Privacy Policy

1. Introduction 

Time & Talents takes your privacy seriously. We are committed to protecting your personal information. New data protection legislation, known as UK GDPR (General Data Protection Regulations) came into effect in January 2021, guided by the Data Protection Act 2018. This supersedes previous GDPR legislation following the UK’s withdrawal from the EU. Time and Talents already takes great care with your data and ensures that all your personal information is held securely, fairly, and only ever used for the purposes for which you have given it to us. 

However, we are taking steps to ensure that we ‘go the extra mile’ in line with the legislation, which is designed to make sure that your data is used in a clear, transparent, and fair way. This policy sets out how T&T uses the information that you provide us with in order to help further our work in building community and supporting vulnerable people. 

This policy forms a key part of how we work with people’s personal information at Time and Talents. We also have a more practical set of guidelines and internal processes for staff and volunteers, and regular training to ensure that staff understand their rights and responsibilities.  

 

2. Who we are 

Time and Talents is a company limited by guarantee and registered in England no. 4009766. Registered charity no. 1084545 

For the purposes of legislation, our Trustees are the data processor. To contact the Trustees, contact The Chair, c/o info@timeandtsalents.org.uk   

For day to day queries, our lead data protection officer is our Head of Operations, Diana Hofler who can also be contacted at the above email address, or on our main telephone number. 

 

3. Handling Information: Our Principles 

This document sets out our privacy policy as a whole, focusing on the specific and most common uses of data at Time and Talents at present. As time goes on, the information, and how we will use it will change, and the policy will need to adapt. Therefore, we want to start by setting out our general principles of data use and privacy: 

  • We will not unduly prioritise our interests as a charity over your interests as an individual – we will always balance our interests (needs) with your rights  
  • We will only use personal information in a way, and for a purpose, that you would reasonably expect in accordance with this Policy 
  • We will always act with fairness, transparency, equity and in good faith 
  • We will always recognise the trust you have put in us by sharing any of your personal data – and that even accidental misuse or mishandling of your data could have serious effects on individuals 

 

4. About UK GDPR 

What the Law says about protection of personal information 

The Law on Data Protection is derived from various pieces of legislation (which can be found in a number of places). These include the Data Protection Act which became enforceable from May 2018 and the UK General Data Protection Regulation (the ‘UK GDPR’) which became enforceable from January 2021. The UK GDPR states that personal data (information relating to a person that can individually identify them) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the UK GDPR’s definition of processing. The UK GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply. 

The six legal grounds relevant to Time and Talents’ use of your personal information are: 

  • Consent  
  • Legitimate Interest  
  • Contract 
  • Legal Obligation 
  • Vital Interests 
  • Public Task 

 

5. How the law applies to Time and Talents’ use of personal information 

We will only process (use) your personal information when we have at least one of the following: 

  • asked you and have a record of your express and recent consent for us to do so; 
  • a Legitimate Interest to do so in order to support our charitable mission, or to provide you with help or support you have requested;
  • a contractwith you that we can only fulfil by using your personal information – this would include your making applications to volunteer or work with us, or supply of a service;
  • a legal obligation to use or disclose information about you, e.g. we are required by law to keep records of gifts that are given to us with Gift Aid for 4 years, and we are compelled to disclose information relating to safeguarding incidents;
  • there is a vital interest in doing so – your life or someone else’s is in danger. This could also apply in the case of safeguarding issues;
  • on occasion, to undertake a public task.

There are times when it is not practical to obtain and record consent – if we asked for your consent every single time you spoke to us, this would be impractical for you and for us! At those times, we will only process personal information if that processing would meet another legal ground e.g. Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.  

Below we have set out some ways we use your data in accordance with the above, so you can see clearly what we do, and why. 

 

6. Your Information – what we collect and how we use it 

Time and Talents collects information from the public in a number of different ways. To help you understand this, we have set out the most common uses. There may be other times that we collect information from the public – if you are not sure what we are collecting from you and how we are using it, please ask us. We are happy to go through any questions about your personal information, and your rights regarding this. Please see Appendix A for further information about personal rights under UK GDPR. 

6.1 Attendees at our open activities and events 

Example: recording your name and postcode when you come to our mindfulness group or a children’s activity. 

