Evesham & District Mental Health Support Services Privacy Policy

Evesham & District Mental Health Support Services (EDMHSS) is a registered charity, whose objectives are to support the residents of Evesham and surrounding districts by promoting the preservation of mental health and wellbeing and providing social, emotional and practical support to persons suffering from mental disorder or conditions of emotional mental distress.

To make use of the services provided by the EDMHSS, or to work or volunteer for us, or simply to communicate with us, individuals need to lodge their personal data with the Charity, directly and/or electronically.  Personal data can include contact information, such as name, address, telephone number and email address and, if necessary, more extensive information, such as medical conditions and employment history.

 

EDMHSS, the Data Controller, takes the privacy and security of  your personal data very seriously.  All personal data is collected and used in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

The Charity complies with data protection law, including the six principles of the UK GDPR, which are: To process your personal data lawfully, fairly and in a transparent way; to collect and use your personal data only for the valid purposes that we have advised you about; to only process your personal data to the extent necessary; to keep your personal data accurate and up to date; to keep your personal data only as long as necessary; and to keep your personal data secure.

EDMHSS collects and uses only the information needed to carry out its legitimate business, having identified the relevant UK GDPR lawful processing bases.  EDMHSS relies on the following lawful processing bases: consent, contract, legal obligation, legitimate interests, and (for sensitive health data) employment obligations and legitimate activities of a non-profit organisation.

Personal data provided to allow us to claim Gift Aid on donations is shared with HMRC and we are legally obliged to retain it for six years.  Where we hold your contact details in order to communicate with you about our legitimate business, we will use them solely for this purpose under the UK GDPR legitimate interests processing basis.  We will never transfer them to third parties, and we will securely destroy them two years after our last contact.  Where we hold more than contact information about you, and/or our relationship is more extensive (e.g. employment, service delivery) we will provide you with a Privacy Notice, explaining what data we are using and under which lawful basis, how we use it, who can see it and how long we will keep it.  

You have various rights under the UK GDPR, including the right of access to your data, the right to have errors corrected and the right for your data to be deleted.  To exercise these rights, please contact us in writing at Evesham & District Meeting Centre, 20 Church Street, Evesham, Worcestershire, WR11 1DS or by emailing edmhss@btconnect.com.  You have the right to make a complaint at any time to the Information Commissioner’s Office (www.ico.org.uk), the UK supervisory authority for data protection issues, at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.