Lifecraft is committed to protecting and respecting your privacy. This statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This statement covers whether you are using our service, interested in volunteering, making a donation or just browsing our website.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

If you do not agree to our processing of your data in the manner described below please do not submit any personal data to us.

Lifecraft may change this privacy notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective September 2020.  By using our website, you’re agreeing to be bound by this privacy notice.

Who We Are

Lifecraft is a mental health charity based in Cambridge, Lifecraft is a registered charity (1048144) and our address is Lifecraft, The Bath House, Gwydir Street, Cambridge CB1 2LW.

Contact Us

Any questions regarding this privacy notice and our privacy practices should be sent by email to: info@Lifecraft.org.uk with the subject line “Privacy Policy”. Alternatively you can contact us by post to the address above.

What type of information is collected from you

We obtain information about you when you use our website for example, when you contact us about our services, to make a donation, when you visit our website, to work in partnership with us in any capacity, to volunteer or work with us, to fundraise, or if you registered to receive one of our regular e-newsletters.

The personal information we collect might include, but is not limited to , your name, address, email address, date of birth, IP address and information regarding what pages are accessed and when.  We collect all/some of the above information depending on the product or service that you wish to access and/or your reason for making contact with us. If you make a donation online or purchase a product/service from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.

We ask for information about age, disability, gender, religious beliefs, employment status and ethnicity to help us with equal opportunities monitoring.  You are not required to give us this information, but by choosing to do so you consent to the processing of this information by us.

We do not obtain data about you from any third party without your knowledge or consent.

A special note about the Sensitive Personal Information we hold   

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.

If you contact us Lifecraft you may choose to provide details of a sensitive nature. We will treat that information with extra care and confidentiality

We will only use this information:

• For the purposes of dealing with your enquiry, providing you with support, training, and quality monitoring or evaluating the services we provide.
• We will not pass on your details to anyone else without your express permission except in exceptional circumstances.
• Where you have given us your explicit consent that you are happy for us to share your story for publicity or fundraising purposes.

The legal basis for collecting your data

Lifecraft adheres to the Information Commissioner’s Office (ICO) guidance in respect of the lawfulness of processing data as per below: The bases on which we process your personal data are:

1. Consent of the data subject
2. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
3. Processing is necessary to protect the vital interests of a data subject or another person
4. Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

How your information used

The above information is collected by Lifecraft to ensure that the services provided are accessible and for monitoring and evaluation purposes.

We may use your information to:

1. To administrate our Membership and provide services for our Members.
2. Provide you with the advice and support you’ve asked us for.
3. Provide or administer activities relating to all our services.
4. To respond to those using our helpline services requesting help and support.
5. To be able to respond to incoming training, partnership, consultancy, informal partnership, volunteering, fundraising, donor and research enquiries effectively.
6. To communicate with you about our activities and ways that you can support us, e.g. fundraising, volunteering, purchasing products and services, accessing new and existing services.
7. To process and thank donors and/or fundraisers and to claim Gift Aid on donations where consent has been given.

 

National Data Opt-Out

Lifecraft is one of many organisations working in the health and care system to improve care for patients and the public.

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  On this web page you will:

• See what is meant by confidential patient information
• Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
• Find out more about the benefits of sharing data
• Understand more about who uses the data
• Find out how your data is protected
• Be able to access the system to view, set or change your opt-out setting
• Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
• See the situations where the opt-out will not apply

You can also find out more about how patient information is used at:

https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2021 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care.

Lifecraft is currently compliant with the national data opt-out policy.

Who we share information with/who has access to your information

Any information you provide is us is held in strictest confidence. We will never sell or rent your data to another organisation. We will not release your information to third parties unless you have requested us to do so, or we are required to do so by law or for reasons of safety, or to comply with our safeguarding, confidentiality and risk assessment policies and processes.

If we ever need to send data to a third party working on our behalf e.g. a mailing house, we will make sure the company we use has signed a data processing agreement with us, so that they are bound to take care of your data in the same way we do.

