Client Policy Notice

GENESIS TRUST BATH 

About this privacy notice 

Genesis Trust Bath (the “Charity”) is committed to protecting and respecting the privacy of our clients (“clients” includes terms we may use including beneficiaries, guests, etc.). This privacy notice sets out why we collect personal data, how we collect and use it and who it is shared with. It also explains the legal basis for the use of your personal data and the legal rights you have over the way it is used. 

Who we are and how to contact us 

For the purposes of the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act (DPA) 2018, the Charity is the controller of your personal data. This means that the Charity determines the why and how we process your personal data. We are registered as a controller with the Information Commissioner’s Office (registration number: Z3294350). 

Our contact details are as follows: 

Address: 10a Church Farm Business Park, Corston, Bath, BA2 9AP 

Telephone number: 01225 463549 

Email: office@genesistrust.org.uk  

What type of personal data we collect 

We collect a variety of personal data in order to help us deliver our services and provide support to you. This includes: 

  • Your name and contact information: which may include your address, telephone number and email address; 
  • Information about your circumstances: including age, gender, employment status, living situation, number of dependants, next of kin, and any other information that you choose to share with us while we are working with you; 
  • Financial information: including details of income and benefits (including universal credit status), spending habits and budgeting information. 
  • Information about our interactions with you: This will include records taken such as of our planned and unscheduled meetings with you, participation in activities, and how long you are at our premises (including the time you arrive and leave). 
  • Images: From time to time, we may collect images of you for media purposes, such as using a photograph of you on our website. We will only publish photographs of you with your permission. We also may use CCTV at our premises and so if you visit us then this will record images of you. We have tight security controls over CCTV recordings to keep your personal data safe. 

Certain types of personal data are considered by data protection law to be more sensitive than others. This includes “special category personal data” (information relating to your health, racial or ethnic origin, details of sexual life, sexual orientation, religious beliefs, political opinions or any genetic or biometric data that is used to identify you) and “criminal offences and conviction data”.  

Given the nature of our work, the Charity may process special category data about you if you choose to share this with us [or if we have received a referral about you that includes this information], such as: 

  • As a Christian charity, we may ask for information about your religious beliefs, such as which church you attend (if relevant). You do not have to share this information with us if you do not want to. 
  • Information relating to your health and wellbeing to give us a full picture of your situation and needs. 

We also may use information relating to criminal offences and convictions so that we can assess your circumstances and allow us to help you. We may also receive this information from the police, if you are involved in an investigation. Please note, we only use this type of information where the law allows us to. 

How we collect your personal data 

We collect your personal data in the following ways: 

  • Information you give us directly: This will include any information that you provide us with when attending our premises or if you telephone or email us.  
  • Information shared by known third party organisations: We routinely receive referrals from professionals, charities or agencies that you may be involved with. This may include your GP, psychologist, or psychiatrist; the council; and other trusted agencies such as Julian House, DHI and Trussell Trust. From time to time, we may also receive information from the police, for example if you are involved in an ongoing investigation.

How we use your personal data 

The main reason we use your personal data is to allow us to work with you to provide practical help, support and opportunities to enable you to move from crisis to impendence. In particular, we use your personal data for the following purposes: 

  • Provide you with information or services that you have asked for; 
  • Providing you with support to help improve your life and prospects; 
  • Working with you to help you to achieve your aims (such as those relating to your financial or living situation); 
  • Making referrals for you for courses or therapeutic sessions; 
  • To safeguard your health and wellbeing, which may involve talking to other organisations about you or making referrals to help you access rehabilitation or housing support; 
  • Communicating with you about our services and activities; 
  • Sometimes, with your permission, we may also feature you in our promotional materials for marketing and fundraising purposes. 

Failure to provide personal data 

When we collect personal information, we will make it clear whether you are required by law, or under a contract, to provide your personal data, and what will happen if you do not provide that data. 

Our legal basis for processing your information 

Data protection law requires us to have a lawful basis for processing your personal data. Depending on the purposes for which we use your data, we may rely on one or more of the following lawful bases: 

  • Consent: Where you have provided your consent for us to use your personal data. For example, if you sign up to receive our newsletter from us. You may withdraw consent at any time by emailing us at office@genesistrust.org.uk. Please note, any use of your personal data before you withdrew your consent will still be valid. 
  • Vital interests: It may be necessary for us to use your information to protect the vital interests of you or another individual. For example, providing your details to a medical professional in the case of an emergency. 
  • Legal obligations: It may be necessary for us to use your information to comply with our legal obligations. 
  • Legitimate interests: It may be necessary for us to use your personal data for the purposes of “legitimate interests” of the Charity or a third party. Where we are relying on this basis, we only do so where your interests do not override ours. Examples include:
  • To deliver our services to you.  
  • To run our day-to-day operations, including maintaining our records and reviewing our services to help improve our offering. 
  • To help keep you, our staff and volunteers safe. 
  • To share information with trusted third parties, such as the police or health professionals (for example, for safeguarding reasons). 

