Enfield Carers Centre (ECC) understands that legal explanations of how we use, keep, and process your data can appear confusing and long winded. This is because, under General Data Protection Regulations (GDPR), we have to ensure you are aware of what will happen to any information you may share, intentionally or sometimes unintentionally.
PRIVACY AND COOKIES POLICY
1.1 We are committed to safeguarding the privacy of people browsing Enfield Carers Centre’s Website in this policy we explain how we will handle your personal data.
2.1 This document was created using a template from SEQ Legal (http://www.seqlegal.com).
3 How we use your personal data
3.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases of the processing.
3.2 We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for us in processing this information is known as our legitimate interests, namely monitoring and improving our website and services.
3.3 We may process your account data. Account data may include your name and email address. This is not collected if someone just browses our website but if a person uses specific functionality such as registering with the Centre online, booking an Event or contributing donations then information submitted at this time will be stored, securely, by Flywheel and Enfield Carers Centre. The source of the account data is you and consists only of information you submit to Enfield Carers Centre’s website. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is your implied consent by submitting this information and/or Enfield Carers Centre’s legitimate business interests, to allow us to conduct a proper administration of our website and provide services requested by individuals online.
3.4 We may process your information included in your personal profile on our website. A unique profile is created when you first browse our website, this information is included in the Cookie that you allow to be downloaded to your browsing device. The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, and social media Ids; this information is only obtained if you share this when submitting information on Enfield Carers Centre’s website. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is via your consent to allow us to provide you with a service OR for legitimate business interests, namely the proper administration of our website and business OR to fulfil a contract between you and us, as you might reasonably request; for example to book into an event and to take a deposit for this via our website.
3.5 We may process personal data that you have provided in the course of the use of our services, known as “service data”. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and enabling communication with you. The legal basis for this processing is your consent OR our legitimate business interests, namely the proper administration of our website and business OR the performance of a contract between you and Enfield Carers Centre and/or taking steps, to fulfil your request, which may constitute an agreement for us to provide a requested service.
3.6 We may process information that you post for publication on our website or through our services, known as “publication data”. The publication data may be processed. This may be in the form of a guest blog or comments that are made from your social media to our social media platforms appearing on our site. The legal basis for this processing is your consent by including us in your post OR our legitimate business interests, namely the proper administration of our website and business and to ensure that information on our site is appropriate for all browsers OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract because you made a specific request for us to action as part of the information you provided.
3.7 We may process information contained in any enquiry you submit to us regarding products our work/services, known as “enquiry data”. Enquiry data may be processed for the purposes of offering relevant services to you. The legal basis for this processing is because you provided consent by submitting an enquiry to Enfield Carers Centre via our website.
3.8 We may process information relating to transactions, including donations or purchases of goods and services, that you enter into with us and/or through our website, known as “transaction data”. The transaction data may include information such as your name, address, email and payment details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of transactions. The legal basis for this processing is to fulfil the contract between you and us and/or taking steps, at your request, to enter into such a contract. We also have legitimate business interests, namely our interest in the proper administration of requests of goods/services received via our website.
3.9 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters, known as “notification data”. Notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is that you have given consent authorising this contact.
3.10 We may process information contained in or relating to any communication that you send to us, known as “correspondence data”. The correspondence data may include the communication content and metadata associated with the communication. Enfield Carers Centre’s website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate business interests, namely the proper administration of our website, and business, and communications with users.
3.11 We may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate business interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. If, for example, you were to request any information held about you by Enfield Carers Centre we would have to process and record the information you have submitted to use to be able to fulfil your requests in the manner afforded by your rights to your data.
3.12 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject in order to protect your vital interests or the vital interests of another natural person.
3.13 Please do not supply any other person’s personal data to us, unless we prompt you to do so, as this is required to fulfil an agreed action, such as make a referral for the person your care for, or to contact a professional on your behalf.
4 Providing your personal data to others
4.1 We may disclose your personal data to Enfield Local Authority insofar as reasonably necessary for the purposes set out in this policy.
4.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
4.3 We will share limited donor personal data, such as profile and/or service to the relevant fundraiser where donations are made, insofar as reasonably necessary to inform them that an associated donation has been made.
4.4 We may disclose specific personal data category or categories to other 3rd party organisations, but this would only occur if you have consented to a referral being made to these organisations to access specific services, insofar as reasonably necessary.
