Who we are

Our website address is: http://southbermondseybiglocalworks.org.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Our contact information

4 Market Place, Southwark Park Road, London SE16 3UQ

Contact Number: 020 7237 5221

Read our full Privacy Policy

Information Assurance & Data Protection Policy

The Data Protection Act 1998 is a wide-ranging law covering the obligations of data controllers and people’s rights regarding personal data. Information assurance overlaps with DPA law on the subject of keeping personal data safe, which is primarily focussed around Principle 7 of the Act. From 25 May 2018, organisations will need to comply with a new data protection law, the General Data Protection Regulation (GDPR).

The GDPR is a new data protection law that will replace the Data Protection Act (1998) on 25 May 2018. Organisations must be able to demonstrate to individuals and the Information Commissioner’s Office (ICO) that they are compliant. There are also significant fines or regulatory action if the law is breached. The GDPR is an evolution of the Data Protection Act, not a revolution.

The organisation should have someone on the trustee board who is responsible for checking compliance with the laws around data protection and somebody within the operational team who can report to the trustee on any information assurance risks. If these roles area already in place, the relevant people must know what’s changing under the GDPR and when.

The policy below is based on the requirements of the Data Protection Act 1988 which will be the bare minimum requirement once the GPDR is in place. This policy must be reviewed following the full implementation of the GPDR in May 2018.

1. Data Controller

Big Local Works is registered with the Information Commissioner’s Office as the Data Controller under the terms of the Data Protection Act 1988. Ann Clayton is the named person and can be contacted at annclayton@Biglocalworks.org.uk

This registration covers the following services for BIG Local Works Service
• Big Local Works website
• Big Local Works administrative telephone line
• Big Local Works open door sessions and appointments
• Outreach sessions
• Electronic data
• Manual files

2. Principles of Data Protection as outlined in the Data Protection Act 1998

Anyone processing personal data must comply with the eight enforceable principles of good practice. Data must be:
• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate
• Not kept longer than necessary
• Processed in accordance with the data subjects rights
• Secure
• Not transferred outside the EEA to countries not offering adequate data protection measures.

3. Big Local Works’ Commitment

Big Local Works is committed to meeting its obligations under the Data Protection Act of 1998 and the GPDR. Big Local Works will strive to observe the law in all collection and processing of subject data and will meet any subject access request in compliance with the law. Big Local Works will only use data in ways relevant to carrying out its legitimate purposes and functions in a way that is not prejudicial to the interests of individuals.
Staff providing the Big Local Works service will take due care in the collection and storage of any sensitive data and will do their utmost to keep all data accurate, timely, confidential and secure. Where notified of changes to personal data, Big Local Works will amend records within 20 days of receipt of notification.
Staff providing the Big Local Works service, whether permanent, temporary, or volunteers, must be aware of the requirements of the Data Protection Act when they collect or handle data about an individual and appropriate training will be provided.
Data supplied to outside agencies must always be protected by a written contract and with written authority from the data subject.
All collection and processing must be carried out in good faith.
Big Local Works will keep records of all complaints by data subjects and any subsequent follow up. Big Local Works will also keep a record of all data access requests. There will be a repository of all Big Local Works statements of Data Protection Law compliance and information about any contacts made with the Information Commissioner. This information will be available to staff and data subjects on request.
Big Local Works will inform subjects of any processing, disclosure or transfer that does not fall within Big Local Works’ purpose in a way that any individual supplying could be expected to understand.
Big Local Works will keep Data Protection notification up to date.
4. Policy on collecting subject data

Big Local Works will only collect data that is relevant to the carrying out of the legitimate purposes and functions in a way that is not prejudicial to the interests of individuals. All data on individual subjects will be treated in a consistent way. The organisation will maintain a register that lists the data it holds within the service.

Subjects will be informed about how Big Local Works will store and use the data at the time of collection. This will require a standard statement to be sent in all written requests for data and correspondence and a similar verbal script will be used for data collection by telephone.

Where Big Local Works intends to use data for its main purposes, of providing employability and benefits advice, subjects will be deemed to have given their data for this purpose. If other use is to be made of the data, e.g. for the purpose of undertaking customer satisfaction surveys, they will be offered an opt-out for any mailings beyond this core purpose. Big Local Works will honour this opt-out to the best of its ability.

4.1 Big Local Works will strive to ensure that data collection is as accurate as is possible.

4.2 Data may be stored in many ways such as case management systems, manual files or electronic files. The data will be collected consistently no matter where the data is to be stored.

5. Sensitive Data

Information about ethnicity and disability of clients is recorded under certain circumstances and kept for the purposes of monitoring our equal opportunities policy and also for reporting back to funders.

Big Local Works undertakes not to collect sensitive data where it is unnecessary to do so to further Big Local Works’ purpose of providing an effective advice service.

Big Local Works will strive to ensure that sensitive data is accurately identified on collection. The key questions relating to sensitive data on the CRM client recording system can be easily identified. The other key area of recording sensitive data is within the notes box of the CRM as part of the case history narrative.

