DATA PRIVACY AND COOKIES POLICY

Author

Kerry Williams/Louise Walton

Owner

Staff and trustees of MFN

Reference Number

GP/2019.01

Classification Level

Restricted

Template Version

General Procedure v1.0

Date Created

May 2019

Date for next review

May 2020

 

Marches Family Network Data Privacy and Cookies Policy

Thank you for taking the time to read our Data Privacy and Cookies policy. We want to make sure we’re using your data appropriately and that you feel confident we protect the information we hold about you.

We take every effort to protect the privacy of all our children, parents, carers, families, donors, volunteers and supporters and will never sell or give away your information (name, address, email, etc.) to any third party unless you agree to us doing so.

If you have given us your contact details, then we will send you communications such as registration and job application forms and other communications relating to events or services that you have expressed an interest in. However, if you decide you do not want to receive certain communications or want to opt out altogether, you can do this at any time by telephone to 01568 614908, emailing [email protected], visiting us at our office, or writing to: The Manager, Marches Family Network, 11 Corn Square, Leominster, Herefordshire HR6 8YP.

We are respectful of the data privacy laws and comply with the EU General Data Protection Regulation (GDPR). If you are in any way concerned about how your data is used, want to know what data we keep, or wish to make a complaint please email or call us on 01568 614908 or [email protected]  

 This document covers:

  • what information we collect
  • how we collect it
  • how we safeguard your personal data
  • storage of your personal data
  • privacy of our children and young people’s data
  • online data collection and social media
  • what we do with the data we collect
  • the legal basis for processing your personal data
  • when and how we share your personal data with others
  • how long we keep your personal data
  • your rights and preferences
  • what happens if you don’t provide personal data
  • how we can help, getting in touch
    • confirming your personal data
    • to opt-out of Marches Family Network communications
    • to restrict processing of your personal data
    • erasing your personal data
  • how you can make a complaint about the way we hold your data
  • feedback
  • cookies

 

What information we collect

Marches Family Network collects data about you, including contact details and names. The individual details may differ depending on your preferences and what data you’ve agreed to share with us. From time to time we may ask you to provide additional personal details, however we will always let you know why we believe this is necessary. You have the right to withdraw your consent at any time- see Your Rights and Preferences for more information.

We collect and store information about our staff, workers and volunteers to fulfil our responsibilities as an employer and to ensure accurate returns and reporting to HMRC and other statutory bodies.

We do require more detailed personal information, such as medical information, for children, staff and some volunteers to ensure we are adequately fulfilling our safeguarding duties and are able to provide a high-quality service.

We also collect and store certain information automatically using cookies and similar technologies, including IP addresses, the region or general location of a computer or device accessing the internet, browser type, operating system, page view history, and other useful information. Please see our Cookies section for further details.

 

How we collect it

We collect your personal data when you register to receive any of our regular updates online, by post, by phone, or in person. We also collect data from application forms for employment, emails (meta data) and from third parties (such as Health and Social Care professionals). Personal data will only be taken if freely given, specific, informed and unambiguous and will be transferred to our database with your details, the date of the event and type of consent given. We will also collect data for any participants of events run by Marches Family Network, or in association with third-party organisers. However, we will not share your data with the third party unless you consent for us to do so.

If a group attends an event run by Marches Family Network we may ask for information about the organiser and guests to ensure the smooth running of the event. We will ensure that, unless specified, we will only use these details specifically for the event.

We will also collect data whenever someone signs up for direct debit or regular giving. We do not keep your bank details, these are securely stored by our trusted partners and will only be used for the purpose it is intended.

 

How do we safeguard your personal data?

Marches Family Network has safeguards in place to protect your personal data from loss, misuse, unauthorized use, access, inadvertent disclosure, alteration, and destruction.

We update and test security on an ongoing basis and restrict access to your personal data to only those who need to know in order to provide Marches Family Network content or services to you.

Please note that it is the responsibility of the sender to ensure that all emails are sent virus free from a reputable provider in order to pass through our spam filters.

 

Storage of your personal data

We store your personal data using Marches Family Network’s own secure on-site servers and we use cloud services for back-up hosted by a contracted third party.  This third party does not use or have access to your personal data, other than for cloud storage and retrieval.

We have contracts with Go Cardless and Stripe for online payments who will securely process your personal data e.g. card details. Marches Family Network requires such parties to adopt at least the same level of security that we use to protect your personal data.

Paper-based records are securely kept at the Marches Family Network office with restricted access.

 

Privacy of our children and young people’s data

Children and young people merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences, safeguarding concerns and their rights in relation to the processing of personal data. We have a legal obligation to keep children and young people’s data to ensure we can perform our duty of care to each child and young person that visits Marches Family Network and to allow us to offer high-quality short break services and sessions.

Parent/Carers are given the option to consent for Marches Family Network to use photographs, film footage or information for case studies to support our fundraising and marketing activities. We will not use any photographs or film footage for which we do not have consent.

