1. Introduction
The law on data protection changed in May 2018, when the new EU-wide General Data Protection Regulation (GDPR) came into force. This new regulation gives you greater control over how information about you is stored and used by organisations like NACCOM. We have undertaken an audit of all the personal information we hold at NACCOM, and put into place new processes and systems to make sure we are working in line with the regulations. This policy is part of that process.
If you have any queries about our privacy policy please email [email protected] or call 0161 706 0185. Please note this policy may be updated, and we will ensure that the latest version is always available on our website.
2. Who are we?
NACCOM is a national network of organisations preventing destitution amongst asylum seekers, refugees and other migrants. It has been a national charity (CIO No: 1162434) since 2015 and an informal network of voluntary organisations since 2006.
3. What is this policy about?
NACCOM is committed to protecting your privacy and the personal information you provide us with. In line with our values, we want to treat you – and your personal information – with respect and dignity. It is important to us that you have confidence in us as an organisation, and that you trust us to look after your information. This policy explains how we collect, use and store your personal information, and also explains the rights you have under the 2018 regulations.
4. Your rights
Under GDPR, you have 8 specific rights when it comes to your personal information.
1. The right to be informed – meaning you should be given clear information about what personal information we keep, why we keep it and how it is used and stored.
2. The right of access – meaning you can ask us for a copy of all the personal information we hold about you and you can ask us questions to make sure that we are processing your information legally.
3. The right to rectification – meaning that if the personal information we have is wrong or incomplete, you can tell us so that we only keep accurate information that you have chosen to share with us.
4. The right to erasure – meaning that you can ask us to erase all your personal information. This is sometimes known as ‘the right to be forgotten’. There are some occasions when we may have a legal obligation or legitimate interest to keep certain information about you, even if you no longer want to be on our records, for example in terms of processing financial information, or keeping records in case of a future claim.
5. The right to restrict processing – meaning that you can ask us to keep your information but only use it for certain purposes, for example you may want to only receive certain types of information from us.
6. The right to data portability – meaning that you can ask for your data to be transferred to another system. This is not something that is currently relevant to our work at NACCOM, but an example would be if you use a price comparison website to compare different bank accounts, you have the right to tell your current bank to share relevant information with another account provider.
7. The right to object – meaning that if you are unhappy with the way we have processed your data, for example if we keep writing to you when you have asked us not to, you can tell us and we must respond.
8. Rights in relation to automated decision making and profiling – meaning that we need to tell you if we use any systems which automatically use your personal information without human involvement. There is more information about this and all the other rights on the Information Commissioners Office website here.
5. On what basis do we collect your information?
We collect personal information on the basis of consent (in most cases) and legitimate interest (for instance when contracts are in place).
6. What information do we collect?
We collect information on:
- people (and organisations) who apply for membership of NACCOM
- people who attend our events or contact us
- people who apply for jobs at NACCOM
- people who donate money to us
- people who are interested in hosting
- staff and volunteers
When you visit our website, we collect non-personal data such as details of pages visited and time and location data. Website usage information is collected using cookies (see the section on Cookies below).
We may collect publicly available information, for example from Companies House, Charity Commission, or information published in newspapers.
7. What do we do with your information?
Members: – we may use the personal data we collect from you to:
- provide you with any information you have requested
- keep a record of your relationship with us
- keep you up to date about our work (we ask for your consent to do this)
- invite you to events that could be relevant to your services
- share details about your organisation on the Project Directory (we ask for specific consent on the information shared publicly)
- connect you with other members where appropriate for networking purposes
- consult with you about developing services
- ask you about your data and statistics to contribute to national data
People attending our events and people who contact us: – we may use the personal data we collect from you to:
- provide you with any information you have requested
- keep a record of your relationship with us
- keep you up to date with news and stories about our work
- invite you to events
- consult with you about developing services
- ask you about your data and statistics to contribute to national data
People who apply for jobs with NACCOM: – we may use the personal data we collect from you to:
- provide you with any information you have requested
- keep a record of your relationship with us
- process and consider your application for a role at NACCOM. Your information will only be shared with our staff involved in the recruitment process
- share specific and appropriate elements of your personal data, for example, your contact details, with other staff team members that you will be working with should your application be successful
People who donate money to us: – we may use the personal data we collect from you to:
- process any donations you give to us including claiming Gift Aid on your donations if authorised by you to do so
- thank you for your donations and invite you to continue to support us
- provide you with any information you have requested
- keep a record of your relationship with us
We will always do this in compliance with Fundraising standards.
