DATA PROTECTION NOTICE

We take your privacy very seriously and are committed to protecting your personal information. We aim to be clear and open about our data and security practices.

Where we ask you to provide us with any information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement, and in line with the General Data Protection Regulation (GDPR) 2018.

1. Who are we?

The Civil Service Retirement Fellowship (CSRF) is a charity registered in England and Wales No.255465 and in Scotland No.SC039049 and a company limited by guarantee in England and Wales No.6297479. We collect, hold and use personal information to maintain contact with our subscribers and those individuals who have an expressed an interest in hearing about our charitable activities and services.

2. What are your Data Protection Rights?

In all cases you have the:

2.1 ‘Right to be informed’ whether or not we process your information and how that information is stored and used by us.

2.2 ‘Right to access’ your information at any time by submitting a ‘Subject Access Request (SAR)’ to the data protection lead. Information will be provided to you within a month of your request being received and on.

2.3 ‘Right to correct’ the information we hold about you if it is incorrect or incomplete.

2.4 ‘Right to delete’ the information we hold about you, this being termed the ‘right to be forgotten’. It is not always possible to delete all information due to legal reasons or processing requirements, but where this is the case this will be explained to you further.

2.5 ‘Right to restrict processing’ of your information at any time by contacting us. This may be to change how you support us and how we contact you in the future.

2.6 ‘Right to port (move)’ the information you have provided to us to another organisation. We will provide this to you in a form that is accessible to another organisation.

2.7 ‘Right to object’ to any processing where you feel appropriate consents have not been sought by ourselves. In these circumstances we will investigate your concerns and the decisions we have made accordingly.

2.8 ‘Right to object to automated decision making’ where your data is processed by machines and decisions made without human intervention. This is also applicable to profiling where decisions may be made automatically to evaluate certain things about you.

To request further information on your rights or to request a change as per your rights above, please contact the Data Protection Lead on [email protected] 

3. How and when we collect information about you

We collect information in the following ways:

3.1 When you give it to us directly
You may give us your details when you sign up as a subscriber/member, call our office with an enquiry, volunteer with us, tell us your story, make a donation or communicate with us. 

3.2 When you give it to us indirectly
You may give information to us indirectly when you sign up to events such as the London Marathon or contribute to the CSRF via fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do so when you have indicated that you wish to support the CSRF and with your consent. You should check their privacy policy when you provide your information to understand fully how they will process your data.

3.3 When you use our website
Like most websites, we use ‘cookies’ to help us make our site, and the way you use it better. Cookies means that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields.

As well as this, cookies can tell us the type of device you’re using to access our website and the settings on that device may provide us with information including what type of device it is, what operating system you’re using, what your device settings are, and why a crash has happened. This information helps us understand how people are using our website and show us how to make it better.

Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

3.4 When you access the CSRF's social media
We might also obtain your personal data through your use of social media such as Facebook and Twitter depending on your settings or the privacy policies of these social media messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this:

facebook.com/legal/FB_Work_Privacy
twitter.com/en/privacy

4) What information do we collect and how do we use it?
The type and quantity of information we collect and how we use it depends on why you are providing it.

4.1 Subscribers/Donors
If you sign up as a subscriber or choose to make a donation we may collect:

- Your name
- Your contact details
- Your date of birth
- Your bank or credit/debit card details (which will be processed on our behalf by

We will use your data to:

- Process your subscription, administer your donation or support your fundraising and participation in our activities, including processing Gift Aid
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Manage feedback or complaints we receive from you

We will not:

- Sell your data to another organisation

4.2 Volunteers
Our Volunteers make a real difference to the lives of our beneficiaries in the many ways they choose to support us – this may be in visiting an older person at home, providing regular friendship services via the telephone, or by running one of our local community groups. To become one you will need to provide information to allow us to assess your suitability for a particular role, to provide training and to correspond with you about your chosen role and provide additional information about the CSRF.

The types of information we may collect include:

- Your basic contact details including your name, address, date of birth, telephone number and email address;
- Your bank details will be required in order for you to claim expenses;
- Your photo will be required for identification purposes when carrying out some volunteering roles;
- Details of any Next of Kin/trusted contact and any special needs we may need to be aware of for Health and Safety purposes;
- Details of any referees that support your application to become a Volunteer.

Your data is stored securely on the CSRF's systems, and the systems of third parties who we currently have a working relationship with. In these circumstances appropriate data protection agreements will be in place with any third party organisation safeguarding any information they may have access to. Sensitive data is only available internally to those staff that needs to view it as part of their job role.