Time and Talents runs a range of fun activities events, support groups, and activities for all ages. We collect limited information on current and past users of our services, activities, and events. This information may include your name, gender, age range, and postcode. We will use this information to understand who uses our activities and to accurately count and report to our funders and regulators on the number of, and what kind of, people use our services.  

We also collect your information to keep in touch with you about similar events and activities. You can always unsubscribe from emails or other types of contact, or ask us to remove all of your data from our systems.  

The lawful grounds for using this information  

Time and Talents’ primary charitable purpose is to support the local community, and bring people together for fun and friendship. We therefore have a legitimate interest in making sure people are aware of our activities, where they have shown interest or attended previously. Therefore, we may use your data to keep you up to date with activities that are happening at Time and Talents where we think there is a reasonable expectation that you may be interested in participating in other community activities.  

We may also have contracts or grants to provide open activities and/or events which require us to report on eg. the demographics of who attends. Therefore, we have a legitimate interest in collecting and reporting on information in aggregate to those funders as part of fulfilling our contractual obligations to them. 

We will rely on your consent to share any information which would identify you as an individual unless we have a legal obligation or vital interest to share this information (for example, because of a safeguarding concern). 

Sharing this information 

When we share that information, it will always be provided as an aggregate (X people from Y postcode, Z people between 20 and 50 years of age, and so on). Individual identifying information on who has attended will not be shared. We will never give anyone information on the individuals who attended an activity or event without the individual’s express consent (unless there is a legal obligation or vital interest to do so). 

How it’s stored 

Mostly, this kind of generic information is kept digitally via our mailing list and databases. However, as we use sign-up sheets and similar, there are also hard copies made, which have signatures. These are kept secure, in locked filing cabinets when they are not in use.  

How long we will keep this information  

3 years or until you ask us to stop 

6.2 Users of our services and support 

Example: recording and storing information that you give us when we do an assessment for our older people’s programme, or when we make a befriending match. 

Some of our other services are much more personal and individual in nature. This includes groups which support people with health conditions (such as our ‘Stroke Club’), or where referrals are made from health and social care professionals. It also includes individual and one to one support we might give, via assessments, advocacy, case management, or counselling.  

In such cases we will securely and confidentially store more detailed information. This will often include information such as your name, date of birth and contact information, and in the case of our support services, will often include personal information on your needs, health, and welfare. We will ask you questions, and store your answers, about your personal circumstances so we can give you the right help. 

Guarding such highly personal data is of the utmost importance to us, and we recognise the level of trust that you are putting in us if you give us this information. We will only ever use this information: 

  • To help provide ongoing care and support to individuals where it has been requested 
  • To help us understand who is using our services, and identify emerging or existing needs in our community 
  • Ensuring we are reaching the right people, identifying for example where participants come from, what age ranges they fall into, and so on   
  • As an aggregate, to help us demonstrate to funders and others to whom we are accountable the work that we do and impact we have 
  • To create aggregated, non-identifiable case studies which may be shared with funders to help them understand the impact of our work. 

We only ever capture data that is necessary to help provide a service. If you ever feel the information we request is excessive or intrusive, you do not need to provide it, and we welcome feedback good or bad. We will always endeavour to still work with you if you don’t want to give us information which is not absolutely essential to the delivery of the support. 

The lawful grounds for using this information 

Time and Talents’ primary charitable purpose is to support the local community, and bring people together for fun and friendship.  Because personal information is required to be able to provide you with a service or support, we have a legitimate interest in collecting and using this information. For example, we will need your address to send you letters, or your phone number to let you know when we are visiting. We will need to know about food allergies or specific health conditions in some of our groups, or your next of kin in some situations. 

We may also have contracts to provide services and support which require us to report on eg. the demographics of who we are supporting. Therefore, we may have a legitimate interest in collecting and reporting on this information in aggregate to those funders as part of fulfilling our contractual obligations. 

We will rely on your consent to share any information which would identify you as an individual unless we have a legal obligation or vital interest to share this information (for example, because of a safeguarding concern). 

Sharing this information 

In the case of our support work, we will share your personal identifying information with others who can help you (‘make a referral’) if you consent to us doing this. This could be, for example, phoning your doctor if you ask us to, or linking you with a specialist support worker. With your consent, giving your contact details and some agreed personal information to your befriender is a key part of our befriending service.  

