Sheffield Women’s Aid Privacy Notice.
We collect personal information in a variety of ways e.g. via paper or online forms, by telephone or in face to face meetings, by email and letters. We also record images of people through CCTV.
This information may have been provided directly by you, your representative, a member of staff or by another organisation where there is a legal reason for them to share your information with us.
We process personal data to provide public services.
Personal data is information about living identifiable individuals. It can be a name, address, contact details, photograph, sound recording; it can be details of someone’s behaviour, lifestyle, physical or mental health needs; it can be a unique number, such as a vehicle registration plate, National Insurance number, etc.
We decide what personal data we need and how to use it, so we are a Data Controller and registered as such on the Information Commissioner’s Register of Data Controllers.
When we collect personal data, we are required to make sure you are clear what data we need and why, what we intend to do with it, what your individual rights are, and who you can contact for enquiries or concerns about the use of your personal data. This is called a privacy notice and we can do this verbally or in writing.
Why we collect and use personal data
We collect and use personal information to:
- provide, plan and manage our services
- carry out our regulatory, licensing and enforcement roles
- carry out any other tasks which we have to do by law
- make and take payments and grants and spot fraud
- listen to your ideas about our services
- tell you about our services
- evaluate and improve services
We might collect your personal data directly from yourself, from someone acting on your behalf, or from another third party. We might collect this data in person, over the telephone, in writing, or captured as an image, audio or film recording.
We can only use your personal data if we have a lawful basis for doing so. The lawful basis will be recorded in our General Data Protection policy and procedure.
If we rely on consent to process your data, you have the right to withdraw that consent at any time. To withdraw consent, either contact the Service Manager that you provided the consent to or contact the Data Controller. Your Service Manager will advise you who this is at any time but will normally be the Service Director.
Sharing your information
We share personal data internally within the service and also with external third parties so we can carry out our work. Internal sharing might include checking your eligibility for a service or keeping accurate records, whereas external sharing might be to ensure you receive the right service (e.g. social care support).
Who we share information with depends on the service we are providing and your circumstances, but may include:
- healthcare, social and welfare organisations and professionals
- providers of goods and services
- financial organisations, including debt collection, tracing and credit referencing agencies
- board members
- local and central government
- ombudsman and regulatory authorities
- professional advisors and consultants
- police forces, other law enforcement and prosecuting authorities
- voluntary and charitable organisations
- Disclosure and Barring Service
- Courts and Tribunals
- utilities providers
When personal data is shared, only the minimum amount is shared and relevant contracts and / or agreements will be in place.
Fraud prevention and detection
We are required by law to protect the use of public funds and for this reason we share information with internal services and other bodies responsible for auditing or administering of public funds to detect and prevent fraud. This sharing includes, but is not exclusive to our external auditor, Department for Work and Pensions, other local authorities, HM Revenue and Customs, the Police, credit reference agencies.
How long we keep information for?
This varies depending on the type of information, as well as the legal requirements and reason we are keeping the information. In some instances the law sets the length of time information has to be kept. We also have retention and disposal schedules which give details about how long we need to keep different types of information.
Your data rights
You have the following rights in regard to your personal information, to:
- access copies of any records we hold about you
- have any information we hold about you corrected
- have any information we hold about you deleted or destroyed
- restrict how information we hold about you can be used or shared
- object to information about you being held
- have any information we hold about you transferred to a third party
- challenge decisions relating to you made using automated decision making and profiling (currently we have no services that use automated decision making or profiling for decision making)
Please note there may be times that we cannot fulfil these rights fully because of legal reasons, for example we cannot delete your data if we still need it.
If you want to exercise any of the above rights, please make a subject access request.