Lighthouse is a suicide awareness and prevention charity (NIC 102400). We offer support and help for people bereaved by and/or affected by suicide.
Under the General Data Protection Regulation UK (GDPR UK) we are a data controller in relation to the personal data we process, and we have certain responsibilities which are detailed below.
Personal data is data that can be used to identify an individual. We collect personal data about different categories of individuals – service users, members of staff, volunteers, donors, and third-party providers. The personal data we collect and how we process them will differ depending on the category.
We are committed to doing all we can to protect and respect the privacy of the personal data we collect. This Privacy Policy sets out what personal data we gather from individuals, how we process and retain it, and with whom we may share it with. If you have any queries about how we process your personal data, or require a paper copy of the Privacy Policy, you can contact us any time by calling our Data Protection Officer on 02890755070 or emailing info@lighthousecharity.com.
Our obligations
As a data controller we are required to: -
- Tell you what personal data we will collect and how we will process the data
- Collect personal data only for the purposes we have told you and ensure that these purposes are lawful
- Ensure the personal data is processed and held securely
- Have procedures in place to ensure your personal data are protected
- Apply a higher standard of protection when we process sensitive personal data, we will apply a higher standard of protection to these data
- Ensure that your data are kept up to date; and kept only for as long as necessary
- Only share your personal data where we have your permission or where there is a requirement to do so.
Service users
What personal data do we collect?
Examples of the personal data we collect, are:
- Your name and address
- Your contact details - phone number(s) and email address
- Gender
- Date of Birth
- Name and address of your GP and other relevant health professionals.
- Reason for your visit – this helps us determine services which we can refer you to. This data, and any recorded as part of any counselling sessions, is defined as sensitive personal data and we apply a higher standard of protection to this data.
- Personal data about your health, including your mental health.
Most of your personal data will have been provided by you, however if you have been referred via a third-party source, such as your doctor, Belfast Health and Social Care Trust or other organisations, they will have already provided us with this personal data.
In order help keep you safe, we will also collect other personal data, for example whom to contact in case of an emergency.
The personal data you provide to us will be collected by one of our designated crisis intervention workers or counsellors. It is collected either face or face, on the phone or via incoming referral documents.
We will maintain records of all allocated appointments and reason for appointments.
We will only collect the personal data we need to know to carry out our work and provide the service(s) you require. We work, in conjunction with statutory agencies and/or other third sector organisations and may liaise with these agencies regarding risk.
How will your personal data be used?
The personal data that we collect, is used to:
- Ensure that the person conducting the assessment gets an understanding of your current state of health, distress and needs.
- Help us refer you (internally or externally) to appropriate services that help alleviate your distress and increase your wellbeing.
- Allow us to update your GP and other professionals, who may be involved with your care, as to the services that we are referring you to.
- Help us keep you safe from suicide.
If you are receiving counselling with us, we will collect personal data during each session to monitor risk, your emotional wellbeing and progress.
We must have a legal purpose(s) for processing your personal data and the relevant purposes are: -
- Contractual - to enable us to provide the services we are providing to you
- To comply with a legal or regulatory requirement
- Where we have a legitimate interest and your interests and rights do not override this
- Where we need to protect your or others interests.
Who will the personal data be shared with?
We will not share personal data about you to any outside individual, agency, or organisation, without your knowledge and permission, unless it is considered that there is a strong immediate and identifiable risk or danger or for any of the following reasons:
- If you threaten harm to yourself or to another person.
- If we believe someone is at risk of harm or abuse.
- If the courts instruct us to give personal data to a specific individual or organisation.
- If you share personal data about a proposed act of terrorism or other serious illegal act(s).
If you are referred internally for services within Lighthouse, we need to let your GP and other relevant health care professionals know that you are receiving services, and we do this by letter. You may be contacted by your GP for a follow up appointment upon referral or being discharged from Lighthouse.
Employees
What personal data will we collect?
Examples of the personal data we collect, are:
- Your name and address
- Your contact details - phone number(s) and email address
- Gender
- Date of Birth
- Details of your education, qualifications, experience, and work history to date
- As part of the application process you will provide various personal data which we will record and process
- Depending on your role will may carry out checks with external agencies – for example AccessNI checks – and we may approach the people you nominate as referees.
- During your employment we will collect and process various other personal data to allow us to fulfil our obligations as an employer to you.
In order help keep you safe, we will also collect other personal data, for example whom to contact in case of an emergency.
How will your personal data be used?
