Privacy notice for clients
Who are we?
St Pauls Advice Centre provides independent and impartial legal advice to the general public. Our service is confidential, non-judgemental and free. We deal with a range of welfare benefits, debt, immigration, housing, employment and consumer enquiry issues.
Our offices are based at 146 Grosvenor Road, St Pauls, Bristol, BS2 8YA.
We are registered on the Information Commissioner’s Office Register; registration number ZA041611 and we act as the Data Controller when processing your data.
Our designated Data Protection Appointed Person is Steve Woodcock, Executive Director, who can be contacted at email@example.com.
This Privacy Notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Information That We Collect
St Pauls Advice Centre collect and use your personal information to give you advice and support, improve our services and tackle wider issues in society that affect people’s lives.
We only ask for the information we need. We always let you decide what you’re comfortable telling us, explain why we need it and treat it as confidential.
We handle and store your personal information in line with data protection laws. We log all your information, correspondence, and notes into our secure case management system, Advice Pro. Some of your information might also be kept within our secure email and IT systems.
We’ll only ask for information that’s relevant to your problem. Depending on what you require help with, this might include:
> Name and contact details so we can keep in touch with you about your support
> Date of Birth
> Equalities Data – information like your gender, ethnicity or sexual orientation
> Health/Medical information (where relevant)
> Next of Kin (where relevant)
> Children’s Details (where relevant)
> Personal information – for example about family, work, or financial circumstances
> National Insurance Number or Passport (where relevant)
> Personal information about other people involved in your case or enquiry
> Details of other professionals involved in your case or enquiry
If you don’t want to give us certain information, you may not have to. For example, with equalities data we will always give the option to prefer not to say.
How We Use Your Personal Data
St Pauls Advice Centre will always process your personal data in a way that is lawful and fair. We will not process the data in a way that is unduly detrimental, unexpected or misleading.
The legal basis for processing your personal data is detailed below:
> Legitimate Interest – we may collect information about you so we can help advise you with your case or enquiry
> Legal Obligation – where processing is necessary for compliance with a legal obligation to which we are subject
> Processing is necessary in order to protect the vital interests of the data subject or of another natural person
Where we rely on Legitimate Interest, we ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
Special Categories Data
We sometimes need to process sensitive personal information (known as special category data) about you, to ensure we are providing our services to a wide range of people (equalities data) or health/medical information about you that is relevant to your case. Where possible, we will always ensure you have the option to decline sharing sensitive data.
We will only ever process special category data where one or more of the following apply: –
> Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
> Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
> Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
> Processing is necessary for reasons of substantial public interest because we would not be able to provide our services without doing so
> Processing is necessary for reasons of public interest in the area of public health
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. This could include situations where we have to use or share your information:
> To comply with the law – for example, a safeguarding issue or if a court orders us to share information. This is called ‘legal obligation’
> To protect someone’s life – for example, sharing information with a paramedic if a client was unwell at our office. This is called ‘vital interests’
> To defend our legal rights – for example, sharing information with our legal advisors if there was a complaint that we gave the wrong advice.
If we use a third party to provide services and business functions; we will ensure all data processors acting on our behalf only process your information in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
You have the right to access any personal information that St Pauls Advice Centre processes about you and to request information about:
> What personal data we hold about you
> The purposes of the processing
> The categories of personal data concerned
> The recipients to whom the personal data has/will be disclosed
> How long we intend to store your personal data fo
> If we did not collect the data directly from you, information about the source
Access: You can request a copy or some or all of the information we hold about you. We will aim to get all the required information to you within one calendar month, unless there are complicated circumstances, in which case, we will explain what they are within one month and provide you with an idea of what you can expect, up to a maximum of a further two months. We will not charge for supplying you with this information.
Rectification: If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible, within one calendar month; unless there is a valid reason for not doing so, at which point you will be notified.
Erasure: You have the right to request erasure of some or all of your personal data in accordance with the data protection laws. If we cannot fulfil this request, we will let you know the reason within one calendar month. There may be reasons why we cannot erase your data. This may be to ensure we comply with our legal obligations or our insurer’s requirements, or in case we need to review the work we did for you.
Portability: Where applicable, you have the right to data portability of your information from one IT environment to another in a safe and secure way.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
St Pauls Advice Centre takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including password security, encryptions, restricted access, IT authentication, firewalls and anti-virus/malware.
Staff who access your data have had data protection training to make sure your information is handled sensitively and securely.
Transfers Outside the EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. Where St Pauls Advice Centre stores any personal data outside the EU, we will assess whether that country ensures an adequate level of protection, such as the Privacy Shield for the USA.
How Long We Keep Your Data
St Pauls Advice Centre only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations.
We will normally keep all of the information for 7 years from when our work comes to an end. This is comply with our legal obligations and our insurer’s requirements, and in case we need to review the work we did for you. After that time it will be securely destroyed unless we have a legitimate reason to keep it.
A copy of our Data Retention and Erasure Policy is available on request.
Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.
Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit: www.aboutcookies.org.
Visitors to our website
When you visit our website at www.stpaulsadvice.org.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.
We use this to track interest on specific pages, see how the site is being used and look at how we can make improvements to the site. The information is only processed in a way that does not identify anyone.
Lodging a Complaint
St Pauls Advice Centre only processes your personal information in compliance with this Privacy Notice and in accordance with the relevant data protection laws.
If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to complain to the person responsible for Data Protection: Steve Woodcock, Executive Director.
If you are not satisfied with how your complaint has been dealt with, you have the right to lodge a complaint to the supervisory authority: Information Commissioners Office ico.org.uk