Beyond the Horizon Charity Privacy Notice for children, young people and families
Beyond the Horizon Charity (BTHC) is committed to complying with the terms of the European General Data Protection Regulation (GDPR) made on 25 May 2018, and to the responsible and secure use of your personal data. BTHC has a legitimate interest in processing personal data in order to provide counselling services. The purpose of this statement is to let you know what personal information Beyond the Horizon Charity collects and holds, why we collect this data, how long it is kept and your rights over your personal data. BTHC is registered with the Information Commissioner’s Office (ICO), reference ZA126454. The Beyond the Horizon Charity Data Protection Officer is the CEO.
Beyond the Horizon Charity as a body is a DATA CONTROLLER under the Data Protection Act and the Trustees are ultimately responsible for the implementation of the Data Protection and Data Retention Policy.
Beyond the Horizon Charity relies on Consent as the lawful basis for processing personal data.
- Our privacy notices are clear, and written in plain, age-appropriate language.
- We use child friendly ways of presenting privacy information.
- We explain to children why we require the personal data we have asked for, and what we will do with it, in a way which they can understand.
- We tell children what rights they have over their personal data in language they can understand.
- As a matter of good practice, if we are relying upon parental consent then we offer two different versions of our privacy notices; one aimed at the holder of parental responsibility and one aimed at the child.
1. Information about the child/young person
Parental/guardian/other consent is obtained for any data processing activity where the child/young person is under 18 yrs.
1.1 When relying on consent, we make sure that the child and their parent/guardian/other understands what they are consenting to. We collect personal information from when an enquiry is made about our counselling services to assess whether our service is appropriate. This information includes contact details, child’s name, Date of Birth, school attended, GP details, family history and other relevant personal information. Brief notes regarding Counselling may also be kept. We will ask the parent/guardian/other whether they agree to us processing their information during our first contact with them (usually over the telephone). They will be asked to sign a consent form at the point of assessment. Personal data is stored securely for 7 years or until the young person reaches 18 years of age whichever is the longest period and then destroyed. Files for children who are in the care of the local authority or where there has been a safeguarding concern will be retained for the life of the charity.
1.2 Upon receiving an enquiry about counselling, getting advice, fundraising or volunteering at BTHC we ask for contact details and relevant personal information that is needed to answer enquiries and to keep clients informed about the support that they are requesting and/or any upcoming activities. Unless counselling support is given and we need to retain it for longer (see 1.1), this type of data is stored securely for 2 years, after which it is erased.
2. Our use of this information
2.1 Personal information will be used only to provide clients with our services and to give information relating to our services. We will not share personal details with any other person or organisation without the client’s knowledge and permission, unless there is a risk of substantial harm to the client or others or a perceived risk of harm or under a legal requirement e.g. terrorism, drug money laundering, or via a court order for disclosure.
2.2 We will never publish or post any identifying information or photographs of clients where they can be identified on Social Media.
3.1 We will take all reasonable precautions to prevent the loss, misuse or alteration of information given to us.
3.2 Communications in connection with this service may be sent by e-mail. Any email sent from BTHC that includes personal or sensitive data will be sent in an encrypted form or will be anonymised (it will not be possible to identify the data subject). We consider e-mail, unless encrypted, is not a fully secure means of communication and we can’t be responsible for the security of incoming emails from other parties. Whilst we endeavour to keep our systems and communications protected against viruses and other harmful effects, we cannot bear responsibility for all communications being virus-free.
3.3 Any data breach will be reported to the ICO within 72 hours by the Data Protection Officer.
4. Your rights over your personal data
4.1 We will only record and use sensitive personal data with the clients’ explicit consent.
4.2 Clients have the right to ask for personal data to be erased and may withdraw consent for personal data to be collected/processed. It will not be possible for us to continue ongoing support if consent is withdrawn.
4.3 Clients have the right to data portability and can request and reuse personal data for their own purposes.
4.4 Clients have the right of access and can request to see information that is being held on them. This request should be made to Beyond the Horizon Charity in writing and data will be available for collection by appointment within one month of the request and free of charge.
If you would like to see the information we hold about you, would like to correct, update or delete any records, or if you have any concerns about our use of your data, please contact the office. We will do our utmost to resolve any concerns you have, but if these are not resolved to your satisfaction, you may choose to contact the ICO.
If you need any further information please contact us at Beyond the Horizon Charity, Holy Cross Centre, Beauchamp Road, Billesley, Birmingham, B13 0NS. Tel: 0121 444 5454.