Privacy Policy

Salford Foundation is an organisation that supports the vocational, personal, social and academic development of young people and adults in Salford, Greater Manchester and the North West.

Download our Data Protection Privacy Notice (.pdf)

For the purposes of providing these services, Salford Foundation holds personal data on a variety of people including: children, young people or adults who use our services; current and former employees; job applicants; volunteers/mentors; donors and funders.

We (‘Salford Foundation’) respect your privacy and are committed to protecting your personal data and being transparent about how we collect and use your data. We demonstrate this through operating within the requirements of General Data Protection Regulation (GDPR) and by building in appropriate safeguards during the collection, storage, processing, sharing and disposing of personal data.

This notice contains important information about how we process information about the children, young people and adults who use our services and the volunteers and mentors who work with us. This includes:

  1. Who collects personal information about you;
  2. What information we collect about you and how and why we do so;
  3. How we use the information and who we may share it with;
  4. How we store your personal information;
  5. How long we keep your information;
  6. Your rights to correct and access your information and to ask for it to be erased; and
  7. Details of where you can find further information and how to complain if we get things wrong and cannot resolve them for you.

1 - Who we are

Salford Foundation is a registered charity (registered in England and Wales: 1002482) and a company limited by guarantee (Company Number: 2472369).

Our registered address is:

Salford Foundation
Foundation House
3 Jo Street
Salford
M5 4BD

Salford Foundation’s Data Protection Officer, Mairi Palmer, is responsible for data protection compliance and for answering any questions you have about this privacy notice. You can contact her at the above address, by email: dpo@salfordfoundation.org.uk or by phone 0161 787 8500.

We will usually be the ‘Data Controller’ when we process your personal information. This means we make decisions about what your data is used for and who sees it. However, in some instances, for example, the National Citizen Service (NCS) Programme, we process personal information as a ‘Data Processor’. This means that we process your data on the instructions of another organisation and have other responsibilities under GDPR. You can find more information on the NCS programme here.

2 - What information do we collect?

Personal data is any information from which a person can be identified. It doesn’t apply to groups of people or where the data has been anonymised (made so a person can’t be identified from it).

We also process ‘special categories’ of data. This is more sensitive information and includes information about your racial or ethnic origin, political views, religious or philosophical beliefs, membership of a trade union, biometric, genetic or health data, sex life, sexual orientation and criminal record.

We only collect the minimum information required to safely run and deliver our services.

2.1 Children, young people and adults who use our services

Salford Foundation offers a wide range of services to children, young people and adults. We collect your details and any data that is relevant to delivering the service to you or your child.

What information do we collect?

For children and young people using our services the personal data we collect may include:

  • Name
  • Parent/ carer name
  • Age/ date of birth
  • Gender
  • Contact number(s)
  • Email address(es)
  • Postal Address
  • National Pupil Database number
  • College/ school information
  • Emergency contact details
  • Images (digital photographs, moving images)

For adults who use our services the personal data we collect may include:

  • Name
  • Age/ date of birth
  • Gender
  • Contact number(s)
  • Email address(es)
  • Postal Address
  • National Insurance and NHS numbers
  • Family details
  • Emergency contact details
  • Information relating to your finances or housing status
  • Information relating to your education and training
  • Images (digital photographs, moving images)

More sensitive information we may collect about the children, young people and adults who use our services may include:

  • Ethnicity
  • Religious or other beliefs of a similar nature
  • Medical information and details of any special educational needs
  • Sexual orientation
  • Physical or Mental Health details
  • Offences and criminal convictions

It is important that you let us know any changes to your personal information, such as your address, so we can mae sure that the details we hold about you are accurate.

How do we collect information about you?

We collect informationabout you in a number of ways:

  • when you are with one of our caseworkers;
  • when you complete a referral or assessment form;  or
  • when you have been referred from your school/college, local authority or any other agency.

How do we use your information?

We collect and retain personal information about the children, young people and adults who use our services in order to:

  • decide if you are eligible for our services;
  • provide you with a servi9ce and monitor your progress;
  • to promote the work of Salford Foundation;
  • keep you and others safe;
  • review the effectiveness of our services;  and
  • to inform you of future opportunities that may be of interst to you.

We will only use your information for the purposes we collect it. If we need to use your information for something new, we will let you know why this is.

Legal basis for processing

Under the General Data Protection Regulation (GDPR), we must have a legal reason to keep your data and process it.We will use your personal information in the following circumstances:

  1. Where it is in our legitimate interests and this not outweighed by your rights and freedoms. For example, when Salford Foundation provides you with a service we will process your data on the basis of legitimate interest. We do this because we cannot provide a service to you without using your personal information. When processing personal information based on a legitimate interest, we will make sure that it is exercised proportionately and is always balanced against the privacy rights and other legal rights you have as an individual.
  2. Where we are required to do so by law.
  3. Where you have given consent. This means we have asked for your permission to use your personal data and you have agreed. For example, we might ask you to be in a photograph which is used to promote our work.
  4. Where we need to protect your interests or someone else’s.
  5. Where it is needed in the public interest.

Where we process sensitive personal information, known as ‘special category data’, we will make sure that we only do so with your permission.

If you don’t provide some information which we ask for, we may not be able to provide you with a service.

2.2 Volunteers and Mentors

What information do we collect?

When you work with Salford Foundation as a volunteer or a business mentor, we will collect some personal information from you. The range of information we collect from you is appropriate to the role you perform with us and may include:

  • your name and contact details;
  • details of your qualifications, skills and experience;
  • your volunteering or employment history;
  • information about your emergency contacts;  and
  • references.

We may also process more sensitive information about your criminal record via a DBS check which may be used to assess suitability for volunteer positions, for example in cases where you work with children, young people and vulnerable adults.

It is important that you let us know any changes to your personal information, such as your address, so we can mae sure that the details we hold about you are accurate.

How do we collect information about you?

We collect your information in a variety of ways. For example, you may have filled in an application form or submitted a CV; from correspondence with you; or through meetings, telephone calls or other assessments.

We may also collect information about you from third parties, such as references supplied from current or former employers, and information from criminal records checks as permitted by law.

How do we use your information?

We collect and retain personal information about our volunteers and business mentors in order to:

  • get you set up as a volunteer or mentor;
  • to make informed decisions about your role as a volunteer or mentor;
  • check your suitability for volunteering and/or mentoring positions;
  • to administer our volunteering and mentoring programmes;  and
  • to inform you of future opportunities that may be of interest to you.

Legal basis for processing

Under the General Data Protection Regulation (GDPR), we must have a legal reason to keep your data and process it. Salford Foundation processes your information on the basis of the following legal conditions:

  1. Where we have a legitimate interest to do so in support of Salford Foundation’s charitable objectives, to make informed decisions and to use and process personal information for administrative purposes;
  2. To comply with our legal obligations and for reasons of substantial public interest;
  3. Where you have given consent.

Where we process sensitive personal information, we will make sue that we only do so:

  1. With your consent.
  2. To protect your vital interests or those of someone else and you cannot give consent.
  3. Where there is a substantial public interest condition that has been met.

For example, for certain positions it is necessary to carry out criminal records checks to ensure that individuals are permitted to carry out the role in question.

2.3 Job applicants

As part of any recruitment process, Salford Foundation collects and processes personal data relating to job applications. You can find more information here about how we collect, keep and store your personal data.

3 - How we use your information and who we may share it with

We collect and retain personal information about the children, young people and adults who use our services in order to provide you with a service, keep you safe and to inform you of future opportunities that may be of interest to you. We keep the information we collect about you confidential and will not sell or share this with any third parties for the purposes of direct marketing or fundraising.

