This policy provides the following:
- Information about cookies
- Cookies we set on our site.
Information about cookies
What is a cookie?
A cookie is a small amount of data, which often includes a unique identifier, that is sent to your computer or mobile device (hereafter referred to as “device”) browser from a website’s server and is stored on your device’s hard drive. Each website or third-party service provider used by the website can send its own cookie to your browser if your browser’s preferences allow it but, to protect your privacy, your browser only permits a website or third-party service provider to access the cookies it has already sent you, not the cookies sent to you by other sites or other third-party service providers. A cookie will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences.
What is a browser?
A browser is an application that allows you to surf the internet. The most common browsers are Chrome, Internet Explorer, Firefox, and Safari. Most browsers are secure and offer quick and easy ways to delete information like cookies. Please see the section below Change your Browser Settings.
What do cookies do?
Cookies record information about your online preferences and allow us to tailor the website to your interests. Information supplied by cookies can help us to analyse your use of our site and help us to provide you with a better user experience. For example, you may choose to personalise the content of a website to see the latest news and weather for your region. To do this, a cookie is placed on your device to remember where you live so that we deliver the information that has been requested by you. This is a prime example of how cookies are used to improve your experience of a website.
Change your Browser Settings
You can choose how cookies are handled by your device via your browser settings. The most popular browsers allow users to a) accept all cookies, b) notify you when a cookie is issued or c) to not receive cookies at any time. If you choose not to receive cookies at any time the website may not function properly and certain services will not be provided, spoiling your experience of the website. Each browser is different so check the “Help” menu of your browser to learn how to change your cookie preferences.
Cookies we set on our website:
The Pankhurst Trust uses the following cookies to enhance your website experience:
Cookie-agreed this allows our website to recognise that you have previously agreed to allow our cookies on your device.
noticeModalAccepted this tells us that you have seen and accepted the ‘Being safe’ notice that is presented when you first visit the website.
_ga and _gid these cookies are used by Google Analytics; they are used to distinguish users so we can track the website's traffic.
PRIVACY NOTICE AND GENRAL DATA PROTECTION REGULATION
We issue this privacy notice in the interests of transparency over how we use (“process”) the personal data that we collect from service users and job applicants/employees.
Personal data for these purposes means any information relating to an identified or identifiable person.
“Sensitive personal data” means personal data consisting of information as to –
- the racial or ethnic origin of the individual,
- their political opinions,
- their religious or philosophical beliefs,
- their membership of a trade union,
- their physical or mental health or condition,
- their sexual life,
- the commission or alleged commission by them of any offence,
- any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings,
- genetic data; and
- biometric data where processed to uniquely identify a person (for example a photo in an electronic passport)
For data protection purposes the “data controller” means the person or organisation who determines the purposes for which and the way any personal data are processed.
The data controller is Lynne Warner, Business Manager of The Pankhurst Trust (incorporating Manchester Women’s Aid) The Pankhurst Centre, 60-62 Nelson Street, Manchester, M13 9WP.
PTMWA is committed to keeping personal information safe and secure and will only share information with other agencies with your permission. However, if we have serious concerns about you and/or your child/ren, then we will share this information as we consider necessary with other agencies such as social services and the police. We will endeavour to tell you about this before sharing this information.
We may from time to time need to process sensitive personal data, for example medical records or other information relating to the health and wellbeing of an individual.
In that case we will either obtain the explicit consent of the individual to the processing of such data or we may consider the processing of that data as being necessary for carrying out our obligations as an employer. That will be assessed on a case-by-case basis.
There is no strict statutory or contractual requirement for you to provide data to us but if you do not provide at least that data that is necessary for us to assess suitability for employment and then to conduct the employment relationship then it will not practically be possible for us to employ you.
Recipients of personal data
Your personal data may be received by the following categories of people:
- Our HR department,
- In the case of job applicants, the interviewer and prospective manager,
- Any individual authorised by us to maintain personnel files,
- Our professional advisers, and
- Appropriate external regulators and authorities (such as HMRC and HSE)
We do not envisage that your data would be transferred to a third country. If we perceive the need to do that, we will discuss that with you and explain the legal basis for the transfer of the data at that stage.
How we protect your information
We have secure electronic and paper systems in place together with clear policies and procedures for keeping your personal information safe. These protections are in place to avoid unauthorised access, alterations, disclosure and/or destruction of your personal information.
Changes to this privacy notice
Access to your data
You have the right to access the information we hold about you and we will provide this, on request, within 30 days.
Duration of storage of personal data
We will keep personal data for no longer than is strictly necessary, having regard to the original purpose for which the data was processed. In some cases, we will be legally obliged to keep your data for a set period. Examples are below:
Income tax and NI returns, income tax records and correspondence with HMRC: We are obliged to keep these records for not less than 3 years after the end of the financial year to which they relate.
Wage and salary records: We are obliged to keep these records for 6 years.
Service users: We will keep your data stored securely for six years after you stop receiving a service from us. There may be exceptions to this which we will endeavour to make you aware of should it be necessary.
