Privacy statement for clients
Hibiscus Initiatives (Hibiscus) is committed to protecting and respecting your privacy. We are committed to protecting your personal information and making every effort to ensure that it is processed in a fair, open, and transparent manner.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will use it.
For the purpose of the Data Protection Act 2018 (General Data Protection Regulations (GDPR), the data controller is Hibiscus Initiatives (Charity Registration number 1104094) of Resource for London, 356 Holloway Rd. London N7 6PA United Kingdom.
PERSONAL DATA WE MAY COLLECT FROM YOU
We collect and process the following data about you:
- Information that you provide to us at your assessment or information that another agency has provided to us following your consent. This information is used to develop your support plan.
- Further information you provide to us over the course of your support. This will be recorded in your case notes to help us work with you on your support plan.
- If you contact us, we keep a record.
- Information you provide when booking for Hibiscus’s events or training courses.
- Information you provide when responding to a consultation or survey run by Hibiscus.
WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you will be stored as follows:
- Within our electronic database which is dual password protected.
- Within our internal computer server on password-protected computers and folders.
- In hard copy version in personal folders within locked filing cabinets in secure offices and accessible by only those that have direct responsibility for your case.
- In the events attendance diary.
HOW WE USE YOUR PERSONAL DATA
We use information held about you in the following ways:
- So that we can jointly identify goals and strategies to achieve in your support plan.
- To maintain contact with you.
- So that we can report on organizational outputs and outcomes to demonstrate the success and failures of our services overall and to generally maintain our organizational records.
- To provide you with information about support you can receive from public and voluntary organizations and the criminal justice system including our own services that may be of interest to you.
- To allow you to participate in activities, events, and training courses.
- To notify you about changes to our service.
We may communicate with you by email, telephone, letter, or other reasonable means with updates and information about goods and services we believe may be of interest to you.
LEGAL BASIS FOR USING YOUR INFORMATION
In some cases, we will only use your personal information where we have your consent. For example, because you want us to share your information with a partner agency who can provide you with additional or complementary services.
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Hibiscus to process your information to help you achieve the objectives, we have together established in your support plan.
As an additional aspect to GDPR, we will also obtain your signed agreement to holding your information on a legitimate basis. This will be undertaken at your assessment meeting prior to us recording information to develop your support plan.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance
DISCLOSURE OF YOUR PERSONAL DATA
We will only disclose your information to a third party should we believe there is a legal requirement. For example, if we identify a safeguarding issue that must be reported to the appropriate authority or if a court of law requires us to disclose certain types of information.
ACCESS TO YOUR PERSONAL DATA
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting the Data Protection Officer (DPO) at Hibiscus Initiatives at Resource for London, 356 Holloway Rd. London N7 6PA United Kingdom on 020 7697 4120 or e–mailing GDPR@hibiscus.org.uk If you are unhappy with the response we provide you can make a complaint to the data protection supervisory authority, the Information Commissioner’s Office (ICO), https://ico.org.uk/: using the complaints procedure on the ICO web site.
Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing and provide us with evidence of your identity.
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
- Consent: If you have given us your consent to use personal information (for example, for marketing or to forward your information to another provider), you can withdraw your consent at any time.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
IP ADDRESSES AND COOKIES
Cookies are pieces of data created when you visit a site and contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, either temporarily or permanently. Cookies do not contain any personal information about you and cannot be used to identify an individual user. The purpose of cookies is to make the interaction between users and websites faster and easier.
- To estimate our audience size and usage pattern.
- To speed up your searches.
- To recognise you when you return to our site.
EXTERNAL LINKS ON OUR WEBSITE
Our site may, from time to time, contain links to external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you no longer wish to be contacted by Hibiscus, please also email GDPR@hibiscus.org.uk with the word ‘Unsubscribe’ in the email subject.
Should you have a complaint or other concerns about Hibiscus information rights practices please contact Hibiscus in the first instance at GDPR@hibiscus.org.uk, or at our head office on 020 7697 4120. If our response proves unsatisfactory, you have the option of contacting the Information Commissioner’s Office. Please see https://ico.org.uk/concerns for more information.