Privacy Policy

  1. Introduction

Time & Talents takes your privacy seriously. We are committed to protecting your personal information. New data protection legislation, known as UK GDPR (General Data Protection Regulations) came into effect in January 2021, guided by the Data Protection Act 2018. UK GDPR is designed to make sure that your data is used in a clear, transparent and fair way.

Time & Talents takes great care with your data and ensures that all your personal information is held securely, fairly and only ever used for the purposes for which you have given it to us. This policy sets out how T&T uses your information to further our work in building community and supporting vulnerable people. We also have a more practical set of guidelines and internal processes for staff and volunteers, and regular training to ensure that staff understand their rights and responsibilities.

  1. Who we are

Time & Talents is a company limited by guarantee and registered in England no. 4009766. Registered charity no. 1084545. For the purposes of legislation, our Trustees are the data processor. To contact the Trustees, contact The Chair, c/o info@timeandtsalents.org.uk

For day-to-day queries the Head of Operations, Diana Hofler is the person responsible for data protection. They can also be contacted at the above email or on our main telephone number.

  1. Handling Information: Our Principles

This document sets out our privacy policy, focusing on the specific and most common uses of data at Time & Talents. Therefore, we want to start by setting out our general principles of data use and privacy:

  • We will not unduly prioritise our interests as a charity over someone’s individual interests – we will always balance our interests (needs) with your rights
  • We will only use personal information in a way, and for a purpose, that you would reasonably expect in accordance with this Policy
  • We will always act with fairness, transparency, equity and in good faith
  • We recognise the trust you have put in us by sharing any of your personal data – and we acknowledge that even accidental misuse or mishandling of data could have serious effects on a person

 

  1. About UK GDPR

What the Law says about protection of personal information

The Law on Data Protection is derived from various pieces of legislation. These include the Data Protection Act which became enforceable from May 2018 and the UK General Data Protection Regulation (‘UK GDPR’) which became enforceable from January 2021. UK GDPR states that personal data (information relating to a person that can individually identify them) can only be processed if there is a legal ground to do so. Processing includes activities like collecting, storing and using personal information. UK GDPR provides six legal grounds (reasons) under which personal information can be processed in a way that is lawful. For the data processing to be lawful, at least one of the legal grounds must apply:

The six legal grounds relevant to Time & Talents’ use of your personal information are:

 

  • Consent
  • Legitimate Interest
  • Contract
  • Legal Obligation
  • Vital Interests
  • Public Task

 

  1. How the law applies to Time & Talents’ use of personal information

We will only process (use) your personal information when we have at least one of the following:

  • asked you and have a record of your express and recent consentfor us to do so;
  • a ‘legitimate interest’to do so to support our charitable mission, or to provide you with help or support you have requested
  • contract with you that we can only fulfil by using your personal information – this would include your making applications to volunteer or work with us, or supply of a service
  • legal obligationto use or disclose information about you. For example, we are required by law to keep records of gifts that are given to us with Gift Aid for 4 years. As another example, we must disclose information relating to safeguarding incidents
  • there is a vital interest in doing so – there is a threat to the personal safety of you or someone else. This could also apply in the case of safeguarding issues
  • to undertake a public task

There are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground, such as Legitimate Interests, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.

Below we have set out some ways we use your data in accordance with the above, so you can see clearly what we do, and why.

 

  1. Your Information – what we collect and how we use it

Time & Talents collects information from the public in a number of different ways. To help you understand this, we have set out the most common uses. There may be other times that we collect information from the public – if you are not sure what we are collecting from you and how we are using it, please ask us. We are happy to go through any questions about your personal information and your rights regarding this. Please see Appendix A for further information about personal rights under UK GDPR.

 

  • Participants and service users of our activities, groups, services and support

Example: recording and storing information that you give us when you start attending our groups, when we do an assessment for our older people’s programme, or when we make a befriending match.

Our groups, activities and services are personal in nature. This includes groups which support people with health conditions (such as our ‘Stroke Club’) or particular needs (such as Holiday Club for disadvantaged children), or where referrals are made from schools and health and social care professionals. It also includes individual and one-to-one support we might give via assessments, advocacy or case management.

We will securely and confidentially store detailed information on participants and service users. This will often include information such as your name, date of birth and contact information, and in the case of our support services, will often include personal information on your needs, health, and welfare. We will ask you questions, and store your answers about your personal circumstances so we can give you the right help.