Your rights in relation to your personal data
- The right to be forgotten.
You have the right to request that your personal data is deleted if:
- it is no longer necessary for us to store that data having regard to the purposes for which it was originally collected; or
- in circumstances where we rely solely on your consent to process the data (and have no other legal basis for processing the data), you withdraw your consent to the data being processed; or
- you object to the processing of the data for good reasons which are not overridden by another compelling reason for us to retain the data; or
- the data was unlawfully processed; or
- the data needs to be deleted to comply with a legal obligation.
However, we can refuse to comply with a request to delete your personal data where we process that data:
- to exercise the right of freedom of expression and information,
- to comply with a legal obligation or the performance of a public interest task or exercise of official authority,
- for public health purposes in the public interest,
- for archiving purposes in the public interest, scientific research, historical research, or statistical purposes; or
- the exercise or defence of legal claims.
- The right to data portability.
You have the right to receive the personal data which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (us) where:
- the processing is based on consent or on a contract; and
- the processing is carried out by automated means.
Note that this right only applies if the processing is carried out by “automated means” which means it will not apply to most paper-based data.
- The right to withdraw consent.
Where we process your personal data in reliance on your consent to that processing, you have the right to withdraw that consent at any time. You may do this in writing to the HR team or to your line manager.
- The right to object to processing.
Where we process your personal data for the performance of a legal task or in view of our legitimate interests you have the right to object on “grounds relating to your particular situation”. If you wish to object to the processing of your personal data, you should do so in writing to HR or to your line manager stating the reasons for your objection.
Where you exercise your right to object, we must stop processing the personal data unless:
- we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms; or
- the processing is for the establishment, exercise, or defence of legal claims.
- The right of subject access.
So that you are aware of the personal data we hold on you, you have the right to request access to that data. This is sometimes referred to as making a “subject access request”.
- The right to rectification.
If any of the personal data we hold on you is inaccurate or incomplete, you have the right to have any errors rectified.
Where we do not act in response to a request for rectification you have the right to complain about that to the Information Commissioner’s Office.
- The right to restrict processing.
In certain prescribed circumstances, such as where you have contested the accuracy of the personal data, we hold on you, you have the right to block or suppress the further processing of your personal data.
- Rights related to automated decision making and profiling.
The GDPR defines “profiling” as any form of automated processing intended to evaluate certain personal aspects of an individual, to analyse or predict:
- performance at work,
- economic situation,
- personal preferences,
- location; or
You have the right not to be subject to a decision when it is based on automated processing; and it produces a legal effect or a similarly significant effect on you. However, that right does not apply where the decision is necessary for purposes of the performance of a contract between you and us. We may use data related to your performance or attendance record to decide as to whether to take disciplinary action. We consider that to be necessary for the purposes of conducting the employment contract. In any event that is unlikely to be an automated decision in that action will not normally be taken without an appropriate manager discussing the matter with you first and then deciding whether the data reveals information such that formal action needs to be taken. In other words, there will be “human intervention” for the purposes of the GDPR and you will have the chance to express your point of view, have the decision explained to you and an opportunity to challenge it.
Where you take the view that your personal data are processed in a way that does not comply with the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then inform you of the progress and outcome of your complaint. The supervisory authority in the UK is the ICO.
How we use your information
We will collect your personal information to help us to understand what your support needs are and the level of risk you are facing due to domestic abuse. This information will help us to advocate on your behalf in several support areas including health, children, finances, welfare benefits, education, and training.
We may use your personal information to contact you once your support has ended. You should inform your support worker if you do not want us to contact you once you have left our service.
JOB APPLICANTS/ EMPLOYEES
Purpose of processing the data
It is necessary for us to process personal data of both job applicants and employees for the following reasons:
- We will need the information to identify the individual for the purposes of recruitment.
- We will need to maintain that information for the general purposes of the ongoing employment relationship including performing the employment contract and maintaining the health and safety of individuals on our premises.
Our legal basis for processing personal data of applicants and staff is that:
- Processing the personal data is necessary for the purpose of carrying out the employment contract or to take steps to enter into an employment contract.
- Processing is necessary to comply with a legal obligation (for example we are obliged under employment law to include in a written statement of employment terms the identity of the parties to the employment contract);
- Processing the data is necessary to protect the vital interests of an individual (for example we are legally responsible for the health and safety of staff and job applicants (when they are on our premises) and so it is necessary to process data relating to those individuals for that reason); and/or
- Processing the data is necessary for the purposes of our “legitimate interests” as the data controller (except where such interests are overridden by the interests, rights, or freedoms of the individual).
Our “legitimate interests” for these purposes are:
- the need to process data on applicants and staff for the purposes of assessing suitability for employment and then carrying out the employment contract.
- the need to gather data for the purposes safeguarding the health and safety of job applicants and employees.
- the need to transfer employee data intra-group for administrative purposes; and
- the need to process employee data for the purposes of ensuring network and information security.