PLEASE READ THIS POLICY CAREFULLY, IF YOU DO NOT ACCEPT THESE TERMS YOU ARE ADVISED NOT TO USE THE WEBSITE
This policy was last updated: 16th September 2018
Use of this website, www.transition360.org.uk, constitutes your legal agreement to the terms within this policy and your acceptance of this policy is deemed to occur upon your first use of the website.
Transition 360 may change this policy from time to time by updating this page. You should check this page before using the website to ensure that you are aware of and accept any changes.
We will take all reasonable steps to ensure that personal information is safeguarded and kept in accordance with the law.
By providing us with your data, you warrant that you are over 13 years of age.
Transition 360 Limited (“Transition 360) is registered in England and Wales under Company Registration Number 09678494. Our registered office address is 21 Clare Road, Halifax HX1 2HX. We are registered with the Information Commissioner’s Office (ICO) for data protection reference number ZA129050.
Where we manage personal data, we identify as a Data Controller and recognise and act on our obligations under applicable data protection laws. For any issues relating to data protection the person responsible is Mohammed Ijaz.
What personal data do we collect?
Information that you provide to us is retained and processed in accordance with UK data protection legislation. This includes data given to us from the following:
Service users: We collect personal data which is essential to our being able to provide effective care and support. The information is contained in manual and electronic files and other record systems, all of which are subject to our security measures. Please email us if you wish to be sent details of our Security Policy.
Contact: We have a Contact Us page on the website which is used to collect your name, email and phone number as well as the subject of your message and the message itself. This is so that we can contact you and provide details of our services to you, make any arrangements for provision of services and also deal with general company enquiries. Data is held on the grounds of being legitimate to our business interests. We may also use these contact details for ongoing arrangements with service users.
Telephone calls: Phone calls to us may be recorded (manually) and any data relating to the call may be retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a service user.
Special categories of data
Some of the information you provide to us may be considered sensitive personal data which includes information about a data subjects ethnic or racial origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or criminal record. This data will only be held where we have a legitimate business reason to hold such data and where there is valid reason to retain the information, in accordance with legal or contractual obligations.
On occasion we may ask for your consent to hold special categories of data. If we use consent as the reason for processing data, users have the option to withdraw consent at any time. See Rights of Data Subjects below.
Extra precautionary measures are taken to ensure the security of special categories of data.
We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information through the website from anyone under the age of 16 years old.
Information we get from other sources
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.
We may use personal data from the following sources:
- HMRC, DWP and other government departments;
- NHS health professionals, CQC and healthcare providers;
- Social workers and local authorities;
- emergency services.
How do we use your data?
Personal information is usually collected directly from service users or those making a referral to the service through form filling, manually or electronically. This is used, and built upon, in the provision of care and related arrangements.
Additionally, we may use the information we collect in the following ways:
- To administer and improve the website;
- To personalise the content and your experience of the website;
- To allow us to respond to communications sent to us;
- To process referrals or applications for services;
- To ensure the safeguarding of users;
- To provide third parties with statistical information about our users;
- To deal with enquiries and complaints made by or about you relating to the website.
Users contacting the website do so at their own discretion and provide any such personal details requested at their own risk. Personal information is kept private and stored securely until a time it is no longer required or has no use. See Data Retention below.
We will share the personal data of service users with other professionals and agencies involved with their care and treatment. We will take appropriate steps to ensure that personal data is handled safely, securely, and in accordance with a user’s rights.
We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.
We do not process any payment information through the website. All payments are handled in accordance with this Policy and personal information provided to us is kept securely.
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required. Please email us to request a copy of the Data Retention policy.
Personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
We take appropriate steps to ensure the safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.
Data stored electronically may be saved on a cloud-based system which may be hosted in a different country. Your data may be transferred in accordance with the relevant data protection laws.
Rights of Data Subjects
Transition 360 recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:
Subject access requests
Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to Transition 360. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by sending an email to firstname.lastname@example.org
Right to rectification
Data subjects have the right to request that we amend or change personal information that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful – data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
Right to data portability
Data subjects have the right to obtain and request the transfer of their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you should contact the person responsible for data protection by emailing us at email@example.com.
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.
What are Cookies
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session cookies may be used to validate your access to different parts of the website.
To the extent that cookies data constitutes personally identifiable information, we process such data on the basis of your consent.
Types of Cookies
The types of Cookies we use are:
- Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
- Some cookies may be unclassified.
Cookies can be placed for a user’s session or will be persistent. See below table.
Cookies we use
The Cookies we use are shown in this table below.
|fontSize||transition360.org.uk||HTTP||Size of Font||1 Year|
Consent to Cookies
Information is also available at www.ec.europa.eu/ipg/basics/legal/cookies/index_en.html.
Questions and queries
If you have any concerns about how we handle your data, you can contact the person responsible for data protection matters by email to firstname.lastname@example.org
Changes to this policy
If you want to raise a concern about the use of your data, you can contact us by email to email@example.com. Alternatively, you can formally raise a concern or complaint to the Information Commissioner’s Office (ICO) directly on 0303 123 1113, or see the options for reporting issues on https://ico.org.uk/concerns/
Copyright © 2018 Transition 360 Limited