Guarding such highly personal data is of the utmost importance to us, and we recognise the level of trust that you are putting in us if you give us this information. We will only ever use this information:

  • To help provide ongoing care and support to individuals where it has been requested
  • To help us understand who is using our services, and identify emerging or existing needs in our community
  • Ensuring we are reaching the right people, identifying for example where participants come from, what age ranges they fall into, and so on
  • To help us demonstrate to funders and others to whom we are accountable the work that we do and impact we have
  • To create aggregated, non-identifiable case studies which may be shared with funders to help them understand the impact of our work.

We only ever capture data that is necessary to help provide a service. If you ever feel the information we request is excessive or intrusive, you do not need to provide it, and we welcome feedback good or bad. We will always endeavor to still work with you if you don’t want to give us information which is not absolutely essential to the delivery of the support.

The lawful grounds for using this information

Time & Talents’ primary charitable purpose is to support the local community and bring people together for fun and friendship. Because we need personal information to provide you with a service or support, we have a legitimate interest in collecting and using this information. For example, we will need your address to send you letters, or your phone number to let you know when we are visiting. We will need to know about food allergies or specific health conditions in some of our groups, or your next of kin in some situations.

We may also have contracts to provide services and support which require us to report on eg. the demographics of who we are supporting. Therefore, we have a legitimate interest in collecting information and reporting to those funders as part of fulfilling our contractual obligations.

Sharing this information

In the case of our support work, we will share your personal identifying information with others who can help you (‘make a referral’) if you consent to us doing this. This could be, for example, phoning your doctor if you ask us to, or linking you with a specialist support worker.

We may share information about you with a partner organisation providing support alongside the work that we are doing. This is a legitimate interest basis for sharing information: we are sharing information to ensure that you have the best support possible. We believe that we are not always able to get your consent in these situations, particularly because we know you may feel pressure to agree with us.

We may also share your information with partner organisations to fulfill our contractual obligations. Different funders require different information in reports: some funders may want information in aggregate (such as the percentage of participants who live in SE16), but others may want more specific information (for example, Southwark Council may want to know which pupils from which schools attend groups that they fund).

We will only ever do the above with others who are either signed up to our data protection policies or who have the same rigorous data protection policies that we do, and only if one of the following conditions for processing also applies:

  • Consent: If you have consented, or asked us to do so
  • Provision of a Public Task: When the service we are providing is on behalf of a statutory authority, such as Southwark Council and Department of Education
  • Equality of Treatment: To ensure that we are operating justly and fairly with regard to protected characteristics across projects which are delivered in partnership, such as Ageing Well Southwark services
  • Support for individuals with a particular disability or medical condition: To allow you to get the help and support you need, and in your interests alone
  • Safeguarding of Children and Individuals At Risk: In very rare cases where there is a ‘vital interest’ – we are worried that you or someone else could be in serious danger. This would include where we had a concern about safeguarding

Please see Appendix A, Ageing Well Southwark Data Processing Notice, for more information on data sharing with partners in the Ageing Well Southwark partnership.

How it’s stored

This information is stored digitally via our database. Additionally, we may keep hard-copy case notes. These are kept secure, in locked filing cabinets, when they are not in use. They are only accessible to staff responsible for our support work. If any staff need to carry information in a hard copy when they are out of the office, this information will be anonymised as much as possible. In accordance with UK GDPR, we will minimise carrying information out of the office and will use the most secure means possible when this is necessary.

How long we will keep this information

For as long as you receive support from us plus 3 years, or until you ask us to stop.

 

  • Statistical analysis and social research

Example: finding out the number of people over 65 with diabetes who attend our groups, or how many people live in a certain postcode and use our play clubs who are from an ethnic minority.

In order to ensure we understand the needs in our community and what we can best offer to help people, we may analyse your data in combination with that of others. We may also look for common themes and qualitative information across our data which could be helpful to report externally.

The lawful grounds for using this information

We have a legitimate interest in undertaking statistical analysis and social research. We will do this, for example, to aid the development of services and activities, to demonstrate need for our services, or to show effectiveness of certain interventions.

Any qualitative information (such as case studies which demonstrate common themes) will be anonymized, or used only with the consent of any identifiable individuals.

 

  • Volunteers or applicants to volunteer

Example: processing somebody’s application to volunteer, including taking up references and an enhanced DBS check.