6. Procedures for collecting subject data

Staff are responsible for ensuring that all personal and where appropriate sensitive personal data is collected accurately and fully. Staff are responsible for ensuring that sensitive data is identified when collected.

6.1 Staff will obtain permission from the subject that their data will be stored at the time of collection.

6.2 All personal information should be dated at the time of collection so that records can be archived/anonymised at an appropriate time.

7. Data protection statements

When personal data, including personal sensitive data is collected by Big Local Works the following statement must be included in all written forms, letters and web/email communications:

“Big Local Works Service will store and process personal data in accordance with the requirements of the Data Protection Act 1998 the General Data Protection Regulation (GPDR). Big Local Works Service will not provide your information to any organisations apart from Big Local Works partners without your express permission. Big Local Works Service may contact you in relation to customer satisfaction surveys, which are an integral part of our service. Please tick the box or contact us if you do not want your data to be used in this way.”

Emails transmitted by Big Local Works will display the following statement.

‘This message contains information that may be privileged or confidential and is the property of Big Local Works. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.”

“Email is not a secure communications medium. Please be aware of this when
replying.”

8. Policy for data storage and processing

Big Local Works will only hold data that is relevant to the carrying out of its legitimate purposes and functions, in a way that is not prejudicial to the interests of individuals. Information will be accurate and timely and will be held in an environment as secure as possible. All manual files and databases will be kept up to date and will be archived or destroyed from 6 years of the last contact (as determined by the nature of the data held). Where data is held in a paper format, procedures for the disposal of confidential waste will apply e.g. confidential waste supplier, secure pick up and destruction

8.1 All individual data must be kept secure, by regular office security procedures or through the controls over the computer network. Sensitive data will be treated with appropriate security.

8.2 Where data is passed to a third party for processing, Big Local Works will ensure that a written contract is in place that states that the agent will work within Big Local Works’ data protection policy. Control of the data will not be allowed to move to the third party.

9. Procedure for data storage and processing

All staff must take responsibility for following through any data care work required of them to maintain accurate data systems. They are also responsible for any records they keep in any filing systems.

9.1 Archiving policies for data no longer needed in our storage systems will be set up for all data stores. A clear justification must be supplied for personal data to be kept beyond six years. (This is usually if there has been or there is likely to be legal action.)

9.2 Any mailings generated from stored data will observe opt out choices in good faith.

10. Security

All paper files containing personal data will be stored in a secure location. We will take all possible steps to prevent unauthorised access to the offices where Big Local Works data is kept and due care will be taken to ensure the security of data in lockable filing cabinets. No documents containing personal data must be left on desks or in unlocked cabinets when not in use.

10.1 Any documents that contain personal data will be securely destroyed.

10.2 All possible steps will be taken to maintain effective security for the whole of
the computer system. Access to information stored on computer systems, including laptops should be appropriately password protected. Staff and volunteers will take all necessary steps to avoid careless loss of data, including when working remotely.

11. Policy of Disclosures

Big Local Works will not allow personal and sensitive personal data collected from subjects to be disclosed to third parties except in circumstances which meet the requirements of the Data Protection Act. This will be where either the subject has consented to the disclosure (in writing), or there is a serious risk of harm and where Big Local Works receives information which may prevent a crime or assist in the detection of a crime, or where Big Local Works is legally obliged to disclose the data.

12. Procedure on Disclosures

Any disclosure to be made must be checked for suitability with the Data Protection Officer beforehand who may refer to the Information Commissioner for advice and guidance.
Any request for data based on a legal requirement, e.g. from Police or other
body, must be put in writing and be checked by the Data Protection Officer against the advice of the Information Commissioner before any data is disclosed.

13. Subject Access Policy

Big Local Works will provide information in response to any reasonable subject access request and will ensure that data is kept in an accessible form to facilitate such subject access.

14. Procedure on subject access policy

Big Local Works will make every effort to ensure that immediate action is taken when a data access request is received. The Data Protection Officer will be informed immediately.

14.1 A standard letter (amended as appropriate) will be sent to the subject stating Big Local Works policy on subject access. This will promise to provide the required data to the best of Big Local Works’s ability within one month. In accordance with GPDR, no fee is chargeable but Big Local Works reserves the right to ask for a maximum payment of up to £10 if the request is “manifestly unfounded or excessive”.

14.2 A search will be set up by the Data Protection Officer to ensure that all relevant data will be collected and collated ready to present to the subject. This will include all relevant electronic data and manual files. Information on data collection, storage, processing and transfer may also be required and statements will be prepared in advance. All relevant information will be prepared ahead.

14.3 The relevant information will be sent by email or registered post.

14.4 The data access request will be logged in the Data Proection Access log and correspondence with the subject filed in their personal file.

15. Subject request to destroy data

Should the subject request the organisation to destroy all personal data held by the organisation, this must be complied with under the GPDR. However, the organisation must get written confirmation that the subject will not take any legal action against the organisation in the future and that the data is being destroyed at their behest.

