of the personal information we process is provided to us directly by you, however we may receive indirect personal information depending on your relationship with us. Some examples of our indirect collections are: -
- Recommendations and feedback on how well you are doing if you work for us
- Support information from family and friends
- Referral for services we provide
- Where an individual is considered vulnerable or at risk
- Digital monitoring & alarm systems to help keep you safe and to support assessment and delivery of services
Why we collect your data
We collect and process personal data about the people who interact with us. The kind of data we collect depends on someone’s needs, and how they’re using our services. For instance, we might collect data to communicate with someone and send requested information to them, to help us administer donations, or to improve our services. We collect the minimum of data required to provide our services and do our work. We’re completely committed to protecting your data and privacy, and we pride ourselves on taking great care to ensure it stays safe. Some of the reasons we might collect your data include:
- to provide you with the support, care or employment services you have requested or been referred to
- to record personal details shared during conversations & assessments with our carers and volunteers to ensure we continue to provide you with the best possible support
- to let you know about ways in which you can utilise your skills and experience to influence, shape and support the organisation
- to let you know about our community events and opportunities to support Inspire and those that need our services.
- to record and contact you regarding payments/donations you might make to Inspire
- to administer the services Inspire is providing to you
- delivery of services on behalf of governments & Local Authorities
- Quality assurance
- to communicate with you regarding Inspires fundraising and campaigning activities
- to process donations and administer Gift Aid information for any donation you make to Inspire
- to process a purchase via one of our shops or cafes
- to provide you with information about and to administer events, including training sessions
- to manage your communication preferences
- to process job applications or volunteer placements
- to conduct surveys, research and gather feedback
- to obtain information to improve our services and user experiences
- to address and resolve complaints about Inspire and our services
- to comply with applicable laws and regulations, and requests from statutory agencies
- to comply with our contractual obligations to our funders
Information we collect
Depending on your relationship with Inspire and how you use our services, we have several different software applications & business processes that collect information. We will collect some or all the categories listed.
- Personal Information such as name, address, date of birth, gender, email, phone number, Photo ID
- Sensitive information such as Bank details, financial awards, employment status
- Special Category information such as Health & Medical History, Religious, Sexual Orientation, Race, Ethnic Origin
- Information around day-to-day health & wellbeing, digital assessments including GP practice and Key care providers to comply with our contractual obligations to our funders
- Biometrics information
- Operating Systems, IP address, Mobile & Desktop device identifiers
- Relationship information, Friends, Family and Legal relationship documentation
- Photographs, video audio recordings,
- Criminal Records Data such as Disclosure Certificates
- Professional Information such as qualifications, Professional registration, employment history, employee management & appraisal, attendance, disciplinary & financial,
This information may be collected via:
- any paper forms you complete
- telephone, webchat or email conversations, or face-to-face interactions
- digital forms completed via our website, or online surveys
- third-party companies and websites such as Just Giving
- publicly available sources
- communication via social media
We sometimes also collect sensitive, personal data about individuals. This includes information about health, religion, sexuality, ethnicity, political and philosophical beliefs, and criminal records. We will normally only record this data where we have your explicit consent unless we are permitted to do so in other circumstances under data protection law. Where we are providing you with support services, we may record your sensitive personal data if this is necessary for the delivery of health, therapeutic and care interventions, or if it is in the substantial public interest because we would not be able to provide our services without doing so. We also take additional steps when necessary to apply suitable encryption & pseudonymisation measures to ensure that the personal data is not attributed to an identified or identifiable person.
Lawful Basis
We apply the GDPR principles to all personal & sensitive data that we hold or process
1) Processed lawfully, fairly and in a transparent manner in relation to individuals.
2) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
3) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
5) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
6) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
Sharing Information
- We share only the information required to deliver advice services & support to you. This may include sharing your information with our suppliers to carry out this work.
- We will not sell or rent your information to third parties
- We will not share your information with third parties for marketing purposes
- We may be required to transfer your information to a third party as part of a sale of some or all of our business assets to third party as part of any business restructuring or re-organisation.
- We may also be required to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Data Breaches
Inspire will continue to look for new ways to protect data, however in the event of a data breach we will notify the ICO within 72 hours of becoming aware of the breach. Where we don’t yet have all the relevant details we will notify when we expect to have the results of the investigation. We have implemented the ICO guidance framework on managing a security breach. This framework includes the following: *Containment and recovery * Assessing the risk/impact * Notification of Breaches * Evaluation & Response
International
All significant decisions about data processing and policy implementation will be made using UK GDPR. As part of the services offered to you the information which you provide to us will not be transferred to countries outside the UK & Europe Our servers are Located inside the UK & Europe If we have a requirement to transfer your information outside of the UK & Europe in any way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice. If you use our services while you are outside the UK & Europe your information may be transferred outside the UK & Europe in order to provide you with those services.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access- You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure- You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
Your right to data portability- This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent, or in talks about entering into a contract and the processing is automated.
Please contact us at info@inspiremail.org.uk if you wish to make a request.
Further information around your rights can be found at https://ico.org.uk/your-data-matters