Lifecraft is committed to protecting and respecting your privacy. This statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This statement covers whether you are using our service, interested in volunteering, making a donation or just browsing our website.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
If you do not agree to our processing of your data in the manner described below please do not submit any personal data to us.
Lifecraft may change this privacy notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective September 2020. By using our website, you’re agreeing to be bound by this privacy notice.
Who We Are
Lifecraft is a mental health charity based in Cambridge and Newmarket, Lifecraft is a registered charity (1048144) and our address is Lifecraft, The Bath House, Gwydir Street, Cambridge CB1 2LW.
What type of information is collected from you
We obtain information about you when you use our website for example, when you contact us about our services, to make a donation, when you visit our website, to work in partnership with us in any capacity, to volunteer or work with us, to fundraise, or if you registered to receive one of our regular e-newsletters.
The personal information we collect might include, but is not limited to , your name, address, email address, date of birth, IP address and information regarding what pages are accessed and when. We collect all/some of the above information depending on the product or service that you wish to access and/or your reason for making contact with us. If you make a donation online or purchase a product/service from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
We ask for information about age, disability, gender, religious beliefs, employment status and ethnicity to help us with equal opportunities monitoring. You are not required to give us this information, but by choosing to do so you consent to the processing of this information by us.
We do not obtain data about you from any third party without your knowledge or consent.
A special note about the Sensitive Personal Information we hold
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
If you contact us Lifecraft you may choose to provide details of a sensitive nature. We will treat that information with extra care and confidentiality
We will only use this information:
- For the purposes of dealing with your enquiry, providing you with support, training, and quality monitoring or evaluating the services we provide.
- We will not pass on your details to anyone else without your express permission except in exceptional circumstances.
- Where you have given us your explicit consent that you are happy for us to share your story for publicity or fundraising purposes.
The legal basis for collecting your data
Lifecraft adheres to the Information Commissioner’s Office (ICO) guidance in respect of the lawfulness of processing data as per below: The bases on which we process your personal data are:
- Consent of the data subject
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Processing is necessary to protect the vital interests of a data subject or another person
- Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
How your information used
The above information is collected by Lifecraft to ensure that the services provided are accessible and for monitoring and evaluation purposes.
We may use your information to:
- To administrate our Membership and provide services for our Members.
- Provide you with the advice and support you’ve asked us for.
- Provide or administer activities relating to all our services.
- To respond to those using our helpline services requesting help and support.
- To be able to respond to incoming training, partnership, consultancy, informal partnership, volunteering, fundraising, donor and research enquiries effectively.
- To communicate with you about our activities and ways that you can support us, e.g. fundraising, volunteering, purchasing products and services, accessing new and existing services.
- To process and thank donors and/or fundraisers and to claim Gift Aid on donations where consent has been given.
National Data Opt-Out
Lifecraft is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.
Lifecraft is currently compliant with the national data opt-out policy.
Who we share information with/who has access to your information
Any information you provide is us is held in strictest confidence. We will never sell or rent your data to another organisation. We will not release your information to third parties unless you have requested us to do so, or we are required to do so by law or for reasons of safety, or to comply with our safeguarding, confidentiality and risk assessment policies and processes.
If we ever need to send data to a third party working on our behalf e.g. a mailing house, we will make sure the company we use has signed a data processing agreement with us, so that they are bound to take care of your data in the same way we do.
When using these donation platforms you can choose to share your information with us, we may use this information to thank you for your donation.
You have various rights in respect of the personal information we hold about you – these are set out in more detail below.
- Access to your personal information:You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
- Right to object:You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
- Consent:If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
- Rectification:You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure:You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
- Portability:You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Restriction:You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
- No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to exercise any of these rights or make a complaint, you can do so by contacting us. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, https://ico.org.uk/ The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
Lifecraft requires that different types of records be retained for a specific period of time to comply with UK legislation and good practice. All records whether physical or digital are covered by this policy.
This guidance is intended to ensure that Lifecraft meets its obligations under the Data Protection Act 2018 and keep records and documents only for as long as necessary. Data is cleansed each year according to this schedule. All data is securely disposed of following NHS guidelines.
