Privacy Notice
Servol Community Services are committed to protecting and respecting your privacy. We don’t hide behind small print because we understand how important your privacy is to you.
That’s why we share everything you need to know about what we do with your personal information (or “personal data”). We also make it simple for you to tell us what you want us to do with your personal data.
We aim to be transparent and fair in all aspects of how we collect, manage and account for your personal data. We take the privacy and security of your personal information very seriously. We are committed to complying with our legal obligations under Data Protection legislation (the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)) and any updated legislation.
This Privacy Notice explains what types of personal information we collect about you, what we do with that personal information, the legal basis for our processing of your personal information, what rights you have in relation to your personal information and how you can exercise those rights. It also explains how we keep your personal information safe and secure.
This Privacy Notice is effective from May 2024.
IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE
Servol Community Services is a charitable incorporated organisation (Company number 03470752 and a registered charity in England and Wales no 1125896) and we are a Data Controller in respect of your personal data. We are registered with the Information Commissioner’s Office and our registration number is ZA311118.
This privacy notice gives you information on how Servol Community Services collects and processes your personal data through the provision of our services to our service users, through individuals’ usage of our website or through any other communications you in connection with our services or charity.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This notice supplements other privacy notices and is not intended to override them. We may update this notice at any time, details of which are found at the end of this document.
CONTACT DETAILS
If you have any questions about this privacy notice or any other Data Protection query, please contact us using the details set out below;
- Full name of legal entity: Servol Community Services
- Email address: enquiries@servolct.org
- Postal address: Suite 125, 51 Pinfold Street, Birmingham B2 4AY
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you would like to opt-out of any services we provide.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, process and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes name, date of birth, gender or pro-noun, nationality, NHS number or relevant identity number.
- Contact Data includes address, email address and telephone numbers, company information. It also includes any contact details provided to us relating to your friends, family or preferred contact, next of kin, your solicitor and your registered GP.
- Financial Data includes company invoices, details about payments, bank account details, payment information from providers such as NHS or a Local Authority.
- Professional Data includes details relating to your organisation, employment information and contact details as well as relevant financial data.
- Technical Data includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website.
- Special category Data may include race/ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, genetic or biometric information.
- Health Data may include your medical records, your mental health or condition, your medication and any associated side effects or allergies. It also includes risks or associated behaviours and any useful interventions to ensure we keep you safe in the delivery of our services to you.
- Marketing & Communications Data such as marketing and communication preferences, your interests and feedback.
For the purposes of this notice, criminal data will be treated as special category data.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the service you have with us, but we will notify you if this is the case at the time.HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:- Where we need to perform the contract we are about to enter into or have entered into with you (Article 6(1)(b).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (Article 6(1)(f).
- Where we need to comply with a legal obligation (Article 6(1)(c).
- Where we need to protect your vital interests (emergency situations on our premises) (Article 6(1)(d).
- Where we need your consent (Article 6(1)(a).
- where it is necessary for health or social care purposes (Article 9(2)(h).
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below a description of the ways we use your personal data, and which of the legal bases for processing we rely on to do so.
PURPOSES/ACTIVITY
- To register you as a new service user: Article 6(1)(b) Performance of a contract & Article 9(2)(h) Necessary to provide healthcare for you.
- To help inform decisions about your care and treatment: Article 6(1)(b) Performance of a contract & Article 9(2)(h) Necessary to provide healthcare for you.
- To ensure your treatment is safe and effective and administer medication: Article 6(1)(b) Performance of a contract & Article 9(2)(h) Necessary to provide healthcare for you.
- To work effectively with other organisations and individuals who may be involved in your care: Article 6(1)(f) Necessary for our legitimate interests (to work with relevant parties to aid our care for you and assist our charity).
- To work in partnership with your friends, family or next of kin to bring about better outcomes for you: Article 6(1)(f) Necessary for our legitimate interests (to work with relevant parties to aid our care for you and assist our charity).
- To investigate your (or any other) queries, complaints and legal claims: Article 6(1)(f) Necessary for our legitimate interests (to resolve issues within the charity).
- To process financial matters, such as managing invoices, payments, fees, charges & collecting and recovering money owed to us: Article 6(1)(b) Performance of a contract & Article 6(1)(f) Necessary for our legitimate interests (to recover debts due to us).
- To ensure our services can continue to meet current and future needs: Article 6(1)(f) Necessary for our legitimate interests (for running our charity).
- To administer our business, including administration, finance, data analysis, testing, system maintenance, support, reporting and hosting of data: Article 6(1)(f) Necessary for our legitimate interests (for running our charity).
- To use data analytics to improve our website, products/services, marketing, supplier or relevant third party relationships: Article 6(1)(f) Necessary for our legitimate interests (for running our charity).
- To comply with any legal obligations upon us: Article 6(1)(c) necessary to comply with a legal obligation.
- To market our charity: Article 6(1)(a) With your consent & Article 6(1)(f) Necessary for our legitimate interests (for marketing our charity).
- To monitor our premises for health and safety and crime prevention purposes via the use of CCTV: Article 6(1)(f) Necessary for our legitimate interests (to ensure our premises are safe).
Please note the above list is not exhaustive but gives an indication of the data we collect and our legal bases for processing your personal data.