16. Policy on complaints and queries

Big Local Works will respond to any complaints as quickly as possible. Any letter or contact we receive in relation to the Data Protection Act, that questions our policy and/or procedure will be acknowledged within 5 working days, and responded to in full within 25 working days.

16.1 The Data Protection Officer will be advised without delay, of any complaints or queries relating to Data Protection policy or issues

16.2 Records will be kept of all correspondence for 5 years.

17. Procedure on complaints and queries

Whoever is in receipt of a complaint or query should notify the Data Protection Officer of the receipt of the complaint / query.
• Copy all relevant documentation to the Data Protection Officer.
• The Data Protection Officer will maintain a record of actions taken by staff to resolve a complaint or query.
• Advise the Data Protection Officer of any further correspondence and developments as they occur.
• On completion, records must be kept for 5 years

18. Reporting on data protection matters

The Data Protection Officer will report on all Data Protection matters to the Big Local Works Board of Trustees. Data Protection matters will be included in the risk register of the organisation. This Data Protection Policy will be reviewed annually.

19. Privacy policy for Service Users

Why and how we collect data:

19.1 Personal Information
The organisation may at times be asked to supply personal information when contacting Big Local Works by telephone, email or via the Big Local Works websites. This may include sensitive personal information where it is necessary to provide you with the service you require. Personal information is anything which enables us to identify you in some way, such as your name and a postal or email address. If you supply such information, we are legally bound by the Data Protection Act 1998 and the GPDR to ensure that such information is only used for the purpose for which it was requested and also to ensure that the data is held securely.

19.2 General
We may collect and record information in order for us to understand more about how our services are used and in turn to make sure that the services reflect your needs. In order to do this we may send cookies to your PC. A cookie will contain information that allows us to recognise that you have used our website before, but will not contain any other personal data. You can disable this function within your browser but this will affect your ability to use the search functions.

19.3 Survey
We may write to you to ask you to fill in a questionnaire or survey or to complete one whilst on-line. The data collected by the questionnaire or survey will only be used for the purpose stated on the form. You may also be given the opportunity to add your address details to our databases so we can contact you in the future. We will only use this information to contact you, if you give us your permission to do so. We will always do our utmost to honour this commitment.

19.4 Requests for information
If you make a request for further information via the Big Local Works website, the data will only be retained on the Web Servers as long as necessary in order to respond to your query. It will then be transferred to our internal database where it will be used to improve Big Local Works’ services and our response to your needs.

Data is not retained on the web servers. Personal information provided to Big Local Works whether by post, telephone or via websites will be held in accordance with the Data Protection Act 1998 and the GPDR for the purpose of providing the necessary services to you and to meet our legal obligations.

If you have requested information via post or telephone, unless otherwise specified, you will be deemed to have given your consent to use your personal data to respond to your initial query / request. We will retain that information in order to respond to any further requests for information, advice or guidance.

19.5 Confidentiality
Big Local Works may on occasion suggest you contact other specialist organisations for assistance with your enquiry. Where this is the case, we will give you the contact information for that agency so that you may contact them directly. We will not pass your personal data to any other agency/organisation without your express permission.

19.6 Links
Big Local Works websites may include links to other sites, not owned or managed by Big Local Works. We cannot be held responsible for the privacy of data collected by websites not managed by Big Local Works.

19.7 Who we share information with
Occasionally, Big Local Works may work with other organisations or companies to send you information on other ways in which you can benefit from your contact with Big Local Works and /or support the work of Big Local Works. However, we will not simply add your name to another organisation’s database. We will always seek your written permission first.

19.8 Security
All possible steps will be taken to maintain effective security for the whole of the computer system as outlined in our full Data Protection Policy, available on request. Please note that information transferred over the internet can never be guaranteed to be 100% secure.

Big Local Works may use the services of an Internet Provider, which for financial or technical reasons these may be sited outside the European Economic Area. Use of data by the Internet Service Provider on behalf of Big Local Works is regulated and safeguarded by both international procedures and the observation of legal agreements to comply with the requirements of the Data Protection Act 1998.

19.9 Discussion Boards
Any communication that you transmit to, or post on, any public area of the site including, but not limited to, any data, questions, comments, suggestions, or the like, is, and will be treated as, non–confidential and non-proprietary information.

When entering the discussion forum, you agree not to, post, disseminate, distribute or otherwise transmit any defamatory, offensive, infringing, indecent or otherwise unlawful or objectionable material or information.

Big Local Works will not be responsible for the posting by any user of any defamatory, obscene or otherwise unlawful material.

19.10 Access to your personal information
You may request a copy of any personal information which Big Local Works holds about you. You should write to the Data Protection Officer, Big Local Works, 4 Market Place, London SE16 3UQ, stating what service you accessed. Under the GPDR no charge is made for this service unless it is deemed that the request is manifestly unfounded or excessive. Big Local Works aims to supply the information within one month of your request.

19.10 Notification of change of Privacy Policy
Any changes to this policy will be posted immediately on the website
A paper-based copy of our policy is available on request.