The safety of your personal information is something that we take very seriously and we are committed to protecting and respecting your privacy.
You may have heard of the General Data Protection Regulation (or GDPR); if you haven’t, it is legislation regarding how personal data can be stored and used and was effective from 25th May 2018. This Privacy Policy has been written in accordance with GDPR.
This Privacy Policy explains how we use, process and protect your personal information for the purposes of providing support to service users, training professionals, campaigning and taking an active role in safeguarding arrangements in the West Midlands.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
If you have any questions about what we have set out below then please contact us at inforequests@blackcountrywomensaid.co.uk.
Personal information is anything that can identify you, for example your name, address, personal details in a client referral form, or email address for a newsletter subscriber. We collect information about you if you have:
When you apply for a role you will fill in a standard form which sets out your contact details, some personal information about your career and / or education history, and your information in support of your application. This will include a statement about any criminal convictions or cautions you may have. We process your information to carry out a recruitment / placement exercise.
Once working with us you will continue to share information with us, and we will record information about you, including relevant health information (e.g. if you take sick leave, maternity leave, disclose a disability), financial information (salary/pension/NI contributions etc) and information you might share in supervision. We will process this information to manage and support you in your work, and to comply with employment and other legal requirements and any contractual relationships we have in place (for example with external educators).
More information can be found in BCWA Privacy Notice for Applicants v1
You may have supplied your information to us via your employer, local authority training portal or directly onto an Eventbrite page. We will process your information for legitimate interests: in order to deliver the training, and follow up with you for feedback on the event.
When you subscribe to newsletters or emails from us, we require:
We will collect this information as part of your subscription to our mailing lists, when you provide your details on our website, or on a sign-up sheet at an event.
A subscription to our mailing lists means that you will automatically receive email updates about BCWA related activities. We will not email you unnecessarily or for a purpose that you have not agreed to.
Our legal basis for processing your information is consent, therefore you will only receive emails and other information that you have consented to receive.
You may withdraw your consent at any time by using the ‘unsubscribe’ link on any of our newsletters.
If you unsubscribe from our emails or withdraw your consent for us to use your personal information in this way, we will retain your information within our systems to prevent emails from being sent to you by us. We will keep this information only for as long as we require it for these purposes.
We use external platforms to manage our email marketing and communications. The platform we use is MailChimp.
Our emails may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Whilst using our website we collect anonymous information about your browsing session to help us improve our website.
We use a tool called Google Analytics to collect this data. All of the data is stored securely on Google’s servers. In order to track your browsing across sessions, Google analytics will place a ‘cookie’ on your machine (a small text file that websites use to track and remember information across several browsing sessions). You can tell your web browser not to accept cookies if you don’t your data to be collected in this way (refer to your web browser’s help file for more information).
For further details on Google Analytics, and the Google Analytics privacy policy, please visit the Google Analytics website.
You can refer yourself to us by calling our general number or helpline, details here. As you would expect, we will then take details from you including your name, contact details, your current situation, and some monitoring information like your age, ethnicity, and nationality. We keep all of this information securely on our purpose-built database, and share it internally so that you can receive the support you need from us.
You can ask to see your file at any time.
The legal basis for us to process your information is our legitimate interests in offering support to clients.
We ask referrers to seek your consent before referring you to us. They will fill out a form to give us your contact details, monitoring information, personal circumstances, and support needs. We process this information onto our database. We will then call you to check that you are happy to receive support from us, and then link you up with a support worker.
You can ask to see your file at any time.
The legal basis for us to process your information is our legitimate interests in offering support to clients.
We are part of safeguarding teams which operate across the West Midlands, including MARAC boards and MASH teams. These bring together all the agencies involved in safeguarding adults and children – police, local authorities, NHS, schools and other voluntary sector agencies.
People can have their cases referred to these teams after an incident has occurred, or where someone is concerned about their safety. In many cases the subject of the referral is told in advance that they will have their case brought to the safeguarding team, but this won’t always happen (for example: if there is an immediate risk of harm, or if it is not practically possible to contact the individual).