We will only ever do the above with others who are either signed up to our data protection policies (eg in the case of our volunteer befrienders) or who have the same rigorous data protection policies that we do, and only:  

  • If you have consented, or asked us to do so 
  • To allow you to get the help and support you need, and in your interests alone 
  • To those whom we are sure share our standards of information use, our values and charitable goals   
  • In very rare cases where there is a ‘vital interest’ – we are worried that you or someone else could be in serious danger. This would include where we had a concern about safeguarding 
  • In any case where we provide a public task – for example, if we deliver a service on behalf of the NHS or similar.  

We will never give anyone information on the individuals who uses our services or support without the individual’s express consent (unless required to do so by law). 

How it’s stored 

This information is stored digitally via our database. Additionally, we may keep hard-copy case notes. These are kept secure, in locked filing cabinets, when they are not in use. They are only accessible to staff responsible for our support work. If any staff need to carry information in a hard copy when they are out of the office, this information will be anonymised as much as possible. In accordance with UK GDPR, we will minimise carrying information out of the office and will use the most secure means possible when this is necessary.  

How long we will keep this information  

For as long as you receive support from us, plus 3 years, or until you ask us to stop. 

6.3 Statistical analysis and social research 

Example: finding out the number of people over 65 with diabetes who attend our groups, or how many people live in a certain postcode and use our play clubs who are from an ethnic minority. 

In order to ensure we understand the needs in our community and what we can best offer to help people, we may analyse your data in combination with that of others. We may also look for common themes and qualitative information across our data which could be helpful to report externally.  

The lawful grounds for using this information 

We have a legitimate interest in undertaking statistical analysis and social research. We will do this, for example, to aid the development of services and activities, to demonstrate need for our services, or to show effectiveness of certain interventions. 

Any qualitative information (such as case studies which demonstrate common themes) will be anonymised, or used only with the consent of any identifiable individuals.  

6.4 Volunteers or applicants to volunteer 

Example: processing somebody’s application to volunteer, including taking up references and an enhanced DBS check. 

Every year up to 150 people give their time and talents to help their local community. When you do this, we follow a recruitment process. This includes you completing an application form, usually via our website, which we receive and then process. With your consent, we will take up two references, usually by telephone.  

For volunteers as well as staff, we need to undertake an enhanced DBS (Disclosure and Barring Service) check. We ask you to manage this process yourself online.  

We use your data to:  

  • check whether you are suitable for a volunteering role 
  • find you the right volunteering placement 
  • know what skills we have available to us in our volunteer pool 
  • make befriending matches and placements 
  • record your volunteering activity 

The lawful grounds for using this information  

We have a legitimate interest in processing personal information on our volunteers, as this enables us to ensure a high quality of service to our community. We use personal information to measuring aggregate qualities of our volunteers (such as ethnic diversity). We may also have a legitimate interest to process personal information to fulfil contractual provisions or legal obligations.  

We will rely on your consent to share any information which would identify you as an individual, including contacting your references, unless we have a legal obligation or vital interest to share your information (for example, because of a safeguarding concern). 

Sharing this information 

When we share that information, it will always be provided as an aggregate (X people from Y postcode, Z people between 20 and 50 years of age, and so on). Individual identifying information will not be shared. We will never give anyone information on individual volunteers without the individual’s express consent (unless required to do so by law). 

How it’s stored 

We do not keep copies of your personal documents which need to be provided for proof of identity as part of the DBS check. When your DBS certificate returns, we do not keep a copy, and only record whether there was any issue.  

We keep your volunteering and personal details in our database, and hard copies in our locked filing cabinets. We keep paper copies of your references in this locked filing cabinet as well. Only relevant staff will have access to these details. 

How long we will keep this information 

We will store your application form and information for as long as you continue to volunteer with us, plus 3 years, or until you ask us to stop. 

6.5 Staff information  

Information on use of employee data can be found in our employee handbook.  

6.6 Still and Moving Images 

Example: Taking a picture of people dancing at our summer party and putting it on Facebook, a portrait of 2 members of our stroke club wearing a funny hat. 

We often take photographs and video at events and activities and will ask for your permission before we record your image, wherever you are featured prominently.  

We will ask about specific types of use for your images. We will pay particular attention to any images which feature children. 

