Privacy & Data Collection Policy
This policy statement sets out the data processing practices carried out by Community Language Support Services (CLSS). We will always make sure that your personal data is protected and treated securely.
CLSS is committed to ensuring anyone can be clear about:
What personal data we hold
Why we hold personal data
How we use personal data
How we keep personal data safe
How long we keep personal data
How we respond to subject access requests
With whom and in what circumstances we share personal data.
CLSS will comply with British data protection law, which for the time being includes complying with the European Union’s General Data Protection Regulation. We will always make sure that your personal data is protected and treated securely. Any information that you give will be held in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, and CLSS have the obligation to comply with the Freedom of Information Act 2000 and which includes procedures for ensuring that clients are fully aware of their rights under the Act including the process to access any information held on them.
CLSS is registered with the Information Commissioner’s Office (ICO).
We will publish this policy on our website and make it available on paper on request to anyone who does not have access to our website.
CLSS collects and uses personal data for three distinct purposes which affect what we hold, how we use it and how long we keep it. These are explained below.
We also make our Information Asset Register available for people to read to give further clarity about how data relating to them is managed and kept secure. This includes our retention schedule and clear details about the lawful basis for storing and keeping personal data.
Find out more about our Information Governance Policy and our Retention and Disposal Schedule.
Advice and Casework
We have to collect a lot of personal data, including sensitive personal data, in order to establish whether and how we can assist the people who contact our service. If you are unwilling to give us the information about your household requested on our Client Form, it will usually be impossible for us to give you advice about your benefits, debt or housing situation.
If we need to contact someone as part of assisting you with a problem or issue, we will first ask you for your consent. We may then receive information about you from people we have contacted with your consent such as the Department for Work and Pensions, the Council, or your doctor.
We try to make sure we give clients good advice so we may arrange for the advice we have given you to be checked by an outside expert who will be bound by this policy and our Confidentiality Policy.
We may ask you for some information which is not necessary purely to give you advice: for example, some of our funders ask us to collect information about our clients’ ethnic origin. When we ask you for information that is not strictly necessary to provide you with a service, we will make it clear you do not have to give us that information.
We keep records of our advice and casework on a case management system for six years after the end of each case or issue. We then delete those records. We also keep some personal data of clients in paper form for six years after we have last seen that client. We then shred that paperwork.
Governance and Administration
CLSS is required by its Memorandum and Articles of Association to maintain an up-to-date register of our members.
We will ask members how they wish to receive the communications we are required to send them, such as notices of meetings. A member may change at any time their preference as to whether they are contacted by email or by post. If a member changes their preference, we will immediately delete the old contact information.
We will keep a member’s name, address and their current, preferred contact details for as long, but only for as long, as they remain a member. When a person ceases to be a member of the CLSS, we will immediately delete their personal data from our membership records.
If you become a Trustee of the organisation, you must understand that we will have by law to give certain personal data about you to the Registrar of Companies and the Charity Commission which they will publish. Anyone wishing to become a Trustee must accept that we will have to collect and pass on that personal data.
We collect and use personal data relating to our employees and volunteers but only data necessary for legal compliance (such as payroll data) and administration.
We will not use for any other purpose personal data which we collect for governance and administration purposes without first obtaining specific consent from each individual concerned.
CLSS will from time to time organise specific activities or make appeals to obtain funds either for our clients or to enable us to maintain and/or develop our service.
We will only contact you in connection with our fundraising activities if you have agreed to be contacted. If you wish to withdraw your consent to being contacted, you may do so at any time. We will immediately remove your contact details from our mailing-lists but we are required to keep records of donations for six years so we cannot delete all of a donor’s personal data before that time.
We aim to keep personal data safe. Personal data is generally processed on our premises, but we also use portable computer equipment and a mobile phone both of which will be encrypted to protect any personal data they store. Staff are forbidden to use personal computer equipment to process clients’ personal data.
Clients’ personal data is only supposed to be stored on paper-based records, but we also send letters and electronic communications which may contain clients’ personal data. Before we dispose of a computer, we always wipe and then destroy the hard disk.
No person will be given access to personal data held by the CLSS by virtue of being a Trustee, an employee or a volunteer without having first read our Confidentiality Policy and signed an undertaking to observe it.
Anyone has the right to:
Access information held about you.
Ask what personal data we hold about you
Ask how we use any personal data we hold about you
Ask us to correct personal data we hold about you
Withdraw your consent to us holding any data we hold about you which we process only by virtue of your consent and ask for us to delete that data.
If you want to make a Subject Access Request, find out more about the processing of your personal data or make a complaint about the way we process your personal data, please either:
Email us: email@example.com or
write to us at our registered address, which is;
Community Language Support Services
St Mellitus Church
The Presbytery, Tollington Park
There is generally no fee for dealing with a Subject Access Request and the information will generally be provided within one month of receiving the request.
If a request is manifestly unfounded or excessive, particularly if it is repetitive, we may:
Charge a fee based on the administrative cost of providing the information, or
Refuse to respond.
We may also charge a fee, calculated on the same basis, to comply with requests for further copies of the same information.
If requests are complex and numerous, we may inform the person within one month of making the request why it will only be able to respond within three months.
If you are not satisfied with the way we handle a request or a complaint, you have the right to appeal to the Information Commissioner’s Office (ICO). There is no charge for making an appeal. The contact details of the ICO are as follows:
The Information Commissioner’s Office
0303 123 1113 (local rate)
Breaches of data protection
If CLSS is aware of a possible breach, the Coordinator will investigate and, if necessary, report it to the ICO within the timescales required.
This policy was renewed by the Board on 06/11/2023