Every year up to 150 people give their Time & Talents to help their local community. When you do this, we follow a recruitment process. This includes you completing an application form, usually via our website, which we receive and then process. With your consent, we will take up two references, usually by telephone.

For volunteers as well as staff, we need to undertake an enhanced DBS (Disclosure and Barring Service) check. We ask you to manage this process yourself online.

We use your data to:

  • check whether you are suitable for a volunteering role
  • find you the right volunteering placement
  • know what skills we have available to us in our volunteer pool
  • make befriending matches and placements
  • record your volunteering activity

The lawful grounds for using this information

We have a legitimate interest in processing personal information on our volunteers, as this enables us to ensure a high quality of service to our community. We use personal information to measuring aggregate qualities of our volunteers (such as ethnic diversity). We may also have a legitimate interest to process personal information to fulfil contractual provisions or legal obligations.

We will rely on your consent to share any information which would identify you as an individual, including contacting your references, unless we have a legal obligation or vital interest to share your information (for example, because of a safeguarding concern).

Sharing this information

When we share that information, it will always be provided as an aggregate (X people from Y postcode, Z people between 20 and 50 years of age, and so on). Individual identifying information will not be shared. We will never give anyone information on individual volunteers without the individual’s express consent (unless required to do so by law).

How it’s stored

We do not keep copies of your personal documents which need to be provided for proof of identity as part of the DBS check. When your DBS certificate returns, we do not keep a copy, and only record whether there was any issue.

We keep your volunteering and personal details in our database, and hard copies in our locked filing cabinets. We keep paper copies of your references in this locked filing cabinet as well. Only relevant staff will have access to these details.

How long we will keep this information

We will store your application form and information for as long as you continue to volunteer with us, plus 3 years, or until you ask us to stop.

  • Staff information

Information on use of employee data can be found in our employee handbook.

  • Still and Moving Images

Example: Taking a picture of people dancing at our summer party and putting it on Facebook, a portrait of 2 members of our stroke club wearing a funny hat.

We often take photographs and video at events and activities and will ask for your permission before we record your image, wherever you are featured prominently.

We will ask about specific types of use for your images. We will pay particular attention to any images which feature children.

The lawful grounds for using this information

We will rely on your consent to share any images which would identify you as an individual. It is not always practical to seek written permission for use of photographs of large groups at public events – for example, images of a large outdoor party with 300 attendees. In such cases, we will make all attendees aware that group photographs are being taken, and offer them the option to be excluded from images, or not to attend.

You may withdraw your consent for us to use your image in the future. However, in the case of large group shots or edited films, and images which have been shared widely, it may not be practically possible to remove your individual image. For example, we would be unlikely to be able to remove a brief shot of you from a substantial edited video with many participants, in the event that you later choose to withdraw permission.

In such a case, we may have a legitimate interest to continue using that image or film. We would always balance this legitimate charitable interest with the impact on the needs and rights of any individual concerned. UK GDPR takes into account the level of investment, and legitimate interests of an organization when considering the approach which must be taken to images.

Sharing images

We will use images for publicizing our work, reporting to funders, and for historical archiving. We may use the images on social media, our website, or for print media. We will ask separately whether you are happy for us to use your image for specific purposes, especially where it may be in the context of any commercial or fundraising request.

How it’s stored

We will store videos and images in digital format, in cloud storage, and on hard media such as DVDs and Blu-Rays.

How long we will keep an image

For individual images, material featuring multiple subjects and edited films, 5 years, or until you ask us to stop..

  • Fundraising and donor information

Example: making a donation to T&T via the ‘make a donation’ link on the website

Time & Talents receives a limited number of donations from individuals and does not currently have an extensive individual fundraising programme, or lists of individual donors.

When you make a donation, unless you make it anonymously, we will ask for information that enables us to administer your donation. This will normally include information such as your name, contact details, and your payment details. If you use our third party payment services, you can choose whether or not your financial information is stored for future use with their payment service.

The lawful grounds for using this information

We have a legal obligation to keep and use information about donors under Gift Aid regulations and HMRC regulations.

Sharing this information

We will never share your information with any other parties, unless it is

  • in order to process the donation, payment or gift aid
  • in order to comply with a legal requirement
  • in any other case, with your express consent

How it’s stored

We will store this information in our secure accounting software, and on paper financial records in a locked filing cabinet.

How long we will keep your information

We will not retain payment information beyond the immediate use.

