Introduction

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. It comes into force on 25th May 2018. The following paragraphs contain information about the GDPR and how it may affect you where there are circumstances that Advocacy Matters collects, holds and processes your personal data

To understand the General Data Protection Regulation (GDPR) (EU) 2016/679 completely please refer to the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Overview

At Advocacy Matters we provide independent advocacy support to individuals, adults and children, who require this support in a variety of circumstances. This may be as a result of their being referred for support by a public body such as a local Council. This might be because they are eligible for advocacy support through legislation such as the Care Act 2014, the Mental Capacity Act 2005 or the Mental Health Act 1983.

We also provide independent advoccay support which is not covered by legislation. We call this type of independent advocacy support, non-statutory. In non-statutory circumstances you may refer yourself or be referred by someone else but it is not because of a legal obligation upon someone or some organisation.  

We collect, hold and process information, including some personal data about you. This allows us to provide our services to you more effectively.

We understand that your personal data is important to you, and we have a responsibility to you regarding the information we hold about you, to ensure that the information we collect and use is done so proportionately, correctly and safely.

We are committed to safeguarding your privacy and here we explain how we will handle your personal information.

Our details

Advocacy Matters is registered as a ‘data controller’ with the Information Commissioner’s Office (ICO). Our registration details are:

Advocacy Matters Ltd
198 Boldmere Road
Sutton Coldfield
Birmingham
B73 5UE

Our registration No: Z7117402

Advocacy Matters’s Data Protection Officer can be contacted as follows:

Office Manager
Advocacy Matters Ltd
198 Boldmere Road
Sutton Coldfield
Birmingham
B73 5UE

E-mail: info@advocacymatters.co.uk

The reason for processing your data

We collect, hold and use personal data received about you to enable us to provide services to you. This information about you may be shared with us by a public body who has contracted with us to provide you with a service, normally independent advocacy. In some circumstances, we may collect this information from you directly. For example, when you complete a referral form for independent advocacy support.

The amount and type of information we hold on you depends on the services we are providing to you.

What is “personal data”?

‘Personal data’ means any information relating to a person who can be identified, directly or indirectly, from that information. This could include your name, your address, some form of identification number such as your National Health Service number, or an online identifier (such as IP address on the Internet)

What data do we collect?

The personal information we collect might include name, e-mail address, postal address, telephone number and the nature of your enquiry. We may also collect sensitive personal information such as date of birth, ethnicity and other information required to allow us to review whether our services reach all sections of the community (which may be due to a contractual obligation under any funding we receive for providing the service), and information about your advocacy need which may include details of a personal nature if this is required for the purpose you have contacted Advocacy Matters.

What do we use the data for?

If you have contacted us for advocacy support directly, or been referred to us by another person, we will only use the information provided to help us work with you and to record information required by the organisation that funds us for the work (such as a local authority). We may also use the information to assist us to monitor the quality of our service.

Data protection principles

When we process your personal data we will do so in accordance with the data protection principles. These principles are designed to protect you, and ensure that we:

What is the legal basis for processing the information?

The processing of ‘personal data’ needs to be done ‘lawfully’. There needs to be a ‘legal basis’ for processing the data. There are a number of conditions that, if they apply, means that the data is being processed ‘lawfully’. However, there are some exemptions to this. For a more detailed explanation of the ‘legal basis’ for processing data please refer to the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

Legal basis

Your content

Obtaining your consent

There are some circumstances where it is necessary for us to obtain your consent to collect, hold and process your personal data. This will be when we need the personal data to help us to deliver a service to you. This will normally be where we are providing independent advocacy support to you. You will normally be asked for your consent at the time that you make a referral or a referral is made on your behalf.

In these circumstances your consent to process your personal data must be ‘specific, informed, active and affirmative’. This means that your consent must be clear and freely given by you after we explain what further processing we would like to do with your data. This means that you can make an informed decision about whether you consent to the processing or not.

You are in control and you can withdraw your consent at any stage by contacting the Data Protection Officer at the above address. Please note that any processing that has taken place up to the time that you withdraw consent will be considered lawful. 

Recording and managing your consent

Once your consent is obtained we will keep a record of when you gave your consent, the information that was provided to you and how you consented. Your consent will be reviewed periodically to ensure it remains appropriate, and, as previously stated, you have the right to withdraw your consent at any stage.

Your right

You have certain rights in relation to the personal information we hold about you. These may include:

There are circumstances where your rights will not apply, for example the right to erasure will not apply if your personal data is required for legal proceedings. To fully understand your rights please use the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Not all of these rights will necessarily apply to the personal data that Advocacy Matters holds. We do not use your personal data for direct marketing or research. We do not use your personal data for profiling purposes.  

How to exercise your rights

You may exercise any of your rights in relation to your personal data by writing to us at the address above by sending a Subject Access Request. You can download a Subject Access Request Form here. It will help us to process your request quicker if you ensure that you confirm which right you wish to exercise along with the reasons why.

Guidance Notes on how to complete the Subject Access Request form are attached as Appendices to the form. We will respond to your request within 30 days.

Retention

We will only retain your personal data for as long as necessary and in accordance with our retention schedule. When your personal data is no longer needed it will be securely deleted, except where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.

Security

Any information that we collect and process about you is stored and transmitted within the United Kingdom and the European Economic Area only. Your personal information is stored online on a Cloud based secure server systems architecture.

We take the security of your personal data very seriously and have systems in place to make sure that the personal information is kept secure, accurate, and current. We will only hold your personal information for as long as is necessary for the purposes for which it was collected and it will be deleted in accordance with our data retention schedule.

Information sharing

We will not share your information with other parties other than for the purposes of providing the service you have contacted us about, although we may be required to share information with the council or other organisation that is funding us to provide the service.

If we do share your information, we will ensure you have provided consent to enable us to do this, for example when a service transfers to another provider, or if you have agreed specific information can be used for a particular purpose.

Revision

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the “last updated” date at the top of this notice.

Complaints

If you wish to make a complaint about how we process your personal data, then in the first instance please contact the Data Protection Officer in the ‘Our details’ section.

If you are still dissatisfied with how we have handled your complaint then you have the right to complain to the Information Commissioners Office (ICO).The ICO can be contacted as follows:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 08456 306060
Website: www.ico.gov.uk