LionHeart Privacy Notice for volunteers including trustees
The data controller processing your data is LionHeart. We are registered as a data controller with the Information Commissioner’s Office (our notification number is Z6406612) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation (the General Data Protection Regulation and UK Data Protection Act 2018). 

Our CEO is the Data Protection Lead and can be contacted by email ceo@lionheart.org.uk.

What information do we hold and use in relation to you? 
LionHeart holds and processes personal data about current and former LionHeart volunteers, including ambassadors and Trustees. We only collect the data we need and keep that data up to date. The personal data that we hold consists of:
  • Personal information - your name, data of birth, gender, nationality, national insurance number, copies of documentation proving your right to stand as a trustee such as your passport or visa, identifiers issued by public bodies (e.g. NI Number) and your contact details.
  • Information about your role as a volunteer - any committees you are a member of, any officer roles you hold, information about your tenure as a volunteer including start date (and end date) of volunteering, your duties, any necessary declarations (including conflict of interest) and details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals if LionHeart is affected by these. 
  • Information relating to your performance in your role - assessments of your performance, including review notes, performance reviews, training you have participated in, details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence 
  • Education and work history - details of your qualifications, skills, experience and employment history and references received. 
  • Emergency contact - we will ask you to provide details of an emergency contact that we can contact should it ever be necessary. Before providing these details, please inform that person that you will be providing their details to LionHeart.  

LionHeart may process some information about you that is classed as ‘special category’ data, and which receives additional protections. We may collect the following special category data:

·         Details of periods of leave taken by you relating to sickness absence, family leave, etc.

·         Health or disability information about you

·         Information about your religion or beliefs

·         Information about your ethnic origin

·         Your sexual orientation

·         Gender identification

·         Trade union affiliations, where applicable

For certain roles, other special category data may be processed, such as information about past criminal convictions, working with children or vulnerable adults, and your fitness to practise in certain regulated professions.


How do we collect this information from you?
We receive this data from you when you:

·         Submit an application for a volunteer role at the LionHeart

·         Complete your volunteer information and declaration forms

·         Supply your passport or other identity documents at the start of your tenure as trustee, at other times when necessary during your time volunteering with us, or when we ask you to confirm your identity

·         Supply emergency contact details

At times we may receive personal data from third parties e.g.  references. We receive this information from the following third parties:

·         Organisations or individuals which you may have named as a referee

·         Disclosure and Barring Service


Why do we collect this information from you?

We take our obligations around the handling of data very seriously, and it is therefore important for you to know the various lawful bases that we rely on for the processing of your personal data.

We process your personal data for these purposes when we:

  • Provide you with a volunteer agreement, induction and training
  • Administer your record on our database
  • Register you with the Charity Commission and Companies House (trustees only)
  • Enable you to log on to the LionHeart trustee online portal (trustees only)
  • Meet our obligations for ensuring your health, safety and security whilst volunteering with us. 

LionHeart processes your data in our legitimate interest.

This is an assessment made by weighing our requirement against the impact of the processing on you. Our legitimate interests will never override your right to privacy and the freedoms that require the protection of your personal data. If you would like to see a copy of our legitimate interest assessment, please ask us.

We process your data in our legitimate interest when we:

  • Produce statistics for internal monitoring of equality and diversity.
  • Enable effective communications with you regarding information you need to know for security or operations.
  • Keep a record of your volunteering activities.

Some special category data is processed to carry out our obligations and exercise specific rights in relation to employment.

We process information about ethnic origin, sexual orientation, religion or belief or trade union membership, offences and alleged offences, criminal offences, gender identification, health information to carry out our employment obligations when we:

  • make reasonable adjustments for volunteers who have a disability
  • ensure that you are fit to volunteer in a particular role 
What do we do with your information?

Your information may be shared internally with members of the LionHeart Finance and Administration team if access to the data is necessary for performance of their roles.

We combine the data you provide us with other data generated during your employment in order to maintain a summary record of your volunteering time with us.

We also combine your data with data received from the third parties listed above in order to:

  •  Determine whether you are eligible to work in the UK
  •  Ensure that you pay the correct tax and National Insurance contribution
  •  Ensure you receive any pension payments you are due once you are eligible.

 Access to, and the sharing of, your special category data are controlled very carefully. You will be given further details about our need for collecting such data when we ask you to share it with us, including any consequences for you of not providing it.


How long do we keep your information?

If you are a trustee your name will be on any permanent records of board or other meetings you have attended in your role as a trustee.  If you are in an ambassadorial role as a volunteer your story may be included in any online or printed case stories or blogs, with your consent. 

We will keep the following details for all volunteers for a maximum period of four years:

  • Name, address, contact details and volunteer role

All other data will be permanently destroyed.


Who do we share your information with?

Within LionHeart, we share your data with: 

  • The Finance and Administration team in order to provide you with information and ensure your record is kept up to date 
  • The Finance and Administration team in order to pay expenses claims 
  • The Finance and Administration Team, in order to maintain statutory records regarding any accidents or hazardous exposure you sustain at work 
  • The Finance and Administration Team in order to provide you with access to any online areas set up for volunteers (for example the private trustee area of the LionHeart website) 
  • Our Internal Management team, to ensure LionHeart compliance with policies and processes.
  • We also share your personal data, where required, with the following external third parties: the Disclosure and Barring Service (DBS) where we need to make a criminal records check for certain roles ; on occasion and where necessary, the police and other law enforcement agencies; on occasion and where necessary, appointed external auditors

We will provide references about you to external enquirers or organisations where you have requested or indicated that we should do so.


How do we protect your data?
We take the security of your data seriously and have cybersecurity guidelines which specify the correct way of handling IT in order to protect data against the consequences of breaches of confidentiality, failures of integrity and interruption of availability.
We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process, or store, personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

What rights do you have in the way that we protect your data?
As a data subject, you have a number of rights. You can:
  • Ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing (by making a subject access request)
  • Require us to change incorrect or incomplete data
  • Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • Object to the processing of your data where we rely on our legitimate interests as the legal ground for processing
  • Receive from us the personal data we hold about you which you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that data to another data controller
  • Ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override LionHeart’s legitimate grounds for processing data
  • Withdraw your consent for us to process your data where we do so with your consent
Not all of these rights apply in all circumstances. 
If you would like to exercise any of these rights, or make a subject access request please contact LionHeart’s Data Protection Lead, the CEO. They can be contacted by email: ceo@lionheart.org.uk or by phone by calling 0121 2895410 or by writing to:  LionHeart, Ground Floor, 55 Colmore Row, Birmingham B3 2AA
If you continue to have concerns about the use of your personal data, the Information Commissioner’s Office is an independent body set up to uphold information rights in the UK.
They can be contacted through their website: www.ico.org.uk, or their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire

Policy updated October 2018; reviewed annually.

Helpline 0800 009 2960           or 0121 289 3300