Privacy Notice
Supportability is committed to protecting your privacy when you make contact with us and use any of our services. The following privacy notice explains how we use, store and protect the information we have about you and what your rights are.
Personal data
Personal data is information that identifies and relates to a living individual. This can include information such as an individuals name, date of birth and address which, when put together, can identify a person.
Special category data
Supportability sometimes also holds information on you, which can be seen as more sensitive to an individual. This is known as special category data. We always take special care of holding any information you might provide to us about the following:
- Racial or Ethnic Origin,
- Political Opinions,
- Religious/Philosophical Beliefs,
- Member of a Trade Union,
- Health,
- Sexual life/Orientation,
- Genetic or Biometric Data
Why do we hold your personal information?
Supportability might need to hold your information about you to:
- Deliver and manage services and support to you
- Train and manage staff who deliver these services
- Ensure your personal health, welfare and safeguarding
- Protect or prevent a crime
- Check and monitor the quality of the services we provide
- Investigate any complaints about our services
What allows us to use your information?
There are a number of different legal reasons, which enables us to collect and use your personal information.
In general, data will be collected where:
- you, or your legal representative, have given us consent to do so
- you have entered into a service agreement with us
- it is essential to enable us to perform our statutory duties
- it is essential to deliver health or social care services
- it is necessary for employment purposes
- it is necessary to protect someone in an emergency
- it is required by law/for legal cases
- it is required for archiving, research, or statistical purposes
- you have made your information publicly available
Any time we rely on consent as a reason to use your data you need to be aware that you can withdraw your consent at any time and you can do this by contacting the named manager for the service you are receiving from us.
Use of your personal data in automated decision making and profiling
We do not use any automated decision making or profiling processes within Supportability, which means we do not make any decisions about you and the support you receive from us, without human involvement.
If this were to change in the future we would notify you of this including enabling you to opt out of this process.
What are your rights?
You have a number of rights in regard to the information we hold about you, including.
- the right to be informed about the information we hold
- the right to access your personal information
- the right to amned and update your personal information
- the right to request to have your personal information deleted
- the right to restrict processing of your personal information
- the right to data portability
- the right to object – including automated decision making and profiling
- the right to lodge a complaint with a supervisory authority
If you wish to exercise any of these rights please speak to your named service manager in the first instance.
We only use what we need
Supportability only collects the personal information we need to deliver a service to you or/and to meet your requirements.
If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example, in a survey we may not need your contact details as we will only collect your survey responses.
If we use your personal information for research and analysis, we will always keep you anonymous or use a different name, unless you have agreed that your personal information can be used for that research – we will contact you separately if there is a need to do this to ensure we have your consent.
We will never sell your personal information to anyone else.
Who do we share your information with?
We use a range of organisations to either store personal information and/or help deliver our services to you. Where we have these arrangements we have agreements in place to make sure that the organisation complies with data protection law and is keeping your data safe and secure.
There may be occasions when we have a legal duty to provide your personal information to other organisations such as to courts or for other legal proceedings.
We might also share your personal information if we feel there is a good reason that is more important than protecting your privacy. This is not something that happens often, but we might share your information:
- to stop a crime and/or fraud; or if there are serious risks to the public, our staff or to other professionals;
- to protect a child; or
- to protect adults who are thought to be at risk, for example, if they are frail, confused or cannot understand what is happening to them.
Your information may be shared with us by third parties, for example, fundraising sites like Just Giving. These third parties will only do this when you have indicated that you wish to support Supportability and with your consent. If you are providing your details to another organisation you should check and be happy with how they plan to process your data.
How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password).
- Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of Supportability could work on your information for us without ever knowing it was yours
- Making sure we have controls in place that stop people having access to our systems and networks where your personal information is held who don’t need access to it.
- Training our staff and making sure that they know how to handle information and when to report when something goes wrong.
- Making sure we have secure servers, firewalls and SSL encryption and that these systems are regularly tested to ensure they are working effectively.
- Using a reputable IT support provider who ensures that our systems are secure, encrypted, backed up and keeps us up to date with the latest security updates.
- Ensuring we are compliant with the Data Security Protection Toolkit standards at all times and that we publish our compliance with these annually
- Making sure we follow payment card industry (PCI) security compliance guidelines when processing credit card payments.
How long do we keep your information?
Supportability has to legally keep personal data for a set period of time. This can range from a few months up to decades for sensitive records. We have a records retention schedule that details how long specific records need to be kept for. You can ask to see this by your named service manager in the first instance.
When you use our website
Our website uses cookies. You can read about the cookies we use and how to manage them on our cookies page.
If you submit a form through our website, we will store that information securely and it will only be accessed by appropriate staff.
If you make a payment, your payment details are securely processed by Worldpay or Paypal. We do not see your card details.
Where does your information sit?
The majority of the personal information we hold is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the EU.
Where this is the case there are additional protections on your information ranging from secure ways of transferring data to ensuring a robust contract is in place with any third party.
Where can I get advice?
If you have any worries or questions about how your personal information is handled please contact your named service manager in the first instance.
For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit ico.org.uk or email casework@ico.org.uk.
Disclaimer
We reserve the right to change, modify, add or remove parts of this Statement. However, we would notify you of these changes by indicating the date on which the Statement was posted. When you visit our website, you are accepting the current version of this Statement posted at that time. We recommend that you visit this Statement occasionally in order to see the latest version.