LionHeart Privacy Notice for people who use our services
The data controller processing your data is LionHeart. We are registered as a data controller with the Information Commissioner’s Office (our notification number is Z6406612) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation (the General Data Protection Regulation and UK Data Protection Act 2018).
Our CEO is the Data Protection Lead and can be contacted by email email@example.com.
What information do we hold and use in relation to you?
LionHeart holds and processes personal data about the people we help - this could be by calling our helpline, applying for a grant, receiving counselling or back to work or debt advice. We only collect the personal data we need for these purposes and keep that data up to date.
The personal data that we hold about you may consist of:
- Personal information - This can include your name, data of birth, gender, nationality, national insurance number, copies of documentation proving your identity such as your passport or visa, identifiers issued by public bodies (e.g. NI Number) and your contact details
- Information about your income and expenditure - if you are applying for a LionHeart grant we will hold the following data: your income including salary or pay, Social Security Benefits or payments, pension payments, savings or other income. We may also ask for and hold copies of your regular bills, expenditure and bank statements.
- Information about your family, lifestyle and social circumstances - If you are in receipt of support from the Support Services team we will keep information about your personal circumstances and those of your family members. This may include information about your health and wellbeing and any issues or challenges you are facing.
Depending on the nature of the service being provided, LionHeart may process some information about you that is classed as ‘special category’ data, and which receives additional protections.
Where it is of relevance to the service and would assist us in advising you, you may submit to us the following special category data:
- Details of periods of leave taken by you relating to sickness absence, family leave, etc.
- Health or disability information about you
- Information about your religion or beliefs
- Information about your ethnic origin
- Your sexual orientation
- Gender identification
- Trade union affiliations, where applicable
Other special category data may be processed, such as information about past criminal convictions, and your fitness to practise in certain regulated professions.
How do we collect this information from you?
We receive a lot of this data from you when you:
Call the LionHeart helpline or ask for support from us
Send in information in order to apply for a LionHeart grant
Give support services officers information about your circumstances in order for them to support you
In some circumstances, we may receive personal data from third parties including people who provide you with services such as doctors and social workers or other professionals. This process will be entirely transparent and we will only be in touch with these third parties with your consent unless we feel that there is a safeguarding issue relating to your welfare.
Why do we collect this information from you?
We take our obligations around the handling of data very seriously, and it is therefore important for you to know the various lawful bases that we rely on for the processing of your personal data.
We process your data as we have a legitimate interest in doing so. We would not be able to provide you with services if we were not able to process your data.
This is an assessment made by weighing our requirement against the impact of the processing on you. Our legitimate interests will never override your right to privacy and the freedoms that require the protection of your personal data.
We process your personal data for these purposes when we:
- Provide you with advice, support, grants or other services via our helpline service.
- Make referrals to third parties (with your consent) who provide a service to you on our behalf.
- When we advocate on your behalf (with your consent) with other agencies and organisations.
- Produce statistics for internal reporting to ensure the effective delivery of our services. Analysis of statistics is carried out at an aggregate level and does not identify you directly.
We may also process your Special Category data in order to provide you with services.
We may process information about ethnic origin, sexual orientation, religion or belief or trade union membership, offences and alleged offences, criminal offences, gender identification, health information to provide you with our services. This information will be given to us by you in the process of making an application for help or speaking about your life with our support officers.
What do we do with your information?
Your information may be shared internally with members of the Support Services Team if access to the data is necessary for performance of their roles. For example, if you are referred to one of our counselling officers some or all of your data will be shared with them.
Access to, and the sharing of, your special category data are controlled very carefully. This is kept within a specific module of our database that only those that require access to the data have access to.
How long do we keep your information?
We keep details of any grants you have received for ten years. Other data pertaining to advice given, issues discussed and help offered and taken is kept for ten years in order for us to build a picture of your circumstances should you call LionHeart for support in the future.
Who do we share your information with?
Within LionHeart, we share your data with:
- The Support Services Team and Support Services Manager including counsellors if necessary
- If you are in receipt of a grant your data may be shared with an audit committee which is made up of two trustees. The data is utilised to carry out an audit of the LionHeart grant process
- The CEO may need to access your data in the absence of the Support Services Manager to handle any urgent issues
- The Trustee with responsibility for Support Services may need to access your data if your circumstances fall outside of our usual guidelines and a delegated board decision is necessary
We also share your personal data, where required, with the following external third parties:
- Our legal advice service LawExpress in order to provide you with legal advice (usually limited to name and RICS membership number).
- Our back to work suppliers in order to provide you with careers guidance and support.
- Our debt advice suppliers in order to provide you with debt advice
- Any other external providers not named above in order to deliver appropriate support to you
We will not share your personal data with any of the above without your prior knowledge or consent.
How do we protect your data?
We take the security of your data seriously and have cybersecurity guidelines which specify the correct way of handling IT in order to protect data against the consequences of breaches of confidentiality, failures of integrity and interruption of availability.
We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process, or store, personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
What rights do you have in the way that we protect your data?
As a data subject, you have a number of rights. You can:
- Ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing (by making a subject access request)
- Require us to change incorrect or incomplete data
- Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Object to the processing of your data where we rely on our legitimate interests as the legal ground for processing
- Receive from us the personal data we hold about you which you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that data to another data controller
- Ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override LionHeart’s legitimate grounds for processing data
- Withdraw your consent for us to process your data where we do so with your consent
Not all of these rights apply in all circumstances.
If you would like to exercise any of these rights, or make a subject access request please contact LionHeart’s Data Protection Lead, the CEO. They can be contacted by email: firstname.lastname@example.org or by phone by calling 0121 2895410 or by writing to: LionHeart, Ground Floor, 55 Colmore Row, Birmingham B3 2AA
If you continue to have concerns about the use of your personal data, the Information Commissioner’s Office is an independent body set up to uphold information rights in the UK.
They can be contacted through their website: www.ico.org.uk, or their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
Policy updated October 2018; reviewed annually.