POLICIES & PROCEDURES
Cornwall Rural Community Charity (CRCC) is committed to protecting your privacy and security and ensuring you remain informed and in control of your information.
This statement explains when we use your personal information: how we use it, keep it secure and in what circumstances we may share it with other organisations.
Who is it for?
It is for everyone who works with or interacts with CRCC.
About us
CRCC is an independent charity providing information, advice and support services to communities across Cornwall.
A number of our services are funded under agreement with statutory organisations such as Cornwall Council and NHS Kernow, as well as a number of other funders.
CRCC’s main office is located at 1st Floor, The Chambers, Penryn Street, Redruth TR15 2SP. For the purposes of data protection law, CRCC will be the controller and processor of personal information.
Personal information
Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name, contact details, or national insurance number.
Why do we need your personal information?
We may need to use some information about you to:
Deliver services and support to you (e.g. information and advice services, training, email newsletters)
Manage those services we provide to you
Recruit train and manage the employment of our workers who deliver those services
Help follow up any feedback or concerns you have about our services
Monitor the effectiveness of our services
Check the quality of services (internally and by external organisations)
Help with research and planning of new services.
Keeping you in control
We want to ensure you remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
Right to Be Informed: the right to confirmation as to whether or not we have your personal data;
Right to Access: to be able to obtain a copy of the personal information we hold (this is known as Data Subject Access Request);
Right to Erasure: the right to have your data erased (although this will not apply where it is necessary for us to continue to use the data for a lawful reason);
Right to Rectification: the right to have inaccurate data rectified;
Right to Restrict Processing: to request that we hold your data but do not use it for any further purpose;
Right to Object: the right to object to your data being used for marketing or profiling;
Right to Data Portability: where technically feasible, you have the right to have the personal data you have provided to us (which we process automatically on the basis of your consent or the performance of a contract) to be provided in a commonly used and machine-readable format and to reuse it for your own purposes;
Rights Related to Automated Decision Making and Profiling: we do not use automated decision making or profiling.
Please keep in mind that there are exceptions to the rights above and though we will always try to respond to your satisfaction there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to our Compliance Lead, CRCC, 1st Floor, The Chambers, Penryn Street, Redruth TR15 2SP or email dataadmin@cornwallrcc.org.uk.
When do we collect information about you?
We collect information about you when you contact CRCC to receive a service, or when you are referred to us by another organisation.
When you contact us for information, advice or support relating to one of our contracted services you are agreeing for us to provide those services to you, including the collection, storage and disposal of your information. Each service will have its own lawful basis for processing your information, typically for ‘public task’ or ‘legitimate interests’.
What information do we collect about you?
The personal information we collect may include your name, address, age, contact details, depending on the specific service you receive.
In some circumstances, for monitoring purposes, we may ask you for your religious beliefs and ethnic background. This is known as ‘special category data’ – or sensitive information – and we will only hold this information with your explicit consent. It will not restrict your access to a service if you choose not to provide this detail.
For some of our services, we will collect or store information relating to your health. This is also ‘special category data’. We will only request this information for specific, relevant purposes to enable us to provide a service to you and we will ensure your privacy rights are protected.
If you provide information about another person (the person you care for or an emergency contact) we will need to confirm that they are aware of this.
If you volunteer with us, then we will collect extra information about you (for example: references, criminal records check, professional certificates, details of emergency contacts, medical conditions). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
If you are a donor, we will collect financial information (direct debit / standing order details), and whether your donations are gift-aided.
We may collect information from social media, where you have given us permission to do so, or if you post on one of our social media pages.
How will we use the information about you?
We collect information about you in order to:
carry out our obligations arising from any agreement entered into by you and us, for the provision of information, advice and support to you in relation to the service you receive from us;
seek your views or comments on the services we provide;
notify you of changes to our services;
send you communications which you have requested;
inform our future service development to ensure that these are fully accessible.
We occasionally carry out analysis of data we hold about clients, donors and volunteers, to better understand the value of our work and identify patterns and trends. This helps inform how we work and make CRCC a stronger and more effective organisation and provide better services.
However, this information is anonymised (any personal identifying information is removed) so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as reporting to funders and identifying trends to help inform our actions and improve our services.
How long will we hold your information?
We will hold your personal information on our systems for as long as you are registered for our services and/or where we are legally or contractually required to hold them for a specified time.
Where there is not a specified time period for retention in law or in official government guidelines, we follow best practice guidelines from the Information Commissioner’s Office and carefully consider an appropriate retention period for the personal information we hold.
How do we store your information?
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How do we protect your information?
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means).
