Privacy Policy

1: INTRODUCTION  

Project55(UK) [The Company] registered in June 2024 as a not-for-profit limited by guarantee, Community Interest Company. We are registered with the Regulator of Community Interest Companies and Companies House [Registration Number: 15768187]. We are also registered with the Information Commissioner's Office [Registration: ZB792851], and we comply with the Data Protection Act [DPA] 2018 and the UK General Data Protection Regulation (GDPR) requirements for data security and protection. The privacy and security of personal information are essential, and this Privacy Notice sets out -

  1. What we collect.

  2. How we collect it.

  3. What we do with personal information and your rights in relation to the information we hold about you in accordance with the Data Protection Act [DPA] 2018 and the UK General Data Protection Regulation (GDPR) requirements.

  4. Consent, confidentiality and disclosure. 

  5. How we keep your information secure.

  6. We do not share or sell personal data and do not engage with direct marketing emails unless specifically asked for information.

2: SERVICES 

We offer a range of core services and take a holistic approach to positive change. We collaborate with individuals, families, and groups on preventative measures and post-incident interventions to reduce crime, violence, exploitation, and abuse and create safer places to live, work, and socialise.

3: COMMITMENT  

We value privacy and confidentiality, and as the Data Controller, we adhere to strict data protection standards. Transparency is as important to us as it is to those who use our services. Personal data will be processed in accordance with the GDPR UK and the DPA 2018. Clients will be informed of what will be shared, with whom, and how, which will help determine the next steps. The Company does not share information outside the organisation without consent, although this is waived if there is a legal requirement to do so to limit a severe risk of harm. The Company only uses your data to ensure we can provide the best service and support; we do not sell your data. Data also assists in administering and managing business needs, including quality control and audits; it processes funding applications, furthers the Community Interest Company's aims and objectives, and generates progress reports on the services and support carried out by the Company, including fraud prevention and money laundering checks, undertakes credit risk reduction activities and/or establishes, defends, or enforces legal claims. We are committed to transparency in meeting our client service obligations and in complying with regulators, governing bodies, and other service providers used to support the business.

4: THE INFORMATION WE COLLECT 

  1. Personal data is available from the first point of contact and may consist of several streams of information depending on the type of contact used. The Company will collect information only when there is a clear reason to do so.

  2. Initial contact – Name, Contact details, and Pronoun.

  3. Additional contact may include – Date of Birth and Relationship status. 

  4. Sensitive data is only required on a need-to-know basis, dependent on service requirements [Section 5]. 

  5. Marketing—Information about events, activities, or services will be available on the website or social media channels.

  6. Data from any financial payment for services, donations or sponsorships will only be used for that purpose. 

Project55(UK) ©2024 

Name: Client Charter and Service Standards

Date: 11/ 2024

Ref: CC_03 v1

5: SPECIAL CATEGORIES OF PERSONAL DATA 

  1. Article 9 UK GDPR: Some aspects of personal information are considered to be sensitive and fall under ‘special category data’, which typically includes race, ethnicity, political views, and religious or philosophical beliefs. Additional categories include health, revealing trade union membership, sex life, sexuality, and genetic information. 

  2. Some special categories of personal data may be collected via our Equality, Diversity, and Inclusion anonymous monitoring process. For a more specific reason or service, we may require more targeted information about health, race, nationality, ethnicity, religious beliefs, political views, trade union membership, sexual orientation, or genetic/biometric information. Should this type of information be required, it will be discussed beforehand.

  3. CareCheck completes the Standard or Enhanced Disclosure and Barring Screening (DBS) recruitment process on behalf of the Company, and occasionally, the biometric information service may be used.

6: COLLECTING DATA

We use a range of contact services, including in-person interactions at events, direct email, website messaging, and phone calls, which may also result in SMS messages. Postal correspondence may also include additional information. We may also receive referrals from our various networks or from social media posts. Each process is likely to create a data footprint consisting of direct and indirect data. Anything shared online is likely to be controlled by cookies [Section 11/12], and everyone is advised to be aware of what this means. 

7: HOW WE USE PERSONAL DATA

We use personal data for several purposes –

  1. Demographics – we may not be providing a service where it is needed.

  2. To create bespoke services.

  3. To widen our network of professional services and to collaborate with other organisations.

  4. For recruitment purposes.

7.1: Legitimate Use of Personal Information – 

The Client: 

  1. To maintain contact and records. 

  2. To provide and administer services, information, products or events.

  3. To respond to all communication – enquiries/complaints/updates.

  4. To safeguard clients and all team members – paid, volunteers, freelancers, contractors or subcontractors.

The Team: 

  1. To process applications for employment or volunteering opportunities.  

  2. Maintain records for all personnel - paid, volunteers, freelancers, contractors or subcontractors.

  3. Identify skill gap training.

  4. Quality control.

The Website/Social Media: 

  1. To ensure that the website and social media outlets are populated with the correct information.

  2. To ethically screen personal data via the website to conduct due diligence and research to improve services.

  3. To understand how we can improve our services, products or information through analysis, market research and auditing.

  4. To administer the website and its social media outlets for research, statistical information, surveys, and general administration functions. 

  5. To display content appropriate to the use of a mobile device or a computer. 

  6. To monitor the website, identify visitor location, guard against disruptions, website traffic and/or personalise information.

  7. The use of Cookies will apply; therefore, check what permissions are agreed to.

8: ACCESSIBILITY TOOLS

  1. The Company website signposts users to external third-party information to assist with accessibility requirements, such as vision, hearing, or neurodiversity. The links are for information purposes and outside of our control, so please read any ‘cookie consent’ carefully. 

