The Moira Anderson Foundation
Data protection privacy notice
This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your time at the Foundation and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Who collects the information
The Moira Anderson Foundation (‘Company’) is a ‘data controller’ and gathers and uses certain information about you.
Data protection principles
We will comply with the data protection principles when gathering and using personal information, as set out in our data protection policy.
About the information we collect and hold
We may collect the following information during your time at the Foundation:
- Your name, contact details (i.e. address, home and mobile phone numbers, email address);
- Information about you including your date of birth, gender and employment status;
- Your nationality;
- Information regarding your physical and mental health as well as any medication you may be taking and your GP’s information;
- Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs;
- A brief history of the reason why you have decided to attend the Foundation and a signature to confirm your agreement of attendance;
- COVID-19 UPDATE: We may need to process additional health information for reasons of public interest in the area of public health, including protecting against serious cross-border threats to health where we have a legal duty of confidentiality to our clients.
How we collect the information
We may collect this information from you, any organisation who may have referred you and/or any organisation you are working with.
Why we collect the information and how we use it
We will typically collect and use this information for the following purposes (other purposes that may also apply are explained in our data protection policy).
- for the purposes of our legitimate interests
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.
How we may share the information
With your consent we may share some of the above categories of personal information with other parties, such as medical professionals or other voluntary organisations we advise to refer you on to. The recipient of the information will be bound by confidentiality obligations.
In exceptional circumstances, we may also be required to share some personal information without your consent in order to follow our Adult Protection procedures. An example of this would be an instance where we believe there is actual or suspected risk of harm to you or another person.
Where information may be held
Information will be held within our offices. We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our data protection policy.
How long we keep your information
We keep your information during and after your time at the Foundation for no longer than is necessary for the purposes for which the personal information is processed.
Your rights to correct and access your information and to ask for it to be erased
Please contact our Data Protection Officer (DPO) Gillian Urquhart who can be contacted by email at email@example.com or by phone on 01236 602890, if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask our Data Protection Officer for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Data Protection Officer will provide you with further information about the right to be forgotten, if you ask for it.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
ABOUT THE INFORMATION WE COLLECT AND HOLD
|The information we collect||How we collect the information||Why we collect the information||How we use and may share the information|
|Your name, contact details (ie address, home and mobile phone numbers, email address) ☐||From you||To contact you when deemed necessaryLegitimate interest||To contact you when deemed necessary (ie for appointments)To refer you to third party organisations|
|Your nationality ☐||From you||Legitimate interest||To use for statistical analysis|
|Information about your physical and mental health ☐||From you, from your doctors, from medical and occupational health professionals we engage||Legitimate interests: to ensure safe working practicesTo best provide the correct services for you||Information shared with your doctors, with medical and occupational health professionals we engage|
|Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs||From you||To compile reports to secure grants||To compile reports to secure grants|
|General information about you (such as date of birth, gender and employment status)||From you||Legitimate interests: to maintain records||For staff administration and for grant reporting purposes|
|Brief History and Signature||From you||To ensure we are giving you the right services that will be most beneficial to youTo ensure that you are aware of and agree to the information provided||To ensure you receive the correct services|
|Covid 19 – details of additional health information||From you||To comply with Track and Trace legislation||To reduce the risk of spreading Covid 19. We may share with Public Health Scotland|
You are required (by law) to provide the categories of information marked ‘☐’ above to us to enable us to verify your involvement with the Foundation.