As part of the information sharing, details may be shared of other people linked to an incident – children, household members, witnesses, and the alleged perpetrator. These people will generally not be told that there is a safeguarding referral, because sharing this information with them might put the victim at risk of harm.
Information is shared within the teams in accordance with information sharing agreements which you can find on the local authority safeguarding children’s board.
The basis on which we process your information is the legitimate interests of our organisation: we are here to support survivors of domestic abuse and violence, and safeguarding is a vital part of our mission.
We believe that to trust another person with private and personal information is a significant matter. When you give us information in confidence, we will only use it for the purpose you share it, and will only share it with other people in the specific situations described below.
You may ask us to share your information, for example if you ask us to refer you to another agency, or write a letter of support or reference for you.
Some of our services are run in partnership with other agencies, and so information will be shared with them as part of running the service. Also, we participate in multi-agency safeguarding arrangements as described above.
We have clear safeguarding policies in place which deal with how and why we would share information where there is a risk of serious harm. We would ask for consent first, and only share information without your consent if we feel under a duty to share it because of the risk, or exceptionally if there is no time to get your consent, or if we are legally prevented from speaking to you about it.
HMRC, regulators and other authorities may require reporting of processing activities in certain circumstances, and HMRC may audit our financial books and records.
If we receive information about a terrorist threat then we are legally required to report this to police.
If a local authority is acting under its safeguarding powers then it can legally require us to share information.
If there is a court order requiring us to produce documents then we must comply.
Professional advisors may have access to BCWA data in the course of performing their duties (these may include lawyers, auditors, insurers, bankers, accountants, HR and IT support). We also use external providers for email, webhosting, newsletter distribution and other administrative functions.
Where we do share data in this way, we have contracts in place which protect the security of your personal data and ensure that your data is only processed for specific purposes and in accordance with our instructions.
How do we look after your information?
BCWA has taken suitable measures to safeguard and secure data collected. These are compliant with the General Data Protection Regulation (GDPR).
In the unlikely event that your personal information is compromised, you will be informed as required in the GDPR.
We will only keep personal data for as long as necessary to fulfil the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. In deciding how long to keep data, we consider:
a) The amount, nature, and sensitivity of the personal data
b) The potential risk of harm from unauthorised use or disclosure of personal data
c) The reason why we are processing the personal data and whether it is possible to achieve those ends through other means
d) The applicable legal requirements
Periods data is kept for:
Under certain circumstances, you have rights under data protection laws. These include the right to:
a) Request access to your personal data
b) Request correction of your personal data
c) Request erasure of your personal data
d) Object to processing of your personal data
e) Request restriction of processing of your personal data
f) Request transfer of your personal data (where it has been processed using automated means, which does not apply to us)
g) Withdraw consent for processing
These rights are set out fully here. You always have the right to complain to the Information Commissioners Office (here).
To exercise any of these rights, email us at info@blackcountrywomensaid.co.uk
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to personal data, so European law has forbidden transfers of personal data outside of the EEA unless the transfer meets certain criteria.
We make use of some third party service providers based in the United States so that processing of your personal data will involve a transfer of data outside the EEA. In order to protect you, such transfers only take place with providers who have signed up to the EU –US Privacy Shield: These are:
• Google (provides Google Analytics on our website) certificate here
• Mailchimp (newsletter / campaigns service) certificate here
• Eventbrite (sign up for events and training) certificate here
There is information about the Shield here.
Black Country Women’s Aid
The Cedar Centre Sandwell
3rd Floor Landchard House
Victoria Street
West Bromwich
B70 8HY
Telephone: 0121 553 0090
Email: info@blackcountrywomensaid.co.uk
Our Data Protection Lead is
Tracey Alexander, Executive Officer
you can contact them on compliance@blackcountrywomensaid.co.uk