PRIVACY NOTICE – VOLUNTEERS AND TRUSTEES
What is it all about?
As part of the new General Data Protection Regulations, we are required to explain to you the personal data we hold on you, how we process it and what your rights are in relation to this data. You should read this notice carefully as you will be required to sign to say you have read and understood it. This notice replaces any reference to Data Protection in your contract of Employment.
What information do we hold and why?
During your time with us we will collect, hold and process certain information about you, including, but not limited to, personal administrative information (name, date of birth, National Insurance number, etc) and work history. We do this for two reasons:
- To allow us to meet our legal obligations, in terms of ensuring compliance with other legislation such as the Right to Work Act, as well as to meet our requirements under our CQC registration
- To allow us to meet other legitimate interests of the organisation such as ensuring we can contact you or, in an emergency, your next of kin, or enabling your personal development
We will never use your information for any other purpose without your explicit consent. We would, however, like to involve you in fundraising activities – if you’re happy for us to contact you about these please tick the box at the foot of this notice. You can change your mind at any time.
Who is allowed to see my data?
We will only share relevant information where needed to comply with our legal obligations. Examples of organisations with whom we might share data for these purposes are Companies House and the Charities Commission (for Trustees), UK Border Authority and our external auditors and CQC.
How long do we keep your data?
In general, we will keep your information for as long as you are with us and, after that, for a period of 6 months, in order to ensure that full information is available if requested. Trustee administration records will be retained for a period of 6 years.
Because of its nature, some data will be deleted at an earlier date. In particular, copies of passports obtained for DBS checks, which will be destroyed once the checks have been completed satisfactorily. Full details can be found in the organisation’s Data Retention Policy.
What about sensitive information?
Some of the information we hold on you is classed as “special category data” under the law as it is deemed to be particularly sensitive and we are required to give you more specific information.This sensitive data comprises:
Criminal record information: As part of our CQC registration we are required to ensure that all staff are cleared through the Disclosure & Barring Service (DBS). We do not keep copies of your DBS certificates.
Medical data: We may hold medical data which you provide to us, if it is relevant to your ability to carry out your duties. You are required to inform of us of any health related matters (including injury or pregnancy) which could affect your ability to work safely. Any such data will only be shared with those who need to know it in order to protect your condition.
What else do you need to know?
We take the security of your personal information very seriously and hold it always in accordance with the requirements of the General Data Protection Regulations and any similar legislation that may come into force in the future. As part of that we have to tell you about certain rights you have:
- You can ask to see the information we hold on you at any time; however, we are allowed to refuse to comply with repeated requests if they appear designed purely to inconvenience us
- If you think there’s anything in your information that isn’t right, please tell us – you have the right to have this corrected
- If you’re not happy with the way we use your information, you can make a complaint by writing to or emailing the Data Controller (see information at the foot of this notice)
- You have the right to ask us to erase data we hold or to cease to use it, although we will only do so if it does not affect our ability to comply with legal obligations or operate your contract of employment
- You can refuse to provide certain information but if it affects our ability to comply with our legal obligations or operate your contract of employment then such a refusal may affect your employment with us
How to contact us about your data
We are also required to give you some administrative information as follows. The Data Controller (the body responsible for your information) is Nightingale Hammerson, a registered Charity (Charity number 207316), whose registered office is Nightingale House, 105 Nightingale Lane, London, SW12 8NB. If you have any questions or concerns about this privacy notice or wish to contact us about your data, please do so by writing to us at that address, addressing your letter to ‘The Data Controller’, or by email to
mydata@nightingalehammerson.org.