This is the St Martins Housing Trust Privacy Notice.
As part of the services we offer, we are required to process personal data about the people we support, our staff, volunteers, supporters, and suppliers. Processing can mean collecting, recording, organising, storing, sharing or destroying data. We are committed to transparency about why we need your personal data and what we do with it – as set out in this Privacy Notice, which also explains your rights concerning your data.
We may change this policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By working for us, or using our services or our website, you’re agreeing to be bound by this policy. If you have any concerns or questions please contact us by e-mail at email@example.com or by writing to St Martins Housing Trust, St Martins House, 120 Thorpe Road, Norwich, NR1 1RT, or telephone 01603 667706.
Who we are
St Martins Housing Trust is is a registered charity in England and Wales, number 802013, and a company limited by guarantee registered in England, number 2390375, at St Martins House, 120 Thorpe Road, Norwich, NR1 1RT. We are committed to helping homeless people, and those at risk of homelessness in Norwich and Norfolk by offering them accommodation, support and care.
Why we need information for people we support
To provide you with the high quality support you need we may need to keep certain records about you, including the following:
- Your basic details and contact information e.g. your name, address, date of birth and next of kin.
- Your care and support needs.
- Your financial details e.g. details of how you pay us for your rent or your funding arrangements.
We may also record the following data which is classified as “special category”:
- Health and social care data about you, which might include both your physical and mental health data.
- We may also record data about your race, ethnic origin, sexual orientation or religion
When our support begins and you provide us with your personal information, you will receive our leaflet called ‘Sharing your information’ which fully describes how we will process your data.
Why we need information for staff and volunteers
When you join St Martins you will receive our leaflet called ‘GDPR privacy notice for staff and volunteers’ which fully describes how we will process your data. So that we can provide staff and volunteers with the best quality management and support, the information we collect for Human Resources (HR) purposes might include name, address, telephone number, gender, e-mail address, emergency contact details and more. If your role involves driving a fleet vehicle we will collect information about your driving record for insurance purposes.
Why we need information for supporters
For supporters/donors the personal information we collect might include your name, address, email address, IP address, and information regarding what pages are accessed and when. If you make a donation online, your card information is not held by us, it is collected by our third party payment processors, Stripe and GoCardless, who specialise in the secure online capture and processing of credit/debit card transactions. CAF payment details are entered directly to their systems for the purpose of completing the transaction and are never handled or stored by our website. When you make a donation, we will send you a personal thank you. If you opt-in for marketing materials, your contact details (name and email address) will be added to our newsletter database. The database system we use is called Beacon and we use Mailchimp to send marketing newsletters.
Why we need information for suppliers
So that we can pay suppliers promptly and accurately, the information we need is gathered before and after trading begins. Our Invu document management system is used to capture information which is then transferred onto our Sage 50 finance system for payment. The information includes:
Name of supplier
- Telephone number
- bank details
- payment value
- payment due date
We use your information to notify you of changes to our services, pay your salary, process a grant or job application, pay your invoice, process your donation or ensure that our services and premises are kept secure with CCTV images. By law, we need to have a ‘lawful basis’ for processing your information. We use the following lawful bases:
For those we support: ‘legitimate interest’, plus an additional condition of ‘health or social care’ for special category data *
- For donations, CCTV and e-mail: ‘legitimate interest’.
- For marketing mailshots: ‘consent’.
- For HR, payroll, rental income and purchase ledger: ‘contract’.
- For driving record enquiries: ‘legal obligation’, plus an additional condition of ‘insurance’ for processing criminal offence data **.
For marketing mailshots where our lawful basis is ‘consent’ we will offer you a clear choice and ask that you confirm to us that you do consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
* Special category data is related to your protected characteristics and includes specific information that relates to your individual support needs.
** Criminal offence data includes serious driving offences which are recordable offences and form part of the criminal record.
How we collect information from you
We obtain information about you when you contact us about or receive our services, apply or begin to work for us, supply us with goods or services, make a donation, or register to receive our newsletters. We do this face to face, via phone, via email, via our website, via post, and via application forms. We also sometimes get information through Information Sharing Agreements we have with partner organisations. And when you visit our premises we may obtain CCTV images of you.
Sharing your information
Third parties are organisations we have a legal reason or obligation to share your information with, including Her Majesty’s Revenue and Customs (HMRC), pension and healthcare schemes, the CQC, the police or other law enforcement agencies if required by a court order, and the DBS. We also sometimes share information through Information Sharing Agreements we have with partner organisations
National data opt out
The National data opt-out applies when organisations share personal data for the purposes of research or planning. Individual data subjects can choose to stop this happening by opting-out. At this time, we do not share any data for planning or research purposes for which the national data opt-out would apply. We review all of the confidential patient information we process on an annual basis to see if this is used for research and planning purposes. If it is, then individuals can decide to stop their information being shared for this purpose. You can find out more information at https://www.nhs.uk/your-nhs-data-matters/.
Closed Circuit Television (CCTV)
St Martins uses CCTV to provide a safe and secure environment for people who use services, staff and visitors, in order to prevent the loss or damage to property and assets, and for the prevention, investigation and reduction of crime, which may include the provision of evidential data to the Police and other agencies. All staff are aware of our CCTV policy and procedure. All users of the building are aware of CCTV usage through signage at building entrances.
The data that we keep about you is your data. We ensure that we keep it confidential and use it appropriately. You have the following rights when it comes to your data:
- to request a copy of all of the data we keep about you. Generally, we will not charge for this service.
- to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request.
- to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain your data only for as long as it is required to provide the services you require, which is in line with data protection principles.
- You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
- If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver’s licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
To contact our Data Protection Officer or Caldicott Guardian, including if you would like to complain about how we have dealt with your request, please e-mail DataProtectionOfficer@stmartinshousing.org.uk or CaldicottGuardian@stmartinshousing.org.uk, or telephone 01603 667706, or post to St Martins Housing Trust, St Martins House, 120 Thorpe Road, Norwich, NR1 1RT.
You also have the right to complain to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF https://ico.org.uk/global/contact-us/