The lawful grounds for using this information  

We will rely on your consent to share any images which would identify you as an individual. It is not always practical to seek written permission for use of photographs of large groups at public events – for example, images of a large outdoor party with 300 attendees. In such cases, we will make all attendees aware that group photographs are being taken, and offer them the option to be excluded from images, or not to attend.   

You may withdraw your consent for us to use your image in the future. However, in the case of large group shots or edited films, and images which have been shared widely, it may not be practically possible to remove your individual image. For example, we would be unlikely to be able to remove a brief shot of you from a substantial edited video with many participants, in the event that you later choose to withdraw permission.  

In such a case, we may have a legitimate interest to continue using that image or film. We would always balance this legitimate charitable interest with the impact on the needs and rights of any individual concerned. UK GDPR takes into account the level of investment, and legitimate interests of an organisation when considering the approach which must be taken to images.  

Sharing images 

We will use images for publicising our work, reporting to funders, and for historical archiving. We may use the images on social media, our website, or for print media. We will ask separately whether you are happy for us to use your image for specific purposes, especially where it may be in the context of any commercial or fundraising request.  

How it’s stored 

We will store videos and images in digital format, in cloud storage, and on hard media such as DVDs and Blu-Rays.  

How long we will keep an image 

For individual images, material featuring multiple subjects and edited films, 5 years, or until you ask us to stop. If someone in the image has died, we will delete the image. 

6.7 Fundraising and donor information 

Example: making a donation to T&T via the ‘make a donation’ link on the website 

Time and Talents receives a limited number of donations from individuals and does not currently have an extensive individual fundraising programme, or lists of individual donors.  

When you make a donation, unless you make it anonymously, we will ask for information that enables us to administer your donation. This will normally include information such as your name, contact details, and your payment details. If you use our third party payment services, you can choose whether or not your financial information is stored for future use with their payment service.   

The lawful grounds for using this information  

We have a legal obligation to keep and use information about donors under Gift Aid regulations and HMRC regulations.  

Sharing this information 

We will never share your information with any other parties, unless it is 

  • in order to process the donation, payment or gift aid 
  • in order to comply with a legal requirement 
  • in any other case, with your express consent 

How it’s stored 

We will store this information in our secure accounting software, and on paper financial records in a locked filing cabinet.  

How long we will keep your information 

We will not retain payment information beyond the immediate use.  

We will retain donor information for 7 years, to comply with HMRC regulations, and 4 years to comply with Gift Aid regulations. 

 6.8 Historical Connections 

Example: Sending a Christmas card or newsletter to one of the oldest members of T&T from the 1930s. 

Although we are no longer an official membership organisation, Time and Talents has been a society of friends and supporters for more than a 130 years. Our long relationships, deep roots, history, and transgenerational links are among our greatest strengths.  

The lawful grounds for using this information  

Some of our existing/ remaining personal connections predate any kind of data protection legislation, were based on personal trust in the Settlement, and were never entered into on the expectation that they would need to give signed consent etc. This includes many people who are now very elderly, and would not necessarily be able to re-sign up for consent via email, or send back letters telling us to continue contacting them. Some may be very lonely, and their sense of continued connection to their past is very important. We therefore have a legitimate charitable interest in maintaining those links and holding that information. 

Sharing this information 

We will not share information from historical connections which identifies individuals without their consent, unless we have a legal obligation or vital interest to share this information (for example, because of a safeguarding concern). 

How it’s stored 

This information is stored digitally via our database. Additionally, we may keep hard-copy records. These are kept secure, in locked filing cabinets, when they are not in use. They are only accessible to relevant staff.  

How long we will keep this information 

In those particular cases of lifetime friends of T&T, we will continue to hold those details for the rest of that person’s lifetime and for 3 years afterwards or until you ask us to stop.  

6.9 Historical Archives 

Example: Keeping the minutes from a meeting about redevelopment in the 1990s, or sharing an archive image online, featuring the first children’s computing classes in the 1980s. 

Time and Talents has an historical archive held at the London Metropolitan Archive. It also has an archive from the 1980s onwards which we currently hold in our own secure storage. Our goal is to find funding to catalogue and log the more recent archive fully in the near future, with a view to storing this also with the LMA.  

The lawful grounds for using this information  

This material is of historical significance and therefore subject to certain exemptions under UK GDPR for libraries and historical archives which may contain personal information.  

