Privacy and Cookie Policy

Privacy Statement

At My Sight Nottinghamshire we are committed to protecting your privacy. This statement describes how we collect and use personal information. The terms of this statement may change, so please check it from time to time.

Our data protection practices are regulated by a supervisory authority. The UK Supervisory Authority under the General Data Protection Regulation (“GDPR”) is the Information Commissioner’s Office (“ICO”). As a UK-based charity processing the personal data of individuals based in the UK, our supervisory authority is the ICO.

If you have any queries about this privacy statement, please contact the Data Protection Officer at:

Email: info@mysightnotts.org.uk
Tel: 0115 9706806

My Sight Nottinghamshire,
26 – 28 Heathcoat Street,
Nottingham NG1 3AA

Cookies on My Sight Notts website

Cookies are small data files that are sent from a website to your computer or mobile phone. They are stored on the hard drive of your device. Some are stored just for the duration of your visit to the website; others are stored for much longer periods.

How we use cookies

We use cookies to make our website work better for you. Our cookies do not collect or give us access to any personal information about you. They cannot identify you.

We only use cookies to enable accessibility options and enhance the user experience. By using My Sight Nottinghamshire’s website, you consent to our use of cookies.

Usability and accessibility settings

Our website allows you to resize text, change colour contrast options or convert the entire site to text only. If you use any of these accessibility options, these settings are stored in a cookie so that your chosen format follows you around the website and to your next visit to the site from the same device.

These cookies do not give us any access to your personal information.

If you want to use the site without cookies or would like to know more, you can find out how to do that on the About Cookies website.

What information do we collect and how do we use it?

We obtain personal information from you and use it as follows:

Information requests

We use contact information from web forms, emails, mail and telephone to send you information or materials that you have requested or to provide you a service. Your contact information is also used to contact you when necessary, for example, to fulfil a query or to provide a service.

Orders/Event Bookings and donations

Any orders/event bookings and donations you make will require personal and financial information. We will collect personal information (such as name and contact details) and financial information (such as account numbers).

Contact information and financial information from the order, donation forms or enquiries are used to fulfil orders or provide services. Your contact information is also used to get in touch with you when necessary, for example to be able to fulfil an order. Financial information that is collected is held securely and deleted on an ongoing basis.

We may sometimes contact you with information from companies which may be of interest to you.

We will not sell or exchange your details with other organisations other than where we have a duty to share your information with third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings.

Newsletters and Information Updates

Individuals have access to various newsletters and information updates from My Sight Notts and can choose which communications they wish to receive. If you no longer wish to receive these communications please let us know.

Applying for a job or volunteering position

We will collect data about you, both personal data (such as your name and contact details) and also sensitive personal data (such as information in your CV or application form). The personal data and sensitive personal data will be stored, processed, used and disclosed by us in the following ways:

  • To facilitate the recruitment process
  • To enable you to apply online for jobs
  • To answer your questions and enquiries
  • To third parties where we have retained them to provide services that we, you or our client have requested including references, qualifications and criminal reference checking services.
  • To use your information on an anonymised basis to monitor compliance with our equal opportunities policy

Using our services

We will collect data about you, both personal data (such as your name and contact details), sensitive personal data (such as information about your mobility requirements and health) and information about the support that we provide. The data will be stored, processed and used in the following ways to provide and administer our services:

  • To answer your questions and enquiries
  • To make sure the staff supporting you have accurate, up to date information to help them decide the best possible support for you
  • To make sure that your concerns can be properly investigated if you have a complaint;
  • To monitoring the quality of services provided
  • To monitor our outputs and outcomes
  • To use your information on an anonymised basis to monitor compliance with our equal opportunities policy

Lawful Basis for Processing Your Information

Our lawful basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it.

We will collect personal information from you only:

(i) where we have your consent to do so
(ii) where we need the personal information to perform a contract with you
(iii) where the processing is in our legitimate interests and not overridden by your rights, or
(iiii) where we have a legal obligation to do so.

If you receive any newsletter, information Updates or mail-outs, from My Sight Notts you can withdraw consent or withdraw your preferences at any point.

If you have provided a service to us, we will use your data as necessary to fulfil our contractual obligations, including to enable us to process your request for payment and ensure timely payment.

In order to provide services to individuals we will use your data as necessary to fulfil our contractual obligations, including; to deliver personalised support by email, phone and in person.

