Sharing your personal information with Crisis
02.05.2018 1174 XX
- Why we ask for your personal details
- What we do with them
- Understanding your rights
Why we ask for and keep your information
When you ask Crisis for help and join us as a member we will ask you for some personal information. This information is really important to us. It helps us work with you to give you the support you need to successfully find a home.
We also use your information to make sure our services are effective (working well).
Another way we use your information is to help our work to change policies and reduce homelessness in the future. When we use your information in this way you will not be identified as an individual
You don’t have to give us information if you are uncomfortable in telling us certain things. But there will be some information you will need to give us if you want to use all of our services.
When you become a Crisis member you enter into an arrangement with us. We provide help and advice to support you to leave homelessness for good. In return, you provide us the information we need to provide you with the right help.
This arrangement, where you provide us information and we offer you support and assistance can be considered a “contract”. You can tell us when you no longer want to continue with this arrangement.
Under the law, Crisis must have a lawful basis to collect and process information about you and other members. We believe that the lawful basis includes our need for information so that we can do our job properly as an organisation, including helping change policy and make our services better. This is known technically as “legitimate interest”.
Our “contract” arrangement also provides a lawful basis for us to collect and process your information.
Finally, it is also important for us to collect some information to help us keep people safe. This is known as “vital interests”.
How we keep your information safe
The information you give us – your ‘data’ - is kept safe and secure whether it is on paper or on our computer systems. Your information is used carefully by members of our Crisis team to support the work they do for you.
Under UK law we cannot share your information with anyone or any organisation outside Crisis without asking you first, except in the following situations:
- We have to share information to protect the safety and well-being of someone (including you) we believe to be at risk of harm.
- We have to share information if the police ask us to support a serious criminal investigation, or if we are directed to hand over information through a court order.
Your consent is important
We cannot add certain information about you to our databases without your consent. This information includes:
- your racial or ethnic origin
- your health information
- your religious and philosophical beliefs
- your sexual orientation
- biometric data (although we currently do not collect this sort of information which includes things like finger prints)
We will always ask for your consent to add this type of information to our databases.
We will always ask your consent to use it, except where the law says we don’t have to, or to protect your health in an emergency.
If we need to use any of your data for a different reason than why we collected it we will let you know why and how it will be used. For example, if we wanted to use your information in our research or policy work in a way that might identify you, we would always ask you and secure your consent first.
When you visit a Skylight or Crisis café, you may be recorded on CCTV. We use CCTV to protect the health and safety of those people who work or visit us, and also for the prevention and detection of any criminal activity that takes place on our premises. We will always tell you if we are doing this (through signs in our buildings).
When we collect your information
The information you give us will be collected and updated on our computer databases during your time with us.
The stages for information collection are usually:
- when you join us for the first time
- when you take courses with us or use our services
- when you have found a secure home of your own
- when you decide you no longer want our support
- after you have moved on from our services and you agree to share your information so that we can update our records about you to check you don’t need further support
How we collect your information
You will give us most of the information we hold. But the Crisis staff you work with – for example, your progression coach – may also add information about you to our databases.
Organisations you have been involved with outside Crisis, such as a hostel provider, advice centre or local authority, could give us information about you too. This information will only be shared with your consent and agreement, unless the information is shared to keep you or someone else safe from possible harm.
The type of information we keep about you
The type of information we keep could include:
- your contact details (address, phone and email)
- information about the sorts of help you want from us – and the reasons
- information about your physical and mental health – this may be needed to comply with our health and safety and safeguarding obligations
- correspondence with or about you – for example this could be letters to you about your entitlement to grants
- information to support any expenses you need to claim
- your eligibility to receive state benefits
- your next of kin and emergency contact details
- information on your nationality
- information about your previous employment, including qualifications and training records
- documents and emails produced by the Crisis staff who support you
How long we keep your information
We will keep most of your personal data for up to two years after you have stopped using our services. Sometimes we may have to keep it longer. This is unusual, but if an external organisation helps with funding the services you use they may ask us to keep details for longer.
Your rights and your information
You have rights and control about how your information (data) is used. The laws that help you do this are the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
These laws mean:
- you can ask us to show you all of the information we have about you
- you can ask us to correct anything that you think is wrong
- you can ask us to erase your personal data from our systems – however, there may be times where we are unable to do this however for example, where we may have refunded travel expenses to you, we must legally keep the details of payments we have made to you
- you can tell us you are not happy about our reasons for collecting and processing your data
- where it is possible (and in limited circumstances) you can ask for your information to be transferred to another provider of a similar service
- you can change your mind – you have given us permission to process and keep your information, you can withdraw this permission in some circumstances
- you can complain if you think we have broken the GDPR or DPA 2018 laws.
How to complain
Complaints about data protection can be handled by the government’s Information Commissioners’ Office. You can contact them at https://ico.org.uk/concerns/handling/
However, we would always like to try to help you first. So if you are unhappy about the way you think your information is being dealt with at Crisis, please speak to the Director at your Skylight centre for support first.
Our data protection officer Beverley Adams-Reynolds can also help. Beverley is based at our London Head Office. Her email is: firstname.lastname@example.org
Legal notice: Crisis is a data controller of data for the purposes of the DPA 2018 and GDPR.