The personal data that we collect, is used to:
- Initially to assess your application for a job,
- Enable us to carry out our contractual and regulatory requirements during your employment.
- Allow us to make sure that we are providing an adequate duty of care to you as an employee.
We must have a legal purpose(s) for processing your personal data and the relevant purposes are: -
- Contractual - to enable us to carry out our obligations as your employer
- To comply with our legal and regulatory requirements
- Where we have a legitimate interest and your interests and rights do not override this
- Where we need to protect your or others interests
Who will the personal data be shared with?
We will not share your personal data to any outside individual, agency, or organisation, without your knowledge and permission, unless we have a legal or regulatory requirement to do so. For example, we are obliged to provide details of your salary and tax with HMRC.
Fundraisers and donors
What personal data do we collect?
We collect the following personal data.
- Your full name and address
- Your email and/or telephone number
- Other personal data relevant to your specific enquiry or activity.
Where appropriate we may also require personal data relating to your health, for example, if you are taking part in an event which requires us to know of any issues that may affect your ability to participate.
How will your personal data be used?
The personal data that we collect is used to
- Send a thank you letter and/or receipt for your donation/fundraising.
- Send you fundraising materials, if needed.
- Add you to our database to confirm you as a participant for an event.
- Process Gift Aid
- Keep you updated, with prior permission, on Lighthouse work, events, and future fundraising.
If you set up a Just Giving page, Just Giving will also send us your name and email address however we are not responsible for the protection and privacy of any personal data you provide to third party websites. For more information on how they process personal data please visit www.justgiving.com/info/privacy
Who will the personal data be shared with?
We will not share personal data about you to any outside individual, agency, or organisation, without your knowledge and permission.
How long do you keep my personal data?
We will never keep your personal data for longer than is necessary.
For service users,
- Who engage in sessions provided by Lighthouse, we retain your personal data is 8 years.
- Who have been referred but who Did Not Attend, we retain your personal data for 2 years.
- Who die whilst under care, this personal data is kept for 8 years.
- Who are under 18, we retain your personal data until you reach the age of 25.
- Who are under 18 and have been in care or adopted, and we have an awareness of this fact, we will retain your personal data for 70 years.
For employees, retention times are dictated by Employment Law, and we comply with Guidance contained in the Employment Practices Code issued by the Information Commissioners Office. Appropriate retention times form part of your contract of employment.
For fundraisers or donors, we only keep your personal data for the duration of the event, unless you have given permission for your details to be retained for future contact.
Volunteering/Job applications
We are the data controller for the personal data you provide during the application process. We will use the contact details you provided to contact you regarding your application. We will use any other personal data you provide to assess your suitability for the role.
If you are unsuccessful following the application process, we may ask if you would like your details retained with us for a period of 6 months. If you do not agree to this, we will dispose of your personal data in accordance with the GDPR UK.
If you are successful, we will apply the same retention times as we do for employees.
How we keep your personal data safe
We will always hold your personal data securely and have procedures in place to ensure that any personal data we hold, is stored, and processed in accordance with the GDPR UK. For more information on how to keep personal data safe, you can visit https://ico.org.uk/for-the-public/is-my-personal data-being-handled-correctly/
Sharing your story
Personal stories from our service users, volunteers and donors are a powerful way to highlight the work of the charity and the help we provide to local people affected by suicide.
We will always make the individual(s) fully aware of when and where their story will be featured (press, website, social media, newspapers, etc). When doing this we will never pass contact personal data to anyone outside the charity.
Your right to know what personal data we hold about you
Under the GDPR UK you have the right to;
- Know what personal data we hold and how we process it
- Be informed of any changes
- Access the personal data we hold on you – this is referred to as a Subject Access Request
- Rectify your personal data - update or amend personal data, if it is incorrect or out of date
- Have the data erased – in certain circumstances
- Stop us processing your personal data – in certain circumstances
- Data portability – this means if you ask us to provide a copy of your personal data we must provide it in a format that allows you to share it with others
- Ask for any personal data we hold to be safely deleted/disposed of, following any legally binding period of retention.
- Raise a concern or complaint to the ICO about the way your personal data is being used. Please visit https://ico.org.uk/make-a-complaint/ on how to make a complaint.
If you would like exercise any of the above rights please contact us, preferably in writing, to let us know what you want. Your request should include your name and address and be sent to: -
The Data Protection Officer
Lighthouse
187 Duncairn Gardens
Belfast
BT15 2GF
Alternatively you can contact us on 02890755070 or by emailing info@lighthousecharity.com.