This privacy notice aims to explain you what to expect when we collect your personal information. This privacy notice applies to information collected on:
1. Visiting to our website
2. Data protection or freedom of information complaints
3. People who use our services
4. Job applicants, current and former employees
When someone visits cdars.org.uk standard internet log information and details of visitor behaviour patterns are collected. This to ascertain the number of visitors to areas of our website. This information is collected in such a way so that does not identify anyone and no attempt is made to find out the identities of visitors. We do not associate any data gathered from this site with any personally identifying information from any other source.
In the case in which we would want to collect personally identifiable information through our website, this would always be made clear in advance and we would explain what we intend to do with it.
You can read more about how we use and apply cookies here.
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either CDARS or any third party.
We use a third party service to help maintain the security and performance of our website. To deliver this service the IP addresses of visitors could be processed.
The IP address (Internet Protocol address) is a numerical label that computers, tablets, smartphones, and other computing devices, use to identify themselves and communicate with other devices.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
In some cases when is necessary we might have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that whenever is possible.
We will keep personal information contained in complaint files in line with our retention policy. Information in relation to a complaint will be retained for two years after closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
When enquiries are submitted to us we will only use the information to deal with the enquiry and any subsequent related issues.
CDARS offers a variety of services to residents of the communities we serve and general members of the public.
The personal information we hold on people who use our services will include their contact details, details on why they are receiving support from us and details of their contact with us. We use this information only to provide the person with the services requested and for other related matters.
There may be occasions where we will share data with other organisations involved in supporting people who use our services. Before we would do this, we would always ask the service user to fill and sign a physical consent form.
We will ask service users what is their preference of communication from us during their treatment and we will always resect this preference. This can be update at any time.
CDARS normally retains service user records for seven years after they finish treatment with us, files will be deleted after this period.
Due to the confidential nature of the data filed, all information we hold is subject to strict data protection principles and we maintain at all times the security, consistent management and compliance to Information Commissioner’s Office (ICO) standards.
Public service providers are required to consider reporting serious security breaches to the Information Commissioner’s Office (ICO). We use a form to record the breach, helping us to make decisions about the action we may take.
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention schedule. This will be retained for two years from receipt, but might take longer where this information leads to regulatory action.
We have stringent measures in place to ensure the security of data collected and process only personal information in line with our policies and procedures.
When individuals apply to work with us, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service we will always do so after we inform them unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain only non-identifiable statistical information about applicants to help inform our recruitment activities.
Once we employ a person, we will compile a file with the information needed for their employment. The file will be kept secure and will only be used for purposes relevant to that person’s employment. Once their employment has ended, we will retain the file for six years and delete it after this.
We always try to meet the highest standards in collecting and using personal information. We take any complaints we receive about this seriously and we always investigate the complaint.
We always welcome feedback and suggestions for improvements from people and we always encourage people to bring to our attention if they think that we have been unfair, misleading or inappropriate during the phases of collection or use of information.
This privacy notice does not provide exhaustive detail of all aspects of collection and use of personal information, but we are happy to provide any additional information or explanation needed. Please sent any requests to the address below.
CDARS has identified the legal basis from Article 6 the GDPR for processing of personal data. This is legitimate interests Article 6(1)(e).
We need to hold data on service users in order to provide support / treatment.
We need to hold data on employees in order to employ them, we also identified the legal bases from Article 9 of the GDPR for processing of special category data on service users. These include:
CDARS has identified the legal basis from Article 9 of the GDPR for processing of special category data on employees. This is employment and social security law Article 9(2)(b).
We always try to be as open as we can in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:
To make a request regarding any personal information we hold on you, please send your request to our office. Or you could send your request to the Data Protection Officer, Legal Services Dept.
ou can also get further information on:
If you are unhappy with the way your data has been managed, you can make a complaint using our complaints procedure.
You can also raise a complaint with the Information Commissioner’s Office (ICO).
We will review this privacy notice annually or as and when required by legislation. The next review for this privacy notice will be December 2020.
296a, Kingston Road
London SW20 8LX