|Type Of Record||Retention Period|
|Annual Accounts & Annual Review||Permanent|
|Audit Reports and Financial Records inc. Payroll & Legacy Data, Pension Data||7 years|
|Board Reports, Board Minutes||Permanent|
|Contracts and Joint Venture Agreements||7 years after expiry of contract|
|Corporate Risk Register||Permanent|
|Employers’ Liability Insurance Certificate||40 years|
|Health & Safety Records||7 years (unless hazardous = permanent)|
|Insurance Data||7 years after lapse/settlement|
|Invoice – Capital Item||10 years|
|Type Of Record||Retention Period||Reason for Retention|
|Staff Emails||Up to 7 years||Essential business continuity|
|Support Emails||6 months||To deliver continuity of service|
|Tax including Gift Aid||7 years||To comply with HMRC regulations|
|Volunteer Records & Data||1 year post cessation of volunteering||For supply of references|
|Employee/Personnel Records||9 months after employment ceases||For references and business continuity|
|Counselling Service Records||7 years||To comply with BABCP, BACP guidance|
|Incidents, Complaints Data (including accident data)||7 years||To comply with Charity Commission guidance|
|Membership Data||7 years after death of Member||Essential business continuity|
|Membership Data (where process is not completed)||6 months||To comply with Data Protection guidance|
|Proof of Postage Receipts||1 year||Essential business continuity|
|Recruitment data||6 months post application||For monitoring purposes & HR compliance|
|Fundraisers and donors||Up to 7 years||To comply with Charity Commission guidance|
Security precautions in place to protect the loss, misuse or alteration of your information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Lifecraft ensures the compliance of its staff and volunteers through training and supervision and has systems and policies in place with regard to data protection and confidentiality and relevant associated legislation.
Newsletter Sign Up
As part of the registration process for our mailing list, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right; and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses.
We use a third party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.
You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing firstname.lastname@example.org
Transferring information overseas
We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
- the transfer has been authorised by the relevant data protection authority; and/or
- we have entered into a contract with the organisation with which we are sharing your information to ensure you information is adequately protected.
Our Website and Cookies
What are cookies?
A cookie is a piece of data/text file that is placed in your computer’s memory when you visit a website. The information the cookie contains is set by a website’s server and, depending on the type of cookie, may be used each time you visit the website. Cookies are widely used to make websites work, or work more efficiently for you, the user, as well as to provide companies with information about traffic through the website.
Cookies are designed to remember things that you have done on a website in the past, which can include logging in, or clicking on links. This can save you time when you visit a website more than once.
Cookies can be used by websites in many ways:
- To remember your preferences
- To remember your password
- To find out what the website doesn’t do well and make improvements to it in future
- Allow you to share pages with social networks like Facebook
- They can also help us to see how many people are visiting our website and which pages are the most popular
Cookies are not dangerous. They are not computer programs and cannot be used to circulate viruses. They are not used to identify you personally. In fact, we will not associate any data gathered from the cookies on this site with any personally identifying information from any source.
Types of cookies
Session (or Transient) Cookies: Session cookies are stored in your computer’s memory for the length of your browsing session. They become inaccessible after the session has been inactive for a time and are automatically deleted from your computer when the browser is closed. They allow you to move from page to page without having to log in repeatedly.
Persistent (or Permanent) Cookies: Persistent cookies are cookies that are stored on your computer’s memory and not deleted when the browser is closed. They are used to remember your preferences for the website for next time you visit. They are also used to collect information about the numbers of visitors, and the average time spent on a particular page. We use this information to find out how the well the website works and where it can be improved.
Flash Cookies (or Locally Shared Objects): You probably have Adobe Flash installed on your computer. Websites that contain Flash can also store small files on your computer that are used in the same way as cookies.
Flash cookies can back up the data stored in other cookies. When you delete cookies, your Flash cookies are not affected, which means that a website may still recognise you if it backed up the deleted cookie information on a Flash cookie.
Opting out of Flash Cookies: If you’d like to control the use of Flash cookies on your computer, Adobe’s website offers tools to do this. If you use Mozilla Firefox to browse the internet, you can use an add-on to find and delete Flash cookies.
Advertising on other websites: We do not collect or use your data in any way to affect your online experience on any other website.
Sharing with social networks: If you use the buttons that allow you to share products and content with your friends via social networks, such as Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
Which cookies do we use?
Cookies used by us
Facebook: For information about how Facebook use your data visit: http://en-gb.facebook.com/help/cookies/
Cookies used by us – Third party cookies
Share buttons (Facebook, Twitter)
What happens if I opt out of all cookies?
Nothing changes – you will still be able to browse our website.
How do I opt out of cookies?
Find out which internet browser you use :
On a PC: click on ‘Help’ at the top of your browser window and select ‘About’.
On an Apple Mac: click on the Apple menu and select ‘About’ (make sure the browser is open).
Opting out of Flash Cookies: If you’d like to control the use of Flash Cookies on your computer, Adobe’s website offers tools to do this.
If you use Mozilla Firefox to browse the internet, you can use an add-on to find and delete Flash Cookies.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout
You can read about the EU e-Privacy Directive and the UK’s Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 at www.ico.gov.uk
Links to other websites
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy notice applicable to the website in question.