Privacy Notice

How we use your information

This privacy notice aims to explain you what to expect when we collect your personal information. This privacy notice applies to information collected on:

  • Visiting to our website
  • Data protection or freedom of information complaints
  • People who use our services
  • Job applicants, current and former employees

 

1. Visitors to our website

When someone visits cdars.org.uk standard internet log information and details of visitor behaviour patterns are collected. This to ascertain the number of visitors to areas of our website. This information is collected in such a way so that does not identify anyone and no attempt is made to find out the identities of visitors. We do not associate any data gathered from this site with any personally identifying information from any other source.

In the case in which we would want to collect personally identifiable information through our website, this would always be made clear in advance and we would explain what we intend to do with it.

 

Use of cookies by CDARS

You can read more about how we use and apply cookies here.

 

Search engine

Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either CDARS or any third party.

 

Security and performance

We use a third party service to help maintain the security and performance of our website. To deliver this service the IP addresses of visitors could be processed.

The IP address (Internet Protocol address) is a numerical label that computers, tablets, smartphones, and other computing devices, use to identify themselves and communicate with other devices.

 

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

 

2. Complaints and other individuals in relation to a data protection or freedom of information complaint or enquiry

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

In some cases when is necessary we might have to disclose the complainant’s identity to whoever the complaint is about.  If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that whenever is possible.

We will keep personal information contained in complaint files in line with our retention policy. Information in relation to a complaint will be retained for two years after closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

When enquiries are submitted to us we will only use the information to deal with the enquiry and any subsequent related issues.

 

3. People who use CDARS’s services

CDARS offers a variety of services to residents of the communities we serve and general members of the public.

The personal information we hold on people who use our services will include their contact details, details on why they are receiving support from us and details of their contact with us.   We use this information only to provide the person with the services requested and for other related matters.

There may be occasions where we will share data with other organisations involved in supporting people who use our services.  Before we would do this, we would always ask the service user to fill and sign a physical consent form.

We will ask service users what is their preference of communication from us during their treatment  and we will always resect this preference.  This can be update at any time. 

CDARS normally retains service user records for seven years after they finish treatment with us, files will be deleted after this period.

Due to the confidential nature of the data filed, all information we hold is subject to strict data protection principles and we maintain at all times  the security, consistent management and compliance to Information Commissioner’s Office (ICO) standards.

 

Service providers reporting a breach

Public service providers are required to consider reporting serious security breaches to the Information Commissioner’s Office (ICO).  We use a form to record the breach, helping us to make decisions about the action we may take.

We retain personal information only for as long as necessary to carry out these functions, and in line with our retention schedule. This will be retained for two years from receipt, but might take longer where this information leads to regulatory action.

We have stringent measures in place to ensure the security of data collected and process only personal information in line with our policies and procedures.

 

Job applicants, current and former Change Grow Live employees

When individuals apply to work with us, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service we will always do so after we inform them unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain only non-identifiable statistical information about applicants to help inform our recruitment activities.

Once we employ a person, we will compile a file with the information needed for their employment.   The file will be kept secure and will only be used for purposes relevant to that person’s employment. Once their employment has ended, we will retain the file for six years and delete it after this.

 

Complaints or queries

We always try to meet the highest standards in collecting and using personal information. We take any complaints we receive about this seriously and we always investigate the complaint.

We always welcome feedback and suggestions for improvements from people and we always encourage people to bring to our attention if they think that we have been unfair, misleading or inappropriate during the phases of collection or use of information.

This privacy notice does not provide exhaustive detail of all aspects of collection and use of personal information, but we are happy to provide any additional information or explanation needed.   Please sent any requests to the address below.

 

Legal basis for processing data

CDARS has identified the legal basis from Article 6 the GDPR for processing of personal data.  This is legitimate interests Article 6(1)(e).  

We need to hold data on service users in order to provide support / treatment. 

We need to hold data on employees in order to employ them, we also identified the legal bases from Article 9 of the GDPR for processing of special category data on service users.   These include:

  • Explicit consent from the service user Article 9(2)(a). 
  • When this is necessary to protect the vital interests of the data subject or of another person Article 9(2)(c).  Vital interests will cover situations where an individual is at risk of immediate and serious harm.
  • Data has already been made public by the data subject Article 9(2)(e).
  • Processing of legal claims Article 9(2)(f). 
  • Preventive or occupational medicine Article 9(2)(h)
  • Public interest in the area of public health Article 9(2)(i). 
  • Research purposes Article 9(2)(g)

 

CDARS has identified the legal basis from Article 9 of the GDPR for processing of special category data on employees.  This is employment and social security law Article 9(2)(b).

 

Access to personal information

We always try to be as open as we can in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the relevant information requested in an intelligible form.

 

To make a request regarding any personal information we hold on you, please send your request to our office.  Or you could send your request to the Data Protection Officer, Legal Services Dept.

You can also get further information on:

  • agreements we have with other organisations for sharing information;
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • our instructions to staff on how to collect, use and delete personal data; and
  • how we check that the information we hold is accurate and up to date.

If you are unhappy with the way your data has been managed, you can make a complaint using our complaints procedure. 

 

You can also raise a complaint with the Information Commissioner’s Office (ICO).

 

Changes to this privacy notice

We will review this privacy notice annually or as and when required by legislation. The next review for this privacy notice will be December 2020.

 

 

How to contact us

If you want to request information about our privacy policy you can email us or write to:

CDARS

296a, Kingston Road

Wimbledon Chase

London SW20 8LX

Email:

info@cdars.org.uk