VOCAL is committed to protecting the privacy of carers who use VOCAL’s support services, non-carer contacts, staff and volunteers. We have a legal duty under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) to prevent unauthorized access to your personal data and to use it only for the purposes specified below. We must also ensure that the information we hold about you is accurate, adequate, relevant and not excessive. This statement explains how we look after your personal information and what we do with it.
VOCAL is a “data controller”. This means that we are responsible for deciding how we hold and use personal information, and what our legal basis is for doing so. Third party suppliers who store and process personal data for VOCAL are “data processors” and should only use data for purposes agreed with VOCAL as the data controller.
If you are a carer
When you make contact with VOCAL
When you request information from VOCAL, use our online referral form, return a form from our leaflets, sign up to our e-bulletin or book on to VOCAL carer training courses and events your personal information is stored on our secure systems which include:
- Case management system (CISS)
- Secure website servers
- Trusted third party service providers,
(for example email marketing providers, contact relationship management system and online fundraising platforms.)
You may also opt-in to receive information on other VOCAL activities including fundraising, volunteering and social enterprise through our online forms or by contacting us by phone or email.
How we use your personal data
VOCAL uses your personal details for the following purposes:
- Carer support (identity/contact details, financial information, health information) – to provide carer support services and deliver positive outcomes for carers.
- Carer engagement (identity/contact details) – to provide carers with opportunities to shape support and services relevant to themselves and the person they care for.
- Awareness raising (images, case studies) – to increase awareness of carers, carer issues and availability of carer support services in the community.
- Reporting and monitoring (postcode, date of birth, ethnicity, gender, caring role, CHI number) – to comply with contractual obligations with our funders, local authorities and government (anonymised data only) and to monitor and develop VOCAL carer support services.
- Fundraising (identity/contact details, financial information) – to support fundraising for the continuation and development of VOCAL carer support services.
All personal information provided is confidential and will be used only for the purposes stated above. We will share personal information in specific circumstances (eg. with the Scottish Government to contribute to the Carer Census (Carers (Scotland) Act 2016), or with your consent. We use some trusted third party suppliers who provide us with services such as carer surgeries, online donations, email newsletters, surveys etc. Some suppliers, for example Mailchimp who we use for our email newsletters, are based outside the European Economic Area (EEA). For your protection will ensure that they meet the requirements of UK and EU data protections laws. We will never sell your details for marketing purposes or allow any of our suppliers to do so.
You do not have to provide us with any additional information unless you choose to. Where you choose not to provide all or some of this information, access to VOCAL’s services may be limited to public information available through our websites, printed information resources or through information events.
Normally the only information we hold comes directly from you. In some cases, your details may be passed to VOCAL as a referral by someone else, eg. your GP, however this can only be done with your consent.
How long do we keep your personal data?
Information is regularly checked to ensure it is accurate and up to date, and VOCAL only keeps your personal data for as long as is necessary to provide you with the support and/or information you have requested and to report to our funders (see above):
- Carer support: We will anonymise your personal information one year after your caring role has ended or earlier if you have asked us to remove it. If we have not had contact with you for 4 years, we will contact you by post to ask if you would like to stay on our records or update your personal information.
- E-bulletins: If you receive e-bulletins and have not opened one for 12 months, we will contact you by email to ask if you would like to remain on the mailing list.
- Websites: Personal data that does not affect the functioning of our websites database is deleted every six months.
- Fundraising: Personal information from individuals that have made a donation or support VOCAL through fundraising or partnership will be kept for as long as you are an active donor, or deleted 2 years after your last known activity.
How to update, remove or request access to the information we hold about you
You have the right to request that the information held about you is updated or removed from VOCAL’s systems. When you make a request for your information to be removed, your name, address, contact details and case notes will be removed from our case management system within one month (some information is retained for statistical purposes only). We will take all reasonable steps to remove you from all other systems where your information is stored by us.
You have the right to a copy of all the information we hold about you. In response to a valid request VOCAL will provide a copy of all personal data held at the time the application was made. Certain data may be withheld, including third party material, if any duty of confidentiality is owed to the third party. Requests will be handled within the legal time limit of one month.
You can submit a request about any of the above by contacting VOCAL (details below).
Non-carer contacts (e.g. practitioners, suppliers, partner organisations)
What information do we collect about you?
We collect information about you when you make a referral to VOCAL, contact VOCAL by phone or email, or sign up for our practitioner or employer e-bulletin through our website or by completing a written form. The information we collect may include your name, work email address, phone number and address, organisation, areas of interest and client group.
How we use your information
VOCAL uses data from non-carer contacts for the purposes of:
|Purpose/Activity||Type of data||Lawful basis for processing|
||Necessary for our legitimate interests (to raise awareness of issues affecting carers and VOCAL carer support services)|
|Professional networking and collaborative working||
||Necessary for our legitimate interests (to raise awareness of issues affecting carers, develop carer support services and meet organisation aim of positive outcomes for carers)|
|Reporting and monitoring||
||Necessary for our legitimate interests (to monitor referral sources and develop support communication with partner organisations)|
|Fundraising and partnership development||
||Necessary for our legitimate interests (to raise funds to allow continuation of carer support services)|
We will never share or sell your personal details for marketing purposes.
How long do we keep your personal data?
Information is regularly checked to ensure it is accurate and up to date, and VOCAL only keeps your personal data for as long as is necessary to provide you with the relevant information or to continue a professional relationship/partnership. If we have not had contact with you for more than 2 years, we will contact you by email to ask if you wish to remain on our systems.
Access to your information and correction
You have the right to request a copy of the personal information we hold about you either in writing or verbally. You may also ask us to update, correct or remove any information we hold about you by contacting VOCAL using the details below. We will respond to all reasonable requests within 30 days.
Staff and volunteer recruitment
How we use your personal information
When you apply for a post at VOCAL, your application will be stored on VOCAL’s secure systems and we will only use this information to process and contact you regarding your application. None of the information provided will be shared with a third party unless required to do so or if you have given your consent.
If you are successful, your application form and any references will be kept for your personnel file. If unsuccessful, your application will be stored for 3 months and then deleted from our systems.
You can opt out of any communication method at any time by contacting VOCAL. All our e-bulletins have the option to opt out included.
Keeping data secure
Access to personal data is restricted to VOCAL staff and volunteers to provide support services, for administration, statistical reporting and finance. All staff and volunteers have individual logins and passwords and are trained in handling the information securely and what to do if they think personal data has been compromised.
We use servers based within the UK and EU, with the exception of some third party service cloud-based providers for email marketing (we use Mailchimp) and online fundraising (we use Stripe, JustGiving, BTDonate) which are located in the US. Where transfers to countries outside the EU are required for these services, we will confirm compliance with current UK/EU legislation or that similar safeguards and standards are in place.
Use of Big Data
Where VOCAL uses personal data for statistical purposes such as reports for our funders and research purposes this is generally done so using anonymised data. Exceptions to this include identification of particular groups of carers by age, condition of the person they care for, ethnicity, gender, employment status or location. We share anonymised data with local authorities, Scottish Government, NHS and other funders for statistical purposes only.