Hide

Privacy policy

Privacy Notice

Paladin NSAS is committed to protecting your privacy, whether as a member of staff, client, stakeholder, supporter, supplier or visitor to this website. This Privacy Notice explains what personal data we may collect, how we use it and how we ensure it is kept secure.

Paladin NSAS is the Data Controller for all the personal data which it collects for various reasons and this is held electronically on the computer, in paper files, and/or on locked and protected mobile devices. All personal data which we collect will be used and protected in accordance with our Data Protection and Information Governance Policy. We are responsible for complying with all data protection legislation including the General Data Protection Regulation (GDPR).

What is Personal Data?

Personal data is any information which relates to and identifies a living person; for example, name, address, bank details, CCTV images, computer IP address, email address.

Some types of personal information is classified as ‘sensitive personal data’ and this includes ethnicity; religious beliefs, physical/mental health; sexuality, information about criminal offences or proceedings.

Any organisation which processes personal data must have a lawful basis for doing so. Paladin uses various legal bases for processing personal data and these are recorded in the section ‘What Information does Paladin collect and why’.

How Paladin collects information

Paladin may collect personal information in the following ways:

  • Directly from you – if you make a donation or refer yourself for support
  • From other organisations, with your permission – for example if the police or other agency makes a referral to us for support on your behalf
  • Publicly available information – we may use data freely available to the public, such as within the criminal courts system or published in articles
  • Indirectly from you – if you make a donation to Paladin via Global Giving or Local Giving, your information may be shared with us with your consent
  • From organisations, without consent – for example if there is a legal reason to do so, for example with a high risk victim being referred to the Multi Agency Risk Assessment Conference (MARAC)

What information does Paladin collect and why?

Paladin needs to collect personal data in order to fulfil its role as an employer; in our work to provide support to victims of domestic abuse, to meet our obligations as members of various statutory review panels and to raise awareness of stalking in the wider community.

Some information is collected because it is in our legitimate interest to process the data and in this situation we always balance this against your rights as an individual. We ensure that we only use personal data for a purpose that you would reasonably expect. Other data will be collected with the consent of the individual concerned.

Detailed below are the types of personal data which we collect and the reasons, or legal basis,for doing so:

  • We are required to collect information on staff, trustees and volunteers that is necessary to fulfil our role as an employer. We will also collect personal data from prospective employees or volunteers in order to process the application. Paladin has a legal obligation to collect this information to meet the legal requirements of the Charity Commission; Companies House and employment legislation.
  • Data relating to people who are referred to our services for support are collected to enable us to make safe contact with them. Paladin has a legitimate interest in processing names, addresses, contact details and demographic/health information if this is available, in order to make contact to offer support.
  • Clients who accept support from Paladin may be asked for further information in order to provide the best possible support to them. This may include demographic information, details of their children, emergency contact details, health information. This information may also be used for equalities monitoring and in this situation, all data will be anonymised. Consent will always be asked when collecting this information.
  • Personal data of high risk MARAC cases will be recorded on our system. Processing of this data is required in order for Paladin to fulfil its official function as MARAC partner.
  • We take personal details from donors and supporters to Paladin in order to administer the donation and to comply with Gift Aid regulations. Consent will always be asked when collecting this information.
  • Name and contact details will be taken for people attending training and other events and sessions held by Paladin. Consent will always be asked when collecting this information.
  • We use CCTV at our office sites for crime prevention purposes. We have a separate CCTV policy.
  • Bank details will be processed from suppliers of goods and services to Paladin. This data is required to fulfil the contract of making the purchase.

Some anonymised data will be used for monitoring and reporting purposes. No individuals will be identifiable from data used for this purpose.

Is my data secure with Paladin?

In short, yes it is. Personal data may be stored electronically on the computer, in paper files, and/or on locked and protected mobile devices. We make sure that all personal data is held in a secure way and only relevant and appropriate people will be able to access it. Detailed below are some examples of how we keep information secure:

  • Access to personal data on case management systems is restricted on a ‘need to know’ basis. Appropriate permission levels are applied so only relevant staff have access to data.
  • Data stored electronically will be password protected and only appropriate staff will have access.
  • All staff are fully trained in how to handle personal data including when and how it can be shared.
  • Paladin systems have full IT security protection, including firewalls and encryption.

All personal data held by Paladin is stored on systems in the UK. No data is held or stored outside the UK.

