Privacy policy

1: INTRODUCTION  

Project55^(UK) [The Company] registered in June 2024 as a not-for-profit limited by guarantee, Community Interest Company. We are registered with the Regulator of Community Interest Companies and Companies House [Registration Number: 15768187]. We are also registered with the Information Commissioners Office [Registration: ZB792851], and we comply with the Data Protection Act [DPA] 2018 and the UK General Data Protection Regulation (GDPR) requirements to secure and protect data. The privacy and security of personal information is essential, and this Privacy Notice sets out –

a. What we collect.

b. How we collect it.

c. What we do with personal information and your rights in relation to the information we hold about you in accordance with the Data Protection Act [DPA] 2018 and the UK General Data Protection Regulation (GDPR) requirements.

d. Consent, confidentiality and disclosure. 

e. How we keep your information secure.

f. We do not share or sell personal data and do not engage with direct marketing emails unless specifically asked for information.

2: SERVICES 

We offer a range of core services and take a holistic approach to positive change. We collaborate with individuals, families, and groups on preventative measures and post-incident interventions to reduce crime, violence, exploitation, and abuse and create safer places to live, work, and socialise.

3: COMMITMENT  

We value privacy and confidentiality, and as the Data Controller, we adhere to a strict regime. Transparency is as important to us as it is to those who use the services we provide. Personal data will be processed in accordance with GDPR UK and the DPA 2018, and clients will be informed of what will be shared, with whom, and how, which will assist in forming the next steps. The Company does not share information outside of the organisation unless we have consent, although this is waived if there is a legal requirement to do so to limit a severe risk of harm. The Company only uses your data to ensure we can provide the best service and support; we do not sell your data. Data also assists in administering and managing business needs, including quality control and audits; it processes funding applications, furthers the Community Interest Company’s aims and objectives, and generates progress reports on the services and support carried out by the Company, including fraud prevention and money laundering checks, undertake credit risk reduction activities and/or to establish, defend or enforce legal claims. We are committed to transparency to meet our client services and obligations to the regulators, governing bodies and other services used to support the business.

4: THE INFORMATION WE COLLECT 

a. Personal data is available from the first point of contact and may consist of several streams of information depending on the type of contact used. The Company will only collect information when there is an apparent reason to do so.

b. Initial contact – Name, Contact details, and Pronoun.

c. Additional contact may include – Date of Birth and Relationship status. 

d. Sensitive data is only required on a need-to-know basis, dependent on service requirements [Section 5]. 

e. Marketing—Information about events, activities, or services will be available on the website or social media channels.

f. Data from any financial payment for services, donations or sponsorships will only be used for that purpose. 

5: SPECIAL CATEGORIES OF PERSONAL DATA 

a. Article 9 UK GDPR: Some aspects of personal information are considered to be sensitive and fall under ‘special category data’, which typically includes race, ethnicity, political views, and religious or philosophical beliefs. Additional categories include health, revealing trade union membership, sex life, sexuality, and genetic information. 

b. Some special categories of personal data may be collected via our Equality, Diversity, and Inclusion anonymous monitoring process. For a more specific reason or service, we may require more targeted information about health, race, nationality, ethnicity, religious beliefs, political views, trade union membership, sex life or sexuality, or genetic/biometric information. Should this type of information be required, it will be discussed beforehand.

c. CareCheck completes the Standard or Enhanced Disclosure and Baring Screening (DBS) recruitment process on behalf of the Company, and occasionally, the biometric information service may be used.

6: COLLECTING DATA

We use a range of contact services, including in person, at an event, direct email, website messaging, and phone, which may lead to SMS messages. Postal correspondence may allude to additional data. We may also receive referrals from one of our various networks or social media posts. Each process is likely to create a data footprint consisting of direct and indirect data. Anything shared online is likely to be controlled by cookies [Section 11/12], and everyone is advised to be aware of what this means. 

7: HOW WE USE PERSONAL DATA

We use personal data for several purposes –

a. Demographics – we may not be providing a service where it is needed.

b. To create bespoke services.

c. To widen our network of professional services and to collaborate with other organisations.

d. For recruitment purposes.

7.1: Legitimate Use of Personal Information –

The Client: 

a. To maintain contact and records. 

b. To provide and administer services, information, products or events.

c. To respond to all communication – enquiries/complaints/updates.

d. To safeguard clients and all team members – paid, volunteers, freelancers, contractors or sub-contractors.

The Team: 

a. To process applications for employment or volunteering opportunities.  

b. Maintain records for all personnel – paid, volunteers, freelancers, contractors or sub-contractors

c. Identify skill gap training,

d. Quality control.

The Website/Social Media: 

a. To ensure that the website and social media outlets are populated with the correct information.

b. To ethically screen personal data via the website to conduct due diligence and research to improve services.

c. To understand how we can improve our services, products or information through analysis, market research and auditing.

d. To administer the website and its social media outlets for research, statistical information, surveys, and general administration functions. 

e. To display content appropriate to the use of a mobile device or a computer. 

f. To monitor the website, identify visitor location, guard against disruptions, website traffic and/or personalise information.

g. The use of Cookies will apply; therefore, check what permissions are agreed to.

8: ACCESSIBILITY TOOLS

a. The Company website signposts users to external third-party information to assist with accessibility requirements, such as vision, hearing, or neurodiversity. The links are for information purposes and outside of our control, so please read any ‘cookie consent’ carefully. 

