PRIVACY NOTICE

Revive Newport Privacy Notice

10th October 2019

Our contact details

Name: Revive Newport

Address: 82 High Street, Newport, Isle of Wight, PO30 1BH

Phone Number: 01983 522596

E-mail: admin@revivenewport.org

What type of information we have

We currently collect and process the following information:

Personal identifiers, contacts and characteristics (for example, name and contact details)
Case file information for people we are working to support
Information about donations made to Revive

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

Joining a mailing list
Placing an order in The Living Room
Signing up at Newport Youth Café
Donating to Revive
Applying to work for, or volunteer with, Revive

We also receive personal information indirectly, from the following sources in the following scenarios:

When referrals are made to our services by external agencies

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us using the details at the start of this notice.

(b) We have a contractual obligation.

What we do with the information we have

Depending on the nature of your relationship with Revive we may use your information to:

Contact you about Revive’s activities
Process donations you make to Revive
Process an order
Monitor and evaluate the effectiveness of our charitable activities
Provide job references for volunteers and employees
Manage ongoing help provided to you as a beneficiary of the charity
Manage staff and volunteers

We do not normally share your information with anyone else unless we are legally required to do so or you have specifically given your consent to this.

How we store your information

We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.

We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR. More information is available from the European Commission.

Where we transfer your data to a third party based in the US, this may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission.

Please contact us using the details at the start of this notice for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

Use of secure connections (SSL) when transferring your data to remote (“cloud”) storage servers.
Password protection on personal computers on which data is stored.
Encryption of files containing particularly sensitive data.

Data held in paper form will be held securely, typically in a locked filing cabinet.

How long we keep your personal data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

Data held in connection with financial records (for instance relating to payments for our services) will be kept for 10 years;
Data held in connection with provision of services to you will be held for 2 years after ceasing activity.
Data held in relation to a job or volunteer application will be held for no longer than 6 months after applications close, unless you are appointed to the role in which case it will be retained until 6 years after you leave (employees) or 2 years after you leave (volunteers)

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us using the details at the start of this notice if you wish to make a request.

How to complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113