Personal data will be retained by Paladin for a minimum period of time in accordance with applicable legislation. Data which is no longer required will be securely deleted and disposed of.

Who does Paladin share information with?

Paladin uses various other organisations to help deliver support and to assist with our legal obligations by processing data on our behalf. Where we deliver services and contracts in partnership with others, these companies are also known as Data Controllers. They have agreements with us about the types of data we hold and share to be able to offer services. We also work with other companies who process data on our behalf, these companies are known as Data Processors. Your data may be shared with all or some of these organisations and it will only be shared if it is necessary to complete our obligations. For example, individuals who are referred for support will have their details added to a case management system or donors details will be recorded for the purposes of collecting Gift Aid.

When Paladin shares personal information with another organisation will always have an agreement in place to ensure that they comply with all data protection law.

In the course of providing support to clients, Paladin may also ask for consent to share personal data with other organisations so that we can provide the best support to you. For example, this could include police, witness care, housing providers, health agencies, education or any other relevant agencies. This will be explained to you at the start of support and you can give or withdraw your consent to share data with other agencies at any time.

On a rare occasion it may be necessary for us to share personal information without consent if we are required to do so by a court order or if there are other valid reasons, such as the protect a child or adult who is thought to be at risk or to stop a crime. If this happens, then we will record our reasons for doing it, the information we have shared. We will also let you know what we have done, if it is safe to do so.

We never sell your personal information on to anyone else.

It’s your personal data

The data we hold is about you and the law gives you rights about what we can do with your information:

Consent

You can give or withdraw consent for Paladin to share your personal data at any time. As mentioned previously, this will also be explained to you at the start of support. There may be circumstances in which we override your consent, but reasons for this will be always explained to you.

Subject Access Request

You can ask for all the information we hold about you and this is called a ‘Subject Access Request’. These requests can be in writing or verbally, so please ask about our Responding to Requests for Information Procedure. If you ask to see your data, we will provide your information within one month of receipt of the request.

There may be some parts of your data which would not be able to let you see and this could include information which could cause serious harm to your, or someone else’s wellbeing; or confidential information about other people; for example any other professionals involved in your case. This will be explained to you.

Inaccurate information

If you think that any of the data we hold is wrong, please let us know by informing your keyworker or contacting us at data protection email address. Paladin would always ask that if you are receiving support from us, that you keep us informed with your correct address and contact details.

Right to be forgotten

It is possible to ask for all your personal information to be deleted from Paladin records. Requests for your data to be deleted should be made to anyone within Paladin.

There may be some reasons why we are unable to delete all your personal information, for example, if we are required to keep it by law.

Cookies and our website

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use traffic log cookies to identify which pages on the website are being used. This helps us analyse data about web page traffic and improve our website and we need to use it for statistical analytical purposes and then the data is removed from the system.

Most web browsers allow some control of most cookies and this is done through the internet browser settings. To find out more about cookies, visit www.aboutcookies.org  or www.allaboutcookies.org .

Our website may contain links to other websites which may be of use to you. This privacy notice only applies to this website so when you link to another website, you should also read their own privacy notices.

How to contact us

If you have any concerns or worries about how your personal data is being processed by us, please contact us by writing to us at the following address:

Data Protection Enquiry

Paladin NSAS

PO Box 77

BB5 1GJ

info@paladinservice.co.uk

Further information about privacy and personal data

If you would like to get independent advice about data protection, data sharing issues or privacy, or lodge a complaint about how we process your data, you can contact the Information Commissioner’s Office (ICO) at the following address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

www.ico.org.uk/for-the-public

Notes in relation to subject access requests

We will try to make as much information available as possible. However, we may sometimes have a good reason for withholding information.

The Act contains a number of exemptions. Some of these are 'absolute'. If the information falls into one of these categories we are not obliged to release it. Others are 'qualified'. If the information falls into one of these categories we have to decide whether the public interest lies in releasing or withholding the information.

There are various reasons why information may be withheld. Some examples are where:

  • the information is available somewhere else (in another place, or under other legislation)
  • we intend to publish the information in the future
  • the law says we must not release it, or
  • disclosure would
  • breach confidentiality or contravene the Data Protection Act, or
  • harm the effective conduct of public affairs; the economy; commercial interests; law enforcement and investigations; health & safety; the environment; national security or defence

If we decide to withhold information, we will tell you why and explain your rights of appeal.