Data Subject Rights Requests

Individuals whose personal data we process are known as Data Subjects. Data Subjects have rights in relation to that information. If you wish to submit a Data Subject Rights Request, please download and complete this document and send to us via email.

Trevi General Privacy Policy

What is this Privacy Policy for?
At Trevi, we are committed to treating everybody’s personal information responsibly and being transparent and respectful in the ways that we handle your information. On 25 May 2018, the General Data Protection Regulation (GDPR) came into force, which required us to review and update our existing privacy policy. Our updated policy reflects your new rights. It explains how we use the information you share with us, and what measures we take to protect it.

Who are we?
In this policy, whenever you see the words ‘We’, ‘Us’ or ‘Our’ it refers to Trevi which includes our residential rehabilitation centre, Jasmine Mother’s Recovery, our Sunflower Women’s Centre and Daffodil Family Centre.

Our legal information is:
Trevi, registered charity no. 1075433, a limited company registered in England and Wales with number 03719502 and whose postal address is  Sunflower Women’s Centre, 29 Sutherland Road, Plymouth, Devon, PL4 6BW.

You can write to us on the address above or email us on office@trevi.org.uk or telephone us at 01752 255758.

How we collect personal information about you
The way we manage the information we might collect about you depends on the capacity in which you contact us, whether you’re a stakeholder, partner or professional, a member of the public, someone who may benefit from our services or a donor.

You may contact us and leave personal information with us directly or indirectly.

Directly:

  • Making a referral to Jasmine Mother’s Recovery, Daffodil Family Centre or Sunflower Women’s Centre
  • Being referred to one of our services or programmes
  • Making a donation
  • Signing up to an event
  • Signing up to our e-newsletter
  • Asking for information, such as further details about volunteering with us
  • To apply for a job vacancy
  • Visiting our website which uses cookies (read more about our cookies policy below)
  • Completing any of our surveys or questionnaires we may use for research purposes
  • Taking photos or making audio or video recordings

You may complete a form on our website, or you may give us your details via a phone call, email or on a paper form.

We also collect information from the individuals and families that we provide support for. This is discussed in detail with individuals and / or families during their first points of contact with us.

Or Indirectly:

  • Giving your details and permission to share your details through a third party such as Virgin Giving or Just Giving or Enthuse
  • Giving your details to an event registration website such as Eventbrite
  • When you subscribe to a newsletter such as MailChimp
  • When you respond to a survey using Survey Monkey

When you sign up for this type of online service, you should ensure you are happy with the organisation’s Privacy Policies. If you state that you are fundraising for Trevi and you opt in to being contacted by us, then your details will most likely be passed to us to allow us to administer your activity and your details will be added to our supporter database.

If you contact us on social media e.g. Facebook or Twitter, you agree to their terms and conditions and understand the information posted in the public domain is not confidential.

What data is collected
We will only ever collect the information that we need. We may collect personal information such as:

  • Name
  • Postal address
  • Phone number
  • Email address
  • Date of birth (where appropriate)
  • Information about your interests and hobbies etc.
  • Your bank or credit card details (which will be destroyed and not retained once payment has been processed)
  • We use cookies to collect information when you visit our website.  Details on cookies are below.

And, in addition for service users:

  • Next of kin
  • Contact we have had such as appointments
  • Details and records of treatment and care, including notes and reports about your health
  • Information from people who care for you and know you well, such as health professionals and relatives
  • Criminal offences and convictions
  • Information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions.

And in addition, for supporters, where it is appropriate, we may also ask for:

  • Information relating to your health (for example if you are taking part in a high-risk event such as a sky dive or challenge event)
  • Why you have decided to donate to us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.

What we do with your information
We will use the information you provide to:

  • Understand your needs and provide you with a better service
  • Fulfil your requests – such as applications for donations, competition entries, participation in events and campaigns, and provision of information.
  • Process sales transactions, donations, or other payments and verify the financial transactions
  • Thank you for your support
  • Comply with charity law and other regulations
  • Record any contact we have with you
  • Provide tailored stewardship of our donors
  • Communicate with our supporters
  • To improve our services and to target our resources effectively.

Who we share your data with and why
Trevi promises never to sell or share your data with any third party for marketing purposes.

We may use your data to make some automated decisions on what information to send to you. If you have told us you only wish to hear about certain aspects of our work and activities, we will automatically deselect you from hearing about the aspects you have not selected.

When we use third party organisations to carry out business operations on our behalf, such as a mailing house, we will implement a contract with the company that requires them to:

  • Abide by the requirements of the GDPR and successive legislation
  • Treat your information as carefully as we would
  • Only use the information for the purposes for which it was supplied

We may use data screening companies to check our records are up to date and accurate. These companies may use information from public records as well as checking against opt out services such as the Telephone Preference Service (TPS) and Fundraising Preference Service (FPS).

We may also need to disclose your details if required to by the police, regulatory bodies or legal advisors.

Storing your information
Trevi is committed to ensuring the security of your information. The information that we collect from you is stored on our databases (fundraising and service user databases).

The majority of our databases hold information within the European Economic Area however some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to this website; any transmission is at your own risk.

Trevi will retain the information that you provide to us for as long as it is needed to administer the relationship we have with you and for the purposes for which it was originally intended. All data held is protected using up to date industry standard procedures to keep it safe and secure and to prevent loss or unauthorised access. In some cases, we will need to retain your details to meet legal requirements, such as the records we are required by law to keep regarding Gift Aid.

When we do not require your information any more, it will be disposed of securely.

Cookies

How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Managing cookies

With most web browsers, users can erase cookies from their computer’s hard drive, block cookies, or receive a warning before a cookie is stored. The Help function within your web browser should tell you how.

However, some parts of our websites may not function fully for users that disallow cookies.
Further information on deleting or controlling cookies is available at www.aboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Your rights and how to contact us
The General Data Protection Regulation (GDPR) gives you certain rights over your data and how we use it:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

You can read more about these rights here:
ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights

Data Controller

We are Trevi House Limited, operating under the name of Trevi.  We are registered as a data controller with the Information Commissioner’s Office (registration number: ZA052265).

Contact details for Trevi’s data controller are:

Data Protection Officer
Laura Griffiths
29 Sutherland Road
Plymouth
PL4 6BW

email Data.Protection.team@trevi.org.uk

Please note we may change our policy and privacy notice from time to time without prior notice to you.  You should check this page from time to time to ensure you are happy with any changes.

You can find out more information by visiting the information Commissioner’s Office at www.ico.org.uk

Pause Plymouth Privacy Policy

Pause Plymouth
Being transparent and providing accessible information to individuals about how we use personal information is a key element of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679).

The information being processed
Trevi is collecting demographic information for the purpose of providing an effective service. We will also record information regarding our contact with you and the support that we have offered. This information will be used to ensure that you receive a service that is consistent and effective.

Information Sharing
To ensure that Trevi provides you with an efficient and effective service we will sometimes need to share your information within our organisation as well as with partner organisations that support the delivery of the service you may receive. In this case, the information collected will be shared with:

Local GP, Sexual health services, Mental health services

We will only ever share your information if we are satisfied that our partners have sufficient measures in place to protect your information in the same way that we do.  We will ask for your consent before sharing information.

We will never share your information for marketing purposes.

Retention Periods
We will only keep your information for 6 years

Purpose of Processing Personal information
In order to deliver the Pause Plymouth service in an effective way we will need to collect and use personal information about you.

The Data Protection Act 2018 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:

  • Process all personal information lawfully, fairly and in a transparent manner.
  • Collect personal information for a specified, explicit and legitimate purpose.
  • Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
  • Ensure the personal information is accurate and up to date.
  • Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
  • Keep your personal information securely using appropriate technical or organisational measures.

Your Rights
You have certain rights under the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR), these are:

  • The right to be informed via Privacy Notices such as this.
  • The right of access to any personal information that Trevi holds about yourself.
  • The right of rectification, we must correct inaccurate or incomplete data within one month.
  • The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
  • The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
  • The right to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
  • The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
  • You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.

Consent
During your contact with Trevi you will be informed of how you, or your children’s, information will be used and shared with other services or organisations.

We will usually seek your consent prior to processing or sharing your information, If you object you must inform Trevi, however, if there is a legal reason, as outlined under the Data Protection Act, we may not require your consent, for example:

  • To protect a child, an adult with care and support needs, or member of the public
  • Where the disclosure is necessary for the purposes of the prevention and/or detection of crime.
  • Required by court or law

Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.

Details of transfers to third country and safeguards

Your personal and sensitive data will only be stored and processed on servers based within the United Kingdom.

Data Controller

We are Trevi House Limited, operating under the name of Trevi.  We are registered as a data controller with the Information Commissioner’s Office (registration number: ZA052265).

Contact details for Trevi’s data controller are:

Data Protection Officer
Laura Griffiths
29 Sutherland Road
Plymouth
PL4 6BW

email Data.Protection.team@trevi.org.uk

t: 01752 255 758
e
: office@trevi.org.uk