PRINCIPLES

The relationship of truth between you, our client, and Older Citizens Advocacy York [OCAY] is an integral aspect of our service. We strive to maintain both your trust and confidence. We know that all client value their privacy, therefore, we will not disclose your personal information to any unless it is required by law or we have your explicit consent to do so. We have never, and we will never, sell personal information.

WHAT WE COLLECT

OCAY collects and maintains your personal information so we can provide the most effective advocacy service for you. The types and categories of information we collect include: information we receive both verbally and written from you in meetings and upon application to the service (i.e. telephone number, information relevant to the case, risk factors); information that we may receive from third parties with respect to yourself or the case (i.e. correspondence from the Department of Work and Pensions, or the City of York Council).

HOW WE PROTECT

To fulfil this commitment, OCAY has instituted service-wide procedures and practices to safeguard your information. These include: adopting policies and procedures that put in place physical and electronic safeguards, and limiting access to information so that it is only accessed if absolutely required. It may be necessary for third-party companies who deal with our computer management to access our systems, in this case they are obligated to sign a confidentiality agreement so we can keep your information strictly private.

WHAT HAPPENS NEXT

Your data will be retained until you cease to be a client of Older Citizens Advocacy York, whereupon all physical and digital data pertaining to the case in question, as well as your own personal data, will be deleted within 7 years. All emails are deleted after 12 months regardless of whether the case is ongoing.

For further information contact Ruth Potter, Charity Manager. Tel. 01904676200

Privacy

Last modified 25th May 2018

Contents

Introduction

We protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The GDPR requires data controllers such as ourselves to document our lawful basis for processing personal data. It also gives you rights over how your data is processed. This privacy policy documents the data we collect, why and how we process it, and how to exercise your rights.

Data controller

The data controller responsible for this website is Older Citizens Advocacy York, who can be contacted at 52 Townend Street, York, YO31 7QG.

This website contains links to third-party websites, which have their own data controllers and privacy policies. This privacy policy applies only to this website.

Lawful basis for processing

For each method by which we collect personal data, this privacy policy documents our lawful basis for processing the data. Where we rely on your consent to process your data, we explain how you can withdraw your consent and delete your data.

Individual rights

The GDPR gives you rights over how your personal data is processed. You can exercise your rights by contacting us. In some cases you can also exercise your rights through automated systems, as described at the relevant points in this privacy policy.

Security

The GDPR requires us to implement appropriate technical measures to protect data. We verify the identity of any individual who requests access to data before granting access. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website. Additional technical measures are described at the relevant points in this privacy policy.

Disclosures

In addition to any sharing of data described elsewhere in this privacy policy, we may disclose data for legal reasons. If we suspect criminal activity we may disclose data relating to those involved or affected to the appropriate authorities. We may also be obliged to disclose data if we receive a request from an appropriate authority.

Changes to this privacy policy

We may occasionally make changes to this privacy policy. Following any changes, the date at the top of this privacy policy will be updated. If any change allows for wider access to data, such changes will only apply to data collected after the date of the updated privacy policy.

Cookies

Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.

Data collected when you contact us

Comments

When you submit a comment through a ‘Leave a comment’ form on our site we collect your name, e-mail address, and comment. We may choose to publish your name and comment on our site. Comments are submitted to the Akismet anti-spam service in order to detect and block spam. For more information on how Automattic (the operator of Akismet) handles the data it collects, see Automattic’s privacy policy.

You can delete a comment by contacting us with your request.

Lawful basis for processing: Consent given by data subject
Why? You have given your consent by checking the box on the ‘Leave a comment’ form

Data collected by third parties on our behalf

Spoton.net

Our site is hosted by Spoton.net Limited (registered company number 06139437 in England and Wales). Spoton.net logs all requests in order to determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days.

Lawful basis for processing: Compliance with a legal obligation
Why? To comply with the GDPR obligation to implement appropriate technical measures to protect data

Cloudflare

Our site is served through Cloudflare. Cloudflare helps our site load faster by storing copies of our content in data centres around the world, and defends our site from attacks by logging requests to detect and block suspicious traffic. For more information on how Cloudflare handles the data it collects, see Cloudflare’s privacy policy.

Lawful basis for processing: Compliance with a legal obligation
Why? To comply with the GDPR obligation to implement appropriate technical measures to protect data

Google Analytics

We use Google Analytics to track visitor interaction with our site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. We have enabled IP anonymisation so that Google will not store your complete IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.

To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy. To opt out of Google Analytics tracking on all sites, use the Google Analytics Opt-out Browser Add-on.

Lawful basis for processing: Pursuance of our legitimate interests
Why? To allow us to analyse how visitors interaction with our site in order to improve our site and our services

Other data collected by third parties

Mapbox maps

When you view a page containing Mapbox maps, your browser connects to Mapbox. For more information on how Mapbox handles the data it collects, see Mapbox’s privacy policy.

Twitter profile widget

When you view a page containing the Twitter profile widget, your browser connects to Twitter. For more information on how Twitter handles the data it collects, see Twitter’s privacy policy.

YouTube video player

When you view a page containing the YouTube video player, your browser connects to YouTube. For more information on how Google (the operator of YouTube) handles the data it collects, see Google’s privacy policy.