سياسة الخصوصية
سياسة الخصوصية
At CAMM, we collect and use your personal information to help solve your problems, improve our services and tackle wider issues in society that affect people’s lives.
نحن نطلب فقط المعلومات التي نحتاجها. نسمح لك دائمًا بتحديد ما تخبرنا به بالراحة ، وشرح سبب حاجتنا إليه والتعامل معه على أنه سري.
When we record and use your personal information, we:
- الوصول إليها فقط عندما يكون لدينا سبب وجيه
- شارك فقط ما هو ضروري وملائم
- لا تبيعها لأي شخص
We collect and use the details you give us so we can help you. We have a ‘legitimate interest’ to do this under data protection law. This means it lets us carry out our aims and goals as an organisation. We’ll always explain how we use your information.
At times we might use or share your information without your permission. If we do, we’ll always make sure there’s a legal basis for it. This could include situations where we must use or share your information:
- للامتثال للقانون - على سبيل المثال ، إذا أمرتنا المحكمة بمشاركة المعلومات. هذا يسمى "الالتزام القانوني"
- لحماية حياة شخص ما - على سبيل المثال ، مشاركة المعلومات مع مسعف إذا كان العميل مريضًا في مكتبنا. هذا يسمى "المصالح الحيوية"
- لتنفيذ أهدافنا وأهدافنا المشروعة كمؤسسة خيرية - على سبيل المثال ، لإنشاء إحصائيات لأبحاثنا الوطنية. هذا يسمى "المصالح المشروعة"
- بالنسبة لنا لتنفيذ مهمة حيث نلبي أهداف هيئة عامة في المصلحة العامة - على سبيل المثال ، تقديم خدمة حكومية أو سلطة محلية. هذا يسمى "المهمة العامة"
- لتنفيذ العقد الذي أبرمناه معك - على سبيل المثال ، إذا كنت موظفًا ، فقد نحتاج إلى تخزين التفاصيل المصرفية الخاصة بك حتى نتمكن من الدفع لك. هذا يسمى "عقد"
- to defend our legal rights – for example, sharing information with our legal advisors if there was a complaint that we gave the wrong advice.
We handle and store your personal information in accordance with the data protection legislation – including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
You can check our main Citizens Advice policy to establish how we handle most of your personal information.
What information does CAMM ask for and how will it collect and use your data.
To find out what information we ask for and how we collect and use your data, see our national Citizens Advice privacy policy.
The data we collect at CAMM when you seek our advice.
We will need to obtain your personal information to enable us to deliver our services to you. That may include information in relation to the following:
Your name and date of birth.
Your address, email address and telephone number(s).
Information to enable us to verify and confirm your details. E.g. Birth certificate or passport details, proof of address/residency.
Your communication preferences from us and our third parties.
Any additional information that we may require to provide and deliver a service to you.
We collect most of this information from you in direct communication via face-to-face interviews, over the telephone or by email.
However, we may also collect information from:
Publicly accessible sources.
Via a third party with your consent.
When you give us authority to act on your behalf, we will need to share your personal information with the relevant third-party organisation to assist you with your enquiry.
We commonly share information with statutory local authorities on a district, borough, county and city level as well as with Integrated Care Boards and specialist partner organisations. Citizens Advice Mid Mercia is committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). When we share your data with other organisations for legitimate business purposes, we implement robust safeguards to maintain the security and privacy of your information. We have established appropriate data processing agreements and contractual clauses with these third parties, as required by GDPR. These measures ensure that any organisation receiving your data is obligated to process it only for specified purposes, implement adequate security measures, and uphold your rights as a data subject. We regularly review and audit these arrangements to verify ongoing compliance and to protect your data throughout its lifecycle, from collection to deletion.
How CAMM store your information.
All personal client data collected as part of services is stored within the national case recording system, Casebook. Certain information is also stored on Microsoft Office 365 or AdvicePro, which are secure, cloud-based systems.
Data security.
We have put in place appropriate security measures to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We also have robust procedures in place to deal with any suspected data breach. We will notify you and the applicable regulatory bodies of any suspected data breach where we are legally required to do so.