Sharing this information 

There are many potential purposes that historical information can be put to – we may wish to create historical materials and museum exhibits, or to post blog posts on the website. We will share any archive historical materials with caution, especially where it may have any foreseeable impact on people who are still living, while keeping it safely for future or present study. 

How it’s stored 

Most of our archive material is stored in paper copy in our secure storage room. Some material is digitised, although most of this is in the London Metropolitan Archive. 

How long we will keep this information 

This information will not be deleted. 

 

7. Online and digital privacy 

We know that online and digital privacy is something that people take increasingly seriously, and we welcome people taking more care with how their data is shared online. Although we are very small charity, we have some digital services we use which store and process information from the public, and you can find out more about these below.  

7.1 Website 

Our website is hosted by a US company, Siteground, a trusted and high-quality web hosting company. We pay them to store and look after our website rather than having to have it on a machine here at T&T, which would be a lot harder to keep going. That means that when you submit a form via our website – for example, applying to be a volunteer – that information goes via another computer in the US. 

Because Time and Talents does not process data outside of the UK, the UK GDPR does not impose stricter regulations on our website and website storage beyond those put in place in May 2018 through the implementation of GDPR. You can find information on how Siteground prepared for GDPR here: https://www.siteground.com/blog/gdpr-siteground-getting-ready/ 

You can find Siteground’s privacy policy here: 

https://www.siteground.co.uk/terms.htm 

7.2 Cookies 

Because cookies are such an integral part of the internet, we assume you consent to cookies by using our site. However, you can always choose to remove or refuse them. 

Cookies are little bits of information stored in your browser (Chrome, Firefox, Edge, etc) to make browsing between pages in a site work better, or to make sure a site remembers you when you come back. Most websites use them – without cookies, pages tend to be quite limited in what they can do.  

We use two specific types of cookies on our website: 

  • Session cookies, which are temporary cookies that remain the cookie file of your computer until you close your browser (at which point they are deleted), and;
  • Persistent or stored cookies that remain permanently on the cookie file of your computer. 

We will use the session cookies to keep the continuity of your session while you navigate the website (eg. so that if you click an action on one page, the next page knows what action has been taken). We will use the persistent cookies to enable our website to recognise you when you return to the site. 

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated related to our website is used to create reports about the use of the website. Google will store this information. Find out more about Google’s position on privacy as regards its analytics service here: 

https://support.google.com/analytics/answer/6004245 

Most browsers allow you to reject all cookies. For example in Internet explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy” and selecting “Block all cookies” using the sliding selector.  As with all websites, locking all cookies will make the website much less easy to use. 

Third Party Cookies are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site which allow visitors to share content onto social networks such as Twitter and Facebook. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts (little snippets of programmes) from domains outside of our website. We include these links because most other sites do, and it makes it easier for you to share our content with your friends online, if you wish to.  

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information. 

7.3 Office systems  

Our email, calendar, and general office IT uses Microsoft Office 365 technology, which meets UK GDPR requirements. They have extensive privacy terms which you can find here: http://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31  

Our cloud servers store data in the UK, and are fully UK GDPR compliant.  

7.4 Keeping in touch via email 

We regularly send out emails like newsletters or announcements. Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send we can track whether the user has opened and clicked on the email. We do not use this information at a personal level – we just use it to understand open and click rates on our emails to try and improve them. If nobody opens an email, we go back to the drawing board on what to include in future. If you want to be sure that none of your email activity is tracked, then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every email we send. 

We use an industry standard email tool, MailChimp, to send bulk emails. Mailchimp’s servers are in the US, so you need to be aware that in principle, when you sign up to a newsletter, your information is being stored in the US. Again, this is in common with many other websites across the world.  

Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. You can see their data protection policy here: https://mailchimp.com/legal/privacy/  

MailChimp has a further Data Processing Addendum outlining its compliance with UK GDPR which can be found here: https://mailchimp.com/legal/data-processing-addendum/ 

7.5 Online Donations and Payments 

Our online donations and marathon fundraising, are processed by Virgin Money Giving. Financial transactions made online to Time and Talents using the Virgin Money website link are secured by Virgin Money. No one can access your credit card details via the internet. You can find their privacy policy here: https://uk.virginmoneygiving.com/giving/terms/privacy-policy.jsp  

Our online bookings system is managed by Kajima (Bookings plus). Their privacy policy can be found here: https://www.bookingsplus.co.uk/privacy-policy/  

Payments through the bookings system are through ‘Stripe’. Their privacy policy is here: https://stripe.com/gb/privacy 

We will never, ever, contact you by email or phone asking you for passwords or credit card details. If anyone ever emails or calls you claiming to be from T&T and asking for any of those details, please end the call/do not reply to the email and call our office to notify and check with us. If you are unsure about the legitimacy of a request for payment, such as group subscription or invoice for room hire, please contact us directly at the office to check with us before making a payment.  

