Privacy Policy

Last updated 23/05/2018

Definitions

Organisation Someone Cares
GDPR the General Data Protection Regulation.
Responsible Person Donna Lowden
Register of Systems Electronic and manual

Data protection principles
Someone Cares is committed to processing data in accordance with its responsibilities.

Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
General provisions
- This policy applies to all personal data processed by Someone Cares.
- The Responsible Person shall take responsibility for Someone Cares’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
- Someone Cares shall register with the Information Commissioner’s Office as an organisation that processes personal data.
Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, Someone Cares shall maintain a Register of Systems.
- The Register of Systems shall be reviewed at least annually
- Individuals have the right to access their personal data and any such requests made to Someone Cares shall be dealt with in a timely manner.
Lawful purposes
- All data processed by Someone Cares must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
- Someone Cares shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Someone Cares’s systems.
Data minimisation
- Someone Cares shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy
- Someone Cares shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
Archiving / removal
- To ensure that personal data is kept for no longer than necessary, Someone Cares shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
Security
- Someone Cares shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
Breach
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Someone Cares shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

At SomeOne Cares (SOC) we are committed to protecting your privacy. We use the information we collect about you to enhance your experience online and improve our service to you and as required by the UK Data Protection Act 2018 and all other data protection legislation currently in force, we follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access.

The Regulation applies to anyone processing personal data and sets out principles which should be followed and gives rights to those whose information is being processed.

This Privacy Notice tells you what to expect us to do with your personal information when you contact us or enter into an agreement with us.

In this Privacy Notice we will tell you:

why we can process your information
what purpose we are processing it for
whether you must provide it to us
how long we store it for
whether there are other recipients of your personal information
whether we intend to transfer it to another country
whether we do automated decision-making or profiling.

SomeOne Cares takes its responsibilities seriously and adheres to the Data Protection Principles. When processing information we will ensure that it is:

processed lawfully, fairly and in a transparent way
processed only for the purpose that the information was collected for
limited to what is necessary
accurate and kept up to date
kept for no longer than is necessary
kept safe and secure
only shared with other Organisations who can demonstrate compliance with the regulations.

Our Contact Details

There are many ways you can contact us, including via our website, post, email, telephone or in person.

Name: SomeOne Cares
Postal Address: 1 Amble Close, North Shields, Tyne and Wear, NE29 7XW
Website: https://someonecares.org.uk/
Email: enquiries@someonecares.org.uk
Telephone: (0191) 257 8094

SomeOne Cares are a Data Controller and registered with the ICO. Registration: Z9734344

What information we collect

Referrals may be received via email from various organisations (Healthcare, Charity, Social Care, Education, Local Government, UK Government, Law Enforcement, Local Authority). We may also receive a direct approach from individuals who contact SomeOne Cares via telephone, email, or website enquiry, in all these cases we collect the following initial personal information:

Name and contact details (address, email address, telephone number)
IP Addresses you use to access our website along with your usage details.

Should you enter into an agreement for services provided by SomeOne Cares, we may collect further personal information from you. The type of additional information we may collect is:

Payment card details
Date of birth
Proof of identity
Gender
Nationality
Immigration status
Ethnicity
Marital Status
Sexuality
Health Details * including GP Details, Medications, Disabilities etc
Emergency Contact information

*If we need to collect sensitive information for example Health details, we will always seek your explicit consent first.

We may use the information we collect to occasionally notify you about important functionality changes to the website, new products, services, and special offers we think you will find relevant.

If you would rather not receive this information, details of how to remove yourself from our subscription system will be contained in the emails that you receive from us. Make sure you change your preferences for each account you hold or email address you have provided.

Why we collect and process this information

In most cases, the lawful bases, or reason(s) for processing your information is in fulfilment of a contract, for example:

When you use our website or to enquire about our services via our website, by telephone or email
When you enter into an agreement with us for any service provision
To enable us to support our customer obligations and service requirements
To notify you of any enhancements or updates to the services or systems we provided to you
To manage our business
Perform the terms of our agreement with you.

Your information will not be used for automated decision-making or profiling.

In certain circumstances we also use other lawful bases as follows:

To fulfil our regulatory and legal requirements
Our legitimate interests, for example:
- to improve our services
- to conduct web analytics
- to administer and protect our business, website, and social media profiles
- for the prevention and detection of fraud and spam
- for the establishment, exercise, and defense of legal claims.

What about Cookies?

Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. We use cookies to help provide you with the best service when viewing our website. Please see our Cookie Notice for more information.

How we protect your information

We are committed to ensuring that your information is secure. As such we have put in place appropriate technical and organisational measures to safeguard it, including the use of user logins and passwords to our internal systems, secure cloud-based data storage, encryption, anti-virus software and network vulnerability scanning.

All information entere