Our full details are:
Full name of legal entity: Birmingham Rathbone Society
What personal data do we collect, for what purpose and how do we use it?
Personal data means any information which can identify an individual and so does not include anonymised data.
Communication Data – This includes any communication we receive from you through the website contact form, e-mail, text, social media messaging, social media posting, or any other communication you send to us. We process this data in order to communicate with you, to keep accurate records and for information in case of disputes or complaints.
Referral Forms: Our website contains links to the referral forms for the different types of services which we offer. The referral forms contain a section which requires you to give us consent to process the information in order to process your referral and to access the services and support appropriate to your needs. This may require us to share some or all of the information you have given with other relevant organisations. A referral can be made by a professional on behalf of a potential client, a member of the public, or you may use the forms to self-refer to our services.
When you send us a completed referral form we strongly advise you to password protect and/or encrypt the document and then to contact us separately to inform us how to open it.
Job, volunteering and trustee applications – When we have vacancies for paid staff, volunteers or trustees we place the application pack in the vacancies section of our website. The application form asks for a range of personal information. We advise you to password-protect and/or encrypt the completed form before sending it to us via the website. You can also send it by post to our address above. The application form will only be seen by staff involved in the recruitment and selection process and you will be contacted and invited to interview if you are shortlisted (this applies equally to paid, volunteer and trustee positions).
Sensitive Data – This includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data, and information about criminal convictions and offences, some of which we request as part of the selection process.
Along with the application form we ask candidates to complete a diversity monitoring form and a rehabilitation of offenders form. The data from the diversity monitoring form is only seen by a member of staff who is not part of the shortlisting/interview panel and so any information declared for monitoring purposes is not fed into the selection process. The diversity data is compiled into an anonymised report for trustees and senior management, and the original forms are destroyed once the data has been extracted.
We work with vulnerable people and so we need candidates to declare if they have any relevant convictions which could make them unsuitable for this kind of work. Simply declaring a conviction will not rule out a candidate and the type and seriousness of the offence and the length of time since it occurred will be taken into account at the shortlisting stage, along with scoring all application forms against the person specification and the requirements of the particular role.
All application forms and rehabilitation of offender declarations, other than those submitted by successful candidates, are securely destroyed within a 6 month period of the end of the process.
Marketing/Promotional Communications – We may use your contact details to send you information on events, activities, opportunities, services or any other area we think you might be interested in knowing about. Before we share your personal data with a third party we will get your express consent, unless we are required by law to divulge it.
Disclosure of your Personal Data – Where, with your consent, we share your personal data with a third party (e.g. a local authority, health service etc.) we will require them to respect your privacy and to treat it within the law. We will only allow such third parties to process your data for specific purposes (e.g. processing your Housing Benefit claim). Where we are required by law to disclose information we will be bound to do so.
Data Security – We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorisation. We also allow access to your personal data to employees and partners who have a business need to know such data. They will only process your data on our instructions and will keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally obliged to do so.
Data Retention – We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
When deciding the length of time we need to retain information we will make an assessment of whether the purpose for which we collected the data is still valid and if not, destroy it securely.
We permanently delete electronically stored records from our servers and we use a secure on-site shredding company for destroying paper records.
Your Legal Rights – Under data protection legislation you have rights in relation to your personal data which include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and to withdraw consent (unless in that instance we are required by law).
You can find out more about these rights by visiting https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly
unfounded, repetitive, frivolous, vexatious or excessive, or may refuse to comply with your request in these circumstances.
We may need to ask for specific information from you in order to confirm your identity before giving you access to your personal data (or if exercising any of your other rights). This is to make sure that personal data is not disclosed to anyone without a right to see it. We may also contact you to ask for further information in relation to your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues ( www.ico.org.uk ). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Third-Party Links – Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow a third party to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Last updated 24th May 2018