Donations

Donations are managed via a link to the secure fundraising sites PayPal, Just Giving or EveryClick, who are responsible for personal information collected related to your donation including to financial transactions. Please refer to their terms and conditions and privacy policy published on https://www.everyclick.com/about-everyclick/privacy-policy, https://www.justgiving.com/info/privacy-policy-versions/privacy-policy-v30, and https://www.paypal.com/uk/webapps/mpp/givingfund/policies

When using these donation platforms you can choose to share your information with us, we may use this information to thank you for your donation.

Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below.

• Access to your personal information:You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.  Please make all requests for access in writing, and provide us with evidence of your identity.
• Right to object:You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.  Please contact us as noted above, providing details of your objection.
• Consent:If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
• Rectification:You can ask us to change or complete any inaccurate or incomplete personal information held about you.
• Erasure:You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
• Portability:You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
• Restriction:You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
• No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.  You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law.  You also have certain rights to challenge decisions made about you.  We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to exercise any of these rights or make a complaint, you can do so by contacting us.  You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, https://ico.org.uk/ The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Data Retention

Lifecraft requires that different types of records be retained for a specific period of time to comply with UK legislation and good practice.   All records whether physical or digital are covered by this policy.

This guidance is intended to ensure that Lifecraft meets its obligations under the Data Protection Act 2018 and keep records and documents only for as long as necessary. Data is cleansed each year according to this schedule. All data is securely disposed of following NHS guidelines.

Organisational Records

Type Of Record	Retention Period
Annual Accounts & Annual Review	Permanent
Audit Reports and Financial Records inc. Payroll & Legacy Data, Pension Data	7 years
Board Reports, Board Minutes	Permanent
Contracts and Joint Venture Agreements	7 years after expiry of contract
Corporate Risk Register	Permanent
Employers’ Liability Insurance Certificate	40 years
Health & Safety Records	7 years (unless hazardous = permanent)
Insurance Data	7 years after lapse/settlement
Invoice – Capital Item	10 years
Policy Statements	Permanent

Personal Data

Type Of Record	Retention Period	Reason for Retention
Staff Emails	Up to 7 years	Essential business continuity
Support Emails	6 months	To deliver continuity of service
Tax including Gift Aid	7 years	To comply with HMRC regulations
Volunteer Records & Data	1 year post cessation of volunteering	For supply of references
Employee/Personnel Records	9 months after employment ceases	For references and business continuity
Counselling Service Records	7 years	To comply with BABCP, BACP guidance
Incidents, Complaints Data (including accident data)	7 years	To comply with Charity Commission guidance
Membership Data	7 years after death of Member	Essential business continuity
Membership Data (where process is not completed)	6 months	To comply with Data Protection guidance
Proof of Postage Receipts	1 year	Essential business continuity
Recruitment data	6 months post application	For monitoring purposes & HR compliance
Fundraisers and donors	Up to 7 years	To comply with Charity Commission guidance

 

Security precautions in place to protect the loss, misuse or alteration of your information

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Lifecraft ensures the compliance of its staff and volunteers through training and supervision and has systems and policies in place with regard to data protection and confidentiality and relevant associated legislation.

Newsletter Sign Up

As part of the registration process for our mailing list, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right; and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses.

We use a third party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.

You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing communication@lifecract.org.uk

Transferring information overseas

We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.

In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:

1. the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
2. the transfer has been authorised by the relevant data protection authority; and/or
3. we have entered into a contract with the organisation with which we are sharing your information to ensure you information is adequately protected.

Our Website and Cookies

We use cookies to make this website as useful to you as possible. They are small text files we put in your browser to track usage of our site but they don’t tell us who you are.

What are cookies?

A cookie is a piece of data/text file that is placed in your computer’s memory when you visit a website. The information the cookie contains is set by a website’s server and, depending on the type of cookie, may be used each time you visit the website. Cookies are widely used to make websites work, or work more efficiently for you, the user, as well as to provide companies with information about traffic through the website.
Cookies are designed to remember things that you have done on a website in the past, which can include logging in, or clicking on links. This can save you time when you visit a website more than once.
Cookies can be used by websites in many ways:

• To remember your preferences
• To remember your password
• To find out what the website doesn’t do well and make improvements to it in future
• Allow you to share pages with social networks like Facebook
• They can also help us to see how many people are visiting our website and which pages are the most popular

Cookies are not dangerous. They are not computer programs and cannot be used to circulate viruses. They are not used to identify you personally. In fact, we will not associate any data gathered from the cookies on this site with any personally identifying information from any source.

Types of cookies

Session (or Transient) Cookies: Session cookies are stored in your computer’s memory for the length of your browsing session. They become inaccessible after the session has been inactive for a time and are automatically deleted from your computer when the browser is closed. They allow you to move from page to page without having to log in repeatedly.

Persistent (or Permanent) Cookies: Persistent cookies are cookies that are stored on your computer’s memory and not deleted when the browser is closed. They are used to remember your preferences for the website for next time you visit. They are also used to collect information about the numbers of visitors, and the average time spent on a particular page. We use this information to find out how the well the website works and where it can be improved.

Flash Cookies (or Locally Shared Objects): You probably have Adobe Flash installed on your computer. Websites that contain Flash can also store small files on your computer that are used in the same way as cookies.
Flash cookies can back up the data stored in other cookies. When you delete cookies, your Flash cookies are not affected, which means that a website may still recognise you if it backed up the deleted cookie information on a Flash cookie.

 

Opting out of Flash Cookies: If you’d like to control the use of Flash cookies on your computer, Adobe’s website offers tools to do this. If you use Mozilla Firefox to browse the internet, you can use an add-on to find and delete Flash cookies.

Advertising on other websites: We do not collect or use your data in any way to affect your online experience on any other website.

Sharing with social networks: If you use the buttons that allow you to share products and content with your friends via social networks, such as Twitter and Facebook, these companies may set a cookie on your computer memory. Find out more about these here:
https://www.facebook.com/about/privacy/
https://twitter.com/privacy

http://www.google.com/intl/en-GB/policies/privacy/

Which cookies do we use?

Cookies used by us

Google Analytics: When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Google’s privacy policy can be found at: http://www.google.co.uk/intl/en/policies/privacy/.

Cookie Law Info, WordPress plugin: Used to record that a visitor has accepted the website cookie policy and to prevent the notification from being displayed each time a new page is viewed. Cookie Law Info uses a cookie called viewed_cookie_policy.

Facebook: For information about how Facebook use your data visit: http://en-gb.facebook.com/help/cookies/
Cookies used by us – Third party cookies
Share buttons (Facebook, Twitter)

YouTube cookies: We may embed videos from a YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more, please see YouTube’s privacy policy.

What happens if I opt out of all cookies?

Nothing changes – you will still be able to browse our website.

How do I opt out of cookies?

When you logged on to this website, you should have seen a notification about the use of cookies with the option to accept or deny cookies from this site. You can also manage the cookies that you allow on your computer through the internet browser that you use. There are instructions on how to manage your cookies using the most popular internet browsers below.

Find out which internet browser you use :
On a PC: click on ‘Help’ at the top of your browser window and select ‘About’.
On an Apple Mac: click on the Apple menu and select ‘About’ (make sure the browser is open).

Opting out of cookies: Whichever internet browser you use it should provide the ability to limit your use of cookies.  The documentation for your browser will contain instructions on how to do this.

Opting out of Flash Cookies: If you’d like to control the use of Flash Cookies on your computer, Adobe’s website offers tools to do this.
If you use Mozilla Firefox to browse the internet, you can use an add-on to find and delete Flash Cookies.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, you can also visit www.aboutcookies.org or www.allaboutcookies.org

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout

You can read about the EU e-Privacy Directive and the UK’s Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 at www.ico.gov.uk

We may update our privacy policy from time to time, so would advise that you check it each time you visit the website.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy notice applicable to the website in question.