Bereft has always regarded the privacy of our clients and staff as fundamental to the operation of the service. Any personal data which you provide to us through any means (verbal, written, in electronic form, or by your use of our website) will be held and processed in accordance with the data protection principles set out in the General Data Protection Regulation 2018. Your consent to use this data enables us to meet the aims of the charity.
This policy only applies to data collected by Bereft staff and volunteer counsellors via our own forms and website. Other organisations featured on our website are not covered by our policy. When you make contact with us and provide your personal details to us, you will be asked to consent to our processing of your data under the terms of this policy.
If you have any queries concerning your personal information or any questions on our use of the information, please write to the Bereft Data Controller at Hawkco House, 35 Horn Lane, London, W3 6NS.
What information do we collect?
- Counselling Requests – Contacting us or being referred to our counselling service can be done via email, telephone or on paper. Our assessment process can involve you providing us with name, address, telephone numbers, email address and other personal details such as: age, nature of bereavement and GP details. We will also request information such as availability and other relevant issues. We will store this information securely for 6 years from the date of your first contact so that we have a case history if you return to use the service at a later date.
- Referrers – If you contact us to refer someone for counselling, we will request contact details such as phone number and address.
- Volunteer Counsellors – Counsellors and other volunteers may apply to work with Bereft by application form, telephone or email. Details collected via the application form, interview and recruitment process will be securely stored for 6 years from the date of leaving Bereft. We keep this information in case there is a necessity to make contact with you concerning operational queries relating to your time with Bereft.
- Staff – Staff may apply to work with Bereft by application form, telephone or email. Details collected via the application form, interview and recruitment process will be securely stored for 6 years from the date of leaving Bereft. We keep this information in case there is a necessity to make contact with you concerning operational queries relating to your employment with Bereft.
- Donors – The information you give us when making a donation may include your name, postal address, email address, phone number, amount donated, Gift Aid status, and messages.
- Website – We use AWStats to collect anonymous data relating to user behaviour and web traffic statistics. The collection and use of this data by AWStats is subject to their own Privacy Policies, which can be found at www.awstats.org.
- Other Forms –The information you give us on other forms, such as clinical evaluation forms, is stored securely with a reference code and remains anonymous. Your contact details are passed on to the relevant persons in a way that you cannot be identified.
What do we use your information for?
We use the personal information we hold in the following ways:
- To provide you with counselling and support after a bereavement.
- To enable us to give operational support to our counsellors and administrative staff.
- To evaluate the efficacy of the service.
- To notify you about changes to our services.
- To administer the handling of donations for financial control.
- To supply our funders with anonymised statistics and data analysis.
What information do we share?
We will not share any information about you with other organisations or people, except in the following situations:
- Serious harm Bereft may share your information with the relevant authorities if we have reason to believe that you are at risk of being harmed, or harming yourself or another person. Every endeavour will be made to obtain your consent to this action.
- Compliance with law Bereft may share your information where we are required to by law.
- HMRC For payroll and taxation purposes it is necessary to provide employee details to HMRC.
How do we keep your information safe?
All information you provide to us is stored securely. All paper forms and correspondence are kept in locked filing cabinets in a locked room on our premises.
All electronic records are stored on our office computer or by reputable service providers (Google and Hotmail) using secure internet cloud technology, all access to which requires password-protected authentication.
Unfortunately, the transmission of information via the internet is never completely secure. We will do our best to protect your information using industry-standard protocols and encryption but we cannot guarantee the security of data transmitted to us via email, including forms completed on our website. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
Identifiable personal information is kept securely and separately from any session notes and other descriptive material.
Client notes and other documentation are destroyed 6 years after the last counselling session with Bereft.
Our counsellors are instructed to keep telephone messages, text messages and emails no longer than 3 months after your last counselling session.
Personnel records and application forms are deleted 6 years from the date of leaving.
Personal data about unsuccessful candidates who have applied for jobs or volunteer positions at Bereft will be kept for 6 years after the recruitment process is completed, when they will be disposed of securely.
Payroll information is kept securely on our office desktop computer.
According to the Information Commissioners Office, you have the right to:
- Access a copy of your personal information
- Request removal of your details, in certain circumstances
- Compensation for substantial damage or distress caused by data processing, where applicable
If you would like to do this, please contact the Bereft Data Controller, Hawkco House, 35 Horn Lane, London W3 6NS. You may withdraw your consent for us to hold and process your data at any time. You can withdraw your consent by contacting the Bereft Data Controller.
Dealing with data protection breaches
Where staff, volunteers, or contractors working for us, think that this policy has not been followed, or data might have been breached or lost, this will be reported immediately to the Data Protection Officer.
We will keep records of personal data breaches, even if we do not report them to the ICO.
We will report all data breaches which are likely to result in a risk to any person, to the ICO. Reports will be made to the ICO within 72 hours from when someone at Bereft becomes aware of the breach.
In situations where a personal data breach causes a high risk to any person, we will (as well as reporting the breach to the ICO), inform data subjects whose information is affected, without undue delay.
This can include situations where, for example, bank account details are lost or an email containing sensitive information is sent to the wrong recipient. Informing data subjects can enable them to take steps to protect themselves and/or to exercise their rights.
Data Controller: BEREFT BEREAVEMENT SUPPORT
ICO Registration Reference: A8356073
Date Registered: 31/05/2018
Address: HAWKCO HOUSE, 35 HORN LANE, ACTON, LONDON, W3 6NS
Changes to this policy
We may need to update this policy periodically. If any substantial changes are made to this policy, notification will be placed on our website.