Island Advice Centre Privacy Policy
Island Advice Centre is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the General Data Protection Regulations and the UK’s Data Protection Act 2018. We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.
When you access our services, we will collect and use your personal information in order to help solve your problems, improve our services, and campaign for wider issues in society that affect people’s lives. We will only access your information when we have good reason to do so, will only share what is necessary and relevant, and will not sell it to anyone else.
What is personal data and what do we need it for?
Personal data includes any information about you that can be used to identify you, including your name and address, date of birth, work, family, financial and health.
We need to collect this information in order to
- Keep in touch with you about your case
- Give you advice and carry out casework on your behalf
- Keep statistics about the kind of people that access our services so that we can ensure that they are open to everyone
- Report to our funders about how many people we have seen and what their circumstances are – this will be anonymised
- To deal with complaints
- To refer you to other agencies who can better advise or help you if we are unable to do so.
Consent
Some information will only be collected with your explicit consent – this includes information about your gender, ethnicity, marital status or sexual orientation. With your consent, we will also collect and store your data in order to evaluate and improve our services:
- Get feedback from you about your experience of our services
- Improve our training and other resources
We will normally only share your data with third parties with your written consent and only for the purpose of progressing your advice or case, except in certain exceptional cases for example where we suspect that someone may be at risk of serious harm we have a legal duty to disclose this to police or social services.
We will also ask your consent to allow your file to be looked at by an external reviewer for the purpose of maintaining the quality of our advice; these will always be carried out by someone we trust, who has signed a confidentiality agreement with us.
As an organisation, we are committed to achieving the best possible outcome for our clients. We strive to maintain the highest possible levels of quality across our service delivery and as such, may seek external endorsement on the quality of our work through achievement of publicly recognised quality standards. As part of this external assessment, we are required to make a sample of client files available to an independent Assessor in order for them to verify the quality of our advice and file management. External Assessors are required to maintain confidentiality in relation to your file, and it is important to note that they are assessing us as an organisation and not you as an individual. If you preferred that your file did not form part of this process, please let your adviser know so that this can be recorded on your file.
With your consent, we may also contact you from time to time in order to ask for feedback about the service you received from us.
How do we store your information?
Whether you get advice face to face, over the phone or by email, our adviser will log all your information, correspondence, and notes about your problem into our secure case management system AdvicePro. Information will only be uploaded when a consent form is signed or legitimate interest is established. All data is held within the UK on servers based in Dundee and Aberdeen. All storage is secure, and their hosting provider has GDPR procedures in place. Advice Pro has a notification process in place for any breach and provides appropriate tools to allow all customers to properly enact the right to erasure process. Their full privacy policy is available to read on the below link.
https://www.advicepro.org.uk/privacy-policy/
If you have seen our adviser at a GP surgery session, the data and case notes are stored on a different case management system called Salesforce. Salesforce limits exposure of data to its users and implements appropriate security controls. Information is again put on when a consent form is signed or when legitimate interest is established. Their full privacy policy is available to read on
https://www.salesforce.com/uk/gdpr/platform/
Other information may be held on our IT systems stored in our secure server or on emails stored by Microsoft Office 365. Paper records of your case may be kept in locked offices or filing cabinets and securely shredded once they have been uploaded to one of our case management systems.
We will keep your information for 6 years after which time it will be deleted. We keep data for this length of time in case it is subject to a complaint or insurance claim.
More information about how we manage your data
Our data controller is Suna Mala who can be contacted on admin@island-advice.org.uk. For further information, please ask to see our Data Protection Policy.
By clicking continue, you are acknowledging that you have read and understood our privacy policy.