PRIVACY NOTICE

Data Privacy and Protection

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. The Data Protection Act 2018 applies the same standards as the GDPR but amends it to better suit the requirements of the United Kingdom (UK). This privacy statement sets out how we use data and protect any information that you give us when you use this website.  

 

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy notice.

 

We may change this notice from time to time by updating this page.

 

Who we are

Our contact details are:

Synergy Essex referral and support line 

0300 003 7777

                                                                  Email                                                                    support@synergyessex.org.uk

 

Data Collection

Personal information submitted through this website is collected by Essex Rape Crisis Partnership (Synergy Essex) .

 

We collect data from:

• Our online referral forms
• From third parties who may refer you to our service for support
• Directly from you when you use our service
• Police, Crown Prosecution Service and HM Court service if you have reported an incident to police

 

The online referral form uses SSL to encrypt the form data so it cannot be intercepted in transit when it is posted to the database. It uses the same system as the banks for data encryption. The Padlock symbol can be seen in the top left of the browser to show it is secure. The data is then stored in an encrypted database on a UK based Microsoft Azure database.

 

What we collect

We may collect the following information:

• your name
• your contact details such as email address
• specific enquiry details that relate to experiences of sexual violence and sexual abuse
• your computer's IP address
• date of birth
• sex
• race
• ethnic origin
• religious or philosophical beliefs
• health data
• sexual orientation
• gender reassignment 

Why we collect this information

• We process your information lawfully (GDPR Article 6). This information helps us to understand your needs and provide you with a service and in particular for the following reasons:
• to be able to respond to your contact, process your information and contact you (consent)
• to provide services tailored to your needs (legitimate interest)
• to meet the terms and conditions of our grants and contracts (contracts)
• to ensure that CARA, SOS Rape Crisis and SERICC complies with the law (legal obligations)
• to ensure those using our services are safe (vital interests)

 

How long we keep this information

All of the above information is kept on an encrypted secure system. It is pseudonymised after 5 years and anonymised after a further 2 years. If the data subject is a child the file will be kept until the child is 25 (this is seven years after they reach the school leaving age) (Information and Records Management Society (IRMS), 2016).

 

There are some circumstances where data can be held for longer:

• the records provide information about a data subjects personal history, which they might want to access at a later date
• the anonymised records have been maintained for the purposes of research or statistical purposes
• the information in the records is relevant to legal action that has been started but not finished
• the records have been archived for historical purposes (for example if the records are relevant to legal proceedings involving the organisation or a data subject)

 

Data that is used to give examples of why our services are needed is always anonymised and not identifiable to an individual client. In this form it is not classed as personal data.

 

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable procedures to safeguard and secure the information we collect online.

 

Controlling your personal information

You may choose to restrict the collection or use of your personal information if you have previously supplied personal data, or if you have previously agreed to us processing your personal information.

 

We will not sell, distribute or lease your personal information to third parties.

 

Under the GDPR (the UK GDPR & the Data Protection Act) you have a number of specific rights with regards to your personal information. These include:

 

Data Subject Rights

 

Right of access – if you want to know if we are storing or processing any personal data about you, you can contact us to find out. If this is the case, you may find out what purpose it is being stored for and request a copy of your data by contacting us. There is normally no charge for making a request, but if the number and frequency of requests is unreasonable, we may charge an admin fee.

 

Right to correction - if you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any information found to be incorrect.

 

Right to erasure – if you want us to remove your personal data from our records, you can request this by contacting us. We will remove the data as far as it is practically within our power, and where we are not legally obliged to retain it.

 

Right to object – if you no longer want us to process your data you can request this by contacting us

 

Data Sharing

 

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Cookies help us see understand visitors to our website by tracking how you use our website, in a way that doesn't ever identify you personally

 

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages are useful and which are not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

 

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

 

Who we share data with

 

You might sometimes ask us to share your data for the purpose of progressing an enquiry, we will always check with you what type of information can be shared on each occasion, and some examples of when this might happen are:

 

• You may have nominated our service as a single point of contact during a criminal justice process as per the victim’s code 2020 (section 4.8)
• You may have instructed one of our advocates to assist you with communicating with a homelessness service or benefits service
• You have asked us to write to an employer or educational establishment
• You have agreed to take part in a research program e.g. completing questionnaires, taking part in a focus group, part of government research into the delivery of specialist support services

 

There are certain circumstances when we are required to share data with others for example if a person is at risk of serious harm. We will always work with you around these types of information sharing unless by doing so it would place somebody at greater risk of harm. Some examples of times when we may share data:

 

• the individual has given ‘explicit consent’ to share information; or
• sharing information is necessary to establish, exercise or defend legal rights; or
• sharing information is necessary for the purpose of, or in connection with any legal proceedings; or
• sharing information is necessary to protect someone’s vital interests and the person to whom the information relates cannot consent, is unreasonably withholding consent, or consent cannot reasonably be obtained or
• sharing information is necessary to perform a statutory function; or
• is in the substantial public interest and necessary to prevent or detect a crime and consent would prejudice that purpose; or
• processing is necessary for medical purposes and is undertaken by a health professional; or
• processing is necessary for the exercise of any functions conferred on a constable by any rule of law

 

Here are some examples of who we may share information with in some circumstances:

 

• Children’s safeguarding services
• Adults safeguarding services
• Criminal Justice agencies e.g. Police, The courts, Crown Prosecution service, probation services
• Mental Health services
• Medical & forensic services
• Housing & Benefits services
• Local Authority
• Education & Employment services
• Researchers e.g. universities
• Our funders including Ministry of Justice, The National Lottery Community Fund, Essex Police & Crime Commissioner

 

How can I access my personal data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request"

 

We will respond to your subject access request within one calendar month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

 

How to contact the Data Protection Officer (DPO)

If you wish to contact the DPO to discuss any of the above please write to

Synergy Essex, c/o CARA, PO box 548, Colchester CO1 1YP

 

 

International transfer

We do not transfer information outside of the UK

 

Right to complain

If you are unhappy with how we are managing your personal data, you can lodge a complaint with our service in the first instance. You can also complain to the UK supervisory authority, the Information Commissioner's Office (ICO).

 

For a full explanation of your data rights, or in the event that you wish to lodge a complaint, please go to www.ico.org.uk. The Information Commissioner's Office (ICO) is the data privacy supervisory authority in the UK

 

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.