Data retention.
We will only retain your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes via other means, and the applicable legal requirement.
How CAMM use your data when applying to work or volunteer.
We will collect personal information including, your name and address and date of birth and your telephone and email contact details.
Previous employers/job data/positions held including dates.
Job references from previous employers.
Nationality/visa/right to work documentation (Passport, driving licence, national insurance number, birth certificate/evidence of name or gender change).
Results of any pre-screening employment checks via the Disclosure and Barring Service (DBS).
Notes from any job interviews.
Bank account details (If successful when applying for a paid position)
Emergency contact details (If successful when applying for a paid position or becoming a volunteer).
During the process we may also capture some special category data about you (e.g. disability information), in order to make reasonable adjustments (to enable our candidates to apply for jobs with us, take online/telephone assessments, attend interviews/assessment centres, prepare for starting at CAMM if successful, and to ensure that we comply with regulatory obligations placed on us with regard to our recruitment) and to allow us to complete pre-employment checks.
What CAMM uses your information for.
To enable us to manage your application, we need to process certain information about you. CAMM must have a legal basis for processing your personal data and special categories of your data may only be processed where an additional lawful basis applies. We will process your personal data for the purpose of progressing your application to join us as required by law or regulatory requirements, therefore, not all of the purposes for which we process your data will apply to you all of the time.
We have a mandatory legal obligation to check a successful applicant’s eligibility to work in the UK before their employment begins.
CAMM has a legitimate interest in processing personal data during the recruitment process. This enables us to assess the job applications, invite potential candidates for an interview, assess the candidate’s suitability for employment and decide whom we offer a position.
CAMM may process special categories of data, such as monitoring information in relation to recruitment statistics and to comply with our legal obligations in relation to equality and diversity. We also collect information about whether job applicants have a disability in order to make any necessary reasonable adjustments to enable a candidate to attend a job interview.
CAMM will process your personal data to comply with obligations and exercise specific rights in relation to employment, social security and/or social protection.
Who do CAMM share your information with.
CAMM will need to share your personal data internally and in certain instances with some external third parties to conduct pre-employment screening checks and obtain job references. Your information will only be shared if it is necessary or required by law.
The recruitment process will involve:
Assessing and process your job application.
Assessing your suitability for the job role (e.g. Skills, experience, and behaviours for the job role).
Selecting suitable candidates for a job interview.
Activities to complete the on-boarding and screening process should your application be successful.
To enable these processes your personal data will be shared internally, however the information shared will be limited to what is required by each individual/department to perform their role within the recruitment process. Your information may be shared internally with:
Employees who have managerial responsibility for you or are acting on their behalf.
Employees within Human Resources (HR) who have responsibilities for specific recruitment processes.
Employees within our Central Support team who have a responsibility for elements of the on-boarding process, including IT equipment, health and safety, facilities including the processing of personal documentation.
We may also need to share your information with third party suppliers or associates:
Suppliers who undertake DBS checks on behalf of CAMM.
Suppliers who are responsible for IT provision on behalf of CAMM.
Suppliers who are responsible for the administration of payroll services on behalf of CAMM.
Suppliers who are responsible for providing telephony services on behalf of CAMM.
How CAMM store your information.
All the information collected we have obtained as part of the recruitment process is stored on Microsoft Office 365, a secure, cloud-based system. Successful employee and volunteer records are stored within our internal HR database, You Manage.
Data security.
We have put in place appropriate security measures to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We also have robust procedures in place to deal with any suspected data breach. We will notify you and the applicable regulatory bodies of any suspected data breach where we are legally required to do so.
Data retention.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file and retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes via other means, and the applicable legal requirement.
You may be asked when you submit your CV, whether you give us consent to hold your details in accordance with the DPA.
If your application for employment is unsuccessful, CAMM will retain your data on file for 12 months, from the date of receiving your job application.
How we use your data for research, feedback and statistics
This section covers how we use your data to carry out our research, feedback and statistical work.
