Your privacy is very important to us. Accordingly, we have developed this policy in order for you to understand how Langley Trust collects, stores, uses (or “processes”), discloses and disposes of personal information.
1. Introduction
1.1 This Privacy Policy provides details on the personal information that we collect from you, how we use your personal information, your rights regarding the personal information that we hold about you and how to contact us or make a complaint. We are committed to protecting our supporters, teams, volunteers and any other party from whom we collect personal data.
1.2 We only collect and hold the data we need for the purposes you give us permission for – we do not hold excessive or unneeded data about you. We make sure that we only hold your data for as long as we need to. We endeavour to ensure that all of the information we hold about you is kept accurate and up to date.
1.3 We value everyone who interacts with us, if you have any feedback or questions, please get in touch:
Email: info@langleytrust.org
Telephone: 03330 035 025
1.4 About us:
Langley Trust is a national charity helping people with convictions to transform their lives. Our work prevents crime, promotes rehabilitation, and reduces the risks of re-offending. As a Christian charity working across England, we believe everyone deserves another chance.
Our registered office is 3-4 The Square, Mansfield Avenue, Coventry, CV2 2QJ. We are a company limited by guarantee with the registered number 7888191. We are a charity registered with the Charity Commission with a registered charity number 1146304.
1.5 Langley Trust is the controller for the personal information we process and can be contacted using the details above. This means we usually decide how your personal data is processed and for what purposes.
1.6 Langley Trust has appointed Jonathan Binley as the Data Protection Officer (DPO). Their contact details are listed in section 9 of this policy.
2. What information do we collect?
2.1 Directly with us
We collect personal information from you whenever you sign up for events or communications. For example, when you provide details on a contact form, make a donation, sign up to attend an event or otherwise provide your personal details, we collect the information you provide.
2.2 From website interaction with us
We may collect non-personal data such as IP addresses, details of pages visited and files downloaded. Website usage information is collected using cookies. See our section on cookies below.
2.3 Where you give your permission to other organisations
We may collect information that you make available on, for example, Twitter, Facebook, LinkedIn or similar organisations. You may wish to check their privacy policy to find out more information on how they process your data.
2.4 Sensitive data
Where you provide the information, we may collect sensitive personal data, including but not limited to, your gender, age and religious beliefs.
3. What do we do with your information?
3.1 We may use the personal data we collect to:
- Keep you up-to-date on news and events about our mission and work
- Send appeals and updates
- Process donations you give us, including gift aid
- Provide a personalised service, such as customised website content or personalised emails
- Keep records of your relationship with us e.g. questions you have asked or complaints you have made
3.2 Basis of processing data
We must process information about you lawfully, transparently and fairly. This is the reason we are giving you this Privacy Policy. To process your data legally, one of the following criteria must be met:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3.3 Recipients of your data
We will only share your data with a third party where we engage with them in order to complete our legitimate transaction with you, the data subject. Typically, this will include
- recruitment agencies – who provide details of your CV and other information which you have given to them;
- our outsourced payroll company, which will hold data about you in order to process your pay;
- insurance, pension and other companies we use to provide staff pay, benefits and insurances, such as the Employee Assistance Programme.;
- Occupational Health providers, doctors and other health professionals who provide us with advice on employee medical conditions and sickness management providers (and there are separate rules around our access to such information);
- HMRC, regulatory authorities and Government Departments to comply with our duties and legal obligations in relation to, for example, safe recruitment, tax, sick pay, maternity/ paternity / adoption leave pay and social security information;
- the Disclosure and Barring Service; and
- agencies who request information about you in relation to an application by you for credit or a reference (such as a mortgage lender or lettings agent). In such cases you will be asked to consent to us providing them with this information.
We do not normally share your information with outside organisations other than for the purposes set out above except in specific circumstances (such as for legal proceedings) and never sell or provide information about you to any organisation that wishes to sell to you
3.4 Transfer to a third country
All of our third-party providers which process your personal data, are checked to make sure that where data is transferred outside the UK, it is processed in a way that it is offered the same levels of protection as in the UK. Where data is transferred to countries in the European Economic Area (EEA), these countries are covered by adequacy regulations. Where data is transferred to the US there is a data protection agreement with the third-party provider based on Standard Contract Clauses.