We will retain donor information for 7 years, to comply with HMRC regulations, and 4 years to comply with Gift Aid regulations.

  • Historical Connections

Example: Sending a Christmas card or newsletter to one of the oldest members of T&T from the 1930s.

Although we are no longer an official membership organisation, Time & Talents has been a society of friends and supporters for more than 135 years. Our long relationships, deep roots, history, and transgenerational links are among our greatest strengths.

The lawful grounds for using this information

Some of our existing/ remaining personal connections predate any kind of data protection legislation, were based on personal trust in the Settlement, and were never entered into on the expectation that they would need to give signed consent, etc. This includes many people who are now very elderly, and would not necessarily be able to re-sign up for consent via email, or send back letters telling us to continue contacting them. Some may be very lonely, and their sense of continued connection to their past is very important. We therefore have a legitimate charitable interest in maintaining those links and holding that information.

Sharing this information

We will not share information from historical connections which identifies individuals without their consent, unless we have a legal obligation or vital interest to share this information (for example, because of a safeguarding concern).

How it’s stored

This information is stored digitally via our database. Additionally, we may keep hard-copy records. These are kept secure, in locked filing cabinets, when they are not in use. They are only accessible to relevant staff.

How long we will keep this information

In those particular cases of lifetime friends of T&T, we will continue to hold those details for the rest of that person’s lifetime and for 3 years afterwards or until you ask us to stop.

  • Historical Archives

Example: Keeping the minutes from a meeting about redevelopment in the 1990s, or sharing an archive image online, featuring the first children’s computing classes in the 1980s.

Time & Talents has an historical archive held at the London Metropolitan Archive. It also has an archive from the 1980s onwards which we currently hold in our own secure storage. Our goal is to find funding to catalogue and log the more recent archive fully in the near future, with a view to storing this also with the LMA.

The lawful grounds for using this information

This material is of historical significance and therefore subject to certain exemptions under UK GDPR for libraries and historical archives which may contain personal information.

Sharing this information

There are many potential purposes that historical information can be put to – we may wish to create historical materials and museum exhibits, or to post blog posts on the website. We will share any archive historical materials with caution, especially where it may have any foreseeable impact on people who are still living, while keeping it safely for future or present study.

How it’s stored

Most of our archive material is stored in paper copy in our secure storage room. Some material is digitized, although most of this is in the London Metropolitan Archive.

How long we will keep this information

This information will not be deleted.

  1. Online and digital privacy

We know that online and digital privacy is something that people take increasingly seriously, and we welcome people taking more care with how their data is shared online. Although we are very small charity, we have some digital services we use which store and process information from the public, and you can find out more about these below.

  • Website

Our website is hosted by a US company, Siteground, a trusted and high-quality web hosting company. We pay them to store and look after our website rather than having to have it on a machine here at T&T, which would be a lot harder to keep going. That means that when you submit a form via our website – for example, applying to be a volunteer – that information goes via another computer in the US.

Because Time & Talents does not process data outside of the UK, UK GDPR does not impose stricter regulations on our website and website storage beyond those put in place in May 2018 through the implementation of GDPR. You can find information on how Siteground prepared for GDPR here:

https://www.siteground.com/blog/gdpr-siteground-getting-ready/

You can find Siteground’s privacy policy here: https://www.siteground.co.uk/viewtos/privacy_policy

  • Cookies

Because cookies are such an integral part of the internet, we assume you consent to cookies by using our site. However, you can always choose to remove or refuse them.

Cookies are little bits of information stored in your browser (Chrome, Firefox, Edge, etc) to make browsing between pages in a site work better, or to make sure a site remembers you when you come back. Most websites use them – without cookies, pages tend to be quite limited in what they can do.

We use two specific types of cookies on our website:

  • Session cookies, which are temporary cookies that remain the cookie file of your computer until you close your browser (at which point they are deleted); and
  • Persistent or stored cookies that remain permanently on the cookie file of your computer.

We will use the session cookies to keep the continuity of your session while you navigate the website (eg. so that if you click an action on one page, the next page knows what action has been taken). We will use the persistent cookies to enable our website to recognise you when you return to the site.

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated related to our website is used to create reports about the use of the website. Google will store this information. Find out more about Google’s position on privacy as regards its analytics service here:

https://support.google.com/analytics/answer/6004245

Most browsers allow you to reject all cookies. For example in Internet explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy” and selecting “Block all cookies” using the sliding selector.  As with all websites, locking all cookies will make the website much less easy to use.