       My Computer My Way: https://mcmw.abilitynet.org.uk/  

       Microsoft accessibility tools: Accessibility Technology & Tools | Microsoft Accessibility 

  1. Each site will have its privacy policy, which users are reminded to check to find out what information is stored and shared with other parties.

  2. The Company does not collect data from this process.

9: STORING, PROTECTING and PROCESSING DATA

  1. Information will be managed and stored securely in ways to prevent unlawful or unauthorised access, loss, damage, destruction or deletion.

  2. The majority of documents and information will be stored electronically; hard copies will be limited and scanned where possible.

  3. Access to any file/information is on a need-to-know basis.  

  4. Technology-assisted security protects our online information with regular updates and checks to maintain the security of our systems. 

  5. Hardcopy files are secured in a locked cabinet.

  6. The Recruitment, Administration, and Management Privacy Policy states that the CareCheck Disclosure and Barring Service [data processor] applies to all personnel, freelancers, and contractors who provide a service, whether paid or voluntary.

  7. The Company pays for the process, and no team member (paid or voluntary), including those 16 years of age, can perform duties without a satisfactory Standard or *Enhanced DBS.

  8. Only personnel holding an Enhanced DBS will work with children under 18 and will have access to that data.

10: RETAINING PERSONAL INFORMATION 

The Company adheres to various legal requirements for retaining personal data within the parameters of legitimacy and for storing information for its intended purpose while using our services.

Data Protection Principles: Data Protection Act 2018

  1. Information will be used fairly, lawfully, transparently and only for specified, explicit purposes.

  2. Information will be accurate and up-to-date.

Clients can expect to be –

  1. Informed of how their data is being used.

  2. Can access their data – transparency.

  3. Any incorrect data will be updated upon notification.

  4. Client files are kept for two years after the last date of service use; this allows clients to request information or to return within that period. 

  5. Information no longer needed will be deleted and removed from the system.

  6. To exercise your data rights, please refer to Sections 12 and 13.

11: HOW to CONTACT US

Please contact us directly if you have any questions regarding your data.

Email: info@project55.uk

Mobile: +44 (0) 7766 116 430 

12: THE LAWFUL BASIS FOR COLLECTING AND USING YOUR DATA  

The Company respects the privacy of others. Under UK data protection law, which means we must have a “lawful basis” for collecting and using your personal information. ‘Necessary or Essential Cookies’ are required for the site's core functionality and will be set by default. Other cookies are optional [Section 13] *Cookies can identify information about website activity and the device used, including the IP address and geographical location. For more information, please visit the Information Commissioner’s Office (ICO) for further information about data protection rights and the exemptions that may apply to this site and third-party links and websites. Cookies | ICO

Consent: 

We have your permission after providing you with all the relevant information. All of your data protection rights may apply, except the right to object, although consent can be withdrawn at any time. 

Contract: 

We need to collect or use the information to enter into or conduct a contract with you. All of your data protection rights may apply, except the right to object.

Legal obligation: 

We must collect or use your information to comply with the law. All of your data protection rights may apply, except for the rights to erasure, object, and data portability.

Legitimate interests

We collect or use your information because it benefits you, our organisation or someone else without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. To ensure all parties understand what is required and that personal information will be used to support transparency. For further information, read  Section 7

Vital interests

The processing of your personal information is necessary to address a vulnerable situation, protect life, and prevent serious harm to yourself or someone else.

Public information

Where we process personal information which you have already made public.

13: YOUR DATA RIGHTS ALSO INCLUDE 

Your right of access: 

You have the right to request copies of your personal information and to ask us for additional information, such as details about where we obtain personal information and with whom we share it. There are some exemptions, which means you may not receive all the information you ask for. 

Your right to rectification: 

You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. 

Your right to erasure: 

You have the right to ask us to delete your personal information. 

Your right to restriction of processing: 

You have the right to request that we limit how we use your personal information.

Your right to object to processing: 

You have the right to object to the processing of your data. 

Your right to data portability:

You have the right to ask us to transfer the personal information you provided to another organisation or to you. 

Your right to withdraw consent: 

When we rely on consent as our lawful basis, you have the right to withdraw it at any time. 

Data protection rights request: 

To make a request, please use the contact details at the bottom of this privacy notice. We must respond to you without undue delay and, in any event, within one month.

14: COOKIES

Strictly Necessary: 

These cookies are essential for you to move around the website and use its features, such as accessing secure areas and cannot be deleted.

Performance - Optional:

These cookies collect information about how visitors use a website, such as which pages they visit most often and whether they receive error messages. They do not collect information that identifies a visitor. All information these cookies collect is aggregated and, therefore, anonymous.

Functionality – Optional:

These cookies allow the website to remember choices you make [such as your username, language or the region you are in] and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing the region where you are currently located in a cookie. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages you can customise. They may also be used to provide services you have asked for, such as watching videos or commenting on a blog. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.

Targeting/Advertising – Optional:

These cookies are used to deliver ads more relevant to you and your interests. They are also used to limit how often you see an advertisement and to help measure the effectiveness of the advertising campaign.

15: HOW to CONTROL and DELETE COOKIES 

Cookies can be managed through the browser's help function, although mobile device settings may differ.  Do take time to consider your options before proceeding. Some examples are provided below – 

Chrome: Turn cookies on or off - Computer - Google Account Help

Firefox: Enhanced Tracking Protection in Firefox for Desktop | Firefox Help 

Internet Explorer: http://support.microsoft.com/kb/278835

Microsoft Edge: Microsoft Edge, browsing data, and privacy - Microsoft Support