Parents/Carers will be guided through Marches Family Network’s data privacy requirements as part of the registration process. If any parent/carer wishes to find out more before registering their child or young person, please call the Manager on 01568 614908.

 

Online data collection and social media

The www.marchesfamilynetwork.co.uk website is the only site that Marches Family Network manages and has ownership of. It is run and maintained on our behalf by Raising IT and data taken on this site will go directly through to our own database, not that of Raising IT. We ensure our website has controls to prevent the collection or processing of any personal data from children under the age of 16 years without their parental permission.

Enquiries made using a ‘contact us’ facility on our website are processed through a Simple Mail Transfer Protocol (SMTP) ‘[email protected]’ email. Any details stored on the website host’s server through this process are automatically deleted after 24 hours. Our website has a Secure Socket Layer (SSL) certificate, evidenced by the https:// element of our URL and the green padlock.

We also have a presence on social network pages. The comments made by individuals on these sites are not managed by Marches Family Network and as such are bound by the privacy policies of each site where we use. These include Twitter, Facebook and LinkedIn and their policies can be found by clicking on the site name. If you are not happy with the content that we post, which includes pictures, please do contact us with screenshots/details of the posts so we can address your concerns.

 

Third-Party Payment Processors

We use two third-party payment processors: Stripe, for single donations and payments and GoCardless for regular giving through our website. Marches Family Network does not store credit card details, instead, we rely on our trusted third party partners for this.

Payments made by BACS transfer entail personal information being processed by the payee’s and recipient’s bank and are subject to the privacy policies in force with each bank.

In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third party processor.

 

What we do with the personal data we collect

We use the personal data that we collect to deliver a service and communicate information we believe you may be interested in based on the specific information you have provided. We will also use your data to improve our service and regularly check we hold the appropriate data for the information you want to receive and that your details are correct.           

To communicate with you

We may use your personal data to send you important notices, such as communications about your registration, transactions, and changes to Marches Family Network’s terms, conditions, policies, and/or other internal purposes.

To deliver what you request

We may use your personal data to provide the information, content or services you request. If you enter a competition or similar promotion, we may use your personal data to administer such promotion.

To improve our service

We may use your personal data for internal auditing, data analysis, and research to improve Marches Family Network’s services.

To present events, services and functions that may be of interest to you

We may contact you from time to time to offer you additional services that may be of interest to you. You will always have the option to ask us to stop contacting you.

 

The legal basis for processing your personal data

Marches Family Network processes data for our fundraising and supporter communications, as an employer, and in fulfilment of our safeguarding and contractual obligations when children or young people are entrusted to our care.

Marches Family Network uses the personal data that you provide to supply you with information and updates on Marches Family Network activities, events, and volunteer/work opportunities as you request, to send important notices, and for internal purposes such as auditing, data analysis, and research to provide you with the information you need to be involved.

The legal basis for processing your personal data for fundraising/marketing purposes is your consent. If you are new to Marches Family Network we will ask for consent and will ensure permission to use personal data is freely given, specific, informed and unambiguous. For employees, including workers and volunteers, consent is given when an offer of work/employment is accepted.

If you have an ongoing relationship with us we may process your personal data if we believe we can demonstrate a legitimate interest in doing so and we do not infringe any of your rights and freedoms. We regularly check whether individuals wish to remain in touch and to update contact details as well as giving opportunity on each communication to opt out of further correspondence, or for personal data to be removed from our database.

When Marches Family Network processes your personal data using legitimate interests as a legal basis, we will consider and balance any potential impact on you and your rights under GDPR and any other relevant law to ensure our legitimate business interests do not override your interests. Marches Family Network will not use your personal data in circumstances where your rights and freedoms override our legitimate interests unless we have your consent or are otherwise required or permitted to by law.

Children and young people’s data will be kept to deliver services and to ensure we fulfil our legal obligations, including safeguarding, and contact details for the child/young person’s parent or carer (including Personal Assistants where appropriate), to ensure the wellbeing and safety of the child or young person. We also keep relevant personal medical details, without which we would be unable to meet our safeguarding obligations to the child/young person.

 We have the right to refuse to meet the wishes of the parent/ carer for a child/young person to attend Marches Family Network sessions if we cannot obtain the necessary details in a timely manner from the parent/carer to ensure the wellbeing and safety of their child/young person. 

Your personal data may be shared, with or without your consent, when authorised by law or necessary to comply with a valid legal process.

 

When and how we share your personal data with others 

Promoting the welfare and protecting the safety of the children and young people that use our services is very important to us. Information that could be relevant to keeping a child/young person safe will be shared so that informed decisions can be made about a child/young person’s welfare. We will share children/young people’s information with relevant services, including social workers, health professionals and educational settings, as needed to ensure we adequately safeguard and promote the well-being of the children/young people that attend our sessions.  Some data may also be shared with local authorities as part of our monitoring requirements where a Service Level Agreement or contract for services we provide is in place.

