This page sets out how we handle personal information that is provided to us. It is intended to be useful to our clients, website visitors and supporters in understanding our approach to this important issue. We cover this in three main areas:

• Privacy
• Confidentiality
• Data protection

We take the privacy and confidentiality of our clients, website visitors and supporters very seriously. Given that much of the personal information that we deal with is extremely sensitive, it is important that the information we collect is both collected and used fairly, and that people understand what we do with their data.

By accessing our site, or otherwise giving us your personal information by other means, you consent to the use of your information in accordance with this policy. This policy should be read in conjunction with our Website terms of use.

Privacy

Under the Data Protection Act, we have a legal duty to protect the personal information we collect from you. This section is designed to explain how we manage and use personal information that we are in possession of.

Given that much of the information that we deal with is regarded as ‘sensitive personal data’, we feel it is important for us to be clear about the following factors.

What we mean when we say “your information”

“Your information” means any information about you which is personally identifiable, including, without limitation, your name, address, date of birth, telephone number, email address, other contact details, criminal record information, and other information from which, when looked at completely, may allow you to be personally identified.

When we collect your information

We may collect your information from you when you:

• contact us by telephone, letter, fax, email;
• use our website;
• make a donation to us;
• otherwise disclose your information to us.

We will only request your information where it is necessary to carry out a particular function. You are under no obligation to provide us with your information, but this may limit our ability to help where certain information is needed to undertake a particular activity.

How we use your information

We may use your information to:

• process and deal with any enquiry or application made by you, including any request for information, advice, guidance, advocacy or other support;
• process any donation your make, including the administration of payments that you may make to us;
• monitor, develop and improve the support that we provide, including our website;
• monitor and investigate any suspected breach of the website terms of use, forum rules or any suspected unlawful activity;
• send you information about us.

Unless it falls within the above, we will always seek your explicit consent before using your information in a way that personally identifies you.

Who we share your information with

We may pass your information outside of Unlock in the following circumstances:

• where you (or the person to whom the information relates) consent;
• where the information is already available to the public from other sources;
• where the information is in the form of a summary or collection of information so framed that it is not possible to ascertain from it information relating to any particular person;
• when there appears to be a serious risk of harm to you, e.g. a threatened suicide;
• to protect others (e.g, information about possible child abuse will be disclosed to the appropriate agency;
• to prevent a serious criminal act where others may be endangered (e.g. an act of terrorism).

Other than as set out above, we will not:

• provide your information to any third party without your explicit prior consent;
• pass your information to third parties for marketing purposes without your consent;
• share your information with any government department or agency without your consent.

The security of your information we store

We endeavour to take all reasonable steps to protect your information. All the information collected by our website is stored on a secure server. We will not knowingly transfer your information outside of the EEA for any purpose other than in connection with the potential storage of information and systems on servers that may be located elsewhere.

Documents containing personal data are stored in a room which is locked when unoccupied. We operate a ‘clean desk’ policy to ensure that these records are not left unattended in our offices or in areas accessible to the members of the public, and only those who need to use this data have access to it. We do this to protect your personal information.

All other forms of information will be held securely and in confidence at all times. We will take all reasonable steps to protect it from unauthorised disclosure to, or access by, a third party.

Anonymous data

You can access all pages on the site without telling us who you are and without revealing any personal information. We collect some information when you visit out site but this does not allow us to identify you personally. The information we collect includes browsers’ visitors use, what time they visit and which pages are most viewed. This enables us to evluate the site and work to improve it. We do not link any of this anonymous data with any personal data that you may provide to us.

With the personal data that you have provided, we may use your information in a way that does not personally identify you so as to support the aims, objectives or activities of the organisation. We will not seek your consent to using your information in a way that doesn’t personally identify you, and therefore this use falls outside of the remit of data protection. For example, we may use your case (but removing any personal information) when compiling a case study to evidence the discrimination that people with criminal records face in a particular area. However, where there is a serious question mark as to whether it would lead to you being personally identified, we will seek your explicit consent beforehand.

Confidentiality

We have a policy of providing confidentiality to those we are in contact with. Clients and others regularly entrust us with sensitive personal information in good faith that it will not be shared with others. To ensure that you can be confident in sharing this information with us, personal information will not be shared externally without your consent.

All individuals who contact us have the right to decide what information they choose to share with us. However, it may sometimes be necessary for you to give your consent to a certain level of information to be disclosed before we are in a position to assist.

Where you give your consent for your details to be shared, you will be sent a copy of any letters, forms, faxes, emails or other communications containing your personal information that have been sent relating to you (removing any third-party details if necessary). Written permission will be obtained before publishing case studies that personally identify an individual.