       My Computer My Way: https://mcmw.abilitynet.org.uk/  

       Microsoft accessibility tools: Accessibility Technology & Tools | Microsoft Accessibility 

b. Each site will have its privacy policy, which users are reminded to check to find out what information is stored and shared with other parties.

c. The Company does not collect data from this process.

9: STORING, PROTECTING and PROCESSING DATA

a. Information will be managed and stored securely in ways to prevent unlawful or unauthorised access, loss, damage, destruction or deletion.

b. The majority of documents and information will be stored electronically; hard copies will be limited and scanned where possible.

c. Access to any file/information is on a need-to-know basis.  

d. Technology-assisted security protects our online information with regular updates and checks to maintain the security of our systems. 

e. Hardcopy files are secured in a locked cabinet.

f. The Recruitment, Administration, and Management Privacy Policy states that the CareCheck Disclosure and Barring Service [data processor] applies to all personnel, freelancers, and contractors who provide a service, whether paid or voluntary.

g. The Company pays for the process, and no team member [paid or voluntary], including those 16 years of age, can perform duties without a satisfactory Standard or *Enhanced DBS.

h. Only personnel holding an Enhanced DBS will work with children under 18 and will have access to that data.

10: RETAINING PERSONAL INFORMATION 

The Company adheres to various legal requirements for retaining personal data within the parameters of legitimacy and for storing information for its intended purpose while using our services.

Data Protection Principles: Data Protection Act 2018

a. Information will be used fairly, lawfully, transparently and only for specified, explicit purposes.

b. Information will be accurate and up-to-date.

Clients can expect to be –

a. Informed of how their data is being used.

b. Can access their data – transparency.

c. Any incorrect data will be updated on notification.

d. Client files are kept for two years after the last date of service use; this allows clients to request information or to return within that period. 

e. Information no longer needed will be deleted and removed from the system.

f. To exercise your data rights, please refer to Sections 12 and 13.

11: HOW to CONTACT US

Contact us directly if you have any questions about your data.

Email: info@project55.uk

Mobile: +44 (0) 7766 116 430 

12: THE LAWFUL BASIS FOR COLLECTING AND USING YOUR DATA  

The Company respects the privacy of others. Under UK data protection law, which means we must have a “lawful basis” for collecting and using your personal information. ‘Necessary or Essential Cookies’ are required for the site’s core functionality and will be preset. Other cookies are optional [Section 13] *Cookies can identify information about website activity and the device used, including the IP address and geographical location. For more information, please visit the Information Commissioner’s Office (ICO) for further information about data protection rights and the exemptions that may apply to this site and third-party links and websites Cookies | ICO. 

Consent: We have your permission after we have given you all the relevant information. All of your data protection rights may apply, except the right to object, although consent can be withdrawn at any time.

Contract: We need to collect or use the information to enter into or conduct a contract with you. All of your data protection rights may apply, except the right to object.

Legal obligation: We must collect or use your information to comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object, and the right to data portability.

Legitimate interests: We collect or use your information because it benefits you, our organisation or someone else without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. To ensure all parties understand what is required and that personal information will be used for transparency and support. For further information, read  Section 7

Vital interests: The processing of your personal information is necessary to address a vulnerable situation, protect life, and prevent serious harm to yourself or someone else.

Public information: Where we process personal information which you have already made public.

13: YOUR DATA RIGHTS ALSO INCLUDE 

Your right of access – You have the right to ask us for copies of your personal information and to request other information, such as details about where we get personal information from and who we share personal information with. There are some exemptions, which means you may not receive all the information you ask for.

Your right to rectification You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

Your right to erasure You have the right to ask us to delete your personal information.

Your right to restriction of processing You have the right to ask us to limit how we can use your personal information.

Your right to object to processing You have the right to object to the processing of your data.

Your right to data portability You have the right to ask that we transfer the personal information you gave us to another organisation or you.

Your right to withdraw consent When we use consent as our lawful basis you have the right to withdraw your consent at any time.

Data protection rights request To make a request, please use the contact details at the bottom of this privacy notice. We must respond to you without undue delay and, in any event, within one month.

14: COOKIES

Strictly Necessary: These cookies are essential for you to move around the website and use its features, such as accessing secure areas and cannot be deleted.

Performance – Optional:These cookies collect information about how visitors use a website, such as which pages they go to most often and whether they get error messages from web pages. They do not collect information that identifies a visitor. All information these cookies collect is aggregated and, therefore, anonymous.

Functionality – Optional:These cookies allow the website to remember choices you make [such as your username, language or the region you are in] and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages you can customise. They may also be used to provide services you have asked for, such as watching videos or commenting on a blog. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.

Targeting/Advertising – Optional:These cookies are used to deliver ads more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and help measure the effectiveness of the advertising campaign.

15: HOW to CONTROL and DELETE COOKIES 

Cookies can be managed through the browser help function, although mobile devices may differ.  Do take time to consider your options before proceeding. Some examples are provided below – 

Chrome: Turn cookies on or off – Computer – Google Account Help

Firefox: Enhanced Tracking Protection in Firefox for Desktop | Firefox Help

Internet Explorer: http://support.microsoft.com/kb/278835

Microsoft Edge: Microsoft Edge, browsing data, and privacy – Microsoft Support