Data Privacy – keeping your data private and secure
We, at Off The Record Twickenham (OTR), are committed to protecting your personal data and will only use it in line with the purposes for which it has been provided, your expectations for its use, and data protection laws. For the purposes of Data Protection legislation (GDPR), OTR is the Data Controller. This means it is in charge of personal information about you. We are committed to protecting and respecting your privacy. We will only use your personal data in line with the purposes for which it has been provided, your expectations for its use, and data protection laws.
Personal data we collect and how we use it
We understand the importance of keeping collected personal information safe, and are committed to taking all appropriate steps to prevent unauthorised access, loss or disclosure. We use suitable physical, electronic and operational management procedures to safeguard the information we collect on paper, in digital format, and online. as outlined below. Staff who have access are appropriately trained to manage and safeguard the information. We are fully compliant with NHS Digital information governance protocols, under which we are assessed annually.
- We keep all client personal information in locked cabinets which only our staff can access
- We use Microsoft 365, in which client personal information is stored in password-protected, encrypted files, that only a few members of our staff can access
- Counsellors who work online with clients adhere to strict protocols for safe data processing
- Emails containing personal data are encrypted, password protected and stored securely
- We use a secure database platform (Oracle NetSuite) to process supplier payments through BACS transactions, and have restricted access protocols in place in Microsoft 365
- Data sent via our website is secured by website encryption (SSL padlock)
- We do our best to check external website links are safe. If you’re not sure about a link, ask us, and we will check it for you
- We use Mighty Text for text messaging on computers which are password protected
Legal basis for processing personal information
- We rely on your consent to contact you with information about our work
- We process personal data that is necessary for the performance of a legal obligation to which OTR is subject, for example our legal duty to safeguard those who use our service or is necessary to protect the vital interests of others, i.e. to protect those who use our service from harm
- When you subscribe to our e-news, we rely on your consent, which you may withdraw at any time by simply clicking the ‘unsubscribe’ link provided in all communications that you receive
- We like to stay in touch with our supporters and we do so in our legitimate interests based on your expressed interests and involvement with us in the past
- Where we have entered into a contract with you, we process your personal data on the lawful basis of contract
- We process personal data on the basis of compliance with our statutory and legal obligations which includes but is not limited to reporting on financial and health and safety matters
- We process personal data that is necessary for the performance of employment or volunteer contracts
Sharing personal data
- We will never sell or swap your personal details with anybody else
- We use the Paypal platform to process donations. You can read Paypal’s Privacy Notice here
- We may be required, by law, to pass on some of the personal data which we collect to government and statutory bodies, such as HMRC
- We may disclose personal data to the Disclosure and Barring Service for the purposes of carrying out checks on suitability for staff and volunteers to work with children or vulnerable adults
- We disclose employee national insurance number and absence information to our payroll provider to enable payment, and share identity and pay information with HMRC to pay income tax and make national insurance contributions
- We share employee details with their pension provider as appropriate in order to maintain their pension entitlement
Keeping your data up to date
It’s important that the records that we keep are up to date. Please let us know if your details change at anytime.
We only keep your information for as long as we need it or for as long as we are required by law to keep it. Full details are given in our Data Protection Policy.
Legally we must shred client personal data after six years, but you can ask us to shred it at any time.
Text messages stored on Mighty Text automatically gets deleted after 60 days.
- You can ask to see, amend, or correct the personal information we hold about you
- You can ask that we delete or stop processing your personal data
- You can ask us to transfer your information to another person
- We can give your personal data to another organisation, if we protect your legal rights and our legal rights under Data Protection law.
- We use Google Analytics cookies to give us general information about how our website is working
- You can block cookies in your browser settings
- For more information see: www.aboutcookies.org.
If you have any concerns about the privacy and safety of your personal information you can talk to OTR staff or one of the counselling team. Or please email our Data Protection Officer, OTR Manager Deborah Kerpner, at firstname.lastname@example.org or phone 020 8744 1644.
If we make any changes to any OTR privacy policies, we will post an update on our website or talk to you about it.
OTR complies with the National Data Opt Out Policy. OTR is registered with the Information Commissioner’s Office. Please see our Data Protection Policy for further information.
You can also get in touch with the Information Commissioner’s Office, where we are registered.
Information Commissioner’s Office
Tel: 0303 123 1113
Changes to this notice
We will keep this notice under regular review and post any changes on our website, or by notification to you by email, so that you are aware of how we use your data at all times.