We may collate personal information for example recording support provided, under our legitimate interests, enabling us to provide an effective and continuous service to you, improve our services in future and monitor our impact.

If you have used our services, we may still keep your personal information for up to three years after you have left under our legitimate interests. We wish to provide a quality experience which includes consideration of the services that we have provided to people. We always weigh the consideration of our legitimate interests against your privacy rights to ensure your rights are not overridden.

Your consent

By providing us with your personal data, including sensitive personal data such as on your health, you consent to the collection and use of this information in accordance with the purposes described above and this privacy statement. In the event that we need to share your details with other organisations to fulfil your order or query on our behalf, we will ask your consent to do so.

Sharing your information without your consent

We will normally inform you and ensure you are happy for your information to be shared, but there are times when we may need to share your information without your consent. Examples may include occasions where we are legally required to do so, or the law allows us to do so in order to protect you or other people.

Such situations include:

  • Where there is a risk of harm or abuse to you or other people;
  • Where a serious crime is being investigated or where it could be prevented

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable contract, legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.

Information Security

We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your Rights

Under the General Data Protection Regulation, you have the following data protection rights:

Right to be informed

We will strive to be transparent in how we collect and use personal data. This Privacy Notice sets out how we do that and is publicly available. We are happy to receive questions or comments about any information contained in this Notice.

Right of access

If we store your personal data, you have the right to make a subject access request. We are required by law to make this information available to you within a month, unless the request is complex or there are numerous requests. This information will be supplied to you electronically in a format that is accessible to you. This will be free of charge.

Right to rectification

If you become aware that we hold incorrect or incomplete information about you, you can contact us to provide us with the correct information. We have a duty to keep up to date information.

Right to erasure (otherwise known as the ‘right to be forgotten’)

If you withdraw your consent and it is our only legal basis for keeping your information, your personal information will be deleted upon your request.

If we no longer have a legitimate interest for keeping your data or the reason for keeping the information at the time you provided it is no longer applicable, we will delete your information upon request.

There may however be situations where it is not possible, for example where we are required to by law. In these cases, we will explain to you why it is not possible to fulfil your request completely, however we will work with you to minimise any processing of that data.

Right to restrict processing

At this request, we will continue to store your data but will restrict any further processing. Decisions to restrict will be based on assessing whether legitimate grounds override individual rights or not.

Right to data portability

This is not applicable to us as we would not currently move your data to another organisations IT platform.

Right to object

You have the right to object to any direct marketing. Some of our direct marketing is done through our email briefings which we seek your consent for. If you withdraw consent, we will cease this marketing immediately. You also have the right to object to processing based on legitimate interests or the performance of a task in the public interest, exercise of official authority, or for purposes of scientific/historical research and statistics. At this point we will consider the weight of the legitimate need to process data again the individual’s privacy rights.

Rights regarding automated decision making and profiling

This is not applicable as we do not currently automate decision making nor carry out any profiling.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office Helpline on 0303 123 1113 or via the website at https://ico.org.uk/concerns/

What if I do not agree with this privacy policy?

If you do not agree to our processing of your data in the manner outlined in the policy, please do not submit any personal data to us.

Further information and accessing your records

If you would like to know more about how we use your information you can:

  • Speak to the person in charge of your support;
  • Speak to the Services or Fundraising Manager.
  • Speak to the Admin Manager who is our nominated Data Protection Officer.

If you wish to exercise your aforementioned rights, please contact the Admin Manager / Data Protection Officer as follows:

Michelle Spouge, My Sight Notts, 26 – 28 Heathcoat Street, Nottingham NG1 3AA.

Tel: 0115 9706806
Email: michelles@mysightnotts.org.uk

The Data Protection Officer must respond to these requests within 1 month.

Where a request for copy of personal data is made electronically we are able to supply the data in a commonly used electronic format if requested, or unless otherwise requested.

In accordance with the GDPR there is no charge for supply of copies of records, although in certain circumstances you may be charged a reasonable administration fee, for example if you require several copies of the records.

You should be aware that in exceptional circumstances some information may be withheld to protect you from undue harm, or where a third party is involved.

Changes to this privacy policy

If this privacy policy changes in any way, we will put an updated version on our website. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances.

Implementation, Monitoring and Review of this Policy

The Chief Executive Officer has overall responsibility for implementing and monitoring this policy, which will be reviewed on a regular basis following its implementation and additionally whenever there are relevant changes in legislation or to our working practices.

Policy created on: 21.05.18
Michael Conroy CEO