West Mercia Women’s Aid
West Mercia Women’s Aid (WMWA) is committed to protecting your privacy, whether as a member of staff, client, stakeholder, supporter, supplier or visitor to our website. This Privacy Notice explains what personal data we may collect, how we use it and how we ensure it is kept secure.
WMWA is the Data Controller for all the personal data which it collects for various reasons and this is held electronically on the computer, in paper files, and/or on locked and protected mobile devices. All personal data which we collect will be used and protected in accordance with our Data Protection, Confidentiality and Information Management Policy. We are responsible for complying with all data protection legislation including the General Data Protection Regulation (GDPR) 2018.
What is Personal Data?
Personal data is ‘any information which relates to and identifies a living person; for example, name, address, bank details, CCTV images, computer IP address, email address’.
Some types of personal information is classified as ‘sensitive persona data’ and this includes ethnicity; religious beliefs, physical/mental health; sexuality; information about criminal offences or proceedings.
Any organisation which processes personal data must have a lawful basis for doing so. WMWA uses a number of legitimate bases for processing personal data and these are recorded in the section ‘What Information does WMWA collect and why’.
How WMWA Collects Information
WMWA may collect personal information in the following ways:
• Directly from you – if you refer yourself for support, apply to/work for WMWA, become a volunteer or become a trustee.
• From other organisations, with your permission – for example if the police or other agency makes a referral to us for support on your behalf.
• Publicly available information – we may use data freely available to the public, such as within the criminal courts system or published in articles.
• From organisations, without consent – for example if there is a legal reason to do so i.e. when a high risk victim is referred to the Multi Agency Risk Assessment Conference (MARAC)
What Information Does WMWA Collect and Why?
WMWA needs to collect personal data in order to fulfil its role as an employer; in our work to provide support to victims of domestic abuse; to meet our obligations as members of various statutory review panels; and to raise awareness of domestic abuse in the wider community.
Some information is collected because it is in our legitimate interest to process the data and in this situation we always balance this against your rights as an individual. We ensure that we only use personal data for a purpose that you would reasonably expect. All other data will be collected with the consent of the individual concerned.
Detailed below are the types of personal data which we collect and the reasons, or legal basis, for doing so:
• We are required to collect information on staff, trustees and volunteers that is necessary to fulfil our role as a registered charity, listed company and employer. We will also collect personal data from prospective trustees, employees and/ or volunteers in order to process applications to be a part of WMWA, or to work with/for us. WMWA has an obligation to collect, and sometimes publish this information to meet the legal requirements of the Charity Commission, Companies House and employment legislation.
• Data relating to people who are referred to our services for support is collected to enable us to make safe contact with them. We may also collect information from service users about other individuals, when it is relevant to the support that we need to provide. WMWA has a legitimate interest in processing names, addresses, contact details and demographic/health information if this is available, in order to make contact to offer support.
• Clients who accept support from WMWA may be asked for further information in order to provide the best possible support to them. This may include demographic information, details of their children, emergency contact details, and health information. Consent will always be asked when collecting this information.
• Personal data of those clients who are assessed as ‘high risk’ and referred to MARAC will be recorded on our system. Processing of this data is required in order for WMWA to fulfil its official function as a MARAC partner.
• We use CCTV at our refuge sites for crime prevention purposes. We have a separate CCTV policy which is compliant with GDPR 2018.
Some anonymised data will be used for monitoring and reporting purposes. No individuals will be identifiable from data used for this purpose.
Is my Data Secure with WMWA?
Yes it is. Personal data is stored electronically on our bespoke database, in paper files that are securely locked away and/or on locked and protected mobile devices. We make sure that all personal data is held in a secure way and only relevant and appropriate people will be able to access it. Personal data is kept on our case management system which is password protected. All staff are fully trained in the handling of personal data including when and how it can be shared. WMWA systems have full IT security protection, including firewalls and encryption, and all staff have access to secure email facilities.
All personal data held by WMWA is stored on systems in the UK. No data is held or stored outside of the UK.
Personal data will be retained by WMWA for a minimum period of time in accordance with applicable legislation. Data which is no longer required will be securely deleted and disposed of.
Who does WMWA Share Information With?
WMWA sometimes delivers services and contracts in partnership with others so therefore may need to share information with these organisations. These organisations are also known as Data Controllers. They have agreements with us about the types of data that we hold and that we agree to share in order to be able to offer services. We also work with other organisations who process data on our behalf; these organisations are known as Data Processors.
When WMWA shares personal information with another organisation we will always have an agreement in place to ensure that they comply with data protection law.
In the course of providing support to clients, WMWA may also ask for consent to share personal data with other organisations so that we can provide the best support to you. These organisations include housing providers and health services. This will be explained to you at the start of your support with us and you will have the opportunity to either give, or to decline to give your consent to WMWA sharing your data with other agencies at any time during the time that you are working with us.
On rare occasions it may be necessary for us to share personal information without your consent; for example, this will be if we are required to do so by a court order or if there are concerns about children or adults who are thought to be at risk; or to stop a crime. If this happens, then we will make a record of the data that has been shared and of our reasons for so doing. We will also let you know what we have done, if it is safe to do so.
There may be times when we need to share employee, volunteer or trustee information; for example supplying Companies House with details of Trustees. WMWAs office address will always be used in these circumstances and personal information will never be provided without consent.
We never sell your personal information to anyone else.
It’s your Personal Data
The data we hold is about you and the law gives you rights about what we can do with your information:
You can give or withdraw consent for WMWA to share your personal data at any time. This will be explained to you at the start of support. There may be circumstances in which we override your consent, but reasons for this will always be explained to you.
Subject Access Request
You can ask for all of the information we hold about you and this is called a ‘Subject Access Request’ (SAR). SARs can be made in writing or verbally. If you ask to see your data, we will provide your information within one month of receipt of the request.
There may be some parts of your data which we would not be able to let you see and this could include information which could cause serious harm to you, or compromise someone else’s wellbeing, or be regarded as confidential information about other people – for example any other professionals involved in your case. This will be explained to you.
If you think that any of the data we hold is inaccurate or incorrect, please let us know by informing your keyworker or contacting us at the email address below. If you are receiving support from us, WMWA asks that you keep us informed with your correct address and contact details.
Right to be Forgotten
It is possible to ask for all your personal information to be deleted from WMWA’s records. Requests for your data to be deleted can be made to anyone within WMWA.
There may be some reasons why we are unable to delete all your personal information, for example, if we are required to keep it by law. If this is the case, then this will be explained to you in writing.
Cookies and our Website
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Your IP address will also be logged when you visit our website.
Most web browsers allow some control of most cookies and this is done through the internet browser settings. To find out more about cookies, visit www.aboutcookies.org or www.allaboutcookies.org
Our website may contain links to other websites which you may choose to visit. This privacy notice applies only to the WMWA website. When you follow a link to another website, you should read their privacy notice.
How to Contact us
If you have any concerns or worries about how your personal data is being processed by us, please contact us by emailing us at firstname.lastname@example.org, or by writing opt us at the following address:
Data Protection Enquiry
West Mercia Women’s Aid
PO Box 74
Further Information about Privacy and Personal Data
If you would like to get independent advice about data protection, data sharing issues or privacy, or lodge a complaint about how we process your data, you can contact the Information Commissioner’s Office (ICO) at the following address:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.