PRIVACY POLICY
Disability Law Service (DLS) has been providing free legal advice and representation for disabled people since 1975. We fight injustice experienced by disabled people, challenging the poverty and inequality faced by disabled people, and helping disabled people enforce their legal rights and secure access to justice.
Protecting personal information and being transparent about how we use it is important to DLS. It is core to how we build and maintain trust in our work: the trust people place in us when they approach us for advice and support, and the trust placed in us by people involved in resourcing and delivering our work, including donors, volunteers, funders, partners, employees, suppliers and other stakeholders.
This statement explains how we gather and use personal information, depending on your relationship with DLS and how the personal information is stored and transmitted. For more information on data protection and your rights as an individual, in particular how data protection changed from May 25 2018, see https://ico.org.uk/
When you interact with DLS we will direct you to this privacy statement. We want to make it easy for you to find out more and will be happy to answer any questions you have about our use of data.
Please take the time to read this privacy statement: as a rights-based organisation, we think it is important for people to understand how their personal information is used by organisations and what their rights are. If you are short of time, look first at the things that apply to all personal data collected and used by DLS, and then at the sections that apply to your particular relationship(s) with DLS.
Contact and further information
Post or visit in-person: The Foundry, 17 Oval Way, London SE11 5RR
Telephone: 020 7791 9800 E-mail: advice@dls.org.uk Web: http://www.dls.org.uk/
Disability Law Service is a registered charity, number 280805 and a registered company limited by guarantee, number 01408520. We are registered with the Information Commissioner’s Office, Registration Number: Z8323393, see https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/ for further details.
For all enquiries related to data protection and privacy, including your rights under data protection legislation, please contact us on data@dls.org.uk or call 020 7791 9800.
Where you request access to your personal data, we will need to take appropriate measures to verify your identity before releasing this to you.
Whose personal data does DLS collect and work with?
- People getting advice, information and support from DLS and those connected with them.
- Supporters, donors and individuals involved in our campaigning and policy work.
- Purchasers of DLS services or products, such as DLS training.
- Our volunteers, trustees and patrons.
- People representing partner organisations, funders and other stakeholders relevant to our work, including our suppliers.
- Our employees and others working on our behalf.
- People visiting our website.
- Children and young people that we help indirectly
Things that apply to all our processing of personal data
We collect and work with personal data. Personal data is information that can be used to identify a living individual, such as names, addresses, phone numbers, e-mail addresses, postcodes, case files, details of enquiries, IP addresses, location data, online identifiers, pictures or other biometric data, service records, attendance lists, minutes of meetings, bank account details and other financial records.
We need to collect and use personal data to provide advice, information and support services, to fundraise and generate income for our work, to fulfil our charitable objectives, to run the organisation efficiently and effectively, to meet our legal obligations and to contract with individuals and organisations. We give more detail for each group of people listed in the section ‘Whose personal data does DLS collect and work with?’ However, the following points apply to all personal data processed by DLS.
We only collect personal data that we need. If we need your consent to collect or use your personal data, we will ensure that we have this consent from you. We will do our best to keep personal information secure by taking appropriate technical and organisational measures as described below. We will never sell personal information to third parties. We record telephone calls for training and monitoring purposes.
We will never give personal data to third parties, with the following exceptions:
- Where you have given us your consent to share your personal data, for example to get help or advice for your case or enquiry from another organisation.
- To further the legitimate interests of those seeking advice, information and support from Disability Law Service, for example sharing personal data of volunteers and employees with third parties in the normal course of giving advice.
- Where we use third party organisations to process your personal data on our behalf as set out in this privacy statement, for example organisations that provide us with cloud-based ICT services.
- Where we have legal obligations, for example, our legal obligations to prevent terrorism and money laundering, or to provide personal data to HMRC.
- In a life or death situation where we need to protect your vital interests or the vital interests of a third party, for example if you needed urgent medical assistance and were unable to give your consent to us seeking such assistance on your behalf.
- Where we have reasonable grounds for believing that not sharing personal information will result in serious harm to you or a third party, in line with our confidentiality policy and legitimate charitable purposes.
- Where we judge that sharing personal information is justified for the prevention of crime, in line with our confidentiality policy and legitimate charitable purposes.
