nia is a charity working on all forms of violence against women and girls. Our Charity Registration number is 1037072. nia respects the privacy and security of your personal information.
This policy explains what personal information we collect, why we collect it and how we ensure its safety and security. It also explains your rights over any personal information we hold about you.
This policy applies to anyone using our services or interacting with us through any form of correspondence including via internet, social media, email, phones and mobiles and in writing.
What sorts of information do we hold?
nia holds personal information which may include:
- Telephone number(s)
- Social media contact details
- Messages of support
- Amounts donated.
We also maintain details of the work undertaken with service users in casework, advocacy and other communications between service users and support staff in the organisation and also referral forms and risk and needs assessments.
On whom do we hold information?
- Staff, volunteers and trustees and candidates applying for vacancies at nia and this may also include information on criminal records and references.
- Service users who use nia’s services.
- Supporters who attend our events, fundraise for us and donate to us.
We also have contact information (telephone, email and address) details for staff working in local authorities, public services, other NGOs and a range of suppliers and others with whom we are in regular contact in the delivery of our services.
How do we use your information?
Under the General Data Protection Regulations (GDPR) information must be held for one of a number of “lawful reasons”. Amongst the lawful reasons that apply in our case are;
- Consent: Whereby an individual has consented for us to hold and process the information.
- Necessary for the fulfilment of a contract: Whereby we are contractually bound to hold and process data.
- Vital interest: Whereby safeguarding requires us to hold and process that data.
- Legitimate Business Interest: Whereby we have a legitimate reason to hold and process data and to do so does not infringe on any of your rights or interests.
With whom might we share your information?
We do not share your information. The only exceptions to this are where, with your consent, we make onward referrals or prepare correspondence with other agencies in support of a service user. Information may have to be shared without consent in extreme circumstances of a risk of serious harm to a service user or third party which requires an intervention for safety or in accordance with the law.
In order to effectively achieve our aims, we will record data on databases which are provided by third party suppliers. All such suppliers are required to provide us with assurances that they too are GDPR compliant.
What are your rights over the information we hold about you?
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
- Individuals may request access to their personal data held by us as a data controller.
- Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
- Individuals may request that we erase their personal data.
- Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
- Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
- Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and enough information about your engagement with us to ensure we are able to find your personal information.
There may be circumstances whereby we are required by law to continue to hold some information about you – this includes, for instance, requirements under tax law whereby we are obliged to maintain salary and employee information.
There may also be circumstances in which we cannot remove or destroy information at one individual’s request if to do so undermines our obligations to ensure the safety and security of others.
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Please go to www.ico.org.uk/concerns to find out more.
For how long do we keep your information?
nia operates a range of security measures to guard against unauthorised access, use, alteration or loss of your personal information:
- There is limited access, ensured by key and security fob access, to our premises.
- All staff using mobiles, laptops, databases or computers are named, their identity can be verified, they have logins and passwords and are restricted in what information they may access.
- Paper records are kept in locked filing cabinets.
- If we wish to use your information, quotes or feedback for research, advocacy, case studies, public display, photographs, social media or fundraising we will only do so with your consent and with appropriate data-cleaning to ensure material is anonymous and non-identifiable.
- Staff are not allowed to use personal devices for work-related matters.
- Sensitive information if being shared in referrals with other agencies delivering services is marked confidential and sent encrypted or password protected.
If you would like further information or to act on any of the rights outlined above, please contact us by one of the following means:
By email: firstname.lastname@example.org
the nia project
PO Box 58203
London N1 3XP