4. How long do we hold your data for?
4.1 Langley Trust has a clear policy which sets out the length of time it will hold and process your information. These timeframes can be found in our Personal Data Retention Periods list which is part of our Data Protection and Confidentiality Policy, which is available upon request.
4.2 For information on your information rights see the ‘What are your information rights section?’ below.
5. Security, storage and protection of your information
5.1 We ensure that we have in place appropriate technical controls in place to protect any personal data you provide. We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers.
6. When do we share your information?
6.1 We do not share or swap your information with other 3rd parties. We may need to pass on information if required by law or by a regulatory body, for example, a Gift Aid audit by the HMRC, or if asked for details by a law enforcement agency. In some cases, such as with our clients, there are other circumstances in which we share personal information.
6.2 If you would like to know more about our client data protection our ‘Client Privacy Notice’ is available on request.
7. What are my information rights?
7.1 You have the right to be informed about the collection and use of your personal data. We endeavour to deliver transparency and always inform you on how we use your data. The how’s, why’s and what’s of using your data are detailed primarily in this privacy policy.
7.2 You have the right to read our privacy information before giving us your information. We make sure you have an opportunity to read this before you give us your data.
7.3 You are entitled to have our privacy policy within one month of us receiving your data from third parties. There are some exceptions to this rule, such as if you already have access to the privacy policy or if it would require a disproportionate amount of effort to provide you with it.
7.4 You have a right to access your personal data. Where we feel a request is excessive or requires significant administrative effort we can charge a fee. Subject Access Requests (SAR) are to be emailed to dpo@langleytrust.org
7.5 You have the right to change inaccurate personal data we hold about you. You can make a request for us to do this verbally or in writing. Where we feel a request is excessive or requires significant administrative effort we can charge a fee.
7.6 You have the right to request that we erase all the personal data we hold about you. This is known commonly as ‘the right to be forgotten’.
7.7 You have the right to request the suppression or restriction of your personal data. Where data is restricted we are permitted to hold it but not use it. We have one calendar month to process this request, which can be made verbally or in writing.
7.8 You have the right to data portability, this means you should be able to easily copy, transfer or move personal data between different places, applications or services without affecting its usability or security.
7.9 These rights are not always absolute and certain exceptions apply to each one. We have up to one calendar month to respond to your requests. This can vary – for some requests it is 30 days. If you are in doubt or have any questions please get in touch.
8. Cookies
8.1 We collect data using cookies – cookies are a normal feature on the majority of websites in use today.
8.2 You can normally turn off cookies from your browser’s settings if you would like to. However, some parts of our website may not work as well, or at all, for you.
8.3 We recommend that you opt in to cookies for an optimal experience of our website.
8.4 Cookies do various things, such as logging the details you use filling in a form, logging as you move from page to page, or logging whether you prefer a mobile or full-size website. Often these are stored as a cookie, but can be saved in your browser instead.
9. More information
9.1 For more information about your rights and privacy under the General Data Protection Regulation, visit the website of the Information Commissioner’s Office: www.ico.org.uk.
9.2 If you are unhappy with how we are using your personal information or if you wish to complain about our use of information, you can:
Contact our Data Protection Officer.
- Email: DPO@langleytrust.org
- Phone: 02476 587358
- Write to: Data Protection Officer, Langley Trust, 3 & 4 The Square, Manfield Avenue, Coventry CV2 2QJ
9.3 If we cannot resolve your complaint, you have the right to complain to the Information Commissioner’s Office, which is the statutory regulator for data protection matters. The Information Commission can be contacted at https://ico.org.uk/concerns/.
9.4 If you have any questions about this Privacy Policy, would like any further information or wish to discuss any of the above further, please contact us and let us know.