How long we hold your information for
∙ We will hold the information for as long as we are providing you services and we only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations ( e.g. Health and Safety)
Your access Rights
You have the right to request copies of certain of your personal information within our custody and control, and details of how we use that information. If you think any of the personal information we hold about you is inaccurate, you may also request it is corrected. If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
In relation to all of these rights, please email us at privacy@firststeptrust.org.uk
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request but where appropriate we will notify you of the reasons for this.
How do we use your personal information?
We may use your personal information to:
∙ Provide you with the important advice and support you have asked us for, whether this be through our Personal Development Plan (PDP) and other monitoring tools.
∙ Provide or administer activities relating to all our services: updating you with important administrative messages, to help us identify you when you contact us, and help us to maintain our proper records.
∙ Improve your experience with us. We may use your information to enhance the service that our staff provide, to improve our information and communications.
∙ Provide you with information about our plans. This may be letting you know about new or enhanced services that we hope will be useful and interesting to you, and may include fundraising updates.
∙ Be assured we either would only do this with your consent, where we need to fulfil a contract or service with you, or where we believe you will expect to be updated and contacted by us. ∙ Comply with our legal obligations (including those arising under contracts) and regulatory compliance for e.g. Health and Safety, Charity Commission;
∙ Detect or prevent fraud, misuse of services or money laundering;
∙ Enforce legal claims;
∙ Any other purposes that we will notify you about.
Keeping your information secure
∙ We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
∙ Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site or by E-mail.
∙ We make no representations about any other websites, and when you access any other website through a link on our website (including social media sites), you should understand that we take no responsibility for the content or the privacy practices employed by those sites.
∙ Those websites may have their own privacy policies and we encourage you to look at those policies or contact the website operators directly to understand how your personal information is used.
Who sees your personal information?
∙ Your personal information may be used by First Step Trust staff, our trusted third parties and some trained volunteers so that we can support you and contact you about our work (with your permission), or improve the way our websites and resources work for you.
∙ We will never sell or share your personal data, or information on your use of our websites, with other organisations for their marketing purposes.
∙ We may also be required to share data with regulatory authorities and/or if required to by law.
2) A special note about the Sensitive Information we hold
When you join First Step Trust as an employee, voluntary workforce, or take part in a First Step Trust training course you may have to provide details of a sensitive nature. We only use it for the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide. We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone posing a threat to themselves and others.
If you provide us with any Sensitive Personal Data by post, telephone, email or by other means, we will treat that information with extra care and always in accordance with this Privacy Notice.
Your personal information and details of the enquiries received are stored securely for no longer than is necessary for the purposes of its use. We carry out periodic deletion of data whose retention period has expired and when it is no longer necessary to hold such data.
Our legal basis for collecting and using your personal information
In order to lawfully collect, hold and use your personal information, we must rely on one or more of six bases set out in data privacy law. We consider the following to be relevant to our use:
∙ When you have given consent (for example, to send you promotional or fundraising material by email, and we may ask for your explicit consent to collect certain types of sensitive information). ∙ For legal compliance purposes (for example with HMRC for payroll)
∙ When it is necessary for the performance of a contract with you or take steps at your request before entering into a contract (for example if you use one of our garages).
∙ Where it is necessary to protect someone’s vital interests. Whilst we are not able to advice people directly on their personal circumstances, as a mental health charity we may from time to time notice individuals in distress. We may refer these individuals on to those better equipped to assist if we feel yours or another’s vital interests are at risk.
∙ Where there is a ‘legitimate interest’ in us doing so.
Legitimate interests
The law allows us to collect and use personal information if it is reasonably necessary to achieve our or other legitimate interests (as long as to do so it is fair, balanced and have no undue impact on your rights). In general, our legitimate interests are the running of a charitable entity and pursuing our mission and vision. This may include charity governance, administration and operational management, and fundraising and campaigning (including sending marketing information and analysis in order to develop effective communication and fundraising strategies). When we rely in this lawful basis, we consider and balance any potential impact on you (positive and negative) and on your privacy rights.
Some examples of where we have a legitimate interest to process your personal information are where we contact you about our work, use your personal information for data analytics, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.