Doc No.: FSTDP001
Version No.: 1.0
Effective Date: February 2024
FIRST STEP TRUST PRIVACY POLICY
At First Step Trust and SMaRT Garage Services we take great care to preserve your privacy and safeguard any personal data you choose to share with us whether on this website or by another means. This notice explains how we collect and use the information you provide.
By using our website or providing us with your personal information, you are agreeing to this notice. We may update this notice at any time including to reflect changes in the relevant law or in the way we collect, process and store your data without notice to you, so please check it regularly.
You can be assured that:
∙ We only use personal information in the ways we need to and the ways you expect us to. With your permission, we will keep you up to date with the services we provide and policy-changing work, events, and any fundraising activities.
∙ We will make it easy for you to tell us how you want us to communicate with you and use your data, If you choose to opt out at a later date, you can contact us to request this and we will ensure that your personal data is removed and you don’t receive any further communications. This can be done by emailing us at privacy@firststeptrust.org.uk
∙ We will never release your personal information to organisations outside of First Step Trust and SMaRT garage services for their marketing purposes
∙ We take reasonable care to safeguard your personal information through secure business systems and governance policies.
∙ We will be particularly careful and sensitive when engaging with vulnerable people or those we believe might be vulnerable
What personal data is collected and when will you need to provide it?
We may collect personal information (for example, your name, postal address, email address or telephone number) if you use one of our services, contact us, or become involved with us in another way, for example with our SMaRT Women program or other courses or use our garages.
In addition, we may also collect other personal data such as:
∙ Salaried workforce; your date of birth, bank account details and other legal requirements such as identification documents so we can process your application when you apply to join First Step Trust
∙ Voluntary workforce; your date of birth from you so we can process your application when you apply to join First Step Trust
∙ Visiting Trainees; your date of birth and postcode so that we can validate your eligibility for courses at First Step Trust
∙ Customers; bank and credit or debit card details to pay for goods or services ∙ Donors; bank and credit or debit card details when you donate to us
How long we hold your information for
∙ We will hold the information for as long as we are providing you services and we only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations ( e.g. Health and Safety)
Your access Rights
You have the right to request copies of certain of your personal information within our custody and control, and details of how we use that information. If you think any of the personal information we hold about you is inaccurate, you may also request it is corrected. If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
In relation to all of these rights, please email us at privacy@firststeptrust.org.uk
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request but where appropriate we will notify you of the reasons for this.
How do we use your personal information?
We may use your personal information to:
∙ Provide you with the important advice and support you have asked us for, whether this be through our Personal Development Plan (PDP) and other monitoring tools.
∙ Provide or administer activities relating to all our services: updating you with important administrative messages, to help us identify you when you contact us, and help us to maintain our proper records.
∙ Improve your experience with us. We may use your information to enhance the service that our staff provide, to improve our information and communications.
∙ Provide you with information about our plans. This may be letting you know about new or enhanced services that we hope will be useful and interesting to you, and may include fundraising updates.
∙ Be assured we either would only do this with your consent, where we need to fulfil a contract or service with you, or where we believe you will expect to be updated and contacted by us. ∙ Comply with our legal obligations (including those arising under contracts) and regulatory compliance for e.g. Health and Safety, Charity Commission;
∙ Detect or prevent fraud, misuse of services or money laundering;
∙ Enforce legal claims;
∙ Any other purposes that we will notify you about.
Keeping your information secure
∙ We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
∙ Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site or by E-mail.
∙ We make no representations about any other websites, and when you access any other website through a link on our website (including social media sites), you should understand that we take no responsibility for the content or the privacy practices employed by those sites.
∙ Those websites may have their own privacy policies and we encourage you to look at those policies or contact the website operators directly to understand how your personal information is used.
Who sees your personal information?
∙ Your personal information may be used by First Step Trust staff, our trusted third parties and some trained volunteers so that we can support you and contact you about our work (with your permission), or improve the way our websites and resources work for you.
∙ We will never sell or share your personal data, or information on your use of our websites, with other organisations for their marketing purposes.
∙ We may also be required to share data with regulatory authorities and/or if required to by law.
2) A special note about the Sensitive Information we hold
When you join First Step Trust as an employee, voluntary workforce, or take part in a First Step Trust training course you may have to provide details of a sensitive nature. We only use it for the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide. We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone posing a threat to themselves and others.
If you provide us with any Sensitive Personal Data by post, telephone, email or by other means, we will treat that information with extra care and always in accordance with this Privacy Notice.
Your personal information and details of the enquiries received are stored securely for no longer than is necessary for the purposes of its use. We carry out periodic deletion of data whose retention period has expired and when it is no longer necessary to hold such data.
Our legal basis for collecting and using your personal information
In order to lawfully collect, hold and use your personal information, we must rely on one or more of six bases set out in data privacy law. We consider the following to be relevant to our use:
∙ When you have given consent (for example, to send you promotional or fundraising material by email, and we may ask for your explicit consent to collect certain types of sensitive information). ∙ For legal compliance purposes (for example with HMRC for payroll)
∙ When it is necessary for the performance of a contract with you or take steps at your request before entering into a contract (for example if you use one of our garages).
∙ Where it is necessary to protect someone’s vital interests. Whilst we are not able to advice people directly on their personal circumstances, as a mental health charity we may from time to time notice individuals in distress. We may refer these individuals on to those better equipped to assist if we feel yours or another’s vital interests are at risk.
∙ Where there is a ‘legitimate interest’ in us doing so.
Legitimate interests
The law allows us to collect and use personal information if it is reasonably necessary to achieve our or other legitimate interests (as long as to do so it is fair, balanced and have no undue impact on your rights). In general, our legitimate interests are the running of a charitable entity and pursuing our mission and vision. This may include charity governance, administration and operational management, and fundraising and campaigning (including sending marketing information and analysis in order to develop effective communication and fundraising strategies). When we rely in this lawful basis, we consider and balance any potential impact on you (positive and negative) and on your privacy rights.
Some examples of where we have a legitimate interest to process your personal information are where we contact you about our work, use your personal information for data analytics, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.