MARKETING
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Servol Community Services may market our service users and relevant third parties, who may be interested in our charity, with information which we feel may be of interest. We will obtain the relevant consent or permissions to do so and we will not share your personal data with any third party for marketing purposes. You can ask us to stop sending you marketing messages at any time by contacting us or by clicking the ‘Unsubscribe’ link in our emails.
COOKIES
To maintain and run Servol Community Services website, we collect and process data about users, including information about usage of our site, including pages viewed and resources accessed, and traffic data, geographical data and other communication data. This information is gathered by cookies. Cookies are downloaded onto a user’s computer and stored on the computer’s hard drive, providing statistical data. You can set your browser to refuse all or some browser cookies, however if you do so please note that some parts of our website may become inaccessible or not function properly.
More information about how our website uses cookies can be found in our Cookie Policy.
Our website includes links to third-party websites, plug-ins and applications which we think may be of interest to you. Clicking on those links takes you to the relevant third parties’ website where the third party will collect data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
In the unlikely event that we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
DISCLOSURES AND SHARING OF YOUR PERSONAL DATA
We will share your personal data with authorised third parties. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Additionally, we may be required by law to share your personal data.
The following is an indication of the third parties we may share your personal information with:
- Relevant public sector organisations such as the Local Authority, the NHS, your GP, Safeguarding bodies, the Care Quality Commission (CQC) on a case-by-case basis as appropriate.
- The relevant Local Housing provider.
- The relevant Pharmacy for the prescription of your medication.
- Your Solicitor, next of kin, Power of Attorney, friend, family member or advocate, on a case-by-case basis as appropriate.
- HM Revenue & Customs, regulators and other Authorities who require reporting of processing activities in certain circumstances.
- Within Servol Community Services.
- Professional service providers who help us run our charity, such as CRM solutions, website hosts, IT provider, finance provider, alarm & CCTV services.
- Third party provider’s systems, such as Local Authority portals and frameworks, NHS secure email or CQC safeguarding portal.
- To any competent law enforcement body, regulatory, government agency, court, prison or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
- Social Media Platforms, if you link from our website to a Social Media Platform, they will collect your information. We encourage you to review the privacy policies of the Social Media Platforms that you engage with to understand their privacy practices, which we do not control.
- Corporate Transactions, we may transfer any of the information we have about you to proceed with the consideration, negotiation, or completion of a sale or transfer of all or a portion of our charity or assets to a third party, such as in the event of a merger, acquisition or other disposition, or in connection with a bankruptcy reorganisation, dissolution, or liquidation.
- To enforce or apply our Terms of Service or other agreements or to protect Servol Community Services and our service users (including with other companies and organisations for the purposes of fraud protection and credit risk reduction),
- To any other person with your consent to the disclosure.
A list of third parties who we may share your data with can be obtained from us. Please note this list is not exhaustive but gives an indication of the data we share with third parties.
INTERNATIONAL TRANSFERS
Our data is typically hosted in the UK and other parts of the EEA, there are however some of our contracted technical service providers that process data from outside of the EEA. Where these transfers and any other transfers that may occur in the future are concerned, we ensure that there is a legal basis for the transfer and a lawful transfer mechanism in place prior to any transfers in place, in accordance with Data Protection legislation.
Any such transfers are currently done using either a transfer to a country with an adequacy ruling, or if a third country, using the UK International Data Transfer Agreement (IDTA), or the European Commission Standard Contractual Terms (SCC’s) with the UK ICO Standard Contractual Clauses Addendum and the relevant transfer impact/risk assessments. Should the international data transfer requirements change, we will review the obligations and amend this notice as appropriate. Please contact us for further information in this respect.
DATA SECURITY
We take the security of your information very seriously. We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have policies and procedures in place which are regularly reviewed and updated to ensure staff understand their responsibilities towards protecting personal data and we ensure that our staff regularly undertake data protection training. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
DATA RETENTION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of servicing our service users, satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Please contact for further information.
YOUR LEGAL RIGHTS
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
Right to be informed by the provision of a privacy notice when your personal information is processed.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
Request the transfer of your personal information to another party.
Automated decision making, including profiling We do not envisage that we will conduct any automated processing including profiling, however we will inform you if this changes.
Generally, you will not have to pay a fee to exercise any of your legal rights. However, we are entitled to charge a reasonable fee if any request is clearly unfounded, repetitive or excessive. We can also refuse to comply with an unfounded or excessive request. We may need to request information from you to confirm your identity, in order to make sure that personal data is not disclosed to someone who is not entitled to have it. We may also need to ask you for additional information to help us respond to your request. We will try to respond to your request within one month but, if the request is very complex or if you have made a number of requests, we are legally able to extend the request by an additional two months. In such circumstances, we will explain to you why it will take longer to respond and we will keep you updated.
Please contact to exercise any of your rights.
CHANGES TO THIS PRIVACY NOTICE
From time to time, we may revise this Privacy Notice. Any such changes will be reflected on this page. Servol Community Services recommends that you review this Privacy Notice regularly for any updates. The date on which this notice was last revised is located below.
| Revision History | |||
| No | Details | Date | Author |
| V1.2 | Review | 12/12/23 | Nicola Palmer |
