The Exaireo Trust (Exaireo) Privacy Notice
The Exaireo Trust (charity no. 1125402) is committed to protecting your privacy and security, and ensuring that all aspects of the General Data Protection Regulations (GDPR) are complied with. This privacy notice explains how and why we use your personal data, to ensure you are informed and in control of your information.
This privacy notice applies to anyone that Exaireo has contact with, including current and previous residents, those who apply for housing but for whatever reason do not become residents, employees, past employees, job applicants, volunteers, the general public and other professionals.
We have determined that Exaireo does not require a Data Protection Officer due to the low volumes of data being processed. In the absence of a Data Protection Officer, the HR manager has been nominated as the person responsible for the implementation and ongoing adherence to GDPR.
If there are any questions concerning this policy, these can be addressed to the HR Manager, The Exaireo Trust, Unit 4, Weldon Road Industrial Estate, Loughborough, LE11 5RN or by email to email@example.com.
2. ABOUT US
In this policy, wherever you see the words ‘Exaireo’, ‘we’, ‘us’ or ‘our’ it refers to The Exaireo Trust.
3. WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data about you in the course of our work. This includes information at the beginning of, and during our relationship. For example: personal details, medical history, offending history, emergency contact details, financial information.
Information we generate
During the course of our relationship, we generate additional information. These include but are not limited to key work session notes, supervision notes, discliplinary records, sickness records, referrals to other agencies.
Information from third parties
From time to time we will receive information about individuals from third parties. This includes but is not limited to information from the probation service, or in relation to housing benefit and/or unemployment benefits.
Sensitive personal data
We collect and store sensitive personal information (this includes racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, health information and information concerning a person’s sexual life or sexual orientation) concerning our residents and employees (as appropriate). We will take extra care with this information, to ensure that your privacy rights are protected.
Accidents and incidents
If an accident or incident occurs on our property, we will keep a record of the incident (which may include both personal and sensitive personal data). We will also share this information with statutory bodies as required.
4. HOW WE USE INFORMATION
We only ever use your personal data where it is necessary in order to:
- Enter into, or perform a contract with you;
- Comply with a legal duty;
- Protect our legitimate interests;
- Protect our lawful interests, providing that your rights don’t override these.
We have determined that the personal data we hold is used in order to protect the legitimate interests of you and us, and to comply with our legal duty. In all cases, we will only use your information for the reason it was collected.
We carry out analysis on data collected from residents, to determine the length of time residents stay with us, and the reasons for their leaving. This helps us to better plan and take action where required.
5. DISCLOSING AND SHARING DATA
We will never sell your data. We may share your data with other professionals, when it is in your vital interests to do so or it is our lawful duty to (this includes but is not limited to HMRC, borough councils, DWP, payroll processors).
6. HOW WE PROTECT DATA
We employ different measures to keep your data safe, and to prevent any unauthorised access to, or disclosure of, your information.
Electronic data is held on secure devices or our secure server (accessible by staff, and with different access levels based on job roles). Hard copy information is stored in files, which are in turn stored in rooms/cupboards which are locked when not in use. Access to office space by non-staff members is only permitted where there is a staff member present. Archive records are stored in a secure location, which is kept locked at all times (saving when access to the information is required).
Some of our premises have CCTV and you may be recorded when you visit the premises. CCTV is there to aid security and to protect us and you and your possessions. CCTV will only be viewed when necessary (eg for reasons for security, or to detect or prevent unauthorised activity).
In the unlikely event that there is a data breach (this is where your personal information is disclosed to another party in error), we will notify both you and the Information Commissioners Office (ICO) without delay and within a maximum of 72 hours from when we become aware of the breach.
7. DATA STORAGE
Where we store electronic data
Our operations are based solely in the UK, and we store all data within the European Union (EU). It is possible that organisations which provide services to us may transfer data outside of the EU and EEA (European Economic Area) for example through their cloud storage; however such transfers will be subject to sufficient data protections.
How long we store information
Under GDPR, we are required to make sure that we use and store information for only as long as it is necessary, and only for the purposes it was collected for. We have determined that information concerning past, current or future Exaireo residents will be held for a period of 12 months for those who do not become residents, and for 36 months for residents unless there is a compelling reason for us store it for longer. Information concerning all other people will be stored for a period of 36 months. Financial information will be kept for a period of seven years. All such periods will start from the date of last contact, with the period being reset if contact is subsequently made.
We will regularly review both the information we keep, and the length of time we keep it for.
8. KEEPING YOU IN CONTROL
We want to ensure that you remain in control of your personal data. Included in this is ensuring that you are aware of your legal rights, which are:
- The right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (known as a subject access request);
- The right to have your data erased (although this will not apply in certain cases – for example when we have a lawful duty to use the information);
- The right to have inaccurate data rectified;
- The right to object to your data being used for marketing (we will never do this); and
- Where possible, you have the right to see personal data which you have provided us with
Please remember that there may be times when our legal duty and your vital interests supersede these rights, in which case we will let you know at the time of any request.
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
|_ab||Used in connection with access to admin.|
|_secure_session_id||Used in connection with navigation through a storefront.|
|cart||Used in connection with shopping cart.|
|cart_sig||Used in connection with checkout.|
|cart_ts||Used in connection with checkout.|
|checkout_token||Used in connection with checkout.|
|secret||Used in connection with checkout.|
|secure_customer_sig||Used in connection with customer login.|
|storefront_digest||Used in connection with customer login.|
|_shopify_u||Used to facilitate updating customer account information.|
Reporting and Analytics
|_landing_page||Track landing pages|
|_orig_referrer||Track landing pages|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.|
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Should you have any query regarding your data, please contact Exaireo using the details at the top of this policy. If you are unhappy with our response, you can contact the UK Information Commissioners Office (ICO) which regulates Data Protection in the UK. Contact details can be found at www.ico.org.uk