Maytree are committed to protecting the privacy of our guests, funders and users of our website. When you use Maytree you trust us with your information and we are committed to preserving that trust and providing a safe and secure user experience. We will ensure that the information you submit to us is used only for the purposes set out in this data privacy notice.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25 May 2018. The GDPR aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which organisations can legally operate.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who controls your personal data?
The Data Controller is Maytree (registered charity number 1087668; company number 4076191)
Address: 72 Moray Road London N4 3LG
The Data Controller’s data protection representative is the Finance and Resource Manager who can be contacted by email email@example.com
What is personal data?
Personal data is data that can identify you as a living individual. There is general personal data such as name, address, National Insurance number and online identifiers/location data. There is also sensitive personal data which includes information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records. Sensitive data must be protected to a higher level.
Who we are, what we do and how we obtain your data?
The Maytree Respite Centre is a registered charity supporting people at risk of suicide in a non-medical setting by providing a safe place and a chance to rest, reflect and be heard without judgement.
You may have contacted us directly to use our service or you may have donated or provided funds to us. In doing so, you will have provided us with your data.
We are able to process this data provided we have a legal basis for doing so. There are six legal bases for processing data under GDPR but we will rely on 1) your consent to the use of your data including, where applicable, contacting you and 2) that we have a legitimate interest in processing your personal data. This legitimate interest is primarily the pursuit of our objective of alleviating suicide and the processing of your data necessarily enables us to do that.
How we will use your personal data
The processing of your personal information may include:
- Collecting and storing your personal data, whether in manual or electronic files
- Collating anonymised data to furnish evidence to our funders or other third parties of how we are achieving our objectives
- Providing information to regulatory authorities or statutory bodies
- Retaining a record of our dealings
- Establishing quality and training in furtherance of our objectives
- Compliance with obligations and best practice
- For the purposes of backing up information on our computer systems.
Why we process your data and our legal justification for doing so
As previously stated, our legal basis for the processing of personal data is our legitimate organisational interest although we also rely on legal obligation and consent for specific uses of data.
We will rely on legal obligation if we are legally required to hold information to fullfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required.
You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal obligation in doing so. Our processing in that respect will be limited to what is necessary in furtherance of those interest or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.
Sensitive personal data
Sensitive personal data is information which is intensely personal to you. Examples of it include information which reveals your religious or philosophical beliefs, sexual orientation, race or ethnic origin, or information related to your health.
To the extent that you provide us with sensitive personal data we shall only use that data for the purposes of our relationship with you and in furtherance of our legitimate interest or on the basis of your consent.
We shall not share your personal information unless we are entitled to do so. The categories of persons with whom we may share your personal information include:
- Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
- Parties who process data on our behalf including
- IT support
- Storage service providers including those ‘in the cloud’.
Data security and confidentiality
It is our policy to ensure, as far as is reasonably practicable, that our systems and records are secure and are inaccessible to unauthorised third parties in line with contemporary practice.
- Make our website work as you would expect
- Remember your settings during and between visits
- Improve the speed and security of the website
- Monitor user traffic patterns
- Understand how our visitors use our website.
They are essential in that they monitor the performance of our website to provide us with information to improve the website and its functionality. We do not use them to gather any personal information that could be used for marketing purposes.
If the settings on your browser that you are using to view our website are adjusted to accept cookies, we take this, and your continued use of our website, to mean that you are happy to have cookies enabled.
Turning cookies off
If you don’t want us to store a cookie on your PC to make your journey on our website the best it can be, you can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Each browser acts differently so remember to check your browser’s ‘help’ settings.
Please be aware that by not accepting cookies you will not be able to use some of the key functions of our website.
In most circumstances your data will not be retained for more than six years from the last point at which we provided any services to you or otherwise engaged with you and it is our policy to store your personal data for only as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate interests.
However, we may retain data for longer than this six years’ period where we have a legal obligation to do so or where we form the view that there is a legitimate interest to us in doing so.
Changes to this privacy notice
This Privacy Notice is reviewed regularly and may be updated from time to time to reflect changes in our organisation or legal practice. Where an update is relevant to our processing of your data we shall notify you.
We take the protection of your personal data very seriously and it is important that you are aware of your rights within that context. These include rights to:
- Request a copy of the personal data that we hold about you. If you would like to make such a request, please contact the data representative listed in the Who controls your personal data? section of this notice
- Object to the processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data
- Request that we restrict processing of your data in certain circumstances
- Request that data is erased where the continued use of that data cannot be justified
- Object to any decision, which significantly affects you, being taken solely by a computer or other automated process
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations
- Request inaccurate or incomplete data is rectified. We will respond to such a request within one month
- Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right being only applicable where our processing of your data is based on your consent
- Make a complaint to the Information Commissioner’s Office
- Request that direct marketing to you is stopped
- Please note that should you exercise your right to request that we erase data or cease any processing activity, we may retain a record of this request and the action taken to evidence our compliance, and to take steps to minimise the prospect of any data being processed in the future should it be received again from a third party source.
If you have any questions concerning your rights or should you wish to exercise any of these rights, please contact the data representative listed in the Who controls your personal data? section of this notice.
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance, refer the matter to the data representative listed in the Who controls your personal data? section of this notice. This does not affect your right to make a complaint to the Information Commissioner’s Office ico.org.uk