We are committed to ensuring that DLS suppliers who process personal data on our behalf as ‘data processors’ treat your personal data carefully and in accordance with our written instructions and data protection legislation. We regularly review the written agreements we have with organisations and individuals that process personal data on our behalf. These include services such as e-mail communication, telephone voice recording, marketing support, market research, data analysis, payment processing, data storage and backup, payroll and other administrative and HR functions. They have access to personal information needed to deliver the service, but may not use this personal information for other purposes.
What are my rights?
Under data protection legislation applying from May 25 2018, you have the rights listed below. Please be in touch as described in the ‘Contact and further information’ section if you wish to exercise any of your rights. We will respond within a month. You will not usually need to pay us for making the request.
For more information and detail about your rights, see https://ico.org.uk/for-the-public/
- The right to be informed – we inform you through this privacy statement and through other privacy-related communications when you interact with DLS, whether you interact with us in person, by telephone, by e-mail, online or via other channels.
- The right of access – you have the right to ask us for confirmation that your data is being processed and to access this data (a ‘subject access request’).
- The right to rectification – you have the right to have inaccurate or incomplete personal data corrected or completed.
- The right to erasure – you have the right in some circumstances to ask us to erase your personal data (the ‘right to be forgotten’). Sometimes, this right may not apply, for example when the personal data needs to be retained for insurance purposes, or in relation to legal claims.
- The right to restrict processing – you have the right to ask us to limit how we collect and use your personal data, for example, to stop us deleting data that you might need in relation to a legal claim.
- The right to data portability – you have the right in some circumstances to be given your personal data in a structured, commonly used and machine readable form. This only applies to personal data you have given directly to us, where processing is carried out by automated means, and where the personal data is being processed based on your consent or in relation to a contract.
- The right to object – you have the right in some circumstances to object to processing of your personal data. This includes your right to object to: processing that we justify as being based on our legitimate interests; direct marketing; and processing of personal data for research and statistical purposes.
- Rights in relation to automated decision making and profiling – DLS has not identified any processing of personal data that currently involves solely automated decision-making or profiling.
Security and measures to protect personal data, including secure disposal
We take the security of your personal data very seriously. While we cannot guarantee that loss, misuse or alteration of data will not occur while it is under our control, we have security measures in place to prevent this. These measures include: limiting access to personal information to authorised individuals; encrypting information; protecting electronic files, folders and drives by passwords; securing paper files in locked cabinets; and establishing physical access controls to premises where personal data is processed. Where your information is no longer required we will ensure that it is disposed of in a secure manner.
Any sensitive or special categories of data collected and used by DLS are only shared on a need-to-know basis.
Where you use a password or unique identifier that enables you to access DLS services, it is your responsibility to keep this password or unique identifier confidential – please don’t share it with anyone. If you think anyone else has gained access to personal or confidential information, including any password or unique identifier, please let us know as soon as possible.
Only those staff authorised to process financial transactions will have access to associated financial information such as card details, bank account numbers, direct debits and standing orders and gift aid declarations.
How can I complain?
You have the right to lodge a complaint with the Information Commissioner’s Office. For more information, visit https://ico.org.uk/
What about personal data transferred to other countries?
DLS makes use of cloud-based services where personal data is not transferred outside the UK or EEA, for example, cloud-based client and case management services where data is stored in secure data centres within the UK or EEA countries.
People getting advice, information and support from DLS and those connected with them
Why do we collect and use personal data?
We do this to give advice, information and support. We also gather some personal data to help us understand how to improve our services, to resource our work and to promote our legitimate interests as a charity. This includes the recording of telephone calls for training and monitoring purposes.
How do we justify this according to data protection legislation?
Our lawful bases for processing this data include: our legitimate interests as a charity providing advice, information and support services as well as monitoring phone calls for training and monitoring purposes and the legitimate interests of our clients; the contracts we have with bodies such as the Legal Aid Agency to provide legal advice; our legal obligations, including those related to social security regulations and social welfare law, terrorism and money laundering; and your consent to process personal data for particular purposes, including consent to receive direct marketing.
What kinds of personal data do we collect and use and where we do get them from?
