Kensington and Chelsea Mind currently comply with all legislation relating to Data Protection and we are reinforcing this commitment by ensuring we also comply with the provisions of the General Data Protection Regulations (2018), or GDPR, as it is commonly referred to.
On the 25th May 2018, the data protection system across the EU (including the UK) will change. GDPR will replace the provisions of the Data Protection Act 1998 (DPA). The GDPR preserves the rights provided under the current law and also provides new rights and enhanced protection for individuals, known as Data Subjects.
As an organisation, we are committed to keeping any information you share with us private and secure. We want everyone who comes to us for help and support to feel confident about how their personal information will be looked after. This includes:
- Our members, trustees, employees and volunteers
- People who make donations
- People who use our services
- People who provide us with goods and services
- People who make enquiries or correspond with us
- People who raise a complaint about the service they are receiving
- People who take part in consultation, evaluation and research
- People who visit our website
This Privacy Statement sets out:
- Our role, our reasons and privacy practices outlining why and how we collect, use and store any personal information that identifies or could identify you in any way
- Your GDPR Rights, as an individual and where to go for more information about exercising them
- Our contact details
For the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”), Kensington and Chelsea Mind is a “Data Controller”. This means that we are responsible for and control the processing of, your personal information.
Our commitment to you:
We will ensure our operational practice ensures that your personal information is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- Accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Why and how we collect information about you:
- Everything we do, we do to fulfil Mind’s mission to help people experiencing a mental health problem get the help and support they need. This can include:
- Ensuring that you receive the communications that are most relevant to you; whether it is be it through visiting our website or receiving emails, post or phone calls
- Ensuring you receive the best attention when you book on a training course or event, become a member or make a donation
- Ensuring we have all the information we need to provide you with help and support if you are using our services
- Ensuring equal, fair and lawful employment practices in the recruitment of trustees, employees and Ensuring we have sufficient providers of goods and services to enable us to provide services, conduct our business and meet our statutory and legal requirements.
How we collect personal information:
When you interact with us directly, indirectly or through a third party: This could be if you ask us about our activities, register with us for training or an event, make a donation to us or through a third party, such as Gift Aid, ask a question about mental health, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website or get in touch through the post, or in person.
The type of information we collect:
Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number if you are:
- Applying to be a member, trustee, employee or volunteer
- Applying to our services or events
We will also collect credit/debit card details if you are:
- Paying Mind membership subscriptions
- Making a donation
We will mainly use this information:
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions
- To update you with important administrative messages about your donation, an event or services or goods you have requested
- To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations
- To keep a record of your relationship with us
If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide goods and services you have requested.
We may also use your personal information to invite you to participate in surveys or research.
A special note about the Sensitive Personal Information we hold:
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
- If you apply to one of our services, we may require personal information about your health in order to provide you with the help and support
- If you apply to be a trustee, employee or volunteer, we may require information to carry out equality impact assessments
- As an employee, we may require personal information to provide you with occupational health assistance
We will only use this information:
- For the purposes of providing you with a service in support of your health
- To monitor or evaluate the services we provide
- We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation
The legal basis for using your information:
In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you.
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Mind to process your information to help us to achieve our vision of ensuring that everyone experiencing a mental health problem gets both support and respect.
Whenever we process your personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
Some examples of where we have a legitimate interest to process your personal information are to provide you with a support service, where we contact you about our work via post, use your personal information for customer satisfaction surveys and/or consultation about ways to improve our services or meets gaps in service provision, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.
We will only contact you about our work and how you can support Mind by phone, email or text message, if you have agreed for us to contact you in this manner.
However, if you have provided us with your postal address we may send you information about our work and how you can support Mind by mail unless you have told us that you would prefer not to hear from us in that way.
You can update your choices or stop us sending you these communications at any time by contacting [email protected] or clicking the unsubscribe link at the bottom of the relevant communication.
Sharing your information:
The personal information we collect about you will mainly be used by our staff (and volunteers) at Mind so that they can support you.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
Mind may however share your information with our trusted partners and suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. Some examples of where we may share your information are with our fulfilment partners who help to provide support to you, with our partners who help us to process donations and claim Gift. We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our contractual and other agreements.
Keeping your information safe:
We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
Any debit or credit card details which we receive on our website are passed securely to Sage Pay our payment processing partner, according to the Payment Card Industry Security Standards.
How long we hold your information for:
We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, Employment law or the collection of Gift Aid).
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us, details below.
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office at: www.ico.co.uk
Access to your personal information:
You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity
Right to object:
You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection
If you have given us your consent to use personal information, you can withdraw your consent at any time
You can ask us to change or complete any inaccurate or incomplete personal information held about you
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it
No automated-decision making:
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request. For detailed information on how to exercise your Rights visit: www.ico.org.uk
‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or table when you visit a website.
They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.
The cookies we use:
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.
We use all four categories of cookies:
- Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account
- Performance cookies collect anonymous information about how you use our site, like which pages are visited most
- Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog
- Targeting or advertising cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. As such if you visit the Mind website you may then be more likely to see adverts about Mind’s work on other websites as your browsing suggests that this is an area of interest
No cookies, please:
You can opt out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser. However, if you choose to refuse all cookies, our website may not function for you as we would like it to.
For further information about our privacy practices, please contact our Data Protection Officer by writing to:
Kensington and Chelsea Mind, Office 1, 7 Thorpe Close, London W10 5XL. Telephone 020 8964 1333. Email [email protected]