Privacy and Data Protection Policy
Lifeshare Limited takes its responsibilities with regard to the management of the requirements of the General Data Protection Regulation (GDPR) very seriously. This policy sets out how Lifeshare manages those responsibilities. Lifeshare obtains, uses, stores and otherwise processes personal data relating to potential staff and clients (applicants), current staff and clients, former staff and clients, current and former workers, contractors, website users and contacts, collectively referred to in this policy as data subjects. When processing personal data, Lifeshare is obliged to fulfil individuals’ reasonable expectations of privacy by complying with GDPR and other relevant data protection legislation (data protection law).
This policy therefore seeks to ensure that we:
This policy applies to all personal data we process regardless of the location where that personal data is stored (e.g. on an employee’s own device) and regardless of the data subject. All staff and others processing personal data on the University’s behalf must read it. A failure to comply with this policy may result in disciplinary action.
The Operations Manager is responsible for overseeing this policy and ensuring that all staff comply with this policy and should implement appropriate practices, processes, controls and training to ensure that compliance.
1.1 This Privacy and Data Protection Policy is designed to outline how and why we collect and use personal information, including:
1.1.1 Any personal information in our manual filing systems; and
1.1.2 Information that may be provided when accessing our website or when accessing or using information and services provided by us using a mobile or online application (“Application”) or any other digital product we provide or collected through other means such as an online form, email, or telephone communication.
1.2 Websites, Applications and other services offered by Lifeshare through electronic means will collectively be referred to as “Services” in this policy.
1.3 By using any Services we offer, you are agreeing to be bound by this Privacy and Data Protection Policy.
2.1 We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
2.1.1 Certain information required to use our Services;
2.1.2 Information provided to register or subscribe to our Services;
2.1.3 Information provided in order to apply for or renew membership of Lifeshare;
2.1.4 Information provided if you sign up for information, newsletters or other updates;
2.1.5 Information provided in connection with orders you place through the site for paid-for content;
2.1.6 Information provided in connection with booking places for events or meetings with the Site;
2.1.7 Details of the Services you access;
2.1.8 A record of any correspondence between you and us;
2.1.9 Your replies to any surveys or questionnaires that we may use for research purposes;
2.1.10 Payment information we may use to collect payment for events, training goods, job advertising membership subscriptions or otherwise;
2.1.11 Information we may require from you when you report a problem or complaint.
2.2 You do not have to supply any personal information to us but you may not be able to book a training course or attend an event without doing so. You may withdraw our authority to process your personal data (or request that we restrict our processing – see section 6) at any time but our Services may not be fully operable should you do so.
2.3 An Internet Protocol (IP) address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our site, and to administer and improve the site.
3.1 We may use your personal information to:
3.1.1 Provide or deliver services to you;
3.1.2 Deliver and despatch content to you;
3.1.3 Assist in the administration of your registration;
3.1.4 Assist in the administration of your membership of Lifeshare;
3.1.5 Assist in making general improvements to our materials and services;
3.1.6 Carry out and administer any obligations arising from any agreements entered into between you and us;
3.1.7 Contact you and notify you about changes to our services or bookings or the services we offer but only where we have a legal basis for doing this;
3.1.8 Analyse how our services are used.
4.1 Personal data we hold about you will be processed for one or more of the following reasons:
4.1.1 You have consented to the processing for the specific purposes described in this notice;
4.1.2 The processing is necessary in order for us to comply with our obligations under a contract between you and us, or because you have asked us to take specific steps before entering into a contract with you;
4.1.3 the processing is necessary for us to comply with a legal obligation;
4.1.4 the processing is necessary for our legitimate interests (or the legitimate interests of a third party) unless your interests in data privacy and security override our legitimate interests.
4.2 We do not normally collect special category or sensitive personal data. In the event you provide us with any special category or sensitive personal data, we will take extra care to ensure your rights are protected, in accordance with applicable data protection laws.
5.1 We do not disclose any personal information you provide to any third parties except:
5.1.1 where you instruct us to share your personal information with a third party, you authorise us to deliver that content via email, SMS or other electronic messaging or communication system;
5.1.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
5.1.3 in order to enforce any terms and conditions or agreements for our Services that may apply;
5.1.4 we may transfer your personal information to a third party as part of a transfer of some or all of our organisation and assets to any third party or as part of any restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
5.1.5 to protect the rights, property, or safety of Homeless Link, our users and contributors or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5.2 Please note that certain of our Services allow for the location of rough sleepers to be notified to appropriate organisations and local government agencies. If you notify us of the location of a rough sleeper you agree that we may notify relevant organisations and agencies. This information will not include names or other personally identifiable information.
5.3 Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so.
5.4 When we share personal information with a third party, we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this Policy.
6.1 The GDPR gives you the following rights in respect of personal data we hold about you:
Right of Access
You can make a Subject Access Request (“SAR”) to request information about the personal data we hold about you (free of charge, save for reasonable expenses for repeat requests).
Right to Rectification
Please let us know if the information we hold about you is incomplete or inaccurate and we will update our records as soon as possible, but in any event within one month.
We will take reasonable steps to communicate the change to any third parties to whom we have passed the information.
Right to Erasure
Please tell us if you no longer wish us to hold personal data about you. Please note, it is not possible to provide all our Services without holding your personal data.
Unless we have reasonable grounds to refuse your request, we will securely delete your personal data within one month. The data may continue to exist in backup, but we will take steps to ensure that it will not be accessible.
We will communicate the erasure to any third parties to whom we have passed the information.
Right to Restrict Processing
You can request that we no longer process your personal data in certain ways. Please note, we will not automatically delete your data if you exercise your right to restrict processing.
Right to Data Portability
You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know what format suits you). You may also ask us to transfer your personal data to a third party (where feasible).
Right to Object
You can object to us using your personal data for direct marketing purposes (including profiling), for research or statistical purposes, and/or for processing based on legitimate interests or the performance of a task in the public interest. We may refuse your request if we have compelling legitimate grounds for the processing, which override your interests, rights and freedoms.
Rights with Respect to Automated Decision-Making and Profiling
You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.
Right to Withdraw Consent
If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time.
6.2 All requests or notifications in respect of the above rights must be sent to us in writing by completing the Privacy rights request form below. If you have any questions regarding the form or need help completing it, please contact Matt Harrison.
6.3 We will endeavour to comply with such requests as soon as possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
7.1 Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you in accordance with the following:
Category of personal data
Personal data held on marketing or business development records
3 years from the last date on which you have interacted with us
7.2 For any category of personal data not specifically referred to in this Policy, and unless otherwise required by law, our data retention period will be 7 years from the date we receive the data.
7.3 The retention periods in this Policy can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
7.4 We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that data we are holding are no longer necessary or accurate, we will take reasonable steps to correct or delete the data.
7.5 If you wish to request that data we hold about you is amended or deleted, please refer to clause6 above, which explains your privacy rights and your right to request access.
8.2 We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via our Services. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
8.3 In addition, if you came to our Services via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
9.1 As part of the services offered to you the information you provide to us may be transferred to, and stored at, countries outside of the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU or one of our service providers is located in a country outside of the EU. We may also share information with other equivalent national bodies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK.
9.3 If you use our Site while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
9.4 By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
10.1 Our Services are not intended for and should not be accessed by individuals under 16. Our policy is not to intentionally or knowingly collect, process, maintain or use personal information from any individual under the age of 16.
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to the way we use your personal information, you can do so by way of our contact page.
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.