People who are interested in hosting: – we may use the personal data we collect from you to:
- signpost your enquiry to hosting projects in our network (locally/nationally)
- keep a record of your relationship with us
Staff and volunteers: – we may use the personal information we collect from you to:
- fulfil our contractual obligations to you, such as paying you
- ensure we are treating you as we’ve committed to, for example under our sickness absence policy
- provide references at your request should you move on
8. Sharing your information
Sometimes we may need to share your information, with your consent. We may also have to share information if it is required by a law enforcement agency or by a regulatory body, for example the HMRC for processing Gift Aid on donations. We do not share your information with any other organisations for their marketing purposes.
We may use other organisations to carry out tasks on our behalf, including processing donations (for example we receive online donations from Stewardship), sending emails (such as using Mailchimp to send our newsletters). We will provide these organisations with only the information needed to deliver these services, and they are not permitted to use or store your data for any other purpose.
9. Where and how do we store your personal information?
We take appropriate steps to ensure your personal information is managed securely. We store and process most of our information using cloud and secured servers. Internally, this is accessed only by appropriate staff who are trained suitably. We restrict access to certain computer drives and files, for example information relating to financial giving.
In some cases, third parties may have access to your personal information, and where this is the case we ensure that they are GDPR compliant. Our IT system is managed and supported by a company called Rocksalt, who have administrator rights across our IT system. They have their own privacy policy and are fully compliant with GDPR.
We may use external companies to collect or process personal data on our behalf, for example Mailchimp or Salesforce (our database system). While we take appropriate steps to ensure that information is secure, for example by using encrypted forms, we cannot guarantee that transmission of information over the internet is 100% secure and therefore you submit data at your own risk.
Data in cloud based systems may be processed outside of the European Economic Area (EEA). By submitting your personal data, you agree to this transfer, storing and processing of your information.
10. Cookies
Cookies are text files that are placed on your computer by websites that you visit. You can find more information about cookies here (www.aboutcookies.org). Most browsers allow you to turn off the use of cookies function, should you wish to.
Cookies may be used to collect information about your visit to our website, for example: the pages that you visit, the time and date of your visit, location and traffic data.
We may collect and use this data for the following reasons:
- To understand the interests and needs of those who visit our website
- To estimate our audience size and patterns
- To support the processing of forms, applications or requests you send to us
- To help us improve and update our website
NACCOM uses third party suppliers such as Facebook, Twitter, Youtube and Vimeo and they may use cookies. We do not control these, and we would advise you to check with these third parties for information about their cookies and how to manage them.
Some of these third parties may be located outside of the UK and the European Union, and therefore they may not fall under the jurisdiction of UK courts. If this is a concern to you, you can change your cookie settings and you can find out more about this from the Information Commissioner’s Office (ICO) (https://ico.org.uk/).
11. Links/Other Websites
This privacy policy only applies to NACCOM. The NACCOM website contains links to other websites, which are run by other organisations. NACCOM is not responsible for the privacy practices of other organisations, and as a result of this you should read their privacy policies with care.
12. How long do we keep your information?
How long information is kept for is sometimes called ‘data retention’. We will keep your personal information only for as long as we consider it necessary. We have to take into account legal obligations, for example we are obliged to keep details of anyone making a financial donation for 7 years after the gift (and share those details with the HMRC if this is gift aided), accounting and tax considerations and also consider what is reasonable for the activity in question. If you have any questions about this, please contact us in writing using the contact details at the bottom of this Privacy Policy.
13. Updating your details and preferences with us
Please keep your details up to date with us, for example if you change address or telephone number. You can change your preferences for which communications you receive from us, and how we contact you, by getting in touch with us at any time.
- By email: [email protected] By phone: 0161 706 0185
- By post: Data Protection Officer, NACCOM, Youth Resource Centre, Oxford Street, Whitley Bay, NE26 1AD
14. Accessing and amending your information and preferences
At any time, you can do the following:
- ask for a copy of the personal information we hold about you (this is also known as a Subject Access Request)
- ask us to erase or remove all your personal information
- ask us to restrict how we use your personal information
- object to our use of your personal information
Your request needs to be in writing and either on paper or in an email is fine. The more detail you are able to include the better we’ll be able to respond.
To do any of these, please write to us at: By email: [email protected]
By post: Data Protection Officer, NACCOM, Youth Resource Centre, Oxford Street, Whitley Bay, NE26 1AD
We will act on any requests received at the latest within one month of receiving your request, unless this request is complex, in which case we will inform you within one month of receiving your request and explain why we need to extend this length of time.
15. How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you.
- By email: [email protected]
- By phone: 0161 706 0185
- By post: Data Protection Officer, NACCOM, Youth Resource Centre, Oxford Street, Whitley Bay, NE26 1AD
For more information about your rights in relation to the information we hold about you, you can visit the ICO website (https://ico.org.uk)