Revive Newport Privacy Notice
10th October 2019
Our contact details
Name: Revive Newport
Address: 82 High Street, Newport, Isle of Wight, PO30 1BH
Phone Number: 01983 522596
What type of information we have
We currently collect and process the following information:
Personal identifiers, contacts and characteristics (for example, name and contact details)
Case file information for people we are working to support
Information about donations made to Revive
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
Joining a mailing list
Placing an order in The Living Room
Signing up at Newport Youth Café
Donating to Revive
Applying to work for, or volunteer with, Revive
We also receive personal information indirectly, from the following sources in the following scenarios:
When referrals are made to our services by external agencies
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us using the details at the start of this notice.
(b) We have a contractual obligation.
(c) We have a legitimate interest.
What we do with the information we have
Depending on the nature of your relationship with Revive we may use your information to:
Contact you about Revive’s activities
Process donations you make to Revive
Process an order
Monitor and evaluate the effectiveness of our charitable activities
Provide job references for volunteers and employees
Manage ongoing help provided to you as a beneficiary of the charity
Manage staff and volunteers
We do not normally share your information with anyone else unless we are legally required to do so or you have specifically given your consent to this.
How we store your information
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.
We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR. More information is available from the European Commission.
Where we transfer your data to a third party based in the US, this may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission.
Please contact us using the details at the start of this notice for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
Use of secure connections (SSL) when transferring your data to remote (“cloud”) storage servers.
Password protection on personal computers on which data is stored.
Encryption of files containing particularly sensitive data.
Data held in paper form will be held securely, typically in a locked filing cabinet.
How long we keep your personal data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
Data held in connection with financial records (for instance relating to payments for our services) will be kept for 10 years;
Data held in connection with provision of services to you will be held for 2 years after ceasing activity.
Data held in relation to a job or volunteer application will be held for no longer than 6 months after applications close, unless you are appointed to the role in which case it will be retained until 6 years after you leave (employees) or 2 years after you leave (volunteers)
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us using the details at the start of this notice if you wish to make a request.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113