Lifecraft is committed to protecting and respecting your privacy. This statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This statement covers whether you are using our service, interested in volunteering, making a donation or just browsing our website.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
If you do not agree to our processing of your data in the manner described below please do not submit any personal data to us.
Lifecraft may change this privacy notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective March 2019. By using our website, you’re agreeing to be bound by this privacy notice.
Who We Are
Lifecraft is a mental health charity based in Cambridge and Newmarket, Lifecraft is a registered charity (1048144) and our address is Lifecraft, The Bath House, Gwydir Street, Cambridge CB1 2LW.
What type of information is collected from you
We obtain information about you when you use our website for example, when you contact us about our services, to make a donation, when you visit our website, to work in partnership with us in any capacity, to volunteer or work with us, to fundraise, or if you registered to receive one of our regular e-newsletters.
The personal information we collect might include, but is not limited to , your name, address, email address, date of birth, IP address and information regarding what pages are accessed and when. We collect all/some of the above information depending on the product or service that you wish to access and/or your reason for making contact with us. If you make a donation online or purchase a product/service from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
We ask for information about age, disability, gender, religious beliefs, employment status and ethnicity to help us with equal opportunities monitoring. You are not required to give us this information, but by choosing to do so you consent to the processing of this information by us.
We do not obtain data about you from any third party without your knowledge or consent.
A special note about the Sensitive Personal Information we hold
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
If you contact us Lifecraft you may choose to provide details of a sensitive nature. We will treat that information with extra care and confidentiality
We will only use this information:
- For the purposes of dealing with your enquiry, providing you with support, training, and quality monitoring or evaluating the services we provide.
- We will not pass on your details to anyone else without your express permission except in exceptional circumstances.
- Where you have given us your explicit consent that you are happy for us to share your story for publicity or fundraising purposes.
The legal basis for collecting your data
Lifecraft adheres to the Information Commissioner’s Office (ICO) guidance in respect of the lawfulness of processing data as per below: The bases on which we process your personal data are:
- Consent of the data subject
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Processing is necessary to protect the vital interests of a data subject or another person
- Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
How your information used
The above information is collected by Lifecraft to ensure that the services provided are accessible and for monitoring and evaluation purposes.
We may use your information to:
- To administrate our Membership and provide services for our Members.
- Provide you with the advice and support you’ve asked us for.
- Provide or administer activities relating to all our services.
- To respond to those using our helpline services requesting help and support.
- To be able to respond to incoming training, partnership, consultancy, informal partnership, volunteering, fundraising, donor and research enquiries effectively.
- To communicate with you about our activities and ways that you can support us, e.g. fundraising, volunteering, purchasing products and services, accessing new and existing services.
- To process and thank donors and/or fundraisers and to claim Gift Aid on donations where consent has been given.
Who we share information with/who has access to your information
Any information you provide is us is held in strictest confidence. We will never sell or rent your data to another organisation. We will not release your information to third parties unless you have requested us to do so, or we are required to do so by law or for reasons of safety, or to comply with our safeguarding, confidentiality and risk assessment policies and processes.
If we ever need to send data to a third party working on our behalf e.g. a mailing house, we will make sure the company we use has signed a data processing agreement with us, so that they are bound to take care of your data in the same way we do.
When using these donation platforms you can choose to share your information with us, we may use this information to thank you for your donation.
You have various rights in respect of the personal information we hold about you – these are set out in more detail below.
- Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
- Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
- No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to exercise any of these rights or make a complaint, you can do so by contacting us. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, https://ico.org.uk/.
Lifecraft requires that different types of records be retained for a specific period of time to comply with UK legislation and good practice. All records whether physical or digital are covered by this policy.
This guidance is intended to ensure that Lifecraft meets its obligations under the Data Protection Act 2018 and keep records and documents only for as long as necessary. Data is cleansed each year according to this schedule. All data is securely disposed off following NHS guidelines.