We gather your personal information and the personal information of others involved in your case or enquiry when you visit us in person, use our websites, complete printed paper forms, speak to us on the telephone, complete surveys or questionnaires or communicate with us by post, e-mail or other channels. Information is recorded in paper files, electronic files and cloud-based case management systems. In line with the advice we give, some of this personal data is sensitive, relating to health, finances, social welfare, employment, protected characteristics and other circumstances.
We may also collect and use sensitive information related to race, ethnic origin, political views, religious beliefs, trade union membership, genetics, biometrics used for ID purposes and sexual orientation. We use some of this sensitive information to generate anonymised reports and undertake statistical analysis to identify and evidence the needs and issues faced by disabled people. This could for example include the number of people with a particular health condition or experience of disability.
We collect and use your personal data when you sign up for newsletters or other direct marketing communications, including e-mail newsletters. We also collect and use your personal data for administrative purposes, for example getting your feedback, telling you about changes to our service and responding to complaints or concerns.
Who might your personal data be shared with?
We will only share the personal data of our clients with third parties with their explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’.
We may also process the personal data of other people involved in the cases or enquiries of DLS clients, for example, personal data relating to family members, friends, carers or support workers.
Personal data may be shared with DLS by partner organisations and other stakeholders, for example in situations where you have given your consent for information to be shared directly with us through referral. When you provide your personal data to other organisations, you should check their privacy policies carefully.
How long do we keep personal data for?
We keep personal data related to client cases and enquiries for at least 6 full years after the client’s last contact with DLS or the date when the most recent case was closed. This enables us to protect client interests and the interests of DLS in regard to legal claims that may arise in relation to work carried out. For some personal data, we may retain information for longer periods depending on our legal obligations, client instructions and any limitation periods that may apply to the case files concerned. If you continue using DLS services over a period of time, for example in relation to a number of separate issues over a period of years, we will not erase personal data in past case files which are over 6 years old whilst other more recent personal data is being retained. This is to ensure continuity of service and avoid loss of relevant information.
Supporters, donors and individuals involved in our campaigning and policy work
Why do we collect and use personal data?
We do this to process donations we may receive from you, to claim Gift Aid on these donations and to update you on how your donations are being used. We collect and use your personal data when processing event bookings and setting up direct debits or standing orders. We use your personal data to engage with you as a supporter of our work, for example to provide you with information about our activities, to tell you about how you can support our work and to record the contacts that we have with you. We collect and use your personal data so that you can participate in our policy and campaigning work, including surveys or research activities.
We collect and use your personal data when you sign up for newsletters or other direct marketing communications, including e-mail newsletters. We may also collect and use your personal data for administrative purposes, for example responding to complaints or concerns.
How do we justify this according to data protection legislation?
Our lawful bases for processing this data include: your consent to collect and use your personal data, including your consent to receive direct marketing communications; our legitimate interests as a charity, including monitoring who we deal with to protect DLS against fraud, money laundering and other risks; the contracts we may have with you that relate to paid-for events; and our legal obligations, for example, meeting statutory requirements when processing Gift Aid payments.
What kinds of personal data do we collect and use and where we do get them from?
We collect your personal information when you visit us in person, use our websites, complete printed paper forms, speak to us on the telephone, make donations, attend events, complete surveys or questionnaires or communicate with us by post, e-mail or other online channels. Information is recorded in paper files, electronic files and cloud-based databases. The personal data we collect will include financial information when you make a donation, set up a direct debit or standing order, or leave us a legacy in your will.
We may receive information about you from third parties, for example from a friend who wants to send you information about our work or book an event on your behalf.
Who might your personal data be shared with?
We will only share your personal data with third parties with your explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’.
How long do we keep personal data for?
We keep personal data that relates to financial records, including paid-for events, for at least 6 years from the end of the last financial year they relate to for DLS accounting purposes. Some financial information may be kept for longer, for example information related to legacy gifts.
We will retain other personal data related to your support for and engagement with DLS for a period of at least 6 years since the date of your last engagement with DLS. We will ensure that you can simply and easily withdraw your consent to be sent information about our work and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.
Purchasers of DLS services or products
Why do we collect and use personal data?
We do this to process payments and purchases and to update you on our services and products. We collect and use your personal data when processing event bookings, to record the contacts that we have with you and to deliver services and products.
