We take your personal information and data seriously and we are committed to protecting your privacy. All personal information provided by you will be processed in line, and comply with, applicable UK data protection legislation including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (the DPA).
Personal data is any information that can identify a living individual, such as your name, address, bank account details, or IP address. ‘Sensitive personal data’ is a special category of information which includes: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric and health data, sex life or sexual orientation.
We only process personal information for specific purposes, for the efficient and effective delivery of our services, and has a ‘legitimate interest’ in processing your data in order to achieve these purposes. ‘Processing’ includes the collection, use, storage, disclosure and deletion of information.
Triple A is registered with the Information Commissioner’s Office (ICO) and our registration number is ZA530491. This statement tells you about the sort of personal information we collect and how it will be used by us.
Data Protection Principles
We will seek to comply with the GDPR data protection principles:
- Lawful, fair and transparent – process all personal information lawfully, fairly and in a transparent manner.
- Purpose limitation – collect personal information for a specified, explicit and legitimate purpose.
- Data minimisation – ensure the processing of personal information is adequate, relevant and limited to the purposes for which we collect it.
- Accuracy – ensure personal information is accurate and up to date.
- Storage limitation – keep personal information for no longer than is necessary for the purpose(s) for which we collect it.
- Integrity and confidentiality – keep personal information securely, using appropriate technical or organisational measures.
Collection and Processing of Personal Data
Triple A collects, processes and stores personal information in order to operate as a charity and deliver services effectively. As part of our commitment to deliver effective services to the public we collect data to ensure suitability and sustainability for the project.
Why collect data?
In order to improve the services we provide, we may collect
- Maintain our own accounts and records
- Promote the services we provide (present and future)
- Record visits to our premises
- Assess the needs of the users of our services
- Enable us to provide evidence of the requirements of our service
- Improve our website experience for users
Occasionally, we may use your personal data for a different purpose, providing that to use it for that other purpose is in your interests and does not infringe with your privacy rights. Where relevant, we will seek consent for the new processing activity.
How do we collect data?
Personal information may be collected in different ways including:
- Making or responding to an application to access services
- Face to face discussions
- Telephone conversations
- SMS Text Message
- Information gathered during the provision of supportor services
- Shared information from external organisations that is relevant to ongoing use of a service
- Satisfaction Surveys
- Website interactions (such as online form submissions and cookies)
What data do we collect?
Examples of the information we hold about you include:
- Your name
- Telephone Number
- Date of Birth
- Contact details
- Website Data (which may include your IP address)
The list is not exhaustive, and we will only ask for personal information that is appropriate to enable us to deliver our services.
Retention of Personal Data
Data the we collect will always be stored securely, using secured servers and secure physical
locations within the UK.
We will only keep your information for as long as we need it (the retention period). Once we no longer require your personal information, we will securely and confidentially destroy it. The law, or us, dictate the retention period, for business reasons.
You retain certain rights in relation to your data, which include:
- The right to be informed – using Privacy Policies and Notices such as this;
- The right of access – to any personal information we hold about you. To request a copy of this information, you will need to make a subject access request;
- The right to rectification – we must correct inaccurate or incomplete data within one month;
- The right to be forgotten – you have the right to have your personal data erased and to prevent processing, under certain conditions;
- The right to restrict processing – you have the right to restrict our processing of your personal information if you believe it to be inaccurate, unlawful, or it is the case that we longer require it;
- The right to object – you can object to your personal data being used to make decisions about you based solely on automated processes (including profiling), for direct marketing or research purposes; and
- The right to withdraw consent – in circumstances where we require your consent to process your personal data, you will have the right to withdraw consent at any time.
We collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our website in order to improve the visitor
experience. Information collected is anonymous and we make no attempt to identify a visitor.
Complaints and Questions
If you have any questions about your data, what we do with it, or wish to make a
complaint you should contact the Chief Officer, Helen Storey.
The Resource Centre
Penrith, CA11 7TP
Telephone: 01768 867629
Information Commissioner’s Office
Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625
545 745 if you prefer to use a national rate number.