Privacy Statement
At Citizens Advice Cornwall, we collect and use your personal information to help us solve your problems, communicate with you and improve our service.
We only ask for the information that we need at the time, and we will always let you decide what you feel comfortable telling us, explain to you why we need it and treat your personal information as confidential.
When we do this, we will only access the information when we have a good reason to do so, only share it when it is necessary and relevant, and we will never sell your information to anyone.
The below section is designed to provide an example of our usual data processing which will include, but is not limited to, website use and is designed to inform you, the data subject, about how we will collect and process your data. We have made every effort to detail how data will be used over the usual course of business; nothing in this Notice is designed to stop us from activities over the course of our business should there be an exceptional, unforeseen or legal need to process data.
We process and retain your personal information in line with data protection law.
Who are we?
We are Citizens Advice Cornwall, a registered charity. If you wish to contact us directly regarding a privacy or data protection issue, please email: dataprotection@citizensadvicecornwall.org.uk
How do we gather your information and what do we do with it?
Use of Our Website, Web Forms and Portal
It is important that you read this section of our privacy notice together with the main section of our privacy notice, or any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you. This is so that you are fully aware of how and why we are using your data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data, data such as:
- Identity data – includes first name, birth name, last name, username or similar identifier, marital status, title, date of birth, nationality and gender.
- Contact data – includes residential address, email address and telephone numbers.
- Financial data – includes information you have provided about your financial circumstances.
- Usage data – includes information about how you use our website, products and services.
- Marketing and Communications data – includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect and process aggregated data such as statistical or demographic data for any purpose. Aggregated data is data that may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We use different methods to collect data from and about you, usually through direct interactions. You may give us your data by filling in forms or by corresponding with us by post, phone, email, webchat, in person or otherwise. This includes personal data you provide or that you may have provided when you:
- request advice,
- provide information and evidence required for the purposes of our advice,
- subscribe to our service or publications,
- request marketing to be sent to you, or
- give us feedback or make a complaint.
By requesting any of these services you give us permission to collect, process and retain your data on our CRM, Casebook.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We require all Third Parties that we may share your data with to respect the security of your personal data and to treat it in accordance with the law. We may share your personal data with Third Parties including third-party service providers, regulatory bodies and Government departments and agencies.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We or our Third Parties may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
Cookies
This policy explains what cookies are and how we use them. You should read this policy to understand what cookies are, how we use them, the types of cookies we use i.e., the information we collect using cookies and how that information is used and how to control the cookie preferences.
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.
As most of the online services, our website uses cookies first party and third-party cookies for several purposes. The first party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
- Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information.
- Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit etc. These data help us understand and analyse how well the website performs and where it needs improvement.
You can at any time change or withdraw your consent from the Cookie Declaration on our website. In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit www.allaboutcookies.org.
Your consent applies to the following domains: citizensadvicecornwall.org.uk
Job or Volunteering Application Form
We collect personal data about you through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We also collect and store the date and time you sent the application.
We may sometimes collect additional information from third parties including former employers who you have listed as referees. We collect this information so that we can follow fair, equitable and effective recruitment practices that treat all candidates equally.
We will collect, store, and use the following categories of personal data about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Date of birth
- Gender
- Copies of right to work documentation (evidence to demonstrate your entitlement to work in the United Kingdom)
- References or other information that you may have included in a CV, cover letter or application form.
- Records of your previous employment (including job titles, work history, working hours, training records and professional memberships and salary details)
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- To process your application and to help us decide whether to make an offer of employment to you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations;
- Making a decision about your recruitment or appointment
- Checking you are legally entitled to work in the UK.
- To prevent and detect fraud.
- To conduct data analytics studies (such as recruitment trends) to review and better understand the profile of candidates who apply to us; and who amongst them are successful.
- Equality and diversity monitoring
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. Your information won’t be used for any other purpose and won’t be shared with anyone else. This information is retained within our website system until the post has been filled, and in our email system and within our archives for 12 months to comply with internal audit, unless you ask us to remove it.
Former employees
We do not collect personal data from former employees after they have left our employment, but may hold the information that was collected before and during the employment relationship, including:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth
- Gender
- Marital status and dependants
- Next of kin and emergency contact information
- National Insurance number
- Copy of identification
- Bank account details, payroll records and tax status information
- Salary, annual leave, pension and benefits information
- Start date
- Location of employment or workplace
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
- Employment records (including job titles, work history, working hours, training records and professional memberships)
- Compensation history
- Performance information
- Disciplinary and grievance information
- CCTV footage and other information obtained through electronic means such as access card records.
- Information about your use of our information and communications systems
- Photographs
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the obligations in a contract, we have entered into with you, such as the employment contract, or a settlement agreement. Some of the contractual obligations in these contracts continue after your employment has terminated, such as the duty to observe confidentiality.
- Where we need to comply with a legal obligation.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may also store and use the following ‘special categories’ of more sensitive personal information that we have collected from you:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
- Trade union membership
- Information about your health, including any medical condition, health and sickness records
- Biometric data
- Information about criminal convictions and offences
These ‘special categories’ of particularly sensitive personal information require higher levels of protection. We need to have further justification for storing and using this type of personal information. Our data protection policy contains details of the safeguards which we are required by law to maintain when processing such data.
We may process special categories of personal information in the following circumstances:
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- Where it is needed in the public interest: for example, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equality and diversity monitoring and reporting. Where possible, we would seek to anonymise this data.
To determine the appropriate retention period for personal data collected as part of your employment, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee we will retain and securely destroy your personal information after the following periods:
- 6 years or as otherwise agreed from date of leaving for employees,
- payroll, tax and NIC records which must be retained for 6 years. This is a legal requirement.
Complaints and Data Subject Requests
When you contact us to make a complaint, we will use the information you have provided to investigate your complaint in accordance with our complaints procedure and to respond to you with the outcome.
When you contact us to make a data subject access request (also referred to as DSAR or SAR), we will ask you to provide evidence of your identity and copies of identity documentation, to ensure that we only provide your personal information to you and not to third parties.
We recognise that when you write to us with a complaint, you may choose to provide us with information that falls within the definition of Special Categories of Personal Data. You are not required to provide this information and your complaint will still be processed, if possible, where you do not provide it. Where you do supply such information, we will rely on the ground that it is being processed by us in furtherance of the establishment and exercise of your legal rights.
We may share your personal data with third parties including third-party service providers and Government departments and agencies. This includes third parties who are mentioned in your complaint.
Your Rights
You can contact us at any time and ask us:
- what information we’ve stored about you
- to change or update your details
- to delete your details from our records
You can withdraw your consent for the processing of your personal data at any time. To do so, please contact us at dataprotection@citizensadvicecornwall.org.uk
More information about your data rights
You can find out more about your data rights on the Information Commissioner’s website.
https://ico.org.uk/your-data-matters/
For further assistance on requesting your information by making a subject access request, including the details that you will need to provide, please see the following ICO guidance https://ico.org.uk/your-data-matters/official-information/