Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (GDPR).

Group Recovery Aftercare Community Enterprise (GRACE) is the data controller and decides how your personal data is processed and for what purposes.

How do we process your personal data?

GRACE complies with its obligations under GDPR by keeping personal data up to date;

  • By storing and destroying it securely;

  • By not collecting or retaining excessive amounts of data;

  • By protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

  • To inform you about our progress

  • To inform you about our current and upcoming services

  • To inform you about employment opportunities

  • To inform you about volunteering opportunities

  • For inform you about upcoming events on our events calendar

  • To undertake customer analysis for planning our services and events

  • To ensure the services we offer to our customers is relevant

  • To ensure that we comply with all applicable laws and regulations

  • To notify you of any changes to our service

  • To enable us to provide a voluntary service for the benefit of the public as specified in our constitution

  • To administer membership records

  • To fundraise and promote the interests of the charity;

  • To manage our employees and volunteers

  • To maintain our own accounts and records

  • To operate the www.graceaftercare.net website and deliver the services that individuals have requested

  • To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered.

The Legal Basis for Processing;

What is the legal basis for processing your personal data?

We have a legal obligation to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of our processing of information about individuals.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

Where we have obtained your consent

Where we need to perform the contract we have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we believe consent to be the most appropriate lawful basis for processing, we require you to complete an opt in/opt out consent form. Where you have provided consent, we will in turn provide you with the option to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Where processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Where processing is necessary for the performance of a contract with the data subject, or to take steps to enter into a contract including;

  • Employment Contracts

  • Contractor Contracts

  • Volunteer Contracts

The situations in which we will process your personal information are listed below;

  • provide any information and services that you have requested;

  • manage our relationship with you (for example customer services and support services)

  • monitor, measure, improve and protect our content, website, applications, products, services, and information that you have requested from us;

  • provide you with any information that we are required to send you to comply with our regulatory or legal obligations;

  • send marketing material, newsletters or other information to you which may be useful to you, based on your use of our services.

We may process your information included in your personal profile on our website. The profile data may include your name, address, telephone number and email address. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

We may process your personal data that is provided in the course of the use of our services. The service data may be processed for the purposes of operating our website, providing you with any services you may request from us, maintaining back-ups of our databases and communicating with you about the services requested. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

We may process data about your use of our website and services: data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our Google Analytics tracking system. This data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

We may process information contained in any enquiry you submit to us regarding products and/or services. Your data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is consent. A copy of the consent form can be found on our website at www.graceaftercare.net

We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters. This data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is our legitimate interests.

We may process information relating to transactions, including donations or purchases of goods and services that you enter into with us and/or through our website. The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis is the performance of a contract (the transaction) between you and us.

Links to other websites: Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only with the data controller and authorised staff. We will only share your data with third parties outside of the organisation with your consent.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Otherwise we will retain and securely destroy your personal information in accordance with the data retention schedule.

Your rights and your personal data;

Unless subject to an exemption under the General Data Protection Regulation you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which GRACE holds about you;

  • The right to request that GRACE corrects any personal data if it is found to be inaccurate or out of date;

  • The right to request your personal data is erased where it is no longer necessary for GRACE to retain such data;

  • The right to withdraw your consent to the processing at any time;

  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, known as the right to data portability. This only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

  • The right to object to the processing of personal data; This only applies where processing is based on legitimate interests;

  • The right to lodge a complaint with the Information Commissioners Office via their website at www.ico.org.uk/concerns

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing, setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

No fee required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights).

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Contact Details

To exercise all relevant rights, queries of complaints, please contact us at:

GRACE

Hillhead Community Centre

169 Meiklehill Road

Kirkintilloch

G66 2JT

Telephone: 07401797876

Email: gracesmailis@gmail.com

CONSENT

By signing this form you are confirming that you have read this Data Protection Notice and that you are consenting to Group Recovery Aftercare Community Enterprise (GRACE) holding and processing your personal data including your name, address, telephone number and email address, for the following purposes;

[ ]To inform you about our progress

[ ]To inform you about our current and upcoming services

[ ]To inform you about employment opportunities

[ ]To inform you about volunteering opportunities

[ ]To inform you about upcoming events on our events calendar

[ ]To undertake customer analysis for planning our services and events

[ ]To ensure the services we offer to our customers is relevant

[ ]To ensure that we comply with all applicable laws and regulations

[ ]To notify you of any changes to our service

[ ]To enable us to provide a voluntary service for the benefit of the public as specified in our constitution

[ ]To administer membership records

[ ]To fundraise and promote the interests of the charity; to manage our employees and volunteers and maintain our own accounts and records to operate the www.crossroadshub.co.uk web site and deliver the services that individuals have requested

[ ]To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered. To keep you informed about news, events, activities and services

[ ]All of the above

Please contact me by;

By email [ ]

By text [ ]

By post [ ]

By phone [ ]

You can grant consent to all the purposes; one of the purposes or none of the purposes.

Where you do not grant consent we will not be able to use your personal data, except in certain limited situations, such as where required to do so by law or to protect members of the public from serious harm.

If you do grant consent, please note you can withdraw your consent to all or any one of the above purposes at any time by contacting;

  • Email: gracesmailis@gmail.com

  • Telephone: 07401797876

  • Address: Hillhead Community Centre, 169 Meiklehill Road, Kirkintilloch G66 2JT