National Citizens Advice covers their use of data for this purpose in their privacy notice.
| Purpose | Personal data
(UK GDPR Article 6 requirement) |
Special category and criminal offence data (UK GDPR Article 9 or 10 requirement) | Opt in/out required? |
| Advice, information and guidance provision | Article 6(f) – Legitimate interests
Where processing is not based on any public function. We have carried out a Legitimate Interests Assessment for this processing.
Article 6(e) – Public task Where processing is based on official authority laid down by law or a statutory function. |
Article 9(2)(f) – establishment, exercise or defence of legal claims
Where the processing relates to the establishment or defence of legal claims including legal rights including but not limited to those such as those in relation to benefits, debt, energy and housing. For criminal offence data the same provision is outlined in DPA, Schedule 1, Part 3 (33).
Article 9(2)(g) – substantial public interest (statutory) Where our advice, information or guidance relates to a statutory function, we rely on the DPA, Schedule 1, (6) ‘Statutory etc and government purposes’. This condition also applies to criminal offence data
Article 9(2)(g) – substantial public interest (confidential counselling, advice or support) Where our advice, information or guidance relates to confidential wellbeing support. For example if supporting a client with issues relating to loneliness. The specific substantial public interest condition we rely on is detailed in the DPA, Schedule 1, (17) ‘Counselling etc’. This condition also applies to special category data and criminal offence data.
|
No, though clients may have the option of being unnamed |
| Equality, Diversity, Inclusion. (EDI) monitoring | Article 6(f) – Legitimate interests
We have a legitimate interest in processing EDI data to ensure we are promoting equity and diversity in our service. We have a full legitimate interest assessment for this processing. |
Article 9(2)(g) – substantial public interest
Processing of information relating to race or ethnicity, religious, health (including disability), and sexual orientation for the purpose of enabling, promoting or maintaining equality of treatment. Specifically, we rely on is in the DPA, Schedule 1, (8) ‘equality of opportunity or treatment’. This substantial public interest category only applies to specific special category data criteria listed above and does not extend to criminal offence data. However criminal offence data is not processed for EDI monitoring. |
Yes, clients should be given the option of providing this data including ‘prefer not to say’ options.
|
| Accessibility and reasonable adjustments | Article 6(c) – Legal obligation
We have legal obligations in accordance with the Equality Act 2010. |
Article 9(2)(g) – substantial public interest
Specifically, we rely on DPA, Schedule 1, (6) ‘statutory and governmental purposes’ in accordance with the Equality Act 2010. This will only apply to special category data and will not extend to criminal offence data but such data is not processed for this purpose. |
Yes, clients can choose whether they provide this data or not |
| Statistical purposes and research (including feedback) | Article 6(f) – Legitimate interests
We have a legitimate interest to carry out statistical analysis and research using our client data. We have carried out a legitimate interest assessment for statistical processing, research and policy formation. We may also keep pseudonymised data for archival purposes. |
Article 9(2)(j) Archiving, research and statistics
As per the A6 condition. |
Generally not required unless it involves client contact in which case an opt in should be offered |
| Maintaining quality and standards | Article 6(f) – Legitimate interests
We have a legitimate interest as an organisation to ensure that we are meeting appropriate quality and standards in our advice to clients. |
Article 9(2)(f) – establishment, exercise or defence of legal claims
Citizens Advice needs to be able to provide evidence that certain standards and quality measures are being met to defend against claims of malpractice or negligence.
Article 9(2)(g) – substantial public interest Specifically, we rely on is in the DPA, Schedule 1, (11) Protecting the public against dishonesty etc where we are carrying out functions to protect against:
|
لا |
| Complaints | Article 6(f) – Legitimate interests
We have a legitimate interest to investigate complaints and to implement lessons learned from them. |
Article 9(2)(f) – establishment, exercise or defence of legal claims
Citizens Advice needs to be able to investigate complaints to defend against claims of malpractice or negligence.
