St Giles Trust, helping disadvantaged people. We work in prisons and communities across the UK. We are a registered charity (no. 801355). Our registered address is Georgian House, 64-68 Camberwell Church Street London SE5 8JB. We act as the ‘Data Controller’ for personal data we collect on our own behalf and are registered with the Information Commissioner’s Office, our registration number is Z5400841. We also act as the ‘Date Processer’ to deliver some services to our Clients. If you have any questions about this statement or our privacy practices send an email to email@example.com, or write to us at our registered address or call 020 7708 8000.
How do we collect personal data
We obtain personal data in electronic or paper form you when you:
- use our websites – IP address, browser and other details of the devices you use
- want to use our Peer Assist service, or other services we provide (be one of our Clients) – name, contact details and other details you provide so we can help you
- make a donation – name, contact details and credit card details (St Giles Trust cannot access credit card details of online donations)
- attend an event we organise – name and contact details. We may take photos at events that we will then use in newsletters and other publicity materials
- work for us as a member of staff or volunteer – name, contact details, bank account (if we pay you), NI number, work history and other personal details required and so we can meet legal obligations, e.g. health and racial or ethnic origin (for monitoring purposes)
- provide us with services – name, contact details and bank account
- are a customer – name and contact details
- are a Trustee – name and contact details
- visit our offices – CCTV for Camberwell Road office
Individuals have the following rights over their personal data:
- to receive a copy, and information about its use
- to have it corrected
- to have it erased when we have no lawful basis
- to continue processing it
- to restrict its use
- data portability - to receive a copy of information you have provided to us in electronic format (where processing is done under Consent or Performance of a Contract)
- to object to its use (where processing is done under Legitimate Interest)
- to object to automated decision-making and profiling
Please use the contact details at the top of this statement if you want to exercise any of your rights. We consider each request in accordance with all applicable data protection laws and regulations and may ask you to provide proof of your identity before taking any actions. You can also register a complaint with the Information Commissioner’s Office
Using our websites
Our websites can contain links to other websites run by other organisations. This statement just applies to our website‚ we encourage you to read privacy statements on other websites. When someone visits the sites we use a third party service, Google Analytics, to give us information about the number of visitors and visitor behaviour patterns; this information does not identify individuals, see Cookies for more details.Our websites are hosted by third parties in the UK. When you go to a page it ‘logs’ details of when you visited, your IP address, page(s) accessed, where you came from (e.g. a link from another website), and your browser and operating system. This is standard practice for all websites. This allows us to investigate issues if the website is not functioning correctly. We do not permit anyone to identify an individual from these details.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in a newsletter email, or by contacting us. We collect information on the subscribers (email address) that open emails, when they were opened, which links were clicked, and the geographical location the clicks came from to help us ensure the content of the newsletter is geographically relevant to all our subscribers. This information is used to help us make decisions about the content of future e-newsletters.
Online donations via our website
We use a third party Enthuse to host our secure online donation facility. For more information, please read the Enthuse privacy notice. Donor details are stored securely on Enthuse. We use these details solely for the purpose of downloading remittance advice on the donations received to us via Enthuse and do not access, store or use personal details of anyone who has donated to us online.
St Giles Trust and teams within St Giles Trust have platforms on Twitter, Facebook, LinkedIn, Instagram and YouTube. Please visit these sites for more information on their privacy policies and practices. All social media interactions are managed in house by St Giles Trust and not by third parties.
Facebook campaigns – on occasion, St Giles Trust may run Facebook campaigns to help encourage support for its work. People wishing to donate to us through these campaigns are directed to our Enthuse online donation function. See paragraph above for more information on how data relating to these is processed.
When you use our services
We use the personal data you provide so we can help you. We will ask for your Consent to share details with other partners or agencies that may be able to provide services; these agencies may include housing, social services, substance misuse, benefits & employment agencies.
When you apply for a job or to volunteer
Any information you provide, e.g. a CV, will only be used for the purpose of progressing your application. We use the contact details you provide to give updates on your application. We will use the other information you provide to assess your suitability for the role you have applied for during shortlisting and, if applicable, interviews. During the offer process we ask for equal opportunities information (so we can produce and monitor equal opportunities statistics) and details of referees that we will then contact. New starters are asked to provide bank details (so we can pay you), emergency contact details (so we know who to contact if you have an emergency at work). We are required to confirm the identity of our staff and contractors their right to work in the UK by asking you to provide proof of identity. We may ask you to complete a questionnaire about your health to establish your fitness to work; we share personal data to perform health checks with suppliers of these services. We may need to perform a Disclosure and Barring Service (DBS) check if the role involves working with vulnerable groups of people; we share personal data to perform DBS checks with suppliers of these services. We need to share some details with our payroll and pension providers, and our bank, to the extent that we can pay you and into your pension. We use a secure online HR system to hold HR data.
How do we keep personal data secure
Our websites use secure (“HTTPS”) connections to protect data. However, as is the case with all websites, we are not able to guarantee security for data collected through our sites. We have physical, technical and administrative controls in place to protect personal data from unauthorised access, use and disclosure. We evaluate these safeguards on an ongoing basis to minimise risks from new security threats as they become known. We use carefully selected partners to provide us with services including the support of IT and computer systems. Our contractual terms with these suppliers include confidentiality clauses to respect the privacy of any personal data they come into contact with as a result of performing their tasks.
More information on sharing personal data
We will share personal data is there if a legal obligation or duty to do this, e.g. for fraud protection or to enforce or apply our contractual terms. We process personal data in these circumstances on the basis on Legitimate Interest for preventing crime or suspected criminal activity, or enforcing our terms.
Any information we take from you via phone/online/ livechat/letter is only used to help you with your query, it will only be used to contact you in relation to your query and for no other reason. The same applies to any feedback we receive. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we use a password protected CRM system to safeguard and secure the information we collect from you. All staff and volunteers in Pee Assist who may handle personal data are given induction appropriate to their role and training in the systems and policies of St Giles Trust, including periodic refresher training and reminders. Calls are recorded on an internal server purely for training purposes and are deleted after 6 months. Our CRM is cloud based and the data is all held within the EU.