7.6 Database 

Our user database is stored ‘in the cloud’ (that means it is not stored on our own computers, but with a larger company in a secure internet ‘data warehouse’). This is generally much safer for small companies, helping us avoid hacking, viruses, and so on. The database is run by Lamplight, and a summary of the protections made for GDPR for this very sensitive database and the information it holds can be found here: https://www.lamplightdb.co.uk/the-system/gdpr/system-security/  

We are currently in the process of migrating our data to a new database, CharityLog. Data is stored by using Dizions software which is certified to ISO 27001 and Cyber Essentials Plus, both of which are externally reviewed and audited annually. More information on CharityLog’s privacy policy can be found here: https://www.charitylog.co.uk/privacy  

Because Time and Talents does not process data outside of the UK, the UK GDPR does not impose stricter regulations on any of our databases beyond those put in place in May 2018 through the implementation of GDPR.   

 

8. Making Changes 

You can request changes to, or ask to remove, to the data we hold, and how we use it. 

Should you wish to change your contact preferences, or to remove yourself from our records, you can do this by writing to us at info@timeandtalents.org.uk, or by telephone to our main office number.  

You can request to see your personal data. We will always comply wherever we can, where the request is proportionate, realistic, and reasonable. We can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. 

You can also request erasure from our records.   

 

9. Legal requirements  

Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law. This could include requests from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.  

 

10. Complaints 

And finally, if you believe your privacy rights have been violated, you may file a complaint with us or with the Information Commissioner’s office https://ico.org.uk/. We would always prefer you talk to us first, however, as usually it is very easy to fix any errors or problems.


 

APPENDIX A

PERSONAL RIGHTS UNDER UK GDPR 

The UK GDPR provides the following rights for individuals: 

1. The right to be informed 

You have the right to know certain privacy information: 

  • The reasons T&T is collecting, using and storing your personal information 
  • How long we are keeping your information 
  • Where we are storing your information 
  • If we are sharing your information, and if so, with whom we are sharing it  

2. The right of access 

You have the right to access and receive a copy of your personal data, and other information about you that we collect, use and store. If you ask for a copy of your personal data, T&T should give it to you within one month (or within two months if the information is complex).  

T&T can only refuse to provide the information if an exemption or restriction applies (for example, when it would involve also disclosing another person’s personal information), or if the request is unfounded or excessive. 

3. The right to rectification 

You have the right to have inaccurate personal data corrected if it is incorrect, or completed if it is incomplete. If you ask for your personal information to be corrected or completed, T&T should do this within one month. 

4. The right to erasure 

You have the right to have personal data be erased. This is also called ‘the right to be forgotten’. If you ask to have your data erased, T&T should do this within one month.  

There may be some cases in which this is not possible (such as when T&T are legally required to keep a record), in which case you should be told this.  

5. The right to restrict  processing 

You have the right to limit how and if we use your personal information. This includes asking us not to share information about you with other partner services or organisations, or asking us not to use your information in feeding back to funders.  

There may be some cases in which this is not possible (such as when T&T are legally required to keep a record or share information), in which case you should be told this.  

6. The right to data portability 

You have the right to obtain and reuse your personal data for your own purposes across different services. For example, this may be moving or copying your personal information from T&T to another organisation.  

7. The right to object 

You have the right to object, or say no to us contacting you or otherwise using your personal information. For example, you have the right to opt out of our mailing lists. If you make an objection to T&T contacting you, T&T should stop within one month. 

8. Rights in relation to automated decision making and profiling 

T&T does not carry out automated decision making or profiling.  

Should you wish exercise any of these rights, or if you would like to discuss these further, you can do this by writing to us at info@timeandtalents.org.uk, or by telephone to our main office number.