The data you kindly give us for fundraising purposes is for our use only and we will not pass it onto any third party without your express permission.  The only time we involve others in the handling of your personal data is where Marches Family Network has contracted third parties to support our operations including delivery, fulfilment, direct debit, regular giving and payment processing, email deployment, and data processing.

 

How long we keep your personal data

We will keep your personal data for fundraising communications whilst you are actively supporting Marches Family Network; this includes volunteering, attending events or making a donation. During this period, from time to time we will send requests for you to confirm your details and ensure your contact preferences are still accurate. If we have not heard from you after three years since the last contact, we will remove your data from our contacts unless you instruct us otherwise.

The requirements for data retention are different for children, young people, staff, some volunteers, parents and carers. We retain children/young people’s data until their 26th birthday or they leave our service. However, all safeguarding concerns, complaints or incidents involving children/young people will be retained for 35 years after the child’s date of birth, per guidelines from Herefordshire Council.   Data for staff and workers/volunteers shall be retained for 6 years after their resignation date or last recorded date of work. Other data collected will routinely be erased after three years, unless there is a statutory requirement to retain it for longer.

 

Your rights and preferences

If you inform us that you want your personal data erased, or that you no longer wish for us to communicate with you, or to otherwise restrict Marches Family Network processing of your personal data, we may retain some basic information in order to avoid sending you unwanted materials in the future, and to keep a record of your request and our response. Marches Family Network may not need consent for this, as long as we inform individuals the reason why we need the records and the lawful basis for this processing (e.g. legal obligation or legitimate interests).

We reserve the right not to erase your data if we believe it in any way prevents Marches Family Network from meeting its safeguarding or legal obligation towards the children/young people in our care.

You also have the right of access to your personal data under the GDPR Right of Access. Such requests must be specific about what information is required, and identity checks may be required to verify that it is the data subject (or his/her advocate) making the request.

You have the right to rectification of any information held by us which is inaccurate or incomplete, and the right to data portability. You may also exercise your right to object to the processing of your personal data in certain circumstances, such as direct marketing.

What happens if you don’t provide personal data?

We are unable to provide short breaks and some other services for families without adequate data about the child/young person and family.

We need personal information in order for us to provide appropriate communication or services that you requested such as event information or email newsletters. If you do not provide such personal data, we cannot deliver the content or services you have asked for.

 

How can we help? Getting in touch

Confirming your personal data, opting out of communication or to restrict the processing of your personal data

To confirm that Marches Family Network is processing your personal data, to access, update or change the personal data we hold about you, your preferences, or to obtain a copy to reuse for your own purposes, please contact our Manager on 01568 614908 or email  [email protected]

Queries relating to data we keep on our children, young people and families can also be directed to our Manager.

 

Erasing your personal data

If you want your personal data erased, please send an email to: [email protected] or call 01568 614908

 

How you can make a complaint about the way we hold your data

 Please contact our Manager at Marches Family Network on 01568 614908 or [email protected] if you have a concern about the way Marches Family Network is handling your information, particularly if you believe your data is:

  • not being kept securely
  • continually inaccurate
  • being disclosed to others without your permission
  • being held for longer than is necessary
  • being held for one reason and used for something else

Alternatively, if you would prefer to address your concerns to our Chair of Trustees you may do so by letter to:

Graham Crane
Chair of Trustees
Marches Family Network
11 Corn Square
Leominster
Herefordshire HR6 8YP

 

Feedback

Your feedback is important to us. We’d welcome your ideas, opinions and comments about our dealing with your data. Please email: [email protected]

 

Cookies

Used by

Description

Google Analytics

Stores the amount of visits of a user, the time of their first visit, the previous visit, and the current visit. It does not contain any personal information and is used only for analytical purposes.  

Google Analytics

This performance cookie stores where a user came from (eg. search engine, search keyword, link).

Google Analytics

Used to distinguish between website users in Google Analytics.

Google Analytics

Used to moderate calls to the Google Analytics service.

ShareThis

Set as part of the ShareThis service and monitors "click-stream" activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. The ShareThis service only identifies a user if they have separately signed up with ShareThis for a ShareThis account and given them consent. Checks how long you stay on a site: when a visit starts and ends. It does not contain any personal information and is used only for analytical purposes.

Website

Stores whether the user has accepted the cookie message or not.

Website

Used for authenticating a user's session after logging in. Closes when you exit the browser.

Website

Tells our infrastructure which server to handle the request.

Website

A binary flag which stores whether a user is logged in or not.

Website

Tracks users as they navigate the website predominately for infrastructure performance insights.

Website

Keeps track of a donors preference to show their name during a Direct Debit.

 

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in this privacy policy.
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights as detailed in this privacy policy.