We collect and use your personal data when you sign up for newsletters or other direct marketing communications, including e-mail newsletters. We may also collect and use your personal data for administrative purposes, for example responding to complaints or concerns. We may make use of personal data that is publicly available to communicate with you about products and services that DLS provides.
How do we justify this according to data protection legislation?
Our lawful bases for processing this data include: the contracts that we may have with you that relate to provision of our services or products, including paid-for training; our legal obligations, for example, complying with accountancy requirements when processing payments; your consent to collect and use your personal data, including your consent to receive direct marketing communications; and our legitimate interests as a charity, including monitoring who we deal with to protect DLS against fraud, money laundering and other risks.
What kinds of personal data do we collect and use and where we do get them from?
We collect your personal information when you contract with us or express an interest in our products and services. We collect your personal information when you visit us in person, use our websites, complete printed paper forms, speak to us on the telephone, attend events, complete surveys or questionnaires or communicate with us by post, e-mail or other online channels. Information is recorded in paper files, electronic files and cloud-based databases. The personal data we collect will include financial information when you purchase a service or product.
We may receive information about you from third parties, for example from someone who thinks you may be interested in our services or products, or someone who purchases a service or product on your behalf. We may make use of personal data that is publicly available to communicate with you about products and services that DLS provides.
Who might your personal data be shared with?
We may share your personal data with third parties as set out in our contractual terms and conditions. We may also share your personal data with third parties with your explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’.
How long do we keep personal data for?
We keep personal data that relates to financial records, including provision of services or products, for at least 6 years from the end of the last financial year they relate to for DLS accounting purposes.
We will retain other personal data related to your use of DLS products and services for a period of at least 6 years since the date you last used them. We will ensure that you can simply and easily withdraw your consent to be sent information about our products and services and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.
Our volunteers, trustees and patrons
Why do we collect and use personal data?
To engage with you as a volunteer, trustee or patron, including your recruitment, induction, training and the activities you undertake in your role. We collect and use personal data for management and administrative purposes and for internal record keeping, such as the management and facilitation of volunteer activity, safeguarding, conflicts of interest, seeking your feedback, dealing with complaints and to further the charitable aims of DLS, including the legitimate interests of those we support.
How do we justify this according to data protection legislation?
Our lawful bases for processing this data include our legitimate interests as a charity and the legitimate interests of our clients, including: supporting you effectively in your role and fulfilling our duty of care to you; ensuring that DLS operates effectively and efficiently; and monitoring those who volunteer on DLS’s behalf to protect the organisation against fraud, money laundering, conflicts of interest and other risks. We process personal data on the basis of our legal obligations, for example complying with our reporting requirements as a registered charity and company limited by guarantee. We also process your personal data based on your consent, including your consent to receive direct marketing communications.
What kinds of personal data do we collect and use and where we do get them from?
We collect and use your personal information when you express an interest in volunteering or acting as a trustee or patron and when you undertake such roles and activities. We collect and use your personal data when you visit us in person, use DLS computer and communication systems and cloud-based services, websites, complete printed paper forms, speak to us on the telephone, attend events, complete surveys or questionnaires or communicate with us by post, e-mail or other channels. Information is recorded in paper files, electronic files and cloud-based databases. The personal data we collect will include information to assess your suitability to undertake the role in question, and may include processing of sensitive data and personal data relating to criminal offences and convictions, including data processed in relation to the safeguarding of children and vulnerable adults. We will also process data to enable us to fulfil our duty of care to you, for example, information about any particular health, access or communication needs. We may process your personal data to further the legitimate interests of our clients, for example providing your contact details to partner organisations. We may process your personal data to reimburse expenses incurred in undertaking your role for DLS.
We may receive information about you from third parties, for example from a friend who thinks you might be interested in volunteering, or someone who provides you with a reference when you apply to volunteer with us. We may make use of personal data that is publicly available to communicate with you about voluntary opportunities at DLS.
Who might your personal data be shared with?
