VOCAL is committed to protecting the privacy of carers who use VOCAL’s support services, non-carer contacts, staff and volunteers. We have a legal duty under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) to prevent unauthorized access to your personal data and to use it only for the purposes specified below. We will share personal information in specific circumstances (eg. with the Scottish Government to contribute to the Carer Census (Carers (Scotland) Act 2016), or with your consent. We must also ensure that the information we hold about you is accurate, adequate, relevant and not excessive. This statement explains how we look after your personal information and what we do with it.
VOCAL is a “data controller”. This means that we are responsible for deciding how we hold and use personal information, and what our legal basis is for doing so. Third party suppliers who store and process personal data for VOCAL are “data processors” and should only use data for purposes agreed with VOCAL as the data controller.
If you are a carer
When you make contact with VOCAL
When you request information from VOCAL, use our online referral form, return a form from our leaflets, sign up to our e-bulletin or book on to VOCAL carer training courses and events your personal information is stored on our secure systems which include:
- Case management system (CISS)
- Secure web servers
- Trusted third party service providers, for example email marketing providers, contact relationship management system and online fundraising platforms.
You may also opt-in to receive information on other VOCAL activities including fundraising, volunteering and social enterprise through our online forms or by contacting us by phone or email.
How we use your personal data
VOCAL uses your personal details to provide you with the best support and information relevant to your caring situation, and any other VOCAL activities you have told us you are interested in. We may also use it to contact you about important changes that may impact on carers or the cared for person, for example, changes in welfare rights.
All personal information provided is confidential and will not be shared unless we are required to do so or with your consent.
We do share information with third party suppliers so that they can provide us with services such as online donations, email newsletters, surveys etc. We use some third party suppliers, for example Mailchimp for email newsletters, that are based outside the European Economic Area (EEA). For your protection will ensure that they meet the requirements of UK and EU data protections laws. We also share anonymised data with our funders, local and national government for statistical and research purposes only. We will not share or sell your personal information for marketing purposes, or allow our suppliers to do so.
You do not have to provide us with any additional information unless you choose to. Where you choose not to provide all or some of this information, access to VOCAL’s services may be limited to public information available through our websites, printed information resources or through information events.
Normally the only information we hold comes directly from you. In some cases, your details may be passed to VOCAL as a referral by someone else, eg. your GP, however this can only be done with your consent.
How long do we keep your personal data?
Information is regularly checked to ensure it is accurate and up to date, and VOCAL only keeps your personal data for as long as is necessary to provide you with the support and/or information you have requested and to report to our funders (see above):
- Carer support: We will anonymise your personal information one year after your caring role has ended or earlier if you have asked us to remove it. If we have not heard from you personally for 4 years, we will contact you by post to ask if you would like to stay on our records or update your personal information.
- E-bulletins: If you receive e-bulletins and have not opened one for 12 months, we will contact you to ask if you would like to remain on the mailing list.
- Website: Data that does not affect the functioning of our website database is deleted every six months.
- Fundraising: Personal information from individuals that have made a donation or support VOCAL through fundraising or partnership will be kept for as long as you are an active donor, or deleted 2 years after your last know activity.
How to update, remove or request access to the information we hold about you
You have the right to request that the information held about you is updated or removed from VOCAL’s systems. When you make a request for your information to be removed, your name, address, contact details and case notes will be removed from our case management system within one month (some information is retained for statistical purposes only). We will take all reasonable steps to remove you from all other systems where your information is stored by us.
You have the right to a copy of all the information we hold about you. In response to a valid request VOCAL will provide a copy of all personal data held at the time the application was made. Certain data may be withheld, including third party material, if any duty of confidentiality is owed to the third party. Requests will be handled within the legal time limit of one month.
You can submit a request about any of the above by contacting VOCAL.
Third -party contacts (e.g. practitioners, suppliers, partner organisations)
What information do we collect about you?
We collect information about you when you make a referral to VOCAL, contact VOCAL by phone or email, or sign up for our practitioner e-bulletin through our website for by completing a written form. The information we collect may include your name, work email address, phone number and address, organisation, areas of interest and client group.
How your information will be used
VOCAL uses data from non-carer contacts for the purposes of:
- Professional networking and collaborative working
- Awareness raising
- Monitoring our services and reporting to our funders
- Fundraising and partnership development
We will never share or sell your personal details for marketing purposes.
How long do we keep your personal data?
Information is regularly checked to ensure it is accurate and up to date, and VOCAL only keeps your personal data for as long as is necessary to provide you with the relevant information or to continue a professional relationship/partnership. If we have not had contact with you for more than 2 years, we will contact you by email to ask if you wish to remain on our systems.
Access to your information and correction
You have the right to request a copy of the personal information we hold about you either in writing or verbally. You may also ask us to update, correct or remove any information we hold about you by contacting VOCAL using the details below. We will respond to all reasonable requests within 30 days.
Staff and volunteer recruitment
How your information will be used
Your application will be stored on VOCAL’s secure systems and we will only use this information to process and contact you regarding your application. None of the information provided will be shared with a third party unless required to do so or if you have given your consent. If you are successful, your application form and any references will be kept for your personnel file. If unsuccessful, your application will be stored for 3 months and then deleted from our systems.
You can opt out of any communication method at any time by contacting VOCAL. All our e-bulletins have the option to opt out included.
Keeping your personal information secure
Access to personal data is restricted to VOCAL staff and volunteers to provide support services, for administration, statistical reporting and finance. All staff and volunteers have individual logins and passwords and are trained in handling the information securely and what to do if they think personal data has been compromised.
We use servers based within the UK and EU, with the exception of some third party service cloud-based providers for email marketing (we use Mailchimp) and online fundraising (we use Stripe, JustGiving, BTDonate) which are located in the US. Where transfers to countries outside the EU are required for these services, we will confirm compliance with current UK/EU legislation or that similar safeguards and standards are in place.
Use of Big Data
Where VOCAL uses personal data for statistical purposes such as reports for our funders and research purposes this is generally done so using anonymised data. Exceptions to this include identification of particular groups of carers by age, condition of the person they care for, ethnicity, gender, employment status or location. We share anonymised data with local authorities, Scottish Government, NHS and other funders for statistical purposes only.
Reporting a breach of data protection
VOCAL will inform the Information Commissioner Office of any data breach that is likely to have caused the individual involved some form of damage, such as through identity theft or a confidentiality breach, or would result in discrimination, damage to reputation, financial loss or any other significant economic or social disadvantage. Where there is a high risk to the rights and freedoms of individuals, then the individual concerned will also be notified . A notifiable breach will be reported within 72 of VOCAL becoming aware of it.
Making a complaint
In line with current data protection guidelines you have the right to lodge a complaint with the supervisory authority if you feel the processing of your personal data infringes GDPR legislation. VOCAL ‘s supervisory authority is the Information Commissioners Office.
To contact VOCAL click here
Cookies cannot be used by themselves to identify you. A cookie will typically contain the name of the domain from which the cookie has come, the ‘lifetime’ of the cookie, and a value, usually a randomly generated unique number. For more information about cookies, please see www.allaboutcookies.org.
We mainly use only one type of cookies on our website:
Per session cookies, which are temporary cookies that remain in the cookies file of your browser until you leave the site. More specifically we use the following cookies which carry out the functions described:
__utma – This is a Google Analytics cookie and tracks the number of times you have visited the VOCAL’s website.
__utmb and __utmc – This is another Google Analytics cookie and acts to calculate how long you have spent on the website in each session.
__utmz – This Google Analytics cookie tracks what search engine you have visited the site from and which search terms you used to find the website.