On 25th May 2018, one of the biggest changes to
UK data privacy law comes into effect. The General Data Protection Regulation (or
GDPR for short) is a really positive step towards people having more control
over how their data is used and how they are contacted. The changes will also
to reflect these changes. ASNEW is committed to data security and the fair
and transparent processing of personal data. This Policy sets out how ASNEW
treats personal data.
Please read this Policy carefully as it contains important information on who we are, how and why we collect and store, your personal data, your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data.
Who we are.
ASNEW provides an independent, confidential, free, equitable and accessible advocacy service to the people of North East Wales working to the Advocacy Charter and through the Advocacy Quality Mark Standards which has been recently retained.
ASNEW has charitable status: Registered Charity No 1110143 and is a Company Limited by Guarantee No 4707548 registered in England /Wales 2003
What personal data do we collect?
So that we can offer you the best possible service we need to collect some information about you.
Information such as your name and address, your date of birth, telephone numbers and any information relevant to your advocacy issue.
If you have benefit/employment issues we may need your national insurance number, or any other information that is identified .
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, and used for the purpose for which it was obtained
How long will we keep your personal data?
In order to collect the anonymised statistics that are required by our funders, the records we hold will be retained for 18 months following closure on our secure cloud based case work management system.
How is personal data protected?
We take all reasonable steps to ensure that ASNEW protects your personal data and are aware of their information security obligations. We operate a secure cloud based bespoke case work management system which is fully GDPR compliant, or with paper information which will be kept in a locked filing cabinet. We limit access to your personal data to those who have a genuine need to know within the organisation and not share it with anyone else unless you ask us to or we are required to by the law.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
The only exception to when we would breach someone’s information is fully explained in Advocacy Services North East Wales Confidentiality Policy.
Where ASNEW provides statutory advocacy services pertaining to the Mental Capacity Act and Mental Health Act there is a legal framework surrounding these services for which client information cannot be deleted and must be retained for six years.
Under the GDPR, you have various rights with
respect to our use of your personal data:
Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at the email below. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information, or if there is no basis for your request, or if it is excessive.
Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided below.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent, and processing is carried out by automated means. If you would like to request make such request, please contact us using the contact details provided below.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint the applicable supervisory authority or to seek a remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner’s Office.
Changes to this Policy
Any changes we may make to our Policy in the future will be put on our website www.asnew.org.uk
Contact Us If you have any queries about this Policy, the way in which Advocacy Services North East Wales processes personal data, or about exercising any of your rights, you can contact us at:
01352 759332 and ask for Data Privacy Manager,
or write to us at ASNEW, 42 High Street, Mold, Flintshire CH7 1BH