How do we collect information from you?

We collect information about you and family members in a variety of ways:

• Directly from you:
  • when you register with us for our support or groups
  • as you receive our support or attend our groups
  • When/if you voluntarily complete surveys, provide feedback and participate in events
• From our staff and volunteers:
  • records of conversations, communications and meetings they have with you while delivering support, including text and phone conversations
  • observations and internal discussions about the support you are receiving
• Received from third parties, which might include:
  • agencies who are referring you to us
  • professionals and other support agencies involved with your family, such as health visitors, social care professionals, other voluntary organisations or charities
  • members of your family who are receiving Home-Start support

What type of information is collected and used about you?

The information we collect and use will include both personal data and sensitive data, as some of the data relates to children or vulnerable adults, some of this data is classified as special category data in data protection law.

These records may include the following information relevant to you, your partner and the children you care for and anyone else who is part of your household:

• names and contact details (including postal address, email address and telephone number)
• date of births
• Next of Kin, emergency contacts, GP and Health Visitor contact details
• contact we have had with you, including home visits, meetings, telephone calls and text messages.
• income and financial details
• employment information
•  information of schools or nursery attendance and special educational needs
• information from people who are involved with your family, such as; schools, health professionals, social services and relatives
• information about lawyers or other representatives we may encounter whilst supporting you
• information about your health, situation and previous experiences that relate to the support you receive
• disabilities, neurodiversity or health conditions including details of accommodations, medical treatment and medications where it informs or relates to the support you receive
• personal characteristics such as your race, religion or beliefs and sexual orientation and that of your family
• criminal convictions that have been committed against an individual or which an individual has committed
• any other personal information shared with us.

How and why is your information used?

We will only collect and use information needed for our staff to deliver and provide appropriate support to meet your needs.

We use this information only to the extent necessary to provide the agreed upon support and manage our organisation, unless there are exceptional circumstances, such as when the health or safety of a child or others is at risk, or other situations where the law requires the disclosure of information.

If you do not provide us with information that we ask for and that we require, we may not be able to support you. If you are uncomfortable about disclosing certain information to us or if you have any concerns or queries about why we require certain information, we are happy to discuss this in further detail with you.

In limited circumstances, we may ask for your consent to use your information (for example, for your experience with us to be used in Home-Start materials or on our website).  In these circumstances, we will always ask for your explicit consent beforehand, and we will tell you how you can withdraw your consent if you change your mind (which you can do at any time).

Our Newsletter  (Marketing Communications)

 After your support we may ask you if you want to stay in touch with our organisation through our email newsletter mailing list. We will not send marketing communications via post, text or phone. We will only send you marketing communications by email if you have explicitly provided consent. You may opt out of our marketing communications at any time by clicking the unsubscribe link in the newsletter or contacting the office.

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted, however, we may still need to contact you for purposes relating to your support.

Lawful Processing

Data protection law requires us to rely on one or more lawful grounds to process your personal information.

We consider the following grounds to be relevant:

• Legitimate interests for example to:
  • provide our support you and your family;
  • conduct research to better understand those we support and
  • to further the aims of our organisation e.g. report anonymised and collated data to our funders & stakeholders;
• Consent
• Legal obligation to comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the Charity Commission, or we are required to report a crime.

We consider the following grounds to be relevant for processing Special Category data:

• to provide our services of counselling, social care, and safeguarding children and individuals at risk of neglect or physical, mental or emotional harm and for protecting their economic well-being.

How long is your information kept for?

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our GDPR & Confidentiality Policy.  Data will be securely destroyed when no longer required. For most data this is usually a set number of years after our support to you ends, however some data is legally required to be kept for longer. Please see the above policy’s appendix for details of our retention schedule. Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, dates support was provided to you, and date of birth) until the usual retention date to ensure that we do not contact you or process your data again inadvertently in future. We reserve the right to judge what information we must continue to hold to be able to fulfil our legal obligations and our contract with you.

Where is your information kept?

When you give us information, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is appropriate security for all locations that data is stored & the appropriate permissions and data retention processes are correct. Your data will be stored in both paper and electronic formats and on Charity Log, the third party CRM system we use.

Your information will only be stored within the UK.

Who has access to your information?

We will share your information internally within Home-Start on a need to know basis, to provide you with support and to ensure that support is good quality.  We may also share your personal information with some or all of the following parties, but we will always do this in compliance with data protection law:

other charities and public sector organisations that may have referred you to us, may be providing services to you or that we may be working in partnership with:

• health and education professionals (such as health visitors or head teachers)
• other family members (where you are comfortable with this)
• local council social work departments
• the Police, Courts or Charity Commission
• safeguarders and other parties in connection with child or adult protection
• lawyers or other representatives that may be acting on your behalf
• statutory bodies in connection with legal and formal processes.
• Anonymised data may be shared with funders and other organisations as part of reporting on our activities as an organisation.
• third parties working on our behalf (for example, to support our IT systems, or to send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own purposes.