We will only use your data for administering your volunteering role with the CSRF and also for keeping you informed of the work that is being carried out by other areas of the organisation.

4.3 Beneficiaries of our befriending services
Our befriending services are a vital resource which allows us to alleviate loneliness in the many older people we support – this being accomplished by providing regular telephone calls and face-to-face visits throughout the United Kingdom through the help of our network of dedicated volunteers.

In order for us to carry out these services we need to collect, store and process a variety of information about you, some of which will be personal and special category (sensitive) information. The types of information we may collect include:

- Your basic contact details including your name, address, date of birth, telephone number, email address and any emergency contact information;
- Information about any health, medical and disability issues, including any mobility problems which may affect the types of services we can provide;
- Information about your property, its location e.g. rural, city etc., and whether other individuals live at the property this helps us to manage the risks to any potential visitors;
- Information of any pets you may have for health and safety purposes of our visitors;
- Any interests and hobbies you may have in order for us to deliver the services to you of most value; and
- Additional information may be collected to enable us to provide personal support, this being decided on a case-by-case basis and discussed with the individual at the time.

4.4 Employees and Job Applicants
We collect and process personal information as part of an individual’s working relationship with the organisation. 

4.5 Suppliers
We will store contact and financial details of suppliers in order to manage and process contracts and payments.

5. Direct Marketing

We only want to contact individuals who want to hear from us in the ways that they have told us. Our Data Consent forms have clear marketing preference questions and we include information on how to opt out when we send you marketing.

If you have given us your consent to contact you by email, telephone and post, we may contact you for the purposes outlined on the form using that channel. We may also contact you by email or telephone for administration purposes (e.g. where you make a donation OR about your subscription).

If you have provided us with your postal address then we may send you direct mail for fundraising or about new services unless you told us that you would prefer not to hear from us in this way.

With your consent, we may contact you to let you know about new charitable services and to ask for donations or other support. If you don’t want to hear from us, that’s fine. Just let us know when you provide your details, click the ‘unsubscribe’ link in any email we send or contact us at [email protected].

We do not sell or share any personal details to third parties for the purposes of marketing.

6. Keeping your information up to date

We want to make sure that any personal information we hold about you is accurate and up to date. Please contact us to correct or remove information you think is inaccurate.

7. How we keep your data safe and who has access

The CSRF stores all the information held about you on its own systems located at its head office in London, which is within the European Economic Area and protected by the Data Protection Act and other associated legislation.

We may engage the services of third-party processors and on occasion these may reside outside of the European Economic Area. Where this happens appropriate Data Protection agreements will be in place with any third-party before any processing of your data is carried out. All data processed with third party Data Processors will be deleted upon completion of any work carried out.

The CSRF takes the security of your data very seriously. The organisation has internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees and volunteers (in the case of our local community groups) in the performance of their duties. This includes strict access controls and security of its network and databases (and the information within), and rigorous change controls to ensure only those people who have a need to view, amend or process your information, can do.

By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

8. Links to other websites

Our website may contain links to other websites of interest. However, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

9. Your rights/access to information (Subject Access Request)

GDPR gives you the right to access a copy of the information we hold about you. Additionally, you have additional rights to request from us that:

- any inaccurate information we hold about you is corrected
- your information is deleted
- we stop using your personal information for certain purposes

If you make a request, we will need you to prove your identity with 2 pieces of approved identification
(such as a passport and a utility bill no older than 3 months). Once we have this, we will aim to respond to you
within one month. We will not charge you for this service unless the request is ‘manifestly unfounded or excessive or repetitive’.

10. Contacting us

If you have any questions or comments about this Privacy Notice, please contact our
Data Protection Lead

Write to:
Data Protection Lead
The CSRF
Unit 11, Pepys House
Greenwich Quay
Clarence Road
LONDON SE8 3EY

Email: [email protected]

Phone: 020 8691 7411

If you have a complaint we cannot resolve, you have the right to complain to the Information Commissioner's Office, which is the statutory regulator for data protection matters. The Information Commissioners offer can be contacted at https://ico.org.uk/concerns

The CSRF may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

Website Provider

Your data may also be available to our website provider to enable us and them to carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services.  This may include connecting data we receive from you on the website to data available from other sources.  Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are deemed to outweigh their legitimate interests in developing new services for us.  In the case of this activity the follow will apply:

  1. a)   Your data will be made available to our website provider
  2. b)  The data that may be available to them include any of the data we collect as described in above.
  3. c)   Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. d)  They will store your data for a maximum of 6 years.
  5. e)   This processing does not affect your rights as outlined in this privacy policy