|Type Of Record||Retention Period|
|Annual Accounts & Annual Review||Permanent|
|Audit Reports and Financial Records inc. Payroll & Legacy Data, Pension Data||7 years|
|Board Reports, Board Minutes||Permanent|
|Contracts and Joint Venture Agreements||7 years after expiry of contract|
|Corporate Risk Register||Permanent|
|Employers’ Liability Insurance Certificate||40 years|
|Health & Safety Records||7 years (unless hazardous = permanent)|
|Insurance Data||7 years after lapse/settlement|
|Invoice – Capital Item||10 years|
|Type Of Record||Retention Period||Reason for Retention|
|Staff Emails||Up to 7 years||Essential business continuity|
|Support Emails||6 months||To deliver continuity of service|
|Tax including Gift Aid||7 years||To comply with HMRC regulations|
|Volunteer Records & Data||1 year post cessation of volunteering||For supply of references|
|Employee/Personnel Records||9 months after employment ceases||For references and business continuity|
|Counselling Service Data||7 years||To comply with BABCP, BACP guidance|
|Incidents, Complaints Data (including accident data)||7 years||To comply with Charity Commission guidance|
|Membership Data||7 years after death of Member||Essential business continuity|
|Proof of Postage Receipts||1 year||Essential business continuity|
|Recruitment data||6 months post application||For monitoring purposes & HR compliance|
|Fundraisers and donors||Up to 7 years||To comply w. Charity Commission guidance|
Security precautions in place to protect the loss, misuse or alteration of your information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Lifecraft ensures the compliance of its staff and volunteers through training and supervision and has systems and policies in place with regard to data protection and confidentiality and relevant associated legislation.
Newsletter Sign Up
As part of the registration process for our mailing list, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right; and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses.
We use a third party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.
You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing email@example.com
Transferring information overseas
We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
- the transfer has been authorised by the relevant data protection authority; and/or
- we have entered into a contract with the organisation with which we are sharing your information to ensure you information is adequately protected.
Our Website and Cookies
What are cookies?
A cookie is a piece of data/text file that is placed in your computer’s memory when you visit a website. The information the cookie contains is set by a website’s server and, depending on the type of cookie, may be used each time you visit the website. Cookies are widely used to make websites work, or work more efficiently for you, the user, as well as to provide companies with information about traffic through the website.
Cookies are designed to remember things that you have done on a website in the past, which can include logging in, or clicking on links. This can save you time when you visit a website more than once.
Cookies can be used by websites in many ways:
- To remember your preferences
- To remember your password
- To find out what the website doesn’t do well and make improvements to it in future
- Allow you to share pages with social networks like Facebook
- They can also help us to see how many people are visiting our website and which pages are the most popular
Cookies are not dangerous. They are not computer programs and cannot be used to circulate viruses. They are not used to identify you personally. In fact, we will not associate any data gathered from the cookies on this site with any personally identifying information from any source.
Types of cookies
Session (or Transient) Cookies :Session cookies are stored in your computer’s memory for the length of your browsing session. They become inaccessible after the session has been inactive for a time and are automatically deleted from your computer when the browser is closed. They allow you to move from page to page without having to log in repeatedly.
Persistent (or Permanent) Cookies: Persistent cookies are cookies that are stored on your computer’s memory and not deleted when the browser is closed. They are used to remember your preferences for the website for next time you visit. They are also used to collect information about the numbers of visitors, and the average time spent on a particular page. We use this information to find out how the well the website works and where it can be improved.
Flash Cookies (or Locally Shared Objects): You probably have Adobe Flash installed on your computer. Websites that contain Flash can also store small files on your computer that are used in the same way as cookies.
Flash cookies can back up the data stored in other cookies. When you delete cookies, your Flash cookies are not affected, which means that a website may still recognise you if it backed up the deleted cookie information on a Flash cookie.
Opting out of Flash Cookies: If you’d like to control the use of Flash cookies on your computer, Adobe’s website offers tools to do this. If you use Mozilla Firefox to browse the internet, you can use an add-on to find and delete Flash cookies.
Advertising on other websites: We do not collect or use your data in any way to affect your online experience on any other website.
Sharing with social networks: If you use the buttons that allow you to share products and content with your friends via social networks, such as Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
Which cookies do we use?
Cookies used by us
Facebook: For information about how Facebook use your data visit: http://en-gb.facebook.com/help/cookies/
Cookies used by us – Third party cookies
Share buttons (Facebook, Twitter)
What happens if I opt out of all cookies?
Nothing changes – you will still be able to browse our website.
How do I opt out of cookies?
Find out which internet browser you use :
On a PC: click on ‘Help’ at the top of your browser window and select ‘About’.
On an Apple Mac: click on the Apple menu and select ‘About’ (make sure the browser is open).
Opting out of Flash Cookies: If you’d like to control the use of Flash Cookies on your computer, Adobe’s website offers tools to do this.
If you use Mozilla Firefox to browse the internet, you can use an add-on to find and delete Flash Cookies.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout
You can read about the EU e-Privacy Directive and the UK’s Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 at www.ico.gov.uk
Links to other websites
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy notice applicable to the website in question.