 We do not sell or rent any of your information to third parties.

We do not share any of your information with third parties for marketing purposes unless you have requested us to do so.

We will only share special category information with other organisations where that is necessary for legal reasons, or where there are other substantial public interest grounds.

Exceptions

Other than the above we will only share your data, in compliance with data protection law, if it is necessary to protect your vital interests or the vital interests of another person, or for certain other reasons where it is not possible or appropriate to gain your consent such as disclosures to the police for prevention or detection of crime, or to meet statutory obligations.

How do we collect information from you?

The information we hold about you is primarily information you provided when applying for your job, supplemented by information generated in the course of your employment or volunteer engagement.

We require personal data that is considered under data protection law to be special category data for example, in relation to your health or ethnicity.  We also use some other data which you may consider to be sensitive such as financial information.

What type of information is collected from you?

• Names, addresses, contact details
• Unique personal identifiers, e.g. NI number, date of birth
• Personal data provided by you, e.g. Disability or health information relating to temporary or permanent special arrangements at work and family information relating to emergency contacts, next of kin or leave
• Personal characteristics such as gender and ethnic group
• Copies of passports, visas and any other documentation required to ensure compliance with Home Office & DBS requirements
• Details of your education and qualifications
• Your application and/or CV
• Current and past employment, job titles and salary
• Reporting and managerial responsibilities
• References
• Information from your recruitment including interview tests and results
• Your contract of employment
• Information relating to your car, driving licence and insurance
• Appraisals & supervisions
• Disciplinary, grievance and capability procedures
• Accidents at work & Health and Safety incidents
• Details of any training received
• Time, attendance & leave of absence details
• Bank account details & other information required for expenses or salary and pension purposes
• Photographs, audio and video recordings (with your knowledge and consent)

How and why is your information used?

We use your personal data for practical purposes for the administration of your role and enables us to meet various administrative and legal obligations we have as an organisation and responsibilities we have to you as an employee or volunteer. Without the data we may be unable to fulfil our obligations which could result in cessation of your employment or engagement as a volunteer.

 Lawful Processing

The lawful bases which we rely on for processing this information are:

• Legitimate interests for example to:
  • Fulfil employer obligations
  • Manage, supervise and train staff
  • Ensure organisation is run to a high standard
• Consent
• Legal obligation to comply with a legal or regulatory obligation to which we are subject, for example employment and tax law.

How long is your information kept for?

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our GDPR & Confidentiality Policy.  Data will be securely destroyed when no longer required. For most data this is usually a set number of years after your work with us ends, however some data (e.g. copies of IDs for DBS & right to work checks) will be deleted as soon as the task is completed and some data (e.g. records of safeguarding concerns) is legally required to be kept for longer. Please see the above policy’s appendix for details of our retention schedule.

Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, dates of employment and date of birth) until the usual retention date to ensure that we do not contact you or process your data again inadvertently in future, and to maintain your record for employment record purposes.

Please note that as our service involves children who have a child protection plans and other vulnerable children and adults, we have legal obligations under safeguarding legislation to keep certain records, which may include some of your personal data, for longer than the usual retention period, up to 75 years in rare circumstances.

We reserve the right to judge what information we must continue to hold to be able to fulfil our legal obligations and our contract with you.

 Where is your information kept?

When you give us information, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is appropriate security for all locations that data is stored & the appropriate permissions and data retention processes are correct. Your data will be stored in both paper and electronic formats and on Charity Log, the third party CRM system we use.

Your information will only be stored within the UK.

Who has access to your information?

Personal data, including sensitive personal data, may be shared with members of staff and trustees, who legitimately need the information to carry out their normal duties for the organisation.  We will ensure that special category or sensitive personal data is only shared with colleagues or trustees who have specific and legitimate need for the information.

We may disclose certain personal data to third parties.  These third parties, and the purpose for sharing the information, are set out below:

• Relevant data may be shared with your next of kin but only with your consent or in an emergency
• Relevant data may be shared with certain offices of the UK government for us to comply with our legal obligations in relation to your role, including HMRC, the Home-Office, UK Visas and Immigration, Companies House and the Charity Commission.
• Relevant data will be shared with reputable “data processors” for specific purposes relating to your role, these include: payroll & expenses, pension, DBS, training providers and sending communications.
• With your permission we may share information about you for publicity and marketing purposes online, in print and on social media
• Anonymised data may be shared with funders and other organisations as part of reporting on our activities as an organisation.
• third parties working on our behalf (for example, to support our IT systems, or to send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own purposes.