Third Party Cookies are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site which allow visitors to share content onto social networks such as Twitter and Facebook. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts (little snippets of programmes) from domains outside of our website. We include these links because most other sites do, and it makes it easier for you to share our content with your friends online, if you wish to.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

  • Office systems

Our email, calendar, and general office IT uses Microsoft Office 365 technology, which meets UK GDPR requirements. They have extensive privacy terms which you can find here:

https://www.microsoft.com/licensing/docs

Our cloud servers store data in the UK, and are fully UK GDPR compliant.

  • Keeping in touch via email

We regularly send out emails like newsletters or announcements. Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send we can track whether the user has opened and clicked on the email. We do not use this information at a personal level – we just use it to understand open and click rates on our emails to try and improve them. If you want to be sure that none of your email activity is tracked, then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every email we send.

We use an industry standard email tool, MailChimp, to send bulk emails. Mailchimp’s servers are in the US, so you need to be aware that in principle, when you sign up to a newsletter, your information is being stored in the US. Again, this is in common with many other websites across the world.

Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. You can see the data protection policy of Intuit, who owns MailChimp, here:

www.intuit.com/privacy/statement/

MailChimp has a further Data Processing Addendum outlining its compliance with UK GDPR which can be found here: https://mailchimp.com/legal/data-processing-addendum/

  • Online Donations and Payments

Our online donations and London Marathon fundraising are made through the following websites:

Our online bookings system is managed by Kajima (Bookings plus). Their privacy policy can be found here:

https://www.bookingsplus.co.uk/privacy-policy/

Payments through the bookings system are through ‘Stripe’. Their privacy policy is here:

https://stripe.com/gb/privacy

We will never, ever, contact you by email or phone asking you for passwords or credit card details. If anyone ever emails or calls you claiming to be from T&T and asking for any of those details, please end the call/do not reply to the email and call our office to notify and check with us. If you are unsure about the legitimacy of a request for payment, such as group subscription or invoice for room hire, please contact us directly at the office to check with us before making a payment.

  • Database

Our user database is stored ‘in the cloud’ (that means it is not stored on our own computers, but with a larger company in a secure internet ‘data warehouse’). This is generally much safer for small companies, helping us avoid hacking, viruses, and so on. The database, CharityLog, is run by Dizions Ltd. Dizions software is certified to ISO 27001 and Cyber Essentials Plus, both of which are externally reviewed and audited annually. More information on CharityLog’s privacy policy can be found here: https://www.charitylog.co.uk/privacy

Because Time & Talents does not process data outside of the UK, UK GDPR does not impose stricter regulations on any of our databases beyond those put in place in May 2018 through the implementation of GDPR.

  1. Making Changes

You can request changes to, or ask to remove, to the data we hold, and how we use it.

Should you wish to change your contact preferences, or to remove yourself from our records, you can do this by writing to us at info@timeandtalents.org.uk, or by telephone to our main office number.

You can request to see your personal data. We will always comply wherever we can, where the request is proportionate, realistic, and reasonable. We can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

You can also request erasure from our records.

  1. Legal requirements

Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law. This could include requests from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.

  1. Complaints

And finally, if you believe your privacy rights have been violated, you may file a complaint with us or with the Information Commissioner’s office https://ico.org.uk/. We would always prefer you talk to us first, however, as usually it is very easy to fix any errors or problems.

 

APPENDIX A

AGEING WELL SOUTHWARK – PARTNERSHIP DATA PROCESSING NOTICE 2022

Ageing Well Southwark is a partnership between local charities and Southwark Council designed to connect older people and carers with local support services. It is provided by a partnership of local charities, who are collectively known as the Consortium of Older People’s Services in Southwark (COPSINS), working with Southwark Council. The lead partner for this service is Age UK Lewisham and Southwark.

The COPSINS partners are:

Partner Website link
Age UK Lewisham and Southwarkhttps://www.ageuk.org.uk/lewishamandsouthwark/
Blackfriars Settlementhttps://blackfriars-settlement.org.uk/
Link Age Southwarkhttps://www.linkagesouthwark.org/
Time & Talentshttp://www.timeandtalents.org.uk/
Southwark Carershttps://www.southwarkcarers.org.uk/
Southwark Pensioners Centrehttp://www.southwarkpensioners.org.uk/

 

This notice sets out how the COPSINS partners will collect, store and share data your personal data in delivering the Ageing Well Southwark contract. A copy of the partner’s own Privacy Policy (sometimes called a Privacy Notice) is available on request/at the website provided above.

