Last updated: Summer 2022
This privacy statement provides guidance and information in relation to the processing of personal data. Stronger Relationships is regulated by the EU General Data Protection Regulation which is effective from 25th May 2018.
‘Personal Data’ for the purposes of the Regulation, means any information from which a person can be identified; i.e. name, e-mail address, home address and telephone number.
‘The Business’ is defined as Stronger Relationships.
This statement describes how we process data in the lawful and relevant activities of the business.
The Business is committed to protecting the privacy of all contacts. We will endeavour to ensure that all information provided by you and held by The Business is kept private and confidential and will only be used in order that The Business can provide the services requested by an individual.
1. Uses & Disclosure of Personal Information
The Business will only share details of data internally (within The Business) and among its Employees and appointed representatives. We may also need to share your data with our delivery partners; for example, we may share data with referral agencies or funders when you authorise us to do so. Where this is deemed necessary explicit consent will be requested from you prior to the release of any data we hold.
When we process personal data about you, we do so with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests. People we collect data on are known as ‘Data Subjects’.
If you engage with our services, we will process your personal data on the basis set out below as it is in our legitimate interests to do so following your contact with us.
If you are an employee of The Business data is captured and stored in accordance with the requirements of the standard practices of The Business, HR law and HMRC requirements. It is subject to the same rights and protocols as external data subjects.
Personal data will not be transferred to a third country or international organisation.
Personal information will only be held for as long as necessary to comply with legal obligations and the data sets will be individually assessed against specific legal bases defined as:
- Consent: you have given clear consent for us to process your personal data for a specific purpose.
- Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
You must inform us of any changes to personal information so that the Business can keep data up to date.
We collect for two basic purposes: to operate our business and provide the services we offer, and to send relevant and appropriate communications. We may also obtain data from third parties you have engaged with for services.
We use data we collect to communicate with you and personalise our communications with you. For example, we may contact you by phone or email or other means to complete our applicant processes or inform /update you about an opportunity/offer.
The business promotes the business and its activities through our website and the use of social media platforms (currently Facebook, Twitter, Instagram and LinkedIn). This may be a generic picture to denote organisational services, as a news item or to highlight a positive outcome for one of our participants. Where posting will identify an individual, we will seek explicit consent for this purpose and the data/graphics will be stored in accordance with the security information contained in this privacy statement.
We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions and report on the performance of our business.
We retain data for as long as necessary to provide the services and fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly.
The criteria used to determine the retention periods include:
- How long is the personal data needed to provide the services and operate our business? This includes such things as maintaining and improving the performance of those services, keeping our systems secure and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
- Is the personal data of a sensitive type? If so, a shortened retention time would generally be appropriate.
- Have you provided consent for an extended retention period? If so, we will retain data in accordance with your consent.
- Are we subject to a legal, contractual or similar obligation to retain the data? Examples can include mandatory data retention for audit, government orders to preserve data relevant to an investigation or data that must be retained for the purposes of litigation.
- Finally, we will access, transfer, disclose and preserve personal data, including your online content (such as the content of your emails) when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- protect our customers, for example to prevent spam or attempts to defraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property of the business, including enforcing the terms governing the use of the services
We share your personal data with your consent as necessary to complete our business processes or provide any information you have requested. We will ask you to give consent (opt in) as part of our standard business practice at the outset of our business relationship.
GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The Business will take the necessary steps to protect personal data and will only store information securely in accordance with the data protection and privacy and electronic communications guidance for the type of data held.
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data over the Internet, we protect it through the use of encryption or passwords.
4. Your Rights
Anyone has the right to find out what data the Business holds about them and request to have it amended, restricted or erased if applicable. In certain circumstances we can refuse the right and, where this is applicable, will be detailed in our response.
Your rights include:
- The right to be informed of information we hold, why we hold it and how we use it
- The right of access to that information
- The right to rectification of incorrect data,
- The right to erase data (also known as the right to be forgotten)
- The right to restrict processing of your personal data
- The right to data portability, which only applies: to personal data an individual has provided to a controller; where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.
- The right to object to the use of your data
- Rights in relation to automated decision making and profiling
5. Withdrawal of Consent
If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing and you can object to the processing of your personal data.
You can withdraw consent or request a copy of information held about you. Your request may be requested verbally or in writing and we will reply within one month of your request.
Our designated Data Protection Manager is Andrea Rippon contactable via email@example.com
We will update this privacy statement when necessary to reflect updates and changes in our services. When we make changes to this statement, we will revise the “last updated” date at the top of the statement.
6. GDPR (General Data Protection Regulation)
This Act is to protect the privacy of individuals (you) by preventing the misuse or unauthorised use of personal data (your information) that is held by others (Stronger Relationships).
The Act achieves this by:
- regulating the use of personal data held by Stronger Relationships; and
- giving rights to you
Stronger Relationships holds your information for the purpose of accounts and financial records (invoicing) and direct marketing (ONLY when you give us consent – we will be clear and upfront with you about what exactly you are consenting to, at the point of consent).
- that we only hold the data that is necessary (your contact details). We do not hold any sensitive financial information about you as you pay us through bank transfer.
- that we only keep the personal information as long as it is necessary to do the invoicing/marketing.
- we do not disclose the information to any third party.
We do this to protect your privacy and to prevent the misuse or unauthorised use of your information. This includes using the appropriate technical and organisational measures (password protected, on a private computer) so that unauthorised or unlawful processing is prevented.
You will always retain a:
- Right of access: to know what information we are holding and why we are holding it. Please apply for this in writing, confirming that you are the owner of the personal information and we will respond within 40 days.
- Right to prevent processing for the purposes of marketing: we will cancel your consent if you let us know, in writing, that you no longer want to be informed about opportunities with Stronger Relationships
- Right to prevent processing likely to cause damage or distress: we will remove your information if it is causing or likely to cause substantial damage or distress to you or another.
- Right to compensation: if you suffer damage or distress as a result of a contravention of this Act you are entitled to seek compensation from Stronger Relationships if it is found that we did not take reasonable care to comply.
Please note that we are required by law to keep financial records for seven years, which means that we will maintain a record of any financial transactions undertaken by you for a period of seven years.