Border Women’s Aid (BWA) is a GDPR compliant
organisation. We are committed to safeguarding and respecting your privacy and
will make every effort to hold and treat all personal data securely and
When you visit our website, you do not need to give any personal information. If you choose to contact us using the online Contact Form we will take this as your consent for us to process any personal information you wish to provide. Any personal data collected in this way will be treated as confidential and processed in line with GDPR.
We promise to follow these data protection principles:
- Processing is lawful, fair, transparent and our processing activities have lawful grounds. We will always consider your rights before processing personal data.
- We will provide you with information regarding our processing upon request.
- Processing is limited to the purpose and our processing activities fit the purpose for which the personal data was gathered.
- Processing is done with minimal data. We will only gather and process the minimal amount of personal data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of the data.
- We will do our best to ensure the integrity and confidentiality of the data.
- People who use our service
- People who contact us via social media
- People who call our service
- People who email us
- People who make a complaint to us
- People who support our service
- People connected to people who use our service
- People who provide us with a service
1. People who use our service
In order to provide a service, we have to hold details of the people who have requested the service. However, we only use these details to provide the service the person has requested and for any closely-related purposes.
These purposes may include contacting people who
have used our service to complete a survey about their experience of our
service, or to invite them to events or to meet with our funders or regulators.
For all people who use our services we will collect and hold:
- Personal information (such as name and address, date of birth, telephone number, email address, national insurance number, any additional vulnerabilities e.g. health or financial status)
- Characteristics (such as ethnicity, language, nationality)
- Support information (such as referrals to other agencies, support plan, safety plan, risk assessment, notes from meetings, group sessions attended)
We use the data:
- to provide appropriate support and care
- to record and review outcomes
- to check the quality of our services
- to report to funders on the work we carry out
- to comply with the law regarding data sharing
We will hold
personal data about people using our services for three years from their last
point of contact.
Some of the data that people using our services provide us with might include sensitive personal data. This includes information about medical conditions or criminal activity. We will not process any sensitive information about you without your express consent.
2. People who contact us via social media
We have a Facebook page and a Twitter account. Please be aware that these pages are public and if you contact us via the public elements of these social media, the content of your enquiry will be public. We will delete any individual messages sent to us on social media at the earliest opportunity and respond via direct or private messaging. If you send us a private or direct message via social media the message will be stored for three months. Messages sent by these methods are subject to the privacy notices of the relevant companies running these services.
3. People who call our service
When you call BWA we may collect personal information about you and will make notes of the content of your call and record these on our secure case management system. We will seek your oral consent to process any personal data before proceeding.
4. People who email us
Email communication from service users and
any replies that we make are copied into the service users own file within our
secure case management system and deleted from the email system within three
months. We will only communicate by email with service users who have given
permission for this and who have informed us that their email address is safe.
Any legitimate information sharing by email which contains any personal information about service users between BWA and any third party is done through our secure, encrypted CJSM email system.
5. People who make a complaint to us
When we receive a complaint from a person we
make up a file containing the details of the complaint. This normally contains
the identity of the complainant and any other individuals involved in the
complaint. This file is kept securely and dealt with in accordance with BWA’s
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We compile and share statistics showing information such as the number of complaints we receive, but not in a form which identifies anyone.
Some of our services are regulated by the Care Inspectorate and we must share information with them on complaints that we receive and this will include the complainant’s identity and any individual the complaint is about. Information is shared with the Care Inspectorate via their secure online portal and processed and retained by them in line with their retention policies.
6. People who support our service
Any personal information that is provided by individuals to support BWA will be retained for two years so that the support donation can be acknowledged and reflected in the relevant annual report. For individuals offering support in the form of volunteering, personal information will be processed as per the relevant privacy notice.
7. People connected to people who use our service
We process the personal data of individuals connected to people using our service in order to identify and manage risks to those we work with. We may also process the personal data of individuals connected to people using our service as part of our role in multi-agency risk reduction partnerships who are GDPR compliant. We only process this information in order to safeguard people using our service.