 

Data Collection

The partners will use CharityLog, electronic case management system for the collection, storage of personal data, whether that personal data is provided by telephone, in writing (letter/email), online, text or in person.

 

We will keep all the data for a period of 6 years.

Data Sharing

The legal basis (legitimate interest) for processing this personal data is to provide services and products to fulfil the terms of our contract to deliver social care support services to you as our client. This will include sharing your personal data with partners to ensure that you are able to be provided with an efficient and effective service without having to repeat information to multiple agencies.

 

The personal data will also be shared with the relevant funders and other third parties who we will need to signpost or refer you to in order to take your issue forward (eg Alzheimer’s Society if you have requested their support in relation to a dementia diagnosis). There may be occasions when we wish to refer older people or carers to Southwark Council’s Adult Care Customer Service team in order to help access the most appropriate services.

 

In sharing information with our funders, to comply with obligations to provide monitoring data on service delivery, we will aim to anonymise any identifiable data, where possible.

 

We will not share personal data with anyone for the purpose of sales or marketing without obtaining your consent to do so. We will insist that any organisation with whom we share your data will also meet this commitment. No personal information will be used in the evaluation or any published materials about this service. Case studies that may be produced will be anonymised.

Data Rights

Under UK legislation – GDPR (UK) and Data Protection Act 2018, the individual, to whom the data refers, also has a number of statutory rights concerning their data:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

 

Your statutory rights are not affected by our legitimate interest in collecting, storing and sharing your personal data.

 

If you have a concern about how any of the COPSINS partners have processed your data in relation to the Ageing Well Southwark contract you should contact the lead, partner Age UK Lewisham & Southwark on data.protection@ageuklands.org.uk.

 

If you are not satisfied that your personal data is being processed properly, and the lead partner have been unable to deal with your complaint satisfactorily, then you have the right to raise your concern with the Information Commissioner’s Office (ICO). More information about how you can do this is available at the ICO’s website www.ico.org.uk

 

APPENDIX B

PERSONAL RIGHTS UNDER UK GDPR

UK GDPR provides the following rights for individuals:

  1. The right to be informed

You have the right to know certain privacy information:

  • The reasons T&T is collecting, using and storing your personal information
  • How long we are keeping your information
  • Where we are storing your information
  • If we are sharing your information, and if so with whom we are sharing it
  1. The right of access

You have the right to access and receive a copy of your personal data and other information about you that we collect, use and store. If you ask for a copy of your personal data T&T should give it to you within one month (or within two months if the information is complex).

T&T can only refuse to provide the information if an exemption or restriction applies (for example, when it would involve also disclosing another person’s personal information) or if the request is unfounded or excessive.

  1. The right to rectification

You have the right to have inaccurate personal data corrected if it is incorrect, or completed if it is incomplete. If you ask for your personal information to be corrected or completed, T&T should do this within one month.

  1. The right to erasure

You have the right to have personal data erased. This is also called ‘the right to be forgotten’. If you ask to have your data erased, T&T should do this within one month.

There may be some cases in which this is not possible (such as when T&T are legally required to keep a record), in which case you should be told this.

  1. The right to restrict processing

You have the right to limit how and if we use your personal information. This includes asking us not to share information about you with other partner services or organisations, or asking us not to use your information in feeding back to funders.

There may be some cases in which this is not possible (such as when T&T are legally required to keep a record or share information), in which case you should be told this.

  1. The right to data portability

You have the right to obtain and reuse your personal data for your own purposes across different services. For example, this may be moving or copying your personal information from T&T to another organisation.

  1. The right to object

You have the right to object, or say no, to us collecting you or otherwise using your personal information. For example, you have the right to opt out of our mailing lists. If you make an objection to T&T contacting you, T&T should stop within one month.

  1. Rights in relation to automated decision making and profiling

T&T does not carry our automated decision making or profiling.

If you are reading this appendix on display at T&T, a copy of the full Privacy Policy can be given to you on request. Should you wish exercise any of the rights listed above, or if you would like to discuss these further, you can do this by writing to us at info@timeandtalents.org.uk, or by telephone to our main office number.