We take data protection seriously and safeguarding the privacy of people who use our services and website. The below Privacy Notices set out how we collect your personal information, use it, store it and what we do to make sure it is safe.
We are committed to protecting your privacy and treat all your personal information as confidential, though we do reserve the right to disclose this information in specific circumstances as described in the below privacy notices. We handle and store your personal information in line with the law.
What is a privacy notice?
A Privacy Notice is a statement made to a data subject (for example a person who uses our services or a job applicant) that describes how Together collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement.
These notices may change from time to time and where it changes, we will make every effort to alert you of any changes and share the revised notice with you.
This policy was last updated in October 2020
How we handle your personal information depends on how you interact with us.
What we do with your information
We take data protection seriously and safeguarding the privacy of people who use our services. This Privacy Notice sets out how we collect your personal information, use it, store it and what we do to make sure it is safe.
This notice may change from time to time and where it changes, we will make every effort to alert you of any changes and share the revised notice with you.
Who we are
When we say ‘we’, ‘us’ or ‘our’, we mean Together for Mental Wellbeing who is the ‘data controller’ for the information you provide to us unless otherwise stated. This means we’re responsible for deciding how we can use your information. This means we decide how your data is used and processed by us.
We are committed to protecting your privacy and treat all your personal information as confidential, though we do reserve the right to disclose this information in specific circumstances as described in this policy. We handle and store your personal information in line with the law.
When do we collect your information?
When you’re initially referred to us and while we are supporting you in order to provide you support and care.
What type of information is collected from you and how is your information being used?
The personal information we collect might include, but is not limited to, your name, postal address, email address, telephone number, next of kin, referral source, details and records of care and support, including notes and reports about your health, and information from people who support you and know you well, such as health professionals and relatives etc.
It may also include personal sensitive information such as sexual orientation, ethnicity, gender, gender identity, age, your religion or beliefs, marital status, and whether you have any disability, accessibility needs, contact with or the use of criminal justice or secure mental health services (including whether you are on the sex offenders register), mental health diagnoses, allergies or health conditions. It is important for us to have a complete picture, as this information assists staff involved in supporting you to deliver and provide better support to meet your needs.
We use your personal information for the following purposes:
- To deliver services and support to you.
- To ensure that the support you receive is safe and effective.
- To carry out our obligations arising from any contract entered into by you and us – we keep a record of this contact.
- To seek your views or comments on the services we provide.
- To train and manage the employment of our workers who deliver those services;
- To check the quality of our services.
- To work effectively with other organisations who may be involved in your care.
- To ensure our services can meet future needs.
- To review support provided to ensure it is of the highest standard possible.
- For research and audit.
Who we share your information with
The personal information we collect about you will only be processed by our workers or volunteers so as to provide you with support. Together does not to use your information for direct marketing purposes. We will not release your information to any third parties without your consent. We will not sell the personal information you provide us. We will obtain your consent before sharing any of your information with those involved in your care and support.
At times we may have to use or share your information without your permission. If we do, we’ll always make sure there’s a legal basis for it. This could include situations where we have to use or share your information:
- to comply with the law, called ‘legal obligation’ – for example, if a court orders us to share information or when we have to contact safeguarding.
- to protect someone’s life, called ‘vital interests’ – for example, sharing information with a paramedic if a service user is unwell at one of our services.
- to carry out our aims and goals as an organisation, called ‘legitimate interests’ – for example, to create anonymous case studies for our annual review in this instance we will always contact you first before we publish anything.
- to carry out a contract we have with you, called ‘contract’ – for example, if you are paying for your support through a personal budget, we may need to use your payment details to refund any overpaid money.
Retaining your personal data
Personal data that we process shall not be kept for longer than 6 years, unless we are instructed to.
We may retain personal data where this is necessary for compliance with a legal or regulatory obligation to which we are subject. We ensure that any information that is no longer needed for the purpose for which it was collected is deleted or destroyed in a safe way.
International transfer of your personal data
Your personal information will not be processed or stored outside the European Union. Our IT systems are stored on our servers in our buildings in England.
Together implements appropriate physical, technical and organisational measures to maintain the safety of your personal information. The personal information we hold is contained behind secured networks and is only accessible by a limited number of employees who have special access rights to manage the Information Technology systems of Together.
Information that is stored about you on our case management system is held securely within Together’s network and is only accessible by Together staff. The appropriate access controls are put in place so that only staff who support you see your personal information in the case management system. For example:
Staff in the service I use
All staff in your service have access to the information you give them to provide you support.
THE HEAD OF REGIONAL OPERATIONS (WHO OVERSEES THE SERVICE)
The HRO can only view information for their own services, they can see your file but they cannot change anything.