For our volunteers and mentors, Salford Foundation needs to process your data to enter into a relationship with you and to ensure that we are complying with our legal obligations. For example, for certain positions it is necessary to carry out criminal records checks to ensure that individuals are permitted to carry out the role in question. We use this information to progress applications or any other enquiries relating to volunteering and business mentoring.

There will be occasions when we need to share information with third parties. For example, we may need to share information with our funders (for contractual purposes), with evaluators who are helping us to improve our service or with external agencies that inspect our work. We may also use third parties to ensure secure storage of your personal information (e.g. Charitylog and AdvicePro). We also have a legal duty to share information with relevant authorities if we believe there is a clear health or safety risk to an individual or other third party, or where there is a legal requirement to do so.

We will only share information with third parties where we have information sharing protocols in place which protect personal information, except where we have a legal obligation to share this. Wherever possible, information will only be shared in ways which do not identify you as an individual.

There may be occasions when we will ask you for your consent to use your data to help us inform the public about our work via case studies or for use on social media. Consent to being filmed or photographed can be withdrawn at any time by notifying us. Please note that should you withdraw your consent after the filming material or photographs have been published, we will do our best to remove them, however, we will not be able to remove these from publications already in circulation and may not be able to guarantee their complete erasure.

4 - Where do we store your information?

We store your personal information securely in paper or electronic forms at our offices. We have in place appropriate technical and security measures to prevent personal information from being accidentally lost or used and accessed in an unauthorised way. Where we store your personal details electronically, this will be held on our secure server which is protected via a firewall or on secure case management systems located in the UK (Charitylog and AdvicePro).

We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only under out instructions and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach, for example if your data were lost, destroyed or stolen. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

5 - How long do we keep your information for?

Salford Foundation will only use and store personal information for as long as it is required for the purposes for which we collect it.

How long we keep your personal information will depend on:

  • legal requirements;
  • the purpose for which we hold the data;
  • requirements of our funders;  and
  • guidance issued by relevant regulatory authorities.

We review our data retention periods for personal information on an annual basis.

Personal information that we no longer need is securely disposed of and/or anonymised so individuals can no longer be identified from it.

6 - Your rights to correct and access your information and to ask for it to be erased

Under the General Data Protection Regulation (GDPR) you have a number of rights over the data we hold about you. These are:

  • the right to access your personal information (sometimes called a ‘data subject access request’);
  • the right to ask us to edit and update your personal information;
  • the right to ask us to delete your personal information;
  • the right to stop or limit processing of your personal information if we are not entitled to use it anymore;
  • the right to request we send your personal information to someone else;
  • the right to object; and
  • the right to lodge a complaint with a supervisory authority.

Please contact our Data Protection Officer (DPO) at dpo@salfordfoundation.org.uk if you wish to exercise your rights, update your personal information or if you have any questions about this notice. If you wish to access your personal data by making a ‘subject access request’, please do so in writing. We may ask for proof of your identity. Your data will be provided free of charge and we will make every effort to respond within one calendar month.

7 - How to complain

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your personal information. You can contact them at dpo@salfordfoundation.org.uk

You have a right to make a complaint at any time to the Information Commissioner’s Office, for example if your feel that we havenot been able to address your concerns. They can be contacted at the following address:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

www.ico.org.uk

We may make changes to this notice at any time. If we change something important, we will give you a new copy of this notice. This notice was last updated 14th November 2019.

8 - Glossary

Anonymisation is the process of either encrypting or removing personally identifiable information from data sets, so that the people who the data describe remain unknown or anonymous.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.

The Data Controller is the organisation that is responsible for your personal data. They are required to keep it secure, make decisions about what happens to your data and are accountable if it’s lost or not kept confidential.

The Data Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

General Data Protection Regulation (GDPR) is the 2018 legal framework that sets guidelines for the collection and processing of personal information of individuals in the European Union.

Legitimate business interest legal basis means the interests of our organisation in conducting and managing our business to enable us to give you the best service and the best and most secure experience. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required to do so by law).

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Special category data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Subject access request is your right to get a copy of the information that is held about you.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.