We do not sell or rent any of your information to third parties.

Exceptions

Other than the above we will only share your data, in compliance with data protection law, if it is necessary to protect your vital interests or the vital interests of another person, or for certain other reasons where it is not possible or appropriate to gain your consent such as disclosures to the police for prevention or detection of crime, or to meet statutory obligations.

Appendix 3a – Applicants

How do we collect information from you?

As part of our application and recruitment process we collect, process and store personal information about you.  We process this information for a range of purposes relating to the recruitment process and this may include your application, assessment, pre-employment checks, and your worker permissions.

What type of information is collected from you?

The following are some examples of the type of information we may process:

• Personal details such as name, address, date and place of birth
• Work history/job data, previous employers, positions, dates
• Compensation; salary, benefits, bonuses
• Education and work history including professional qualifications and skills
• Employer & Personal feedback and references
• Nationality, visa, right to work information (e.g., passport, National Insurance number)
• Results of pre-employment checks, such as DBS/PVG/Access NI checks where permitted under local law
• Assessment results, such as results from any interview exercise, or video or telephone assessment

During the process we also capture some personal data that is considered under data protection law to be ‘special category data’ about you, e.g., disability information.  We do this in order to make reasonable adjustments to enable all candidates to be able to apply for jobs with us, to attend interviews or assessments and to ensure that we comply with regulatory obligations with regard to hiring.

We also may request further special category data such as sexuality, ethnicity, religion, gender identity. We request these to monitor our recruitment process as part of our vision to be a charity where everyone feels welcomed, included and valued as part of our Home-Start.  If you choose not to provide this data it will not affect your application.  If you provide this data it will be separated from your application form and will not be visible to the shortlisting panel. After the data is added to a summary sheet it will be deleted.

 How and why is your information used?

We use your personal data in order to manage your application and our recruitment process. We only process your information as necessary for the purposes of progressing your application or as required by law or regulatory requirements and will vary based on the role so not all of the purposes set out below will apply to you.

• Assessing and progressing your application
• Application Shortlisting
• Arranging and recording Interviews and assessments
• Assessing your suitability (skills, strengths and behaviours) for the role
• Completing pre-employment checks such as Right to work in the UK, qualifications, references
• Writing and negotiating contracts
• Completing on-boarding processes
• Monitoring & reviewing our recruitment process

 Lawful Processing

The lawful bases which we rely on for processing this information is consent.

How long is your information kept for?

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our GDPR & Confidentiality Policy.  Data will be securely destroyed when no longer required. For unsuccessful candidates personal information will be retained for 6 months following the recruitment process.  For successful candidates all personal information collected as part of the recruitment process will be transferred to an employee personnel file.

Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, role & date of application, and date of birth) until the usual retention date to ensure that we do not contact you or process your data again inadvertently in future. We reserve the right to judge what information we must continue to hold to be able to fulfil our legal obligations.

 Where is your information kept?

When you give us information, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is appropriate security for all locations that data is stored & the appropriate permissions and data retention processes are correct. Your data will be stored in both paper and electronic formats. If you are successful your data will be transferred to Charity Log, the third party CRM system we use.

Your information will only be stored within the UK.

Who has access to your information?

Personal data, including sensitive personal data, may be shared with members of staff and trustees. The information each person can see will be restricted to what information they legitimately need to perform their role in the recruitment process. These will include:

• Admin staff
• The hiring manager
• The interview panel, which may include both staff and trustees
• Trustees with specific roles relating to the role or recruitment (e.g. personnel trustee)
• Staff involved in Finance, safeguarding processes & induction processes (if application successful)

Appendix 3b – Referees

How do we collect information from you?

Your personal details have been provided to us by another person (applicant) who has indicated you as a referee.

What type of information is collected about you?

• Name
• Name and address of company, position and relationship to applicant (when providing an employment reference)
• Personal address and relationship to applicant (when providing a personal or character reference)
• Telephone number and/or email address

How and why is your information used?

We will collect your personal data and process your personal data for the purpose of obtaining references for our applicant.

Lawful Processing

The legal basis we rely upon when processing your personal data is legitimate interest.

We need to process your data to fulfil our recruitment requirements as obtaining references is a vital part of the process to ensure we are appropriately vetting new people joining our organisation.

How long is your information kept for?