8. People who provide us with a service
In order to provide a service and ensure that our office and refuge premises are running smoothly we rely on obtaining services from other sectors e.g. cleaning, gardening, maintenance among many others. We would not process sensitive personal information only name, business address, email address, phone number and bank details for processing payments for goods and services received. We would hold this data on our secure server and use it for our own purposes only.
Our lawful basis for processing data
The lawful basis upon which we collect and process personal data is consent. We need to provide evidence of the work we have done to our funders and our data processing enables us to do this effectively. We will seek the consent of the people who use our services for their name and contact details in order to contact them and to continue the service; for relevant information to complete and review support and safety plans; and for any information reasonably necessary for us to provide our services e.g. personal data needed to make a benefit application on behalf of an individual. Data processing is necessary to achieve this. We will always seek the person’s consent before processing.
You have certain rights in relation to the personal data which we process about you:
- You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data;
- You have the right to access your personal data.
- You have the right to restrict some processing of your personal information, which means that you can ask us to limit what we do with it;
- Subject to certain limitations (normally where there is a continuing need for us to process the data), you can object to the processing of your personal data, or you can request that it be erased.
- Where we hold data that is inaccurate, you can ask us to complete or rectify this.
- You have the right to withdraw your consent.
- You have the right to complain.
Access to personal information
BWA tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a Subject Access Request for a small fee. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form. Sometimes it is helpful for us to share the information you give us or to obtain information about you from other services. However, we will not pass on any or collect information without your consent, other than in the following circumstances:
Disclosure of personal information
There may be instances where we have a statutory duty to disclose personal information in order to protect you or prevent harm to someone else, for example a child, or prevent or detect a crime. If we have to share information in these situations, we will only share information that will improve your and/or your child[ren]’s safety. We will always try and tell you when information is being shared unless it is not safe for you or someone else or we can’t contact you. Further information is available in our Child and Adult Protection Policies about the factors we consider when deciding whether information should be disclosed.
BWA is regulated by the Care Inspectorate. This
agency may require access to case files during inspection visits to review
BWA’s practice. No personal information will be processed or removed during
these, unless there is a statutory requirement for this. The Care Inspectorate
may also require BWA to provide details of reportable incidents. Any personal
data shared with them will be limited to that which is necessary for the Care
Inspectorate to investigate the incident and will be shared only through the Care
Inspectorate’s secure portal.
If we do hold information about you, you can ask us to correct any mistakes either verbally or by sending an email or letter to the Data Controller at the addresses set out below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
Right to be forgotten
You have the right to have the personal data that we retain about you erased under the following circumstances:
- The personal data is no longer necessary for the purpose which we originally collected or processed it for;
- If you object to the processing of your data, and we don’t have an overriding legitimate interest to continue this processing. An example of an overriding legitimate interest would be if you were staying in refuge and we required your personal data to process housing benefit or to administer the rent and bills that we receive from you.
- If we have processed your personal data unlawfully.
- If we are legally obliged by you to do so
Cookies & usage tracking
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g. remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
Our Privacy Notices
Please contact us if you wish to view any of our privacy notices:
- Privacy Notice – Recruitment
- Privacy Notice – Employees
- Privacy Notice – Volunteers (including Trustees)
- Privacy Notice – Women
- Privacy Notice – Children
- Privacy Notice – Young People
- Privacy Notice – Parental Responsibilities
- Privacy Notice – Donors
Complaints or queries
BWA tries to meet the highest standards when
collecting and using personal information. For this reason, we take any
complaints we receive about this very seriously. We encourage people to bring
it to our attention if they think that our collection or use of information is
unfair, misleading or inappropriate. We would also welcome any suggestions for
improving our procedures.
If you have a query or want to make a complaint about the way we have processed your personal information, you can email email@example.com or write to the Board of Directors at Border Women’s Aid Ltd, Unit 5B Liddesdale Road, Hawick TD9 0BN.
If you are unhappy with our response, you can complain to the Information Commissioner’s Office (ICO) in their capacity as the statutory body which oversees data protection law – www.ICO.org.uk/concerns.