As a responsible charitable organisation, we value the trust you placed in us when you shared your personal data. This page describes who we are, why we need to collect information about you and how we will use it. We will tell you how your information will help us improve the services we provide to children, young people and families. We recognise the importance of treating your data with care and we have taken steps to ensure we only use it in accordance with your wishes.
Who we are:
We are Umbrella Derby and Derbyshire. Our registered charity number is 1150203 and our registered company number is 07904108.
This notice applies to all data subjects whose data is processed by Umbrella.
The Data Protection Officer (“DPO”) is responsible for ensuring that all potential data subjects have sight of this notice prior to the collection and/or processing of their personal data by Umbrella.
All employees of Umbrella who interact with data subjects are also required to ensure that this notice is brought to the attention of all data subjects, securing their consent for the processing of their personal data
Umbrella collects information from:
Members of Umbrella
Service users and their families
Visitors to our website
Third party organisations
- Fair Processing Notice
Umbrella will only collect information necessary to enable them to carry out their purpose and will use the personal data collected from you for the following purposes:
- To provide you with relevant information about our services when you join
- To ensure we are providing the right level of support in accordance with the level of need.
- To ensure we meet our agreed objectives
- To enable us to communicate with you effectively
- To create records of communications for reference and so that we can provide an accurate service
- To assess suitability and provide a fair recruitment process and in order to comply with government standards
- For monitoring purposes (annonomised)
- For compliance with funding contracts
You hereby confirm that you are consenting to Umbrella’s use of your personal data for the aforementioned purposes(s) and are granting Umbrella permission to carry out those actions and/activities.
You may withdraw your consent at any time. See end of policy for details.
- What is Personal Data?
The EU’s General Data Protection Regulation (“GDPR”) defines “personal data” as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The GDPR classifies certain data as belonging to “special categories”, as follows:
- Racial origin;
- Ethnic origin;
- Political opinions;
- Religious beliefs;
- Membership to a trade-union;
- Genetic data;
- Biometric data;
- Health data;
- Data concerning a natural person’s sex life;
- Sexual orientation; and
The GDPR requires that consent is provided by the data subject for all types of personal data, including those pertaining to the special categories set out above and otherwise. Consent must be explicitly provided.
When Umbrella requests sensitive data from data subjects, it is required to confirm why the information is required and how it will be used.
- Why does Umbrella need to collect and store personal data?
Umbrella is committed to providing and excellent service and requires certain information to meet planned and agreed objectives. Umbrella ensures that all personal information collected and processed is appropriate for the stated purpose(s) and shall not constitute an invasion of your privacy. We will never share your personal data with third parties until we have received your consent, unless we are required do so by law.
- Your information
Umbrella will process your data (i.e. collect, store and use) according to the requirements of the GDPR at all times and shall endeavor to keep your personal data up-to-date, ensuring its accuracy and will not keep it for longer than it is required. In some situations, there are set legal requirements for the length of time that Umbrella will retain your personal data but usually Umbrella will use its discretion, ensuring that personal data is not kept outside of our usual business requirements.
We shall never be intrusive or invasive of your personal privacy and shall not ask you to provide data that is irrelevant or unnecessary and we will enact strict measures and processes to ensure that the risk of unauthorised access or disclosure of your personal data is minimised as much as possible.
Permission to contact you
When joining Umbrella, our policy states that you should only receive contact from us with information about activities and services that will be relevant to the services you receive. You will also given the opportunity to opt into receiving our monthly bulletin and details of other services within Umbrella from which we feel you will benefit.
How we store your personal data
All information you provide to us is stored either:
In paper format in secure locked cabinets
On a secure server in a secure database.
All information stored is only used whilst you continue to be associated with Umbrella for service use or employment.
After archiving has been completed, your electronic and hard copy data will be stored for:
8 years for members and service users
7 years for employees
3 years for volunteers
After the relevant time has lapsed, your information will be destroyed. In some cases, funders’ contracts stipulate the information must be returned to them. If this is the case, you will have been made aware of this from the outset.
Disclosure of your information to others
We may disclose your personal information:
- if we are under a duty to disclose or share visitors’ personal data to comply with a legal obligation
- for law enforcement purposesWe may share your information with organisations such as Derbyshire County Council or children’s centres if it is relevant to your service (or a referral has been made) but we will discuss this with you with details of specific organisations and seek your express prior consent should this be necessary. We collect the following information from people visiting the website:
- We never sell or share information we hold with any commercial or other organisations.
- Your IP address and which web browser (and version) you use
- Information on how people use the site, using cookies, to help us to improve the website and our services
- Your name and email address if you chose to sign up to the monthly bulletin
What are cookies?
Links to other websites
This privacy notice does not cover the links within this site linking to other websites
Umbrella uses a third party provider and is not responsible for data you share on social media platforms
Under the General Data Protection Regulations you have the right to:
- ask us not to process your personal data
- see information we hold about you (subject access request)
- ask for inaccurate personal data to be corrected
- ask to be forgotten (all data removed)
In order to take the above action, you need to contact our Data Protection Officer (DPO)
The DPO at Umbrella is:
Kristin Clark, Umbrella Derby and Derbyshire, Umbrella House, 64 Birdcage Walk, Mackworth, Derby DE22 4LD.
01332 521229 firstname.lastname@example.org
Changes to our policy
As we continue to monitor and improve our services and our website, we may update this policy. Any changes will be posted on the website.