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our GDPR & confidentiality Policy.  Data will be securely destroyed when no longer required. For unsuccessful candidates personal information will be retained for 6 months following the recruitment process.  For successful candidates all personal information collected as part of the recruitment process will be transferred to an employee personnel file.

Who has access to your information?

Personal data may be shared with members of staff and trustees. The information each person can see will be restricted to what information they legitimately need to perform their role in the recruitment process. These will include:

• Admin staff
• The hiring manager
• Staff and trustees involved in the recruitment process (e.g. personnel trustee)

Appendix 4a – Referrers

How do we collect information from you?

The information we hold about you is provided by you when referring a family.

What type of information is collected from you?

The following are some examples of the type of information we may process:

• Personal details such as your name.
• Contact details such as your email or telephone number.
• Work details such as your role, your employer & team.
• Details of your work with the family.

How and why is your information used?

We use your personal data in order to manage your referral, the service we provide to the family, to communicate information about our organisation relevant to you as a referrer and to monitor our referrals. We only process your information as necessary for these purposes or as required by law or regulatory requirements.

• To discuss the referral with you before we accept it e.g. further details needed, eligibility requirements clarification, to discuss our service suitability and your risk assessment.
• To discuss the service users support during our support e.g. concerns or further support needs that come to light during the service or planning the support end.
• To communicate information about our organisation and services. E.g. waiting list, referral process changes, new services or groups that you may want to refer or signpost families too.
• To monitor our service e.g. request feedback, recognise referral trends and report who refers to our service.

Our Newsletter  (Marketing Communications)

We may ask you if you want to stay in touch with our organisation through our email newsletter mailing list. We will not send marketing communications via post, text or phone. We will only send you marketing communications by email if you have explicitly provided consent. You may opt out of our marketing communications at any time by clicking the unsubscribe link in the newsletter or contacting the office.

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted, however, we may still need to contact you for other purposes.

 Lawful Processing

The lawful bases which we rely on for processing this information is consent.

How long is your information kept for?

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our GDPR & Confidentiality Policy. Usually 3-5 years after your last referral. Data will be securely destroyed when no longer required.

Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, dates our service was provided to you, and date of birth) until the usual retention date to ensure that we do not contact you or process your data again inadvertently in future. We reserve the right to judge what information we must continue to hold to be able to fulfil our legal obligations.

 Where is your information kept?

When you give us information, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is appropriate security for all locations that data is stored & the appropriate permissions and data retention processes are correct. Your data will be stored in both paper and electronic formats and on Charity Log, the third party CRM system we use.

Your information will only be stored within the UK.

Who has access to your information?

Personal data may be shared with members of staff and trustees. The information each person can see will be restricted to what information they legitimately need to perform their role. These will include: Admin staff, Coordinators and Managers.

Appendix 4b – Supporters & Members

How do we collect information from you?

The information we hold about you is information you provided when you:

• Joined as a member
• Attended an event
• Donated time, money or other help
• Asked to go on to our mailing list
• Otherwise contacted us about supporting us

What type of information is collected from you?

The following are some examples of the type of information we may process:

• Personal details such as your name.
• Contact details such as your email or telephone number.
• Work details such as your role, your employer & team.
• Details of your donation
• Personal details such as dietary or access requirements.

How and why is your information used?

We use your personal data in order to carry out promotional activities, communications and other activities in line with our organisation’s aims and objectives. We only use your information in line with the original reason you contacted us or with your consent so not all of the below will be relevant. For example we:

• Send out newsletters with news about our organisation
• Arrange events for supporters to raise funds, awareness and celebrate our organisation
• Circulate our annual report, hold our AGM and hold other Member votes.

 Lawful Processing

The lawful bases which we rely on for processing this information is consent.

How long is your information kept for?

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our GDPR & confidentiality Policy.  Data will be securely destroyed when no longer required. These retention periods vary, For example, membership records are retained for up to 10 years of leaving membership in line with requirements from company house, whereas information on attendees from events will be destroyed within 6 months of the event and contact details on our mailing list will be retained until you unsubscribe. Please see the above policy’s appendix for details of our retention schedule.  We reserve the right to judge what information we must continue to hold to be able to fulfil our legal obligations.

 Where is your information kept?

When you give us information, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is appropriate security for all locations that data is stored & the appropriate permissions and data retention processes are correct. Your data will be stored in both paper and electronic formats and on Charity Log, the third party CRM system we use.

Your information will only be stored within the UK.

Who has access to your information?

Personal data may be shared with members of staff and trustees. The information each person can see will be restricted to what information they legitimately need to perform their role.