We may require up to two references for any trustee, volunteer or patron undertaking activities for DLS. We will take up such references during your recruitment. We may also need to share your personal data, for example as part of safeguarding checks, to enable you to undertake particular activities for DLS. This will be done in line with the written hopes and expectations associated with the role to which you have been recruited and in consultation with the person responsible for your recruitment, supervision and support to undertake DLS activities. Personal data of trustees and directors will be shared with the Charity Commission and Companies House in line with our legal obligations.
How long do we keep personal data for?
We keep application forms and interview notes for unsuccessful volunteer and trustee applications for 12 months. Records of successful applicants will be transferred to the appropriate volunteer or trustee record.
We keep personal data that relates to financial records, including reimbursement of expenses, for at least 6 years from the end of the last financial year they relate to for DLS accounting purposes.
We will retain other personal data related to your activities as a trustee, volunteer or patron for DLS for a period of at least 6 years since the date you last undertook activity on our behalf. Some data, for example minutes of trustee meetings, or records of people volunteering for DLS listed in our annual report will be kept permanently for historical and archiving purposes.
We will ensure that you can simply and easily withdraw your consent to being sent information about voluntary activities and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.
People representing partner organisations, funders and other stakeholders relevant to our work, including our suppliers
Why do we collect and use personal data?
We collect and use your personal data to engage with you as a DLS partner, funder, supplier or stakeholder. We collect and use personal data to network and undertake joint activities where we have common interests, to manage our existing income effectively and generate new income for our work, to purchase and use services and products for DLS purposes, and to publicise and promote our work. This includes telling you about changes to our activities and services and work to analyse and improve the services we offer. We may also collect and use personal data when undertaking work on behalf of individual clients of DLS.
How do we justify this according to data protection legislation?
Our lawful bases for processing this data include our legitimate interests as a charity and the legitimate interests of our clients, including: working with other organisations and individuals in line with our charitable objectives; ensuring that DLS operates effectively and efficiently; and monitoring DLS activities to protect the organisation against fraud, money laundering, conflicts of interest and other risks. We process personal data on the basis of our legal obligations, for example complying with accounting requirements and reporting requirements as a registered charity and company limited by guarantee. We process personal data on the basis of the contracts that we may have with you that relate to provision of services or products. We also process your personal data based on your consent, including your consent to receive direct marketing communications.
What kinds of personal data do we collect and use and where we do get them from?
Your information may be shared with us by other organisations, individuals, DLS clients, employees and volunteers, for example when developing joint projects or undertaking networking activities, or when you have been involved in a client’s case. We may receive updated contact information from third parties so that we can correct our records and engage with you more easily.
We may combine information you provide to us with information available from public sources or records in order to gain a better understanding of organisations and individuals who may be interested in engaging with DLS. This helps us to generate new income to support our work and deliver our services more effectively.
Who might your personal data be shared with?
We may share personal data with third parties to further our legitimate interests as a charity and the legitimate interests of our clients. This might include details of your work in relation to DLS clients, or other personal data as set out in our contractual terms and conditions. We may also share your personal data with third parties with your explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’.
How long do we keep personal data for?
We keep personal data that relates to financial records, including provision of services or products, for at least 6 years from the end of the last financial year they relate to for DLS accounting purposes.
We will retain other personal data related to your engagement with DLS for a period of at least 6 years since the date of your last engagement with us. We will ensure that you can simply and easily withdraw your consent to be sent information about our products and services and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.
Our employees and others working on our behalf
Why do we collect and use personal data?
We collect and use personal data to engage with you as an employee, worker, self-employed person or contractor in relation to the work you undertake in these roles, including associated recruitment and selection processes. We collect and use personal data to fulfil our responsibilities as an employer, and for management and administrative purposes including personnel and HR functions, the supervision and monitoring of work, safeguarding, conflicts of interest, seeking your feedback, dealing with complaints, to further the charitable aims of DLS and the legitimate interests of those we support.
How do we justify this according to data protection legislation?
Our lawful bases for processing this data include our legitimate interests as an employer and charity and the legitimate interests of our clients. These legitimate interests include: ensuring that DLS operates effectively and efficiently; monitoring DLS activities to protect the organisation against fraud, money laundering, conflicts of interest and other risks. We also process personal data on the basis of our legal obligations, for example complying with accounting and reporting requirements as an employer, a registered charity and company limited by guarantee. We process some personal data on the basis of the contracts DLS has with you that relate to your employment or work at DLS. We also process some personal data based on your consent, including your consent to receive direct marketing communications.
