GDPR
There has recently been a change in the law regarding how companies can store your information. This is our policy and details what information we will hold about our clients and how we will manage that information. If you have any questions please do not hesitate to contact us .
General Data Protection Regulation (GDPR) Privacy Statement
1. Introduction
Your privacy is a top priority. We're committed to always being a good custodian of your personal information, handling it in a responsible manner, and securing it with industry standard administrative, technical and physical safeguards.
We follow the following two principles when it comes to your privacy:
transparency - we work hard to be transparent about what personal information we collect and process
simplicity - we try to use easy-to-understand language to describe our privacy practices to help you make informed choices
About us
The Family Intervention Counselling Service is registered as a data controller with the Information Commissioner’s Office (ICO) (ICO registered number: ZA243345) Family Intervention Counselling Service is a community interest company registered in England (company number 10325858).
2. How we use your information
a) Storage and management of personal information
Our principal data management system is Paloma Modus client management system (CMS) which is maintained by ourselves. This system enables us to efficiently store any information about our clients, former clients and stakeholders in a way that ensures adequate security and only allows people who have the right level of authority to access personal information. It also simplifies our responsibilities for data retention and subject access requests.
b) Clients and former clients
The legal basis we use for processing clients’ and former clients’ personal information is a combination of contract and legitimate interest.
We carefully safeguard the information we hold about clients. This information comes from the way clients engage with us, information provided through referral forms, assessment forms, client notes, feedback forms and evaluation.
3. What the information is used for
We collect this information to provide the best service to clients, for training, supervision and to inform our development of services to continue to meet our clients’ needs.
We may also monitor or record any communications with clients including telephone calls. We'll use these recordings to check your instructions to us, to analyse, assess and improve our services and for training and quality purposes.
We send messages by post, telephone, text, email or other digital methods. These messages may be:
to send information as requested by you.
to confirm appointments and/or rearrange appointments.
We will never pass on your information to a third party without your consent.
4. Sharing your information
During your contact with us, we’ll tell you how your information will be used and that it may be necessary to share it with other services and organisations.
We will not share your information with any third parties unless:
you have consented to this (for example by providing information to us after we’ve told you that we will supply the information to a third party)
it is as part of our duty to protect a child, a vulnerable adult, yourself or the public
we are required to do so by any court or law or any relevant regulatory authority
to protect the rights, property or safety of Family Intervention Counselling Service or any third parties (for example for the purposes of fraud protection)
As a client of Family Intervention Counselling Service and using our services, you grant us permission to process personal data which you have provided to us.
We will keep client records for seven years and paper records are kept in locked cabinets.
a) Members of the public who make enquiries
We do not usually record or process any data from members of the public who ring us with general enquiries. If a query does require us to take personal data we will explain this at the time. We do not record phone calls.
We retain emailed queries from the general public for a maximum of one year.
b) Photography and filming
If you attend an event, take part in a promotional activity, and in some cases attend counselling we may ask to film the session or take your photograph. Any images we hold, whether in still photographs or video, may be covered by the definition of personal data in the GDPR. We will need your consent in order to take and use these images fairly and lawfully. We will ask you to complete a photography and filming consent form.
c) Job applicants, volunteers, current and former staff
We will only use any information you provide during the recruitment process for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any information you provide during the process with any third parties for marketing purposes or store it outside of the European Economic Area. The information you provide will be held securely by us whether the information is in electronic or physical format.
We will use the contact details you provide to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you've applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
If we make a conditional offer of employment we'll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff and their right to work in the UK, and to seek assurance as to their trustworthiness, integrity and reliability.
Therefore, you must provide:
proof of your identity – we’ll ask you for original documents and will take copies
proof of your qualifications – we may ask you for original documents and will take copies
We will contact your referees, using the details you provide in your application, directly to obtain references.
If we make a final offer, we’ll also ask you for the following:
bank details – to process salary payments
emergency contact details – so we know who to contact if you have an emergency at work
If you accept a final offer from us, some of your personnel records will be held on our internal HR records system.
During your employment we may need to share your information with third party processors who provide elements of our ongoing employment service, that is employment law advice, occupational health advice, payroll and pensions processing and other employee benefits such as health and wellbeing services. We have contracts in place with all of our third party processors. This means they cannot do anything with your personal information unless we instruct them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
The information you provide will be retained as part of your employee file for the duration of your employment and for seven years afterwards.
If you're unsuccessful the information you give us, and any information we create during the process, are retained for six months.
d) Volunteers
We collect only information that we need for volunteers. Information is retained for the duration of their volunteering then is immediately deleted.
5. Audit and regulatory requirements
We may share any data about our operations with:
HMRC - see HMRC personal information charter
the Information Commissioner’s Office - see ICO privacy notice
Companies House - see Companies House personal information charter
and other regulatory bodies, should this be necessary to complete our statutory audit and regulatory requirements.
6. Your rights
Under the General Data Protection Regulation (GDPR) you have rights as an individual data subject which you can exercise in relation to the information we hold about you. You can read more about these rights on the ICO's website.
7. Complaints and queries
We try to meet the highest standards when collecting and using personal information, and we take any complaints about this very seriously. We encourage you to let us know if you think that our collection or use of information is unfair, misleading or inappropriate. We also welcome any suggestions for improving our procedures.
This privacy notice does not provide exhaustive details of all aspects of our collection and use of personal information. However, we’re happy to provide any additional information or explanation needed. Please send any requests for this to our DPO at the address in the Introduction above.
If you want to make a complaint about the way we've processed your personal information, you can contact the ICO as the statutory body which oversees data protection law - see ICO concerns.
8. Access to your personal information
We try to be as open as we can in terms of giving people access to their personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ under GDPR.
If we do hold information about you we will:
give you a description of it
tell you why we are holding it
tell you who it could be disclosed to
let you have a copy of the information in an intelligible form
To request any personal information we may hold, you must put your request in writing to our DPO at the address in the Introduction above.
If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
You can ask us to correct any mistakes in any information we hold by contacting our DPO.
9. Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However, if we have a safeguarding concern we will need to share personal information with the MASH with or without your consent in line with our Safeguarding Policy.
10. Data security
We recognise that the information you provide may be sensitive and we will respect your privacy. We keep information about you confidential. This means we store it securely and control who has access to it. We will only share personal data with other organisations where we are satisfied that the other organisation is entitled to receive it and will keep your information secure.
We're committed to holding all personal data within Family Intervention Counselling Service on secure systems. We keep any paper-based personal data in locked cabinets to which only appropriate staff have access. We're working to reduce the amount of paper-based information we hold as it is easier to secure data if it is only held electronically. All personal data is held electronically on our client management system (CMS) that is hosted by Paloma Modus.
We use third party processors to provide email monitoring and filtering and have secure email addresses for sending and receiving sensitive information.
If you have any queries about this privacy notice or about any aspect of our data management, please contact our Data Protection Officer (DPO) Donna Hodge at admin@interventionservice.co.uk.
We'll update this privacy notice regularly to ensure it continues to comply with the latest regulations and best practice.