Privacy Policy

Reviewed May 2023

Your personal information

This statement sets out how we will deal with any personal information that you provide to us and that we collect about you.  We will collect and deal with your personal information in accordance with the Data Protection Act 2018.  For the purpose of the Act, we (Signposts Services) are the data controller of personal data we hold about you.

How we may use your personal information

Personal information that we collect may be used by us in a number of ways including:

  • To tell you about Signposts Services Projects which we think may be of interest to you

  • To enable us to provide you with the project services you have signed up for

  • To enable us to maintain appropriate safeguarding arrangements for our children and young people and adults at risk

  • To help you identify where you could serve in Signposts Services

  • To help us organise volunteers rotas etc and to communicate with you

We will collect and handle your personal information because it is necessary for us to do so for the purposes of our legitimate interests.

Information we may collect about you

We may collect and process the following information about you:

  • Your contact details

  • Your attendance at events and meetings run or hosted by us

  • Your participation in rotas for service in one of our projects

  • Information contained in emails or other correspondence from you and records of telephone calls or meetings with you

  • Your marital status, age, gender and information about your immediate family

  • Your university course details (where relevant)

  • Details of money that you give to Signposts Services and gift aid certification

  • Information contained in checks provided by the Disclosure & Barring Service and evidence of safeguarding training

  • Information that you share with us for the purposes of encouragement, support, guidance and training

  • Information relevant to your suitability for service with Signposts Services, employment by Signposts Services or service with other organisations

  • Medical information where necessary to ensure that the care and hospitality that we provide for you is appropriate to your needs

How we may collect information

You may complete information forms for us.

We may collect information directly from you.

We may collect information from others about you:

  • To enable us to maintain appropriate safeguarding arrangements for our children, young people and adults at risk

  • To help us to better support you and to provide care, encouragement, support, guidance and training

Who we may share information with

We may share your information as appropriate with others on the Signposts Services team including:

  • To enable them to provide care, guidance and support for you

  • To inform them that you are applying to be a volunteer or employee or that your volunteering or employment has ended

  • On our database system to allow Signposts Services leaders to contact you or e.g. to arrange rota swaps with you

  • We may occasionally share your information with others outside Signposts Services including:

  • Where we are approached for a reference by another organisation

  • In certain circumstances, the Data Protection Act allows personal data to be disclosed to statuary bodies without the consent of the data subject.  Under these circumstances Signposts Services  will disclose requested data.  However, the Data Protection Officer will ensure the request is legitimate, seeking assistance from the Head of Compliance and from the organisation’s legal advisers where necessary

  • People or organisations you have agreed we may contact who may be able to support you.

  • Accounting and tax reasons - with HMRC and auditors

How we will store information

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

The data that we control may be transferred and stored outside the European Economic Area ("EEA"), for example where our software providers store information on servers outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.  Where there is a transfer outside the EEA we will ensure that organisation to whom information is transferred is one which subscribes to equivalent standards under the Act.

We may use the following third-party service providers named below to process and store your data:

MailChimp: We use MailChimp to manage lists, preferences and to send emails. Mail Chimp has staff based outside the European Economic Area and stores your data in the USA. You can find out more about its privacy policy at https://mailchimp.com/ .

We will not share your personal information with any other third-party unless we have your permission, or the law requires us to.

We will take reasonable, necessary steps to ensure that your data is treated securely and in accordance with this privacy statement.

We will store your information for no longer than reasonably necessary and in line with legal requirements. After this we may continue to hold your contact details for as long as you agree in order to keep you informed about the projects of Signposts Services.

Your Rights

You have the right to ask us not to process your personal data for the purposes of informing you of events and other opportunities.  We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.  You can exercise your right to prevent such processing at any time by contacting us.

The Act gives you the right to access information held about you.  Your right of access can be exercised in accordance with the Act.  Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

You may request that personal information is corrected where it is not correct or that the information is deleted.  You may also object to Signposts Services processing information about you.  Where you have consented to us handling your information, you have the right to withdraw that consent at any time.

Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

Further Processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new Policy explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

Our Data Protection Officer

Our nominated representative for the purpose of the Act is our CEO (Gary Sloan).  For further information about how your personal information is used, how we store your information securely and your rights to access the information that we hold about you, please contact him on dataprotection @risingbrook.org.

If you are unhappy with how we have handled your information, you may complain to the Information Commissioner.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF