Charis Developers and Consultants Limited (“we”, “our”, “us”) processes personal data in accordance with our obligations under the General Data Protection Regulations 2016 (“GDPR”) and is a registered Data Controller with the Information Commissioner’s Office (“ICO”), which is the supervisory authority responsible for the oversight and enforcement of Data Protection Legislation within the United Kingdom.
This Privacy Notice is a statement that describes how and why we process personal data in relation to an individual. We take seriously our obligation to respect the right to privacy and the protection of personal information. We pledge to handle data fairly and legally and all times.
This notice also explains how you might control the use of your personal data in accordance with your rights under GDPR.
This notice also explains your rights in relation to personal under GDPR.
Charis Developers and Consultants Limited will not disclose your personal data to any unaffiliated third parties. Furthermore, we will never sell or rent our user information to other organisations for external marketing purposes. This privacy notice provides you with information on why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep your information secure.
Charis Developers and Consultants Limited use your personal data:
We collect and process various categories of personal information in order to provide our services effectively. This may include (but is not limited to):
Our websites are not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive, and in specific instances we may collect additional data for the purposes set out in this Privacy Notice. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, use our WIFI or send an email to an employee within our organisation. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. Information may be collected by:
Our websites use cookies to collect information. This includes information about browsing behaviour by people who access our websites. This includes information about pages viewed and the journey around our websites.
What are cookies?
Like most websites, Charis Developers and Consultants Limited uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones’ or ‘tablets’) as you browse a website. They are used to ‘remember’ when your computer or device accesses our websites. Cookies are essential for the effective operation of our websites.
What are cookies used for?
The main purpose for which cookies are used are:
How do I disable cookies?
If you want to disable cookies you need to change your website browsing settings to reject cookies. How this is done will depend on the browser you use.
When someone visits our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We use limited ‘Profiling’ (where information about you is used to tailor goods or services based on your interests, movement or records of your activities). This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our websites.
When you use Charis Developers and Consultants Limited’s Wi-Fi, we may collect data about:
We store opt-in subscriber information securely via Mailerlite services. The information we collect may include subscribers:
We use this information to give you information you have requested us to tell you about. We may also use this information to contact you if we need to obtain or provide additional information. We may also contact you to check our records are correct and that you are satisfied with our services.
We may obtain information about you when you apply for a job vacancy or when you submit a prospective CV for upcoming or potential vacancies. We will only store this information for a period of 6 months, unless you consent to your information being held for a longer duration. You can withdraw consent for this at any time.
Under Article 6 of GDPR, we must identify a basis for the ‘lawfulness of processing’ of our activities involving of your data. These are broadly described as: ‘Consent’, ‘Contract’, ‘Legal Obligation’, ‘Vital Interests’, ‘Public Interest (or Public Task)’ and ‘legitimate interests’.
Where you have ‘given consent to the processing of personal data for one or more specific purposes’ you can withdraw consent for or object to at any time.
These activities have been identified as processing where it is ‘necessary for the purposes of the legitimate interests pursued by the controller’ (us) or you, as an enquirer or where you have ‘given consent to the processing of personal data for one or more specific purposes’ which you can withdraw consent for or object to at any time:
Data is also processed for the following activities, which have been identified as necessary ‘for us to comply with the law’:
Photographs may be taken at our events for use in communications and marketing materials, including on our website and on social media channels. Where you are not the subject of the image (i.e., if it is a ‘group’ or ‘crowd’ photograph), we may use such images without requiring your consent, however, where you are the subject of the photograph, you will be asked to provide your explicit consent to use the image. Notifications will be put up in and around these ‘open’ events to inform you when such photography is taking place. You have the right to object or restrict your image being taken or used. If you would like to exercise this right, please contact us as set out below.
All communication with you, including in relation to updates to this privacy notice, will, where possible be made via email. If, at any stage, you are concerned about the content (e.g., unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.
Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.
We may find it necessary to store information regarding NHS Track & Trace. The legal basis for the retention and processing of this data is the protection of our employees, residents in our care homes, customers and the wider public. Under GDPR such data can be retained and processed, if:
Data from the NHS Test and Trace scheme will not be shared without sound legal basis, but in the interests of public safety and in order to prevent the spread of COVID-19, we will be legally obliged to share data upon request from NHS Test and Trace. Such data will only be retained as long as we are legally obliged to do so.
We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents and contractors that have a legitimate business need for such access. All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.
We utilise different storage solutions and IT systems, some of which are outsourced to third party providers. Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure. Where applicable, any credit/debit card details provided will be stored in full compliance with PCI-DSS requirements.
Where data is shared with third party countries, we ensure that these countries are either approved by the European Commission as having ‘adequate protection’ or we put in place ‘appropriate safeguards’ and contracts with these organisations, so as to maintain the security of the data and your rights under relevant Data Protection legislation. There may also be limited sharing with organisations in third countries under specific exemptions, for example, with your explicit consent.
Under GDPR, you have a number of rights in relation to the processing of your personal information, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:
In certain circumstances, you may also have the right to:
In some cases, there may be specific exemptions as to why we are not able to comply with some of the above. Where this is the case, we will explain the reasons why.
To exercise any of the above rights, please contact our Data Protection Officer (details below).
You may contact the DPO if:
For more information you may also visit the Information Commissioner’s web site at https://ico.org.uk/
We keep this Privacy Notice under regular review and will communicate any significant updates to you and update our websites accordingly.
This privacy notice was last updated in January 2023 and will be reviewed at least on an annual basis.