Oxfordshire Sexual Abuse & Rape Crisis Centre (OSARCC) is a registered charity (no. 1131054) which provides specialist support to women and girls who have experienced any kind of sexual violence. This notice explains what information OSARCC will collect about you, and what it will be used for.
Oxfordshire Sexual Abuse & Rape Crisis Centre is a “data controller” of the personal data that you provide to us. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
If you have any questions about this privacy notice, then you are welcome to get in touch to discuss these further with us. You can either email email@example.com, or phone 01865 725311.
We will comply with data protection legislation (the Data Protection Act 2018 and the General Data Protection Regulation (GDPR)). This says that the personal information we hold about you must be:
· Used lawfully, fairly and in a transparent way.
· Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
· Relevant to the purposes we have told you about and limited only to those purposes.
· Accurate and kept up to date.
· Kept only as long as necessary for the purposes we have told you about.
· Kept securely.
What information will we collect about you?
If you visit www.orsarcc.org.uk
If you are visiting our website, we use a third party service called Google Analytics to collect anonymous information about how you use our website, such as any search terms you used to find OSARCC’s website, which pages you visit, and how long you stay on the website. This helps us to find out how people are using our website, and how useful it is. We can’t use this information to identify you.
Information about ‘cookies’ on our website is available via the link at the bottom of our website.
If you attend OSARCC’s external training
If you attend any of OSARCC’s external training courses, we will collect your name and contact details so that we can provide you with relevant information, and so we can invoice you. We may also use this information to contact you about future training courses if you agree to this when you complete your sign-up form. If you register for our training courses via an external website such as Eventbrite, please ensure you check their privacy notices carefully.
We may use the feedback you provide on the training to report to funders, but this data will always be anonymised so you cannot be identified by it.
If you sign up to OSARCC’s mailing list
If you sign up to OSARCC’s mailing list we will ask for your name and email address. This information will only be used to send you information you have subscribed to and will not be passed to a third party. All mailing list data is held securely on our MailChimp system.
If you donate to OSARCC
Information that we may collect from you may include your name, address, email address, phone numbers, date of birth, and financial and credit card information.
You may give us such information by making a donation, or by corresponding or speaking with us by phone, email, letter or otherwise.
We also work with third parties (external websites), including JustGiving, and may receive information about you from them if you have provided permission to them to share it with us. Before providing permission to such third-party organisations to share your personal data, you should check their privacy notices carefully.
If you access any of OSARCC’s services:
If you get support from any of OSARCC’s services we may collect the following information, either from you voluntarily or from your referrer with your consent:
· Your name and contact details
· Equalities monitoring information such as your age, gender, ethnicity, and sexuality
· Information on your personal history, including any experiences of sexual violence, details about the perpetrator(s), and details about any dependants you may have
· Information about how you have been affected by your experiences
· Records of interactions we have with you, for example phone calls or face-to-face meetings
· Any concerns we have about your or somebody else’s safety (please ask to see our Safeguarding Policy if you would like more information on this)
· Records of contact we may have with other professionals or organisations about you or your case where you have agreed for us to contact those professionals or organisations.
· Feedback you give us about our services.
We won’t seek other information about you or your case (for example from other professionals) without your permission, except in cases where we are worried about your or somebody else’s safety.
In many cases, the information will be recorded in an anonymous fashion and you may choose what information you share with us. If you refer yourself or are referred by a third party to our face-to-face services, you will receive a more detailed Service User Privacy Notice in the Referral Form. We will also discuss this with you in more detail when we meet for the first time.
Who collects this information?
This information may be collected by any OSARCC staff member or volunteer with whom you have contact.
Why do we collect this information and how will it be used?
We collect information from you for several reasons. Non-anonymised information is used:
· For practical reasons, such as storing the best way to contact you
· To ensure we are providing you with a consistent and high quality service, for example by reviewing your case notes regularly
· To provide evidence that we are working responsibly and professionally, for example by recording any actions we have agreed together that we will take on your behalf
· To help ensure your and others’ safety where necessary
We also anonymise some of the information you provide us. This means that it can no longer be linked to you, and that you cannot be identified by it. This kind of anonymous information is used:
· For reports to the people or bodies to whom we are accountable, for example our funders and our trustees
· To help us to monitor, evaluate, and develop our services
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
· Where we need to perform a service we have entered into with you.
