PRIVACY POLICY

WHO ARE WE

Our website address is hivetraining.org.uk.

Hive Training Solutions^© is the trading name of South Derbyshire CVS’s training and education service. Hive Training Solutions^© is part of South Derbyshire CVS.

South Derbyshire CVS (SDCVS) is a company registered in England, Registration Number: 4958843. Our Registered Office is Top Floor Unit G, Sharpes Industrial Estate, Alexandra Road, Swadlincote. DE11 9AZ. We are also a registered charity, Charity Number: 1101450.

SDCVS provide a number of services including:

• Active Transport
• Connect Befriending and Social Connectiveness
• Home from Hospital
• Safer Homes
• Handyman at Home
• Volunteer Centre and Derbyshire Time Swap
• Community Development
• Food Bank
• Mental Wellbeing Support
• Low Level Support
• Education and Training

Details of all services can be found on the SDCVS website www.sdcvs.org.uk.

To provide our services, we may need to process Personal Data about you. This Privacy Notice explains how we will use the personal data we hold about you in line with the UK General Data Protection Regulations GDPR).

We respect your privacy and are committed to maintaining the security of your personal information. This notice outlines how and why we collect and use personal data. We want to ensure you are informed and in control of your personal data. Please be assured that we will never sell your personal data.

If you have any questions about this Privacy Notice, feel free to send an email to our Data Controller (the Chief Executive Officer) on managers@sdcvs.org.uk or call on 01283 219761.

To reduce the use of technical terms in this document, we refer to SDCVS as the Data Controller, you as the Data Subject, and your data as Personal Data.

If you are reading this document in your capacity as a parent or guardian of someone who uses our services, please understand that “you” covers both you and the beneficiary.

Please note that a glossary of GDPR terms is included at the end of this page.

WHO DO WE HOLD PERSONAL DATA ABOUT?

We hold Personal Data about the following people:

• People who use our services
• Their emergency contact/next of kin or other household/family members if appropriate
• Contacts who refer people to our services, or who we refer people to
• Representatives or contacts for other agencies (other voluntary organisations, statutory services, etc.)
• Our staff and volunteers

WHAT PERSONAL DATA WILL WE COLLECT?

To ensure that we can provide a service to you we need to collect some or all of the following information about you:

• Your contact details and if appropriate, those of an emergency contact or next of kin
• If appropriate, details of family members or others in your household who are also beneficiaries of services provided
• If you are employed by or volunteer with us, information that we need to fulfil our responsibilities as an employer and or volunteer manager, and to deliver our services effectively
• If we need additional information about you and your circumstances to ensure that you’re eligible to receive a service and enable us to provide one. Depending on the service we are providing, this may include Special Categories of Personal Data—these may include health data, sexual orientation, race, and religious or philosophical beliefs.

WHY DO WE COLLECT AND USE THIS DATA?

We hold and process Personal Data about you:

• To make sure you are eligible to receive a service
• To enable us to provide services to you effectively
• To report and monitor service delivery (e.g. to report to those who fund our services)
• To fulfil our legal requirements as an employer and or volunteer manager

WILL WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?

To enable us to provide a service to you, we may also need to share your data with other people or organisations:

1. With statutory bodies that have a legal right to demand the information from us, e.g. the Police.
2. With relevant authorities, if we feel that you are vulnerable or at risk of abuse, or to prevent or report a crime
3. With organisations with whom we work in partnership to deliver services and with whom we have a data-sharing agreement
4. With other organisations or services that might be of benefit, but only where you have given your consent for us to pass your details on

WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?

It is our policy to ensure that your data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and or accidental disclosure of any such data, and following any applicable legal requirements.

WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?

Your data will be held on our server and or third-party servers (within the EU) managed by our software providers. We only use servers in the European Union. Access to IT systems is password protected, and file access is restricted to designated staff. Paper files are locked away securely when not in use.

FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will generally retain your data for as long as you use our services and for a maximum of 2 years after you stop using them. The only exception is where there is a legal or contractual obligation to retain data for a longer period. After this period, the data is securely destroyed.

WHAT RIGHTS DO YOU HAVE ABOUT THE PERSONAL DATA WE COLLECT AND HOLD ABOUT YOU?

You have the following rights:

1. The right to be informed about what Personal Data SDCVS collects and stores about you, and how it’s used.
2. The right to request a copy of the Personal Data we hold, as well as confirmation of:
   • the purposes of the processing;
   • the categories of personal data concerned;
   • the recipients to whom the personal data has/will be disclosed;
   • for how long it will be stored; and
   • if data wasn’t collected directly from you, information about the source.
3. The right to require SDCVS to correct any Personal Data held about you which is inaccurate or incomplete.
4. The right to have your data erased from our records – unless we need to retain the data under circumstances specified by the GDPR.
5. The right to request that SDCVS restricts the processing of your data. The GDPR specifies the circumstances where this right applies.
6. Right of portability: the right to have the data you have given us to be transferred to another organisation.
7. The right to object where processing is carried out for direct marketing purposes.
8. The right not to be subject to a decision based solely on automated processing.

WHO DO YOU COMPLAIN TO IF YOU ARE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?

If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Controller at our registered address (as above) or by email to: ceo@sdcvs.org.uk

You can also submit a complaint to the Information Commissioner’s Office. For further information please visit the ICO website: https://ico.org.uk/make-a-complaint/

This Privacy Notice will be reviewed in line with our Data Protection Policy.

GLOSSARY OF GDPR TERMS IN THIS PRIVACY NOTICE

Data Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it.

Data Subject means the individual who can be identified from the Personal Data.

GDPR (General Data Protection Regulation) is Europe’s new framework for data protection laws. It replaces the 1995 data protection directive, which is the basis for current UK law.

Lawful Basis – There are six lawful reasons defined in the GDPR for which personal data can be processed.

Personal Data means data which can be used to identify a living individual. This could be a name and address or some details that make it possible to determine who the information is about.

Special Categories of Personal Data mean details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.