4.5 Financial transactions relating to our website would be handled by our payment services provider, please contact Enfield Carers Centre to be provided with the current provider’s information. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding payments and dealing with complaints and queries relating to such payments and refunds.
4.6 Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
- Your data will be made available to our website provider
- The data that may be available to them include any of the data we collect as described in this policy.
- Our website provider will not transfer your data to any other third party or transfer your data outside of the United Kingdom.
- They will store your data for a maximum of 7 years.
4.8 In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
5 International transfers of your personal data
5.1 In this Section 5, we provide information about the circumstances in which your personal data may be transferred to countries outside the United Kingdom.
Enfield Carers Centre is a local charity, based in Enfield, London, England, and does not share personal data outside of the United Kingdom.
6 Retaining and deleting personal data
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 We will retain and delete your personal data as follows:
(a) Personal data will be retained for 7 years following the date of receipt, at the end of which period it will be deleted from our systems, unless you give consent for us to continue to store your data. Our website provide also deletes all information after 7 years, this period is chosen because of the legal timeframes inherent in standard contract law.
6.4 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7.3 We may notify you of changes to this policy by email or other communication methods.
8 Your rights
8.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity.
8.2 We may withhold personal information that you request to the extent permitted by law.
8.3 You may instruct us at any time not to process your personal information for marketing purposes, or change the methods you would prefer Enfield Carers Centre use to communicate with you.
8.4 In practice, you will usually either expressly agree in advance to our use of your personal information to send you newsletters, contact you about events and services, and we will provide you with the ongoing opportunity to opt out and prevent us from using your personal information to send you information about ECC services and events.
9 Third party websites
9.1 Our website includes hyperlinks to, and details of, third party websites.
10 Personal data of children
10.1 Enfield Carers Centre supports Carers from the ages of 5 years up, we would not expect anyone below the age of 18 to submit information to us via our website. Although we would try to have information relevant for all carers accessible on our website, if a child below the age of 18 years requests our support we would seek consent to work with them from their legal guardian, unless there are concerns about the child’s safety, in which case we would take appropriate safeguarding actions.
10.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data. Unless we have consent from their legal guardian to process this information. For legitimate business reasons we may delay deleting this data to allow time for consent to be provided, as if a child is referred to us as potentially requiring support, we would take efforts to obtain permission to action this, prior to deleting their data, only doing so after if all reasonable attempts to achieve this had been unsuccessful.
11 Updating information
11.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
12 Acting as a data processor
12.1 In respect to the information we hold about you, we do not act as a data controller; instead, we act as a data processor.
12.2 Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller.
13 About cookies
13.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
13.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
13.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
14 Cookies that we use
15 Cookies used by our service providers
16 Managing cookies
16.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome)
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
16.2 Blocking all cookies will have a negative impact upon the usability of many websites.
16.3 If you block cookies, you will not be able to use all the features on our website.
17 Our details
17.1 This website is owned and operated by Enfield Carers Centre
17.2 We are registered in England and Wales under Company No: 7149774, Charity Number 1140089 and our registered office is at Enfield Carers Centre, Britannia House, 137-143 Baker Street, Enfield, EN1 3JL
17.3 Our principal place of business is at Enfield Carers Centre, Britannia House, 137-143 Baker Street, Enfield, EN1 3JL
17.4 You can contact us:
(a) By post, using the postal address, above;
(b) Using our website contact form;
(c) By telephone, on 020 8366 3677 or
(d) By email, firstname.lastname@example.org
18 Data protection officer
18.1 Our data protection officer’s contact details are: Pamela Burke who can be contacted via the communication methods listed above.
19 Data protection registration
19.1 We are registered as a data controller with the UK Information Commissioner’s Office.
19.2 Our data protection registration number is Z2945249
20.1 If you have a complaint about us, or the treatment of your data, you can contact the Charity Commission. The Charity Commission is the independent watchdog for charities. You can make a complaint about a charity on their website at www.gov.uk/government/organisations/charity-commission.
20.2 If you’ve got a complaint about our fundraising activities you can also complain to the Fundraising Regulator. To find out how to go about making a complaint, go to the Fundraising Regulator website at www.fundraisingregulator.org.uk/make-a-complaint/complaints/