Privacy, Legal and Confidentiality

Who we are

Our website address is: Reform Restore Respect

Our general privacy policy

This privacy policy explains the types of personal data we may collect about you when you interact with Reform Restore Respect Charity. It also explains how we store and handle that data and keep it safe.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Reform Restore Respect Charity uses your data. We hope the following sections will answer any questions you have, but if not, please get in touch with us at RRR Email

Conditions for processing data

We are only entitled to hold and process your data where the law allows us to. The current law on data protection sets out a number of different reasons for which we may collect and process your personal data. These include:

  • Legitimate interests
  • In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our charity and which does not materially impact your rights, freedom or interests.
  • This may include to satisfy our external regulators.
  • Legal compliance
  • If the law requires us to, we may need to collect and process your data. For example, for staff members and board of trustees we need to collect and store certain data.

Consent

In some situations, we can collect and process your data with your consent. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.

Registration with the ICO

We are registered with the Information Commissioner’s Office (ICO) as a data controller because the charity handles and stores a significant amount of personal data about individuals. We have notified the ICO of the purposes for which personal data are held, and as a result the organisation’s name is on the public register maintained by the ICO as a data controller. When notifying the ICO, we provided details of the personal data that we process, the purposes for which the data are to be processed, details of who we intend to disclose data to, and a description of the security measures to be taken to ensure that personal data is protected.

What we mean when we say “your data”

“Your data” means any information about you which is personally identifiable, including, without limitation, your name, address, date of birth, telephone number, email address, other contact details, photographs from school venues, safeguarding information and other information which may allow you to be personally identified.

When do we collect your data?

We normally collect your data when you provide it to us. You may give us your data when you:

  • contact us by telephone, letter or email;
  • use our website or complete an online web contact form;
  • When we visit school venues and take photographs of the workshop (We always liaise and consult with the school staff present in the workshop in regards to which students/parents have consented with the school we are visiting in question for the student to be in our photograph)  we always ask in every school venue we visit to signpost and remove students wo should not be in any photograph in line with the school venue consent procedures.
  • In protecting school children further and with the new GDPR in mind coupled with safeguarding, we adopt that all school photographs of our workshop are taken from the back of an assembly hall/room/theatre just so we don’t have the actual face of students in our photographs but, rather the back of their heads and only our workshop presenter face in the photographs.  We make this very clear to all school children before the photographs are taken.
  • make a donation to us;
  • otherwise disclose your information to us.

We will only request your information where it is necessary to carry out a particular function. You are under no obligation to provide us with your information, but this may limit our ability to help where certain information is needed to undertake a particular activity or service.

How do we use your data?

We process personal data for the following purposes:

  • processing and dealing with any schools/YOT/Local Authorities enquiries, including requests for information, advice, guidance, advocacy or other support
  • processing donations
  • monitoring, developing and improving the support that we provide
  • monitoring and investigating any suspected breach of the website terms of use, forum rules or any suspected unlawful activity
  • providing you with information about our work

Unless it falls within the above, we will always seek your explicit consent before using your data in a way that personally identifies you.

Anonymising data

With the personal data that you have provided, we may anonymise information that you have provided so that we can use it in a way that does not personally identify you, so as to support the aims, objectives or activities of the organisation. For example, we may use your testimony (but remove any personal information) when compiling our end of year schools project report or updating our website with testimonies.

We will not seek your consent to using your information in a way that doesn’t personally identify you. However, where there is a concern as to whether it would lead to you being personally identified, we will seek your explicit consent beforehand.

Who do we share your data with?

We may share your data with third parties outside of Reform Restore Respect in the following circumstances:

  • where you (or the person to whom the data relates) consent;
  • where the data is already available to the public from other sources;
  • where the data is in the form of a summary or collection of data so framed that it is not possible to ascertain from it information relating to any particular person;
  • when there appears to be a serious risk of harm to you, e.g. a safeguarding referral;
  • to protect others (e.g. information about possible gang involvement will be disclosed to the appropriate agency;
  • to prevent a serious criminal act where others may be endangered (e.g. an act of terrorism).

Other than as set out above, we will not:

  • provide your data to any third party without your explicit prior consent;
  • pass your data to third parties for marketing purposes without your consent;
  • share your data with any government department or agency without your consent.

How do we communicate with you?

We will only communicate with you via Reform Restore Respect work email or work mobile phone so theirs is a clear audit trail of any communication.

How do we protect your data?

We take our responsibility very seriously and will treat your data with the utmost care and take all appropriate steps to protect it.