Alternatively, we may produce anonymous case studies, but in this situation they will be sufficiently disguised so that the individual concerned cannot be identified.

Exceptions to confidentiality

Personal information will not normally be passed on to others outside of Unlock. However, confidentiality may not be applied in the following circumstances (as was outlined above in ‘Who we share your information with’):

• Where you (or the person to whom the information relates) consent
• Where the information is already available to the public from other sources
• Where the information is in the form of a summary or collection of information so framed that it is not possible to ascertain from it information relating to any particular person
• When there appears to be a serious risk of harm to you, e.g. a threatened suicide
• To protect others. For example, information about possible child abuse will be disclosed to the appropriate agency.
• To prevent a serious criminal act where others may be endangered, e.g. an act of terrorism.

If a member of Unlock has to break confidentiality then the person whose personal information it is will be told that this is going to happen verbally if possible, or in writing if suitable. We will only take this course of action after all attempts to persuade the individual to disclose the information voluntarily have failed. Unlock’s data controller will be consulted before disclosure. They will be responsible for making the final decision about breaching confidentiality and ensuring that the correct action is taken.

Data protection

The Data Protection Act 1998 (DPA) protects your personal data and places restrictions on the ability of us to disclose your personal data.This section explains our obligations under the DPA, and how you can get access to the data that we hold about you.

Personal data is regarded as information relating to an individual from which they can be identified, e.g. name, address, national insurance number. We are often entrusted with personal data given to us by individuals and organisations, and are under a duty to protect the confidentiality of personal information and to process it fairly. Personal data covers both facts and opinions about an individual. It also includes information regarding the intentions of the data controller towards the individual.

We are registered with the Information Commissioners Office as a data controller because the charity handles and stores a significant amount of personal data about individuals which we may need to share with others where consent has been given. We have notified the ICO of the purposes for which personal data are held, and as a result the organisation’s name is on the public register maintained by the ICO as a data controller. When notifying the ICO, we provided details of the personal data that we process, the purposes for which the data are to be processed, details of who we intend to disclose data to, and a description of the security measures to be taken to ensure that personal data is protected.

Requests for access to data held

If you wish to see a copy of all personal information about you held by us, this can be provided on request. Formal requests under the Data Protection Act need to be sent in writing, either by post, fax or email. Requests will be responded to within 40 calendar days.

To respond to a request, we require the following information:

• Your full name
• Address (including postcode)
• Telephone number
• Email address (if available)
• A description of the data that you are requesting, and any additional information which will enable us to locate it
• Evidence of your identity (e.g. a copy of your passport, driving licence – please do not send originals)
• A fee of £10 (cheques should be made payable to ‘Unlock’)
• How you would like to receive the information (either by email or by post).
• If a third party is acting on your behalf, proof of the third party’s identity and your authority to disclose your information to them must also be provided in writing.

In addition to the right to receive a copy of all the personal data held you, you are also entitled to be told that we, or somebody on our behalf, are processing data about you, to be given a description of the personal data, the purposes for which the data is being processed and a description of those to whom the data may be disclosed. This will be met by us providing you with a copy of this policy alongside a copy of any information that we hold.

Under the right of subject access, you are entitled only to your own personal data, and not to information relating to other people (unless they are acting on your behalf). Neither are you entitled to information simply because you may be interested in it. Subject access provides a right to see the information contained in personal data, rather than a right to see the documents that include that information.

You can ask us to stop processing information relating to you at any given time, but this may prevent us from providing practical support to you. Our contact details can be found at the end of this document.

Our website

This section only applies to your use of our website, and should be read alongside the website terms of use.

In addition to information given explicitly by you, we also collect information about your visit to our website (for example, the date and time of your visit and the pages that you view). This information is not connected to you personally, and is in aggregate form. This kind of information helps us to understand how our visitors use our site so that future website development can better meet your needs. By using this website, you consent to the processing of statistical (non-personal) information.

We use cookies on our website to allow us to understand who has seen which pages, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Most web browsers automatically accept cookies, though you do not have to. We do not control the use of cookies by third parties. If you wish to disable cookies then you can do so by readjusting your browser settings although please note that by disabling cookies you may not be able to use all features of the website. For more information on cookies and how to disable them, you can consult the information provided by the Interactive Advertising Bureau at www.allaboutcookies.org.

Implementation of this policy

We will ensure that all staff, volunteers and trustees understand this policy. The policy is also made available on our website. A paper copy of the policy can be obtained by sending a self-addressed envelope to our office.

This policy will be reviewed regularly.

If you have any comments or queries in connection with this policy, email admin@unlock.org.uk.