We are committed to protecting your privacy, whether as a member of staff, client, stakeholder, supporter, supplier or visitor to this website. This Privacy Notice explains what personal data we may collect, how we use it and how we ensure it is kept secure.
WHM is the Data Controller for all personal data WHM collects for various reasons and this data is held electronically on the computer, in paper files, and/or on locked and protected mobile devices. We take responsibility to ensure that your data is controlled appropriately and that all the individuals that process data on our behalf are trained and appropriate. All personal data that we collect will be used and protected in accordance with our Data Protection Policy. We are responsible for complying with data protection legislation including the General Data Protection Regulation (GDPR).
How WHM collects information:
WHM may collect personal information in the following ways:
- Directly from you – if you refer yourself for support, ask to be added to our mailing list or attend one of our events
- From other organisations, with your permission – for example if another agency makes a referral to us for support on your behalf
- Publicly available information – we may use data freely available to the public, such as information published in articles.
What is Personal Data?
Personal data is any information that relates to and identifies a living person; for example, name, address, CCTV images, computer IP address, email address.
Some types of personal information are classified as ‘sensitive personal data’ and this includes ethnicity; religious beliefs, physical/mental health; sexuality, information about criminal offences or proceedings.
Any organisation which processes personal data must have a lawful basis for doing so. WHM uses various legal bases for processing personal data and these are recorded in the section ‘What Information does WHM collect and why’.
What information does WHM collect and why?
WHM needs to collect personal data in order to fulfil its role to provide support and information to women and girls.
Some information is collected because it is in our legitimate interest to process the data and in this situation we always balance this against your rights as an individual. We ensure that we only use personal data for a purpose that you would reasonably expect. Other data will be collected with the consent of the individual concerned.
Detailed below are the types of personal data which we collect and the reasons, or legal basis, for doing so:
- Data relating to people who are referred to our services for support are collected to enable us to make safe contact with them. WHM has a legitimate interest in processing names, addresses, contact details and demographic/health information if this is available, in order to make contact to offer support.
- People who accept support from WHM, may be asked for further information in order to provide the best possible support to them. This may include demographic information, details of their children, emergency contact details, health information and notes on the work we do together. This information may also be used for equalities monitoring and in this situation, all data will be anonymised. Consent will always be asked when collecting this information.
- Name and contact details will be taken for people subscribing to our mailing list, attending training and other events and sessions held by WHM. Consent will always be asked when collecting this information.
Some anonymised data will be used for monitoring and reporting purposes. No individuals will be identifiable from data used for this purpose.
Is my data secure with WHM?
Yes. Personal data may be stored electronically on the computer, in paper files stored in locked cabinets, and/or on locked and protected mobile devices. We make sure that all personal data is held in a secure way and only relevant and appropriate people will be able to access it. Detailed below are some examples of how we keep information secure:
- Access to personal data on case management systems is restricted on a ‘need to know’ basis. Appropriate permission levels are applied so only relevant staff have access to data.
- Data stored electronically will be password protected and only appropriate staff will have access.
- All staff are fully trained in how to handle personal data including when and how it can be shared.
- WHM systems have full IT security protection, including firewalls and encryption.
Personal data will be retained by WHM for a minimum period of time in accordance with applicable legislation. Data, which is no longer required, will be securely deleted and disposed of after 6 years.
Who does WHM share information with?
WHM uses various other organisations to help deliver support and to assist with our legal obligations by processing data on our behalf. We also work with other companies who process data on our behalf, these companies are known as Data Processors. Your data may be shared with all or some of these organisations and it will only be shared if it is necessary to meet our obligations. For example, individuals who are referred for support will have their details added to a case management system.
When WHM shares personal information with another organisation we will always have clear evidence on how they comply with data protection law, and where relevant a data sharing agreement.
In the course of providing support to clients, WHM may also ask for consent to share personal data with other organisations so that we can provide the best support to you. For example, this could include other charities, housing providers, health and education agencies, or any other relevant agencies. This will be explained to you at the start of support. You can give or withdraw your consent to share data with other agencies at any time.
On a rare occasion it may be necessary for us to share personal information without consent if we are required to do so by a court order or if there are other valid reasons, such as the protect a child or adult who is thought to be at significant risk or to stop a crime. If this happens, then we will record our reasons for doing it, the information we have shared. We will also let you know what we have done, if it is safe to do so.
We never sell your personal information on to anyone else.
It’s your personal data
The data we hold is about you and the law gives you rights about what we can do with your information:
- ConsentYou can give or withdraw consent for WHM to share your personal data at any time. This will be explained to you at the start of support. There may be circumstances in which we override your consent, but reasons for this will be always explained to you.
- Subject Access RequestYou can ask for a copy of the information we hold about you and this is called a ‘Subject Access Request’. These requests can be in writing or verbally, so please ask about our Responding to Requests for Information Procedure. If you ask to see your data, we will provide your information within 28 days of receipt of the request.There may be some parts of your data which would not be able to let you see and this could include information which could cause serious harm to your, or someone else’s wellbeing; or confidential information about other people; for example any other professionals involved in your case. This will be explained to you.
- Inaccurate informationIf you think that any of the data we hold is wrong, please let us know by informing your keyworker or contacting us at data protection email address below. WHM would always ask that if you are receiving support from us, that you keep us informed with your correct address and contact details.
- Right to be forgottenYou have the right to ask that all of your personal information to be deleted from WHM’s records. Requests for your data to be deleted should be made in writing to Data Protection Enquiry WHM, Bridge House, Balm Road, Leeds, LS10 2TP or firstname.lastname@example.org
There may be some reasons why we are unable to delete all your personal information, for example, if we are required to keep it by law or if by deleting it, we could be putting someone at risk of serious harm.
Cookies and our website
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
When you visit our website we collect information to help us to understand how supporters use our site, and to make improvements. This information consists of your IP address, your browser (e.g. Internet Explorer), when you visited and which pages you visited or downloaded during your visit. We cannot use this information to find out further personal information about you, and will not share any individual information unless required to do so by law.
Our website may contain links to other websites which may be of use to you. This privacy notice only applies to this website so when you link to another website, you should also read their own privacy notices.
How to contact us
If you have any concerns or worries about how your personal data is being processed by us or would like to complain about how we manage your information, please contact us in writing at the following address:
Data Protection Enquiry
WHM, Suite 44A-48 Sugar Refinery, Sugar Mill Business Park, Oakhurst Avenue, Leeds, LS11 7DF
Further information about privacy and personal data
If you would like to get independent advice about data protection, data sharing issues or privacy, or lodge a complaint about how we process your data, you can contact the Information Commissioner’s Office (ICO) at the following address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.