What kinds of personal data do we collect and use and where we do get them from?
We collect and use personal data during the course of your work for DLS, including: recruitment and selection records; use of DLS computer and communication systems and cloud-based services; time recording; personnel and HR records, including those related to disability, health, performance and supervision; and other personal data required in order to contract with you, including personal data related to your right to work in the UK and financial details to enable us to make payments to you. Some of your personal data may be sourced from recruitment agencies and publicly-available sources during recruitment and selection processes. We collect sensitive personal data, in some cases including personal data relating to criminal offences and convictions, and personal data processed in relation to the safeguarding of children and vulnerable adults. We will also process data to enable us to fulfil our duty of care to you as an employee, worker, self-employed person or contractor, for example, information about any particular health, access or communication needs.
Who might your personal data be shared with?
We will share your data with other organisations and individuals to comply with our legal obligations. We will also share your data with organisations that undertake data processing on our behalf, including HR and personnel functions such as payroll administration. In some circumstances we may need to share your personal data to further the legitimate interests of DLS and DLS clients, for example in situations where you are representing a client at tribunal or where you are undertaking work that requires interaction with third party organisations.
How long do we keep personal data for?
We keep the following types of personal data for at least six years since the date of the last record: accident books and records; accounting records; income tax and National Insurance returns, correspondence with HMRC; records of notifiable events in relation to retirement benefit schemes; maternity pay records; wage and salary records; and working time records.
Certain types of record will be kept for longer periods, including records related to pension schemes and pensioners, which will be kept for 12 years from the date pension benefits cease, and records related to parental leave, which will be kept for 18 years from the birth of the child. If records involve the control of lead, asbestos, other hazardous substances or ionising radiation, special rules apply and records will be kept for periods in excess of 40 years, see https://www.cipd.co.uk/knowledge/fundamentals/people/hr/keeping-records-factsheet.
Certain types of records will be kept permanently, including: health and safety assessments and consultations; and senior executive records.
We keep application forms and interview notes for unsuccessful job applicants for 12 months. Records of successful job applicants will be transferred to their personnel file.
People visiting our website and interacting with us on social media
Why do we collect and use personal data?
We collect and use personal data to analyse the use of our websites and ensure their content is presented in the most effective manner for you and your device. We use Google Analytics and other services to collect information about how our websites are used. These help us to know how often users visit our websites, what pages they visit when they do so, and how they use our content online.
Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking websites including, but not limited to, YouTube, Facebook, Twitter, Pinterest and Instagram.
How do we justify this according to data protection legislation?
You don’t have to disclose any of this information to browse our websites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.
What kinds of personal data do we collect and use and where we do get them from?
Website usage information is collected using cookies. This helps us to see how many people use our websites, how many people visit on a regular basis, and how popular individual pages are. Cookies are also essential to our websites running correctly and delivering services to website visitors..
Who might your personal data be shared with?
Your personal data may be recorded by the company who hosts the DLS website. If you use social media services such as Facebook, Twitter, Pinterest, Instagram or YouTube, you should be aware of their privacy policies and practices.
Children and young people
If you are under 18 years old, we take particular care of your personal information. Please just ask us if you have any questions. If you give us personal information directly, we will tell you why and how we are going to use it.
Getting advice as a child or young person
We won’t usually advise you directly. Sometimes we use your personal information to help or advise your parent or someone caring for you. This might be, for example, to help your parent, family or carer sort out problems with money, housing or work.
If you ask us for help and you are 13 to 17 years old, we will ask your permission to put you in touch with organisations that specialise in working with young people.
Supporting our work as a child or young person
If you are under 18 years old and would like to participate in an event, make a donation or get involved with supporting our work, please make sure that you have the permission of your parent, guardian or person with parental responsibility.
If we find out that that you do not have permission, we will ask you to get permission before we do anything further with your personal information.
Changes to this Privacy Statement and our Privacy Policy
We keep our privacy policy under regular review. Any significant changes will be reflected on our website and in other communications.
Date last updated: 20th April 2021
Dates of previous updates: 24th May 2018