Under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) the UK GDPR and the Data Protection Act 2018 (‘the Act’), personal data is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.
The Data Controller
Helpforce is the Data Controller for the personal information we process, unless otherwise stated. You can contact our Data Protection Officer by emailing firstname.lastname@example.org
Our address is New Wing Somerset House, Strand, London, England, WC2R 1LA. We are registered with the Information Commissioner’s Office and our registration number is ZA341432
People who use our website
When people visit our website, personal data is collected both through automated tracking and interacting with various forms on the website or apps (collectively referred to as the websites).
Personal data may be collected when individuals fill in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our websites, subscribe to our service, make an enquiry.
Our website is https://helpforce.community/ and is operated by “This is Creative Ltd “ (t/a Nuom).
If you think we may hold personal data relating to you and want to see it, please write to email@example.com.
Your data subject rights are listed below:
- the right of access
- the right to rectification
- the right to erasure or right to be forgotten
- the right to restriction of processing
- the right to be informed
- the right to data portability
- the right to object
- the right not to be subject to a decision based solely on automated processing
Under UK GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date. Please write to us at firstname.lastname@example.org.
Data that we hold
We provide services to individuals as well as organisations. The exact data held will depend on the services to be provided.
Where we engage with individuals, we may collect and process personal data in order to satisfy a contractual or operational obligation. We request that individuals only provide the personal data that is required for us to fulfil our contractual or operational obligation.
The Insight & Impact (I&I) Service
The I&I Service provides an end-to-end process of evaluating volunteering, helping customers gather the evidence needed to show that your volunteers are making a difference within health & care. Helpforce supports customers to design their evaluation, collect data, demonstrate impact against outcome measures and obtain insights to support continuous service improvement.
For the I&I Service we only process aggregated and/or anonymised data and therefore do not process personal data as regulated under the UK GDPR and the Data Protection Act 2018.
On the rare occasion that a client specifically requests the collection of data that could be classified as personal data, we would carry out a Data Protection Impact Assessment (DPIA) to identify our legal basis as regulated in the UK GDPR and the Data Protection Act 2018 and would provide a Fair Processing Notice for that specific data processing activity.
Once an I&I project is completed Helpforce will delete any data that has been collected that is not anonymised but we will keep anonymised data as under I&I T&C.
The Adopt & Adapt (A&A) Service
The Adopt and Adapt service offers health and social care organisations bespoke support to introduce new volunteering roles and services, or to adopt and adapt existing volunteering roles and services that are working elsewhere. Customers can benefit from expert support and experience to set up successful volunteer projects that make major impacts on organisations patients and staff.
Helpforce Connect (Helpforce Network)
Helpforce Connect is a place to share and discuss experiences of volunteering in the NHS and social care- from shaping big ideas to collaborating on coordination and innovation. It encourages our clients – people involved and interested in volunteering across health and care – to sign up as a member and join the network. As part of registering we will collect information including your email address, name, role, and organisation – these are necessary so that Helpforce and fellow members of the Helpforce Network can validate who you are and engage with you.
Why do we process data?
Where data is collected for professional services, it is used for a number of purposes, as follows:
- Services Provided – Data is processed when you have enquired into the services we provide or when we are currently providing services to you. These services include:
- Helpforce Connect – We will process your data to give you access to engage and communicate with other members of the Helpforce Network
- Volunteers – We may process your data if you are a volunteer and you have taken part in volunteering project, e,g. As part of a project within our A&A or I&I service. The data we hold on you will be anonymised, I.e. no personal data will be held. The only exception might be as part of an evaluation whereby the organisation you volunteer for has (1) agreed a DPIA with Helpforce, (2) obtained your consent for that data to be collected and shared with Helpforce.
- Patients – We may process anonymised data regarding the activity or health of a group of patients, if you have taken part in an activity held by a volunteer. This will be part of a Helpforce project with the organisation you volunteer for,
- Events – we will process your data if you have expressed a wish to attend or you have attended one of our events including events registered for and held online.
- When you contact us directly, we may keep a record of that correspondence. In order to manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal business records, managing client relationships, hosting events, and maintaining internal operating processes.
- Contractual – In order for Helpforce Community to do what it does, we may from time to time be required to collect and process personal data in order to fulfil contractual requirements
- Helpforce would like to send you information about services and events that we think you might like, as well as funding opportunities.
- If you have agreed to receive marketing, you may always opt out at a later date.
- You have the right at any time to stop Helpforce from contacting you for marketing purposes.
- If you no longer wish to be contacted for marketing purposes, please email email@example.com
Employment and Recruitment Process
We typically collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We will sometimes collect additional information from third parties including former employers.
We will only use employees, workers and contractors personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
1. Where it is necessary for performing the contract we have entered into with you.
2. Where we need to comply with a legal obligation.
The situations in which we will process your personal information are listed below.:
● Making a decision about your recruitment or appointment.
● Determining the terms on which you work for us.
● Checking you are legally entitled to work in the UK and to provide you with the security clearance appropriate for your role.
● Paying you and, if you are an employee, deducting tax and National Insurance contributions.
● Liaising with your pension provider, providing information about changes to your employment such as promotions, changing in working hours.
● General administration of the contract we have entered into with you. ● Business management and planning, including accounting and auditing.
● Conducting performance reviews, managing performance and determining performance requirements.
● Making decisions about salary reviews and compensation.
● Assessing qualifications for a particular job or task, including decisions about promotions.
● Gathering evidence and any other steps relating to possible grievance or disciplinary matters and associated hearings.
● Making decisions about your continued employment or engagement.
● Making arrangements for the termination of our working relationship. ● Education, training and development requirements.
● Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
● Ascertaining your fitness to work, managing sickness absence.
● Complying with health and safety obligations.
● To prevent fraud.
● To monitor your business and personal use of our information and communication systems to ensure compliance with our IT policies.
● To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
● To conduct data analytics studies to review and better understand employee retention and attrition rates.
● Equal opportunities monitoring
What types of data do we process?
The data that is processed is dependent on the service that is being provided or whether you are employed with us and on the recipient of this service, including:
- Employee Data
- Volunteer Data
- Client Data
- Contract Data
- CV Data
- Case Studies
How we use particularly sensitive personal information
"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.
We will, if necessary, process special categories of personal information in the following circumstances:
1. Where we need to carry out our legal obligations or exercise our employment-related legal rights and in line with our data protection policy
2. Where it is in line with our data protection policy, it is substantially in the public interest to do so and necessary for:
b. equal opportunities monitoring.
c. administering our pension scheme
d. preventing or detecting unlawful acts
3. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards. In some circumstances, we will process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
Sharing your personal data
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals.
This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
We work together with health and care organisations to share information, expertise and learning to improve health and social care volunteering. By working together, we can ensure that leaders of health and social care are aware of people’s experiences and can make a difference to the care people receive now and in the future.
Third Party Websites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. As a result, we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites as these are not subject to this privacy notice. Please check these policies before you submit any personal data to these websites
Protecting your personal data
The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that Helpforce has instructed.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
If personal data is transferred outside the UK or EEA to a country without a designated adequacy rating, Helpforce will request the data subject’s consent before processing the data. Consent will not be sought where the processor’s Binding Corporate Rules, Standard Contractual Clauses or adhoc contractual clauses stipulate that the data will be processed in accordance with UK GDPR.
To find out more about the transfers by us of your personal data outside the EEA and the countries concerned, please contact us at firstname.lastname@example.org.
Security of your information
To help protect the privacy of data and personally identifiable information you transmit through use of our website, we maintain physical, technical and administrative safeguards.
We have technical and organisational measures in place to keep your data secure once we receive it. These protective measures may include pseudonymising and encrypting personal data, firewalls, anti-virus and malware software, holding personal data in secure, confidential storage, and regularly assessing and evaluating the effectiveness of such measures. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
How long we store your personal data for
We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely.
In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.
For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate)