170 Community Project is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the General Data Protection Act 2018. We are dedicated to safeguarding the personal information entrusted to us and to developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the Data Protection Regulation.
When you access our services we will collect and use your personal information in order to help us to provide you with our services, monitor our service delivery and campaign for wider issues in society that affect people’s lives. Only authorised members of staff will access your information when we have good reason to do so. We will only share what is necessary and relevant with your consent and will not sell it to anyone else.
What is personal data and what do we need it for?
Some information will only be collected with your explicit consent – this includes information about your gender, ethnicity, marital status, health or sexual orientation.
We will normally only share your data with third parties with your informed consent and only for the purpose of progressing your advice or case. In certain exceptional cases for example where we suspect that someone may be at risk of serious harm we have a legal duty to disclose this to police or social services.
170 is committed to achieving the best possible outcome for our clients. We strive to maintain the highest possible levels of quality across our service delivery. As such, we may seek external endorsement of the quality of our work through the achievement of publicly recognised quality standards.
We will also ask your consent to allow your file to be looked at by our external advice monitoring bodies (Advice Services Alliance & OISC) for the purposes of ensuring the quality of our advice. These inspections will always be carried out by authorised individuals who comply with our confidentiality policy. It is important to note that they are assessing us as an organisation and not you or your circumstances.
If you would prefer that your file did not form part of this process please let your adviser know so that this can be recorded on your file.
With your consent we may also contact you from time to time in order to ask for feedback about the service you received from us.
How do we store your information?
Whether you get advice face to face, over the phone or by email, our adviser will log all your information, correspondence, and notes about your problem on Advice Lewisham’s secure case management system (AdvicePro) to which only authorised staff have access. Information will only be entered on the system when consent is established. All data is held within the UK on servers based in Dundee and Aberdeen. All storage is secure and AdvicePro’s hosting provider has GDPR procedures in place. Advice Pro has a notification process in place for any breach and provides appropriate tools to allow all customers to properly enact the right to erasure process.
Other information may be held on our IT systems stored in our secure server or on emails stored by Microsoft Office 365. Paper records of your case may be kept in locked filing cabinets and securely shredded once they have been uploaded to one of our case management systems.
We will keep your information for 6 years after which time it will be deleted. We keep data for this length of time in case it is subject to complaint or insurance claim.
More information about how we manage your data
Our data controller is Jon Wicken who can be contacted on email@example.com.
For further information please ask to see our Data Protection Policy.