THE DIRECTOR RESPONSIBLE FOR THE SERVICE I USE
Directors cannot look at any of your personal information, they are only able to run reports which do not give any identifiable information about you e.g what is the number of people using our service?
There are four administrators at National Office who have access to all files but only use this provide admin support e.g when something in the system doesn’t work.
IT SUPPORT AND OTHER STAFF
IT Support can only access the system to apply upgrades. All other support staff do not have access to your information.
COMMUNICATIONS AND SERVICE USER LEADERSHIP TEAM
If you consent to the Communications Team and SUL Team contacting you then they will receive only your names and contact details to get in touch. They will not have access to your entire client file. These teams are likely to contact you about opportunities to get involved.
Your rights and your personal data
Unless subject to an exemption (under the General Data Protection Regulation), you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Together holds about you
- The right to request that Together corrects any personal data if it is found to be inaccurate or out of date
- The right to request for your personal data to be erased where it is no longer necessary for Together to retain such data
- The right to withdraw your consent to the processing of your personal data at any time
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request for a restriction to be placed on further processing
- The right to object to the processing of your personal data.
- The right to lodge a complaint with the Information Commissioners Office.
How can you get access to any information we hold about you?
You may request a copy of the personal information we hold about you using the Data Subject Access Request Form which can be obtained directly from your support worker.
The service from which you receive support can give you your personal records directly or you can request your personal information via our National Office. Please contact email@example.com or call 0207 780 7300 for further information.
Requests will be free of charge. However, we will require that you provide us with a proof of identity before any data is provided (this is to ensure that your data is kept safe). We will endeavour to give the information as quickly as possible. The information requested will be provided to you within 30 calendar days of receiving the request.
For corrections or changes to your personal details, you can either contact your service directly or contact us at national office in the following ways:
- Emailing firstname.lastname@example.org
- Calling our Head Office on 020 7780 7300 and ask for the Quality Team
- Writing to Together for Mental Wellbeing, 52 Walnut Tree Walk, London. SE11 6DN
If you are not satisfied with the way we have handled your information in the first instance, please contact our Data Protection Officer on email@example.com or call 020 7780 7300
If you are still unhappy about our resolution of your issue, you have the right to lodge a complaint with the Information Commissioner’s Office by calling the helpline on 0303 123 1113.
This privacy notice will provide you with an overview of:
- Who we are
- What information we collect about you
- How we use that information
- Who we share the information with
- How we protect your privacy
- Your rights to your information
Who we are
When we say ‘we’, ‘us’ or ‘our’, we mean Together for Mental Wellbeing who is the ‘data controller’ for the information you provide to us unless otherwise stated. This means we’re responsible for deciding how we can use your information.
The information we process is for job applicants as listed below:
- Applicants (successful and unsuccessful)
- Former applicants (successful and unsuccessful)
If you have any queries about the process or how we handle your information please contact us at firstname.lastname@example.org.
The information we collect
We collect information about you from different sources including:
- directly from you
- from a third party acting on your behalf e.g. an agency, referee, Disclosure and Barring Service (DBS) etc.
- when we generate it ourselves
We’ll only collect your information in line with relevant regulations and law and for our own legitimate interest and this may relate to the positions you apply for, or have applied for in the past.
You’re responsible for making sure you give us accurate and up to date information.
The personal information we process can vary between items/functions and may include, but is not limited to:
- your full name
- your address
- your email address
- Qualification details
- sensitive data (age, ethnic background, religious beliefs, disability, sexual orientation, criminal convictions)
How we’ll use your Information
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements of your employment if necessary. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide:
- Physical or mental health– as part of a pre-employment medical questionnaire
- Criminal convictions– to assess suitability for certain types of roles e.g. working with vulnerable adults or children.
- Disabilities– to facilitate adaptations in the workplace, to ensure special needs are catered for at interview or selection testing and in monitoring equality of opportunity.
- Race, religion, age, sexual orientation– to ensure the recruitment process does not discriminate against a particular group and to ensure equal opportunity.
Who we share your information with
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We may disclose your information to an enforcement agency, court, regulator or government authority where we believe this is necessary to comply with a legal or regulatory obligation.
How long we’ll keep your information
We’ll keep your information in accordance with our data retention policy and this is for a period of four months and one day, in case of any discrimination challenge, or if a vacancy occurs and we believe that you as a previous applicant may be suitable for the position. However, you will be notified if this was to be the case.
Transferring your information overseas
Your information will not be transferred or stored in countries outside the European Economic Area.
Keeping your data secure
Your personal information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your personal information from any loss or unauthorised or unlawful processing and against accidental loss or damage.
Your information will only be accessed by those employees who reasonably need access to it to provide services to you or in order to do their jobs.