· Where we need to comply with a legal obligation.
· Where you have given us your consent to do so.
We use information held about you in the following ways:
· To ensure we do not send unwanted information
· To manage and administer our relationship and communications with you.
· To process any donations that you have made to us.
· To claim Gift Aid on donations.
· To support community based fundraising and campaigning.
· To provide you with the information that you request from us.
· To provide you with information about our activities and fundraising appeals where you are fundraising in aid of us and need this information.
· To inform you about changes to our service.
· To send our supporters marketing information about our projects, fundraising activities and appeals where we have your consent to do so.
· For the purposes of the establishment, exercise or defence of legal claims.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or if we have a legal obligation or public interest requirement to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above provisions, where this is required or permitted by law.
Who will this information be shared with?
Where appropriate and necessary, we may share the information we hold on you:
o With other OSARCC staff and volunteers
o With our clinical supervisors
All of these people are bound by strict codes of confidentiality.
o With other agencies or professionals where we have your consent to do so, for example talking with other services who may also be supporting you
o With other agencies where it is necessary to safeguard you or another person. This may be without your permission, but only after a robust internal process is followed.
o When required to do so by a court of law, for example if our notes of meetings with you are deemed relevant to a criminal case
o As anonymised data with our funders and other external agencies.
We may share your personal information with third parties where it is necessary to administer the relationship with you, required by law, protect individuals’ safety, or for safeguarding purposes.
We may share your information with third party service providers who will only have access to the data required to perform the service. Examples include but are not limited to:
· Our service user case management system
· Email providers
· Accountants or other professional advisors
· Analytics and search engine providers that assist us in the improvement and optimisation of our site.
· IT service providers.
We have contracts with these organisations to ensure that your data is used appropriately and held securely by them on our behalf. They may store or transfer your data outside the EU.
Data Security & Storage
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We keep personal data for various lengths of time, depending on the purpose it was collected for:
· If you sign up for our mailing list, we will keep your data until you unsubscribe.
· Financial data (donors, paid training attendees) is kept for 7 years.
· Data collected on adult service users may be kept for 7 years after completion of the services.
· Data collected on under-18 service users may be kept until the child is 25.
For full details, please request our Document Retention Policy.
OSARCC will never share any of your information with third parties for commercial or marketing purposes.
OSARCC adheres to data protection legislation, which provide the following rights for individuals:
1. The right to be informed (know that we hold your data)
2. The right of access (know what data we hold about you – please see Subject Access Requests section)
3. The right to rectification (correct/amend personal data)
4. The right to be forgotten (erasure)
5. The right to restrict processing
6. The right to data portability
7. The right to object (lodge a complaint)
8. Rights in relation to automated decision making and profiling (OSARCC does not do this)
You can read more about your rights on the Information Commissioner’s Office website. We will fulfil these rights unless we have a legal or safeguarding reason not to.
Subject Access Requests
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us either by email to firstname.lastname@example.org or by post to OSARCC, PO Box 20, St Aldates Post Office, Oxford, OX2 6GB. We will respond to your request within 1 month. We may refuse a request, but will provide you the reason for doing so.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights), except in exceptional circumstances, if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you would like to find out more about your rights, you can visit the Information Commissioner’s Office website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), if you have concerns about how we use your personal information. You can contact the Information Commissioner’s Office at: https://ico.org.uk/global/contact-us/
Your right to withdraw consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact either by email or post (details above). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and will make amended versions of this notice available on our website when we make changes to it. We may also notify you in other ways from time to time about the processing of your personal information.
OSARCC aims to meet the highest standards when collecting and using information about you, and takes any complaints about this very seriously. We encourage you to contact us if you think our collection or usage of information is unfair or inappropriate, and always welcome ideas for how we can improve our practice.
You are also very welcome to contact us with any questions about this privacy notice, either by emailing email@example.com or phoning the office on 01865 725311.
If you need more information about UK’s laws and guidance on data protection or would like to report concerns or a breach go to: https://ico.org.uk/