Storing paper documents securely in locked cupboards and destroying paper documents promptly when they are no longer needed.
Our staff and volunteers receive data protection training, updated annually, and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
We carry out regular data audits to ensure the quality and security of the data we hold.
Security; All electronic forms that request data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
Please note; we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
In the unlikely event that there is a data breach we have a procedure in place to inform the Information Commissioner’s Office and anyone whose personal information was mishandled. We will investigate any breaches or near misses immediately to ensure it does not happen again.
When will we share information about you?
We will never sell your personal data, and will only ever share it with organisations we work with where necessary and if its privacy and security are guaranteed.
If you request that we refer you to a third party organisation we will only undertake this with your explicit permission.
Under our contracts with statutory organisations, we may be required to share personal information (such as name, age, address, ethnic background, religious beliefs) for those clients accessing information and advice support services. We will advise you if this is the case.
Under our agreement with other funders we will only share information as required by the agreement and where necessary only with your explicit consent.
We may share personal data with subcontractors or suppliers who provide us with services. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another charity). We’ll only share information when necessary and we’ll make sure to notify you first.
Disclosure
CRCC has a legal duty to disclose some information including:
Safeguarding concerns will be reported to Children’s Services / Adult Social Care;
Drug trafficking, money laundering, acts of terrorism or treason will be disclosed to the police
In addition, where colleagues believe an illegal act has taken place it will be reported to the appropriate authorities.
If a court orders that we provide the information
In order to prevent crime and fraud
If there are serious risks to the public, our staff or to other professionals
Marketing
CRCC does not undertake unsolicited marketing and will not sell, rent or otherwise share your information to third parties for marketing purposes.
We do send out information about our services and updates relating to our clients such as legislation changes, initiatives, activities and requests for fact finding surveys or other targeted communication.
Should you no longer wish to receive this information at any point simply let us know and we will ensure you are removed from our mailing list:
Email: dataadmin@cornwallrcc.org.uk
Post: CRCC, 1st Floor, The Chambers, Penryn Street, Redruth TR15 2SP
Phone: 01872 273952 (9am – 5pm, weekdays)
If you have opted-in to communications from us, we may contact you with information about our partners, or third-party products and services, but these communications will always come from CRCC.
When you receive a communication, we may collect information about how you respond to or interact with that communication, and this may affect how we communicate with you in future.
Fundraising
As a charity, we rely on donations and support from others to continue our work. From time to time, we may contact supporters, volunteers and clients with fundraising material and communications. This might be about an appeal or to suggest ways you can raise funds (e.g. a sponsored event or activity).
As with other marketing communications, we will only contact you specifically about fundraising if you’ve ‘opted in’ to receiving marketing from us. You can unsubscribe at any time by contacting:
Email: dataadmin@cornwallrcc.org.uk
Post: Compliance Lead, CRCC, 1st Floor, The Chambers, Penryn Street, Redruth TR15 2SP
Phone: 01872 273952 (9am – 5pm, weekdays)
If you decide to donate to us, we record some details such as when and which particular cause you supported.
Profiling
CRCC does not analyse your personal information for profiling purposes.
Website
Cookies; Our website uses local storage (such as cookies) to provide you with the best possible experience and to allow you to make use of certain functionality.
A cookie is a piece of information in the form of a very small text file that is placed on an internet user's hard drive when they visit our website. They do not contain any personal information like your name or address, only data concerning your visit to our website.
We use cookies on our website to measure how people are using our website. We use Google Analytics to collect this information, which allows us to see how many people visited our website, where they came from, how they are using the website and where it can be improved.
This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link.
For further information visit www.aboutcookies.org or www.allaboutcookies.org
Links to other sites; our website contains hyperlinks to many other websites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage you to be aware when your leave our websites and to read the privacy notices of any other site that collects personally identifiable information as the information you provide them will not be covered by CRCC’s Privacy Statement.
If any of our links are not working please let us know.
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with CRCC.
Questions?
Any questions you have in relation to this policy or how we use your personal data should be sent to: dataadmin@cornwallrcc.org.uk or addressed to Compliance Lead, CRCC 1st Floor, The Chambers, Penryn Street, Redruth TR15 2SP.
We will never sell your personal data, and will only ever share it with organisations we work with where necessary and if its privacy and security are guaranteed.
Complaints
You can complain to CRCC directly by contacting our Compliance Lead using the details set out above.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK.
You can also contact them for independent advice about data protection, privacy and data sharing issues. You can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Alternatively, visit www.ico.org.uk/make-a-complaint/ or email casework@ico.org.uk.
Changes to this Privacy Notice
We’ll amend this Privacy Notice from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Notice will always be posted here.