Special category data and criminal offence data is more sensitive and so we also need to identify an additional condition to allow us to use this type of information. Usually, we rely on your explicit consent to allow us to use your special category data or criminal offence data (consent may be withdrawn at any time by emailing office@genesistrust.org.uk). However, sometimes, we may need to use this type of information without your consent, for example:  

  • If it is necessary in order to protect the your or another person’s vital interests (for example, providing your details to a medical professional in a medical emergency); 
  • If it is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (for example, providing information to a court where a claim has been made); 
  • If it is necessary for reasons of substantial public interest, (for example, where this is necessary for the purposes of protecting the physical, mental or emotional wellbeing of an individual). 

Who has access to your personal data? 

We will only share your personal data with third parties where the law allows us to. Routinely, we may share your personal data with the following third parties, to enable us to provide our services, fulfil our charitable objectives, or comply with our legal obligations. These include: 

  • Other organisations that we work with, including, for example, Julian House, Developing Health and Independence (DHI), Bath Mind and Trussell Trust. 
  • The local authority. 
  • The police. 
  • Health professionals involved in your care. 

We also share your personal data to companies who provide services for us, for example our legal advisors, appointed accountants, our IT services provider and parties providing mailing and marketing services. We select all third-party service providers with care and provide them with the minimum amount of information necessary to provide their service. We always a have an appropriate agreement in place that requires them to protect personal data to the same standard as we do. 

Transfers of your personal data to other countries 

For financial or technical reasons, we may need to transfer your personal data to countries outside the UK, which are subject to different data protection laws. We may do this where for example, we use suppliers in a third country or data is stored on servers outside the UK. We meet the UK GDPR requirements by ensuring that any personal data transferred outside the UK continues to be protected as if it were being held in the UK. If you would like more information please contact us via office@genesistrust.org.uk. 

How long we keep your personal data for 

We will only store your personal data for as long we need it to fulfil the purposes we collected it for. Usually, we keep records of our clients in our client database for us to [six years] following our last contact with you.  

When deciding how long to keep your personal data, we consider the amount and type of data, why we need it, how sensitive it is, and the potential harm if something went wrong. We keep all of the information we hold under review and will securely delete or anonymise personal data which is no longer required. For further information about how long we store your personal data, please contact us via office@genesistrust.org.uk. 

Your rights 

You have the following rights in relation to your personal data: 

  • Right to be informed – You have a right to information about how we collect and use your personal data (this is contained within this privacy notice). 
  • Right of access to your personal data (commonly known as a “subject access request”) – You can ask us to confirm if we are holding your personal data, request a copy of your personal data and certain other information to check that we are processing your data lawfully. 
  • Right to rectificationYou can ask us to correct any information about you if you think it is wrong, or to update or complete information if you think it’s incomplete.
  • Right of erasure You can ask us to erase information about you in some circumstances although there might be reasons why we cannot do this.  
  • Right to restrict our processing of your personal data You can ask us to stop processing your personal data, for example if you want us to establish its accuracy or you’re questioning our legal basis for processing it. This right only applies in certain circumstances.  
  • Right to object You can object to our use of your personal data in certain circumstances. Please note, you always have a right to object to processing of your personal data for direct marketing purposes. 
  • Right to data portabilityYou can ask us to transfer your personal data to you or to another organisation free of charge and in a structured, commonly used format which is openly accessible to software (such as a CSV file). This right only applies where we hold your personal data to fulfil a contract or because we have gained your consent.  

Some of these rights do not apply in all circumstances and we may be able to refuse or partially refuse requests in certain circumstances such as where a legal exemption applies. In most cases we have one month to respond to you. Occasionally, we may need to verify your identity before we are able to process a request. 

Automated decision-making and profiling  

Automated decision-making is when a computer or similar electronic system uses personal data to make decisions about people without any human involvement. Profiling involves collecting various pieces of information about a person in order to analyse or evaluate certain aspects relating to that person or to make predictions about them (for example, how that person may behave or what their preferences are). Automated decision-making does not have to involve profiling, though it often will.  

We do not use your personal data in automated decision-making, including profiling (i.e. We do not make decisions about you by way of automated means without human involvement. 

Your right to complain 

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are not happy with the way we are processing your personal data or have processed your request. Details of how to do this can be found at https://ico.org.uk/make-a-complaint/. In the first instance, please contact us to discuss your concerns and we will make every effort to resolve any issues. 

Changes to this privacy notice  

This Privacy Notice was published on 2nd February 2024. We will update and change this Privacy Notice from time to time to keep it up to date and accurate. We will always publish the most up to date version on our website. If we make a substantial change that affects your rights, we will notify you of the change, usually by email. 

END.