You have the following rights as an applicant:
- You have the right to ask for a copy of any personal information that we hold about you in our records, to correct any inaccuracies and to update any out of date information.
- You may also request the erasure of your personal information or a restriction of its use.
If you wish to exercise any of these rights, please write to us at the address listed below.
If you have a concern about how we use your information, as a first step, please contact us using the details listed below and we will do our best to resolve your concern. We will respond to you in writing within a reasonable time setting out how we propose to correct/address your concerns.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
Updates to this Privacy Notice
We may update this policy from time to time. When we do we will publish the changes on our Platforms. If you do not agree to these changes, please do not continue to use our platforms.
If you have any questions about this Notice, please contact us at: Human Resources Team, 52 Walnut Tree Walk, London. SE11 6DN or on 0207 780 7300 or email@example.com.
Making a complaint, comment or compliment about Together – our privacy notice
When you make a complaint, comment or compliment about Together, we collect some personal information from you to help us deal with your feedback appropriately. We collect this information by phone, email, letter, complaints/compliments leaflet or online contact form, depending on how you contact us to give your feedback.
If someone contacts us on your behalf about a complaint, we’ll check with them whether they have your permission to make a complaint on your behalf and will always check with you before we share any personal information about you and your support.
What information do Together need?
In order for us to proceed with your complaint, comment or compliment, we need to know:
- Your name
- Your contact details so that we can get in touch with you (email, phone number or postal address, depending on your preference)
- What your complaint/comment/compliment is
- Which Together service or department your feedback is about
You may choose not to give us the following information, or may prefer to share feedback anonymously. You do not have to share this information with us but this may prevent us from taking action on your feedback or following up with you after receiving your feedback.
Where investigating a complaint or compliment, we may be in touch to ask you further details about your comment/complaint and we might need to look at the information we have recorded about your support, where your comment/complaint relates to this.
What do you use my information for?
The information you give us is used to deal with your complaint, comment or compliment.
This information is also used anonymously for statistics and pseudonymised for review in our internal reports and for internal learning meetings, to ensure that we deal with all feedback appropriately and to improve the service we provide. We also share pseudonymised compliment information internally in our staff e-bulletin, as well as externally to help promote Together’s services.
All our staff have been trained to make sure your data is treated sensitively and kept secure.
How do you store my data?
We’ll store your information securely on our internal systems and our online incident reporting software, Effective Software. Only relevant Together staff members will have access to this information.
We keep your data for six years. If your complaint involves an insurance claim or other dispute, we may need to keep this data for a longer period of time.
When do you share my data?
We share your information within Together to the relevant Director of service and to the person who is investigating the complaint/comment. We’ll only do this with your permission.
Where you escalate a complaint about Together externally, we’ll share your complaint information with them to enable them to investigate.
If your complaint involves or may involve an insurance claim, we might share details of your complaint with our insurer.
How do I access my data?
You can contact us at any time and ask us:
- what information we’ve stored about you
- to change or update your details where this information is no longer correct
- to delete your details from our records
Please contact us at: firstname.lastname@example.org
What if I have a complaint?
If you want to make a complaint about how we’ve handled your data while dealing with your complaint, comment or compliment, you can make a complaint following our complaints process.
Any further questions
If you’d like more information on any of the above, please contact us at: email@example.com
Information gathered online is used only by Together for internal marketing analysis, to improve our services or to enhance the website. Together will not pass on the information collected to any third party or sell or redistribute it for any reason.
A ‘cookie’ is information kept on your computer. It tells us things like what device you’re using and what pages you click on.
- track aspects of your visits, including the length of your visit, your browser, geographic location and the use of the search facility on this website
- remember the contrast and/or text resizing style preferences you’ve chosen for this website – if relevant
We use Google Analytics which enables Together to track visitor behaviour and measure site performance. We keep Google Analytics data for 50 months.
Full list of cookies
We use Google Analytics to see how people use our website, e.g. page views, time spent on the site, number of visitors. We use this data to see how well the site works and try to improve it so you can have a better experience. The cookies used by Google Analytics are:
‘_ga’ and variations of ‘_ga’
‘fundraiseup_session’ – strictly necessary
‘fundraiseup_func’ – functional cookie
‘fundraiseup_stat’ – performance cookie (optional – requires consent)
‘VISITOR_INFO1_LIVE’ – security and advertising
‘YSA’ – security
How to manage or delete cookies
If you don’t want to receive cookies, you can change the settings in your web browser. You can also delete cookies that have already been set.
To find instructions on how to restrict or block cookies, click on Help in your web browser and search for ‘cookies’.
Contact us about your data
You can contact us at any time to ask us:
- what information we’ve stored about you
- to change or update your details
- to delete your details from our records
You can contact us at firstname.lastname@example.org