Privacy Policy

Last updated 23/05/2018

Definitions

Organisation Someone Cares
GDPR the General Data Protection Regulation.
Responsible Person Donna Lowden
Register of Systems Electronic and manual

  1. Data protection principles
    Someone Cares is committed to processing data in accordance with its responsibilities.
    Article 5 of the GDPR requires that personal data shall be:
    • processed lawfully, fairly and in a transparent manner in relation to individuals;
    • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
    • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
    • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
    • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
    • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
  2. General provisions
    • This policy applies to all personal data processed by Someone Cares.
    • The Responsible Person shall take responsibility for Someone Cares’s ongoing compliance with this policy.
    • This policy shall be reviewed at least annually.
    • Someone Cares shall register with the Information Commissioner’s Office as an organisation that processes personal data.
  3. Lawful, fair and transparent processing
    • To ensure its processing of data is lawful, fair and transparent, Someone Cares shall maintain a Register of Systems.
    • The Register of Systems shall be reviewed at least annually
    • Individuals have the right to access their personal data and any such requests made to Someone Cares shall be dealt with in a timely manner.
  4. Lawful purposes
    • All data processed by Someone Cares must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
    • Someone Cares shall note the appropriate lawful basis in the Register of Systems.
    • Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
    • Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Someone Cares’s systems.
  5. Data minimisation
    • Someone Cares shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  6. Accuracy
    • Someone Cares shall take reasonable steps to ensure personal data is accurate.
    • Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
  7. Archiving / removal
    • To ensure that personal data is kept for no longer than necessary, Someone Cares shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
    • The archiving policy shall consider what data should/must be retained, for how long, and why.
  8. Security
    • Someone Cares shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
    • Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
    • When personal data is deleted this should be done safely such that the data is irrecoverable.
    • Appropriate back-up and disaster recovery solutions shall be in place.
  9. Breach
    In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Someone Cares shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

At SomeOne Cares (SOC) we are committed to protecting your privacy. We use the information we collect about you to enhance your experience online and improve our service to you and as required by the UK Data Protection Act 2018 and all other data protection legislation currently in force, we follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access.

The Regulation applies to anyone processing personal data and sets out principles which should be followed and gives rights to those whose information is being processed.

This Privacy Notice tells you what to expect us to do with your personal information when you contact us or enter into an agreement with us.

In this Privacy Notice we will tell you:
  • why we can process your information
  • what purpose we are processing it for
  • whether you must provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information
  • whether we intend to transfer it to another country
  • whether we do automated decision-making or profiling.
SomeOne Cares takes its responsibilities seriously and adheres to the Data Protection Principles. When processing information we will ensure that it is:
  • processed lawfully, fairly and in a transparent way
  • processed only for the purpose that the information was collected for
  • limited to what is necessary
  • accurate and kept up to date
  • kept for no longer than is necessary
  • kept safe and secure
  • only shared with other Organisations who can demonstrate compliance with the regulations.

Our Contact Details

There are many ways you can contact us, including via our website, post, email, telephone or in person.

Name: SomeOne Cares
Postal Address: 1 Amble Close, North Shields, Tyne and Wear, NE29 7XW
Website: https://someonecares.org.uk/
Email: enquiries@someonecares.org.uk
Telephone: (0191) 257 8094

SomeOne Cares are a Data Controller and registered with the ICO. Registration: Z9734344

What information we collect

Referrals may be received via email from various organisations (Healthcare, Charity, Social Care, Education, Local Government, UK Government, Law Enforcement, Local Authority). We may also receive a direct approach from individuals who contact SomeOne Cares via telephone, email, or website enquiry, in all these cases we collect the following initial personal information:
  • Name and contact details (address, email address, telephone number)
  • IP Addresses you use to access our website along with your usage details.
Should you enter into an agreement for services provided by SomeOne Cares, we may collect further personal information from you. The type of additional information we may collect is:
  • Payment card details
  • Date of birth
  • Proof of identity
  • Gender
  • Nationality
  • Immigration status
  • Ethnicity
  • Marital Status
  • Sexuality
  • Health Details * including GP Details, Medications, Disabilities etc
  • Emergency Contact information
*If we need to collect sensitive information for example Health details, we will always seek your explicit consent first.