Reform Restore Respect uses 360 Scanning Technology to probe our website and the server it resides on for critical security vulnerabilities. This performs a set of scans each day to make sure that our website is 100% secure and safe which alert us immediately if any problems are discovered. This also provides us with a Site Lock Security Certificate, which provides that our website and emails are secure.

How long will we keep your data?

We only keep your data for as long as is necessary for the purpose(s) for which it was provided. The last of the three information standards principles from ICO, principle 5 requires us to retain personal data no longer than is necessary for the purpose we obtained it for. This principle has close links with both principles 3 and 4. Ensuring personal data is disposed of when no longer needed will reduce the risk that it will become inaccurate, out of date or irrelevant.

Who do we share your personal data with?

We sometimes share your personal data with trusted third parties. For example, our trustees, secure file storage and our auditors.

Here is the policy we apply to those organisations to keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services
  • They may only use your data for the exact purposes we specify in our contract with them
  • We work closely with them to ensure that your privacy is respected and protected at all times
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Where is your data processed?

All data/reports/information processed are on Reform Restore Respect Charity computers which is in our office. The computers are password protected and it cannot be used by any other person not working for our organisation. All information processed on the computers are also supported by Kaspersky Lab Anti-Virus Software to stop any viruses, malware and criminals attempting to hack into the computer. We operate a ‘clean desk’ policy to ensure that these records are not left unattended in our office or in areas accessible to the members of the public, and only those who need to use this data have access to it. All other forms of data will be held securely and in confidence at all times. We will take all reasonable steps to protect it from unauthorised disclosure to, or access by, a third party.

What are your rights?

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete, for example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
  • That we stop any consent-based processing of your personal data after you withdraw that consent.

If we choose not to action your request, we will explain to you the reasons for our refusal.

Requests for a copy of data held

You have the right to request a copy of any information about you that we hold at any time (often known as “subject access”), and also to have that information corrected if it is inaccurate. Although we have up to 30 days to supply this information, we will try our best to provide it sooner than this.

Formal requests under the Data Protection Act need to be sent in writing, either by post or email. To ask for your information, you can either Email RRR or write to Reform Restore Respect, PB005, Easistore – Block 7, Enterprise Way, Edenbridge, Sevenoaks, Kent, TN8 6HF.

To respond to a request, we require the following information:

  • Your full name
  • Address (including postcode)
  • Telephone number
  • Email address (if available)
  • A description of the data that you are requesting, and any additional information which will enable us to locate it
  • Evidence of your identity (e.g. a copy of your passport, driving licence – please do not send originals)
    How you would like to receive the information (either by email or by post).
  • If a third party is acting on your behalf, proof of the third party’s identity and your authority to disclose your information to them must also be provided in writing.

In addition to the right to receive a copy of all the personal data held you, you are also entitled to be told that we, or somebody on our behalf, are processing data about you, to be given a description of the personal data, the purposes for which the data is being processed and a description of those to whom the data may be disclosed. This will be met by us providing you with a copy of this policy alongside a copy of any information that we hold.

You are not entitled to information relating to other people (unless they are acting on your behalf). Neither are you entitled to information simply because you may be interested in it. Subject access provides a right to see the information contained in personal data, rather than a right to see the documents that include that information.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

You can withdraw consent in various ways, depending on what you are withdrawing consent from. If you would like to withdraw consent completely, please provide details by email to info@reformrestorerespect.org

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so, unless we believe we have a legitimate overriding reason to continue processing your personal data.

Our website

This section only applies to your use of our website. In addition to information given explicitly by you, we also collect information about your visit to our website (for example, the date and time of your visit and the pages that you view). This information is not connected to you personally, and is in aggregate form. This kind of information helps us to understand how our visitors use our site so that future website development can better meet your needs. By using this website, you consent to the processing of statistical (non-personal) information.

You can access all pages on the site without telling us who you are and without revealing any personal information. We collect some information when you visit our site but this does not allow us to identify you personally. The information we collect includes browsers’ visitors use, what time they visit and which pages are most viewed. This enables us to evaluate the site and work to improve it. We do not link any of this anonymous data with any personal data that you may provide to us.

Google analytics

Reform Restore Respect website use Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how users use the site. You can manage how we use cookies – see the section above.

Other websites

Our website may contain links to other websites which are outside our control and are not covered by this privacy policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

The regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113, or go online to ICO

Implementation of this policy

We will ensure that all staff, volunteers and trustees understand this policy. The policy is also made available on our website. A paper copy of the policy can be obtained by sending a self-addressed envelope to our office.
This policy will be reviewed regularly.
If you have any comments or queries in connection with this policy, Email RRR

Changes to this policy

This policy may change from time to time. In this case, the amended version will be published on this site.

This document was last updated on August 16, 2018