Article 9(2)(g) – substantial public interest Specifically, we rely on the DPA, Schedule 1, (11) Protecting the public against dishonesty etc where we are investigating complaints to protect against:
|
لا |
| Legal claims | Article 6(f) – Legitimate interests
We have a legitimate interest in defending our organisation against legal claims. |
Article 9(2)(f) – establishment, exercise or defence of legal claims
We need to be able to adequately defend our organisation against legal claims. |
لا |
| Individual rights requests | Article 6(c) – Legal obligation
We have a legal obligation to carry our individual rights requests in accordance with data protection law. |
Article 9(2)(g) – substantial public interest
Specifically, we rely on is the DPA, Schedule 1 (6) ‘statutory and governmental purposes’ to comply with the UK GDPR and the DPA. |
لا |
| الحماية | Article 6(e) – Public task
The legislation covering safeguarding is the Care Act 2014 (England) and the Social Services and Wellbeing (Wales) Act 2014. These acts put duties on local authorities in relation to adult safeguarding and while they don’t apply to us directly as a charity, we acknowledge Citizens Advice may receive their funding or are contracted to deliver services on their behalf and therefore it’s essential that we understand our role in protecting adults at risk. |
Article 9(2)(g) – substantial public interest
This condition is met when the processing is necessary for the safeguarding of children and of individuals at risk in accordance with the DPA, Schedule 1, (18) ‘Safeguarding of children and of individuals at risk’ |
لا |
| Fraud prevention | Article 6(f) – Legitimate interests
We have a legitimate interest in defending against fraudulent activity.
Article 6(c) – Legal obligation In some circumstances there are legal obligations to disclose actual or suspected cases of fraud. |
Article 9(2)(g) – substantial public interest
We rely on three separate substantial public interest conditions as follows:
DPA, Schedule 1, (10): ‘preventing and detecting unlawful acts’ – where we process data to prevent or detect such activity
DPA, Schedule 1, (14) : ‘Preventing Fraud’ where we disclose fraudulent activity to anti-fraud organisations
DPA, Schedule 1, (15) : ‘Suspicion of terrorist financing or money laundering’ to comply with certain requirements under Terrorism Act 2000 and Proceeds of Crime Act 2002 |
لا |
| Responding to a life-threatening emergency | Article 6(d) – Vital interests
Where a person’s life may be in danger |
Article 9(2)(g) – Vital interests
Where a person’s life may be in danger and use of special category data is necessary.
DPA, Schedule 1, (30): ‘Protecting individual’s vital interests’ also enables criminal offence data for this purpose. |
No – should only be used where a person cannot consent to this processing |
Your legal rights.
Under certain circumstances, you have rights under the data protection legislation in relation to your personal information, including the right to:
Request access to your personal data: Commonly known as a subject access request (SAR). This enables you to receive a copy of the personal data we hold about you and to establish that we are lawfully processing it.
Request a correction to your personal data: This enables you to have any inaccurate or incorrect data we hold about you corrected.
Request erasure of your personal data: This enables you to ask us to remove or delete any personal data where there is no good reason for us continuing to use it. Please note however, that we may not always be able to comply with your request of erasure for specific legal reasons. We will notify you, if this is appliable at the time of your request.
Withdraw consent: Where we are relying on your consent to process your personal data. Please note, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our services to you.
If you wish to exercise any of the rights detailed above, please contact us:
الامتثال@citizensadvicemidmercia.org.uk
You will not have to pay a fee to access your personal data (Submit a SAR) or to exercise any of the other rights. However, we may charge a reasonable fee is clearly repetitive, unfounded or excessive.
We will try and respond to all requests within one calendar month from the date of the request. If we believe the request is going to take longer than the one calendar month, we will notify you at the earliest opportunity and keep you updated.
Complaints.
In the first instance, if you have a complaint in relation to your personal data, we would like the opportunity to address your concerns. Please contact us at:
complaints@citizensadvicemidmercia.org.uk
If you remain dissatisfied with our response you can contact the Information Commissioner’s Office (ICO). The ICO is the UK supervisory body for all data protection issues. The ICO can be contacted at www.ico.org.uk or via the ICO Telephone Helpline: Tel No: 0303 1231113. They can also be contacted at the address below:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5A
Arabic 
Kurdish 
Latvian 
Polish 
Panjabi 
Russian 
Slovak 
Urdu 
English