We may use the information we collect to occasionally notify you about important functionality changes to the website, new products, services, and special offers we think you will find relevant.

If you would rather not receive this information, details of how to remove yourself from our subscription system will be contained in the emails that you receive from us. Make sure you change your preferences for each account you hold or email address you have provided.

Why we collect and process this information

In most cases, the lawful bases, or reason(s) for processing your information is in fulfilment of a contract, for example:
  • When you use our website or to enquire about our services via our website, by telephone or email
  • When you enter into an agreement with us for any service provision
  • To enable us to support our customer obligations and service requirements
  • To notify you of any enhancements or updates to the services or systems we provided to you
  • To manage our business
  • Perform the terms of our agreement with you.

Your information will not be used for automated decision-making or profiling.

In certain circumstances we also use other lawful bases as follows:
  • To fulfil our regulatory and legal requirements
  • Our legitimate interests, for example:
    • to improve our services
    • to conduct web analytics
    • to administer and protect our business, website, and social media profiles
    • for the prevention and detection of fraud and spam
    • for the establishment, exercise, and defense of legal claims.

What about Cookies?

Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. We use cookies to help provide you with the best service when viewing our website. Please see our Cookie Notice for more information.

How we protect your information

We are committed to ensuring that your information is secure. As such we have put in place appropriate technical and organisational measures to safeguard it, including the use of user logins and passwords to our internal systems, secure cloud-based data storage, encryption, anti-virus software and network vulnerability scanning.

All information entered and stored within our internal systems are kept for the duration required for us to fulfil our contractual and legal requirements and in line with our Data Retention Policy and Schedule.

Who we share your data with

To provide some services, SomeOne Cares may need to share client’s personal data with other agencies (Third Parties). Verbal or written agreement will always be sought from the client before data is shared. This will only be done after discussions with a manager or the Data Protection Officer. All such disclosures will be documented.

The main organisations we may share your information with are:
  • Guidance Counsellor who may provide counselling services on our behalf
  • National Health Service (NHS)
  • Social Care Services
  • Law Enforcement
  • Local Authority

We may use third party organisations to provide elements of our services on our behalf. We have contracts in place with these organisations which means that they cannot do anything with your personal information unless we have instructed them to do so.

They will hold it securely for the purposes of and retain it for the period we instruct. The main organisations we may share your information with are:
  • IT and other software providers to enable us to collect and process data in fulfilling your query, in fulfilment of our agreement with you (based on your consent).
  • Health and safety and quality assessors who may inspect our work in compliance with the Health and Social Care Act 2012 and other related Regulations
  • Payment card processors to take payment for our services or donations made

We will not share your information with any third parties for the purpose of marketing services directly to you. SomeOne Cares does not sell, trade, or rent your personal information to others.

There may be occasions, such as when information is stored in the secure systems used where your information is processed outside of the EEA. Where this is the case appropriate organisational and technical measures are adopted to ensure the protection of your information.

Should you require any further details about the circumstances in which processing of your information may be outside of the EEA, please contact us at Enquiries@someonecares.org.uk

Data Subject Rights

Under EU legislation, you have rights as a Data Subject including:
    • Your right of access – You have the right to ask us for copies of your personal information.
    • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not normally required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at: Enquiries@someonecares.org.uk if you wish to make a request.

We will post any changes to our privacy policy on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it.

Tell us what you think

SomeOne Cares welcomes your questions and comments about privacy. Should you not be entirely satisfied with any aspect of how we have used your information, please contact us directly and we will endeavour to resolve your query as quickly as possible. Should your query not be resolved to your full satisfaction you may also complain to the ICO at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF