Privacy
This policy lets you know what personal information Social Action for Health collect about you, how we collect it, what we use it for and on what basis. This includes what you tell us about yourself when you get involved in our projects or receive services we provide.
Individuals have the right to know what personal information we hold and are entitled to request a copy of it, changes, and in some cases ask us to fully delete it.
How do we collect your information?
We may collect personal information:
· Via face to face in meetings, outreach events, and other project activities;
· Via email, phone or letters;
· Via Salesforce, the system we use to support our operational activities and deliver our services;
· Via online surveys you chose to participate in by invitation;
· Via other online platforms we use and you chose to subscribe to.
What kinds of information do we collect about individuals?
We run a variety of community and health programmes; depending on your interactions with us or the project/service you participate on, the following data may be collected and processed:
Personal information
· First name
· Last name
· Address
· Phone
· Job title
· Organisation affiliation
Sensitive information
· Gender
· DOB
· Ethnicity
· Mental or physical condition
· Disability
· Number of children
· DNA Samples
Sensitive data is always collected with the subjects’ prior consent, and only when strictly required to deliver work commissioned by Government and Health Authorities or Research Institutions on projects fully protected by Ethical Clearance.
How do we use your information and for what purposes?
We are only allowed to use your personal information if we have a lawful reason for doing so. We will use your information if we can satisfy that processing it is necessary:
· when you consent to it:
· to provide a service to you;
· in order for us to comply with a legal or regulatory obligation;
· to meet contractual obligations with you or institutions that commission our work, or
· when it is in our ‘legitimate interests’ (i.e. we have an interest to use your information to develop our services to the community as long as it does not prejudice you)
Who do we share your information with?
We do not share any of your personal information with commercial enterprises. Your data may be shared with:
Organisations acting as partners is specific projects (Subject to the necessary data sharing agreements and securities)
IT providers / hosted IT solution providers acting as Data Processors (Whom are subject to the same data privacy commitments we hold through our service agreements)
Social Action for Health’s auditors
Where do we store your personal information?
We use data hosting service providers located in England (Office365/Azure) and Ireland (Amazon Web Services (AWS) and Salesforce) to host our systems and store the information we collect, and we implement technical safeguards to protect your information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website or network and any transmission is at your own risk. For example, if you access the internet via an unsecure network. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Do we transfer personal data outside of the European Economic Area (EEA)?
We will only send your information outside of the EEA to:
Comply with our legal and regulatory obligations; or
Work with agents, contractors or advisers who we use to help run our product and/or services.
If we do transfer information to our agents, contractors or advisers outside of the EEA, we will put appropriate safeguards in place to ensure that such information is protected in the same way as if it was being used in the EEA.
Known data breach risks to consider
Our staff and volunteers working in the community do from time to time carry print forms containing sensitive data about project beneficiaries. Presently this is unavoidable as our staff and volunteers may capture data in off site sessions while working out in the community, after which they might need to travel with the data and/or keep it with themselves for a period before the data is stored in one of our secure offices.
Staff and volunteers receive frequent data privacy training and briefings, and are aware of the risks involved when carrying/storing sensitive data, and the importance of keeping bags containing sensitive data safe while travelling.
As well as receiving training, all our staff and volunteers are required to follow our Data Breach Policy and associated procedures.
What are your rights?
Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in this policy.
In certain cases, we may not be able to comply with your request for reasons such as our obligations to comply with any legal or regulatory requirements. In the event that we cannot comply with your request, we will also respond to you and tell you why.
Your rights include:
1. The right to access your personal information:
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. Your information will be provided to you electronically, unless otherwise requested. We will respond to your request within a reasonable period of time, but at the latest within one month of the request (assuming we have any requisite information from you in order to be able to process your request).
2. The right to rectification:
You have the right to have your information rectified if it is inaccurate or incomplete. We aim to ensure that your personal information is accurate, however, please do contact us if you require your information to be updated or amended.
3. The right to erasure:
You have the right to request the deletion or removal of your information. There are, however, specific circumstances where we may be unable to deal with your request, e.g. if we need to retain your information to comply with a legal or regulatory obligation.
4. The right to restrict processing:
You have the right to request that we limit the way we use your information if you have a particular reason for wanting that restriction e.g. in circumstances where you believe that we don’t have the appropriate rights to process your information.
5. The right to data portability: You have the right to obtain some of your information in a format you can move from one service provider to another. Should you request it, we will provide you with an electronic file of your basic account information.
6. The right to object: You have the right to object to us processing your information e.g. you can ask us to stop sending you communications at any time.
Consent
You can withdraw your consent at any time. Please contact us if you want to do so.
How to contact us
You can request access to the personal information we hold about you by writing to us at:
Social Action for Health
Brady Arts Centre
192-196 Hanbury St,
London, E1 5HU
Alternatively, please email us at data.protection@safh.org.uk noting ‘Subject Access Request’ or ‘SAR’ in the subject line of your email.
Notification of Change of Privacy Policy
This Privacy Policy may change from time to time. Please visit this website section periodically in order to keep up to date with the changes in our Privacy Policy. Where possible, we will notify you about significant changes by sending a notice to your primary email address, if you have agreed to receive email messages from us, or by placing a prominent notice on our website and print media.
Emails Terms of Use
Emails aren’t always secure, and they may be intercepted or changed after they’ve been sent. Social Action for Health does not accept liability if this happens. The contents of emails reflect their author's views and not necessarily those of Social Action for Health.
Please do not send Social Action for Health any financial data through email.
The information in emails is confidential, so if you’ve received one by mistake, please delete it without copying, using, or telling anyone about its contents.
Job and volunteer applicants and current and former employees
This Privacy Policy does not apply to personal information that we collect from you if you apply for a job or volunteering opportunity with Social Action for Health or become an employee or volunteer. You will receive separate privacy guidance and policies from us when providing information for these purposes.