Privacy

Policy

Tenterden Social Hub Customer Privacy Policy

 

 

Statement

Tenterden Social Hub (registered as Tenterden & District Day Centre) and EC30 understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Date:  April 2022.

1. Information about us

Tenterden & District Day Centre (operating as Tenterden Social Hub) and EC30

Registered charity, registered under charity number 1122971
Private Limited Company, registered in England under company number 06478170
Registered address: Church Road, Tenterden, Kent, TN30 6AT
Data Protection Officer: Lindsay Franklin

Deputy Officer: Lisa Stockton
Email address: hub@tsh.org.uk
Telephone number: 01580 762882
Postal Address: Tenterden Social Hub, Church Road, Tenterden, Kent, TN30 6AT

We are regulated by the ISO9001. Information Commissioners Office (ICO) Reference Number: Z8633769

2. Privacy Notice

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3. Personal Data – an explanation

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is any information that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out in Part 5, below.

4. Data protection rights

Under GDPR laws, you have the following rights, which we will always work to uphold:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances

Rights relating to automated decision-making and profiling. We do not use your personal data in this way

 

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details below.

5. Personal Data collection

We may collect some or all of the following personal data (this may vary according to your relationship with us) and provided by you.

  • Name

  • Date of birth

  • Address

  • Email address

  • Telephone number

  • Business name

  • Job title

  • Profession

  • Payment information

  • Member health information, including medications

We only collect the information we need to work with and use.

6. ​How we use Personal Data

Under GDPR rules, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:

  • Providing and managing your account, including invoicing and billing

  • Supplying our products and services to you. Your personal details are required in order for us to enter into a contract with you

  • Communicating with you. This may include responding to emails or calls from you

  • Supplying you with information by email and post that you have opted-in to (you may unsubscribe or opt-out at any time by clicking an unsubscribe link or contacting us)

  • For mandatory member Health Care Plans that we are required to update regularly and for keeping our members safe

With your permission and where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone or post with information and news on our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

​You are able to remove your consent at any time. You can do this using the contact details below.

7. Retention of personal data

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. We need to keep personal data to allow us to communicate with you in our day to day operations to service your requests as a Customer, so we will always hold personal information about you as long as there is a relationship. We also need to hold personal data for our records after a relationship is finished for no longer than 6 years depending on whether this is a statutory requirement (eg Safeguarding).

8. Storing and transfer of personal data

We store or transfer data within the UK and Ireland, this data will be fully protected under the GDPR or to equivalent standards by law. We do not use or transfer your data outside of the UK

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

  • necessary safety routines for avoiding virus attacks or other threats that could be harmful to the IT-environment

  • necessary security routines for all IT-equipment/software

  • a control system based on user authorisation, which enables identification of user identity (through the usage of passwords or such) and prevents unauthorised use of or access to the processed Personal Data

  • automatic back-up routines, including storage of back-up copies, as well as

  • destruction or other means of eradication of all media that has contained Personal Data that no longer is used

  • any data held in hard copies are held securely in locked storage and only accessible to limited individuals

  • access to personal data shall be limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of data

We keep personal data for no longer than is necessary for the purposes for which it was processed, or if the information is being kept for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

9. Sharing of personal data

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or on the instructions of a government authority.

10. How can I access my personal data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.​ All subject access requests should be made in writing and sent to the email or postal addresses shown below. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

​11. Destruction of data

Electronic data is erased so that the information is not recoverable and is deleted from back-up copies. Cloud based storage will be destroyed in consultation with our specialist IT provider. Destruction of hard copies will be undertaken by shredding of documents and via a third party who collects and disposes of this securely.

12. Contact us

To contact us about anything to do with your personal data and data protection, including to make a subject access request, or withdraw consent, please use the following details (for the attention of Chief Executive Officer):

Email address: hub@tsh.org.uk
Telephone number: 01580 762882
Postal Address: Tenterden Social Hub, Church Road, Tenterden, Kent, TN30 6AT

13. Complaints

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office;       

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Please visit www.ico.org.uk for full information or call 0303 123 113

15. National data-opt out

The national data opt-out was introduced on 25 May 2018, enabling patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian in her Review of Data Security, Consent and Opt-Outs

To help the NHS respond to coronavirus, information may be used for coronavirus research purposes even if you have chosen not to share it. Any information used will be shared appropriately and lawfully. Patients can view or change their national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by clicking on "Your Health" in the NHS App, and selecting "Choose if data from your health records is shared for research and planning".

 

14. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be made available here on our website.