Data Policy

Who we are:

Here at Calling For Help we are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a "data controller" for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016 ("Data Protection Law"). This means that we are responsible for the processing of your personal information.

For further information about our privacy practices, please contact our Data Protection Officer by:

  • Writing to: Calling For Help, Turcan Connell, Princes Exchange, 1 Earl Grey St, Edinburgh, EH3 9EE.

  • Emailing to hello@callingforhelp.org

Calling For Help (the charity) needs to retain data and/or documents for a number of reasons including but not limited to:

• Operational purposes
• To demonstrate compliance with the law
• To report on our charitable activities and review our charitable spending
• For safeguarding purposes

1.Where do we obtain your information?

In most cases we will obtain this information from you directly when you contact us, via email, contact form, or other channel of communication.

Everything we do, we do to ensure that we can help people with a disability get both support and respect. We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to make sure you receive the best support if you apply for a grant or make a donation.

We will collect information about you if you are an employee, volunteer, supplier, or partner. We will obtain information from grant applicants in the process of their application and from correspondence in the course of our dealings with them in relation to our grant support activities.

We collect information from you in the following ways:

When you interact with us directly: This could be if you ask us about our activities, register with us for information, make a donation to us, ask a question about disabilities or refugees, purchase something, complete a survey providing feedback on our services, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you visit our website, email directly or via a contact form, or get in touch via social media.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use "cookies" to help our site run effectively. For more information you can read our cookie policy here.

We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third party subscription services or service providers (we have provided further details about this below – see 'Profiling: Making our work unique to you').

2. Information we collect and why we use it:

Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and (if you are applying for a grant of a phone top-up), as well as information you provide in any communications between us. Information you provide whilst making a donation is processed by our third-party donor portal “FundraiseUp”, we have no access to your financial detail such as card number or bank account. You can read the terms from FundraiseUp here. Whilst making a donation we will collect information you provide to us such as your name, email, phone number.

We will mainly use this information:

  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.

  • To provide the services or goods that you have requested.

  • To update you with important administrative messages about your donation, an event or services or goods you have requested.

  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of Scottish charities, the Scottish Charity Regulator (OSCR) which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.

  • To keep a record of your relationship with us.

  • Where you volunteer with us, to administer the volunteering arrangement.

If you do not provide this information, we will not be able to process your grant application or donation or provide goods and services you have requested.

We may also use your personal information:

  • To contact you about our work and how you can support Calling For Help.

  • To invite you to participate in surveys or research.

  • To stay in contact with you if you receive a grant and understand what help you need.

  • To safeguard you by connecting you with other charities if we believe you are at risk.

Sensitive Personal Information

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person's health, disability, race, ethnic origin, sex life, or sexual orientation..

If you apply for a grant we will collect sensitive health information from you during the application process. This information is designed to be stored anonymously once collected and is based on the Washington Group’s disability survey to provide statistics on disability. If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy. This information is used in aggregate anonymously to help us better understand the needs of people with disabilities who have been displaced.

We will not pass any identifiable details to anyone else without your explicit consent except in exceptional circumstances. Examples of this might include anyone we believe is at heightened risk or in immediate such as women or children contacting us and sharing serious issues such as physical abuse or exploitation. In these cases we will only share your information with trusted charities and humanitarian agencies in your area we believe will be able to help or protect you, and will only share enough information for them to find and identify you. We follow guidelines created by the UNHCR which you can read here.

3. Processing Conditions

We process the personal data referred to above for the purposes of any contract or potential contract with our employees, our trustees, volunteers, suppliers, assessors and grant applicants and recipients; or for our legitimate interests in order to function effectively as an organisation, ensure good governance, for audit purposes, to train our staff and volunteers, to perform our business and grant support activities; and to enable us to meet our legal obligations that we may be subject to as an employer, and as a registered charity.

We will process any information about our trustees or volunteers’ health or whether they have had an accident at work for the purposes of preventive or occupational medicine or for an assessment of their working capacity, subject to appropriate confidentiality protections.  We may also process it to carry out our legal obligations, for equal opportunities monitoring or to establish, exercise or defend any legal claims.

We may process information about grant recipients’ or beneficiaries’ personal circumstances or their photographs for our case studies to promote and perform our business and grant support activities.  Permission will be explicitly requested to process information for this purpose. Individuals can request that other information relating to them not to be published in this manner and we will deal with such requests in accordance with the law.

4. Who do we share your information with?

Where you have communicated with us, we will not share or sell your details (such as email address etc.) with third-parties.

The information you provide to us may be accessed by our staff, our Trustees, third party assessors, auditors, our professional advisors and carefully selected third parties in the course of providing services to us (such as payroll services) under suitable obligations of confidentiality.

We may publish some personal details of grant recipients as examples of the charity’s work, the needs of refugees with disabilities and for marketing and promotional purposes. Permission will be explicitly requested to process information for this purpose. Individuals can request that other information relating to them not to be published in this manner and we will deal with such requests in accordance with the law.

We may also use processed anonymized information and data from grant applications in aggregate, where personally identifiable information is removed, for marketing and strategic development to improve and support our activities in support of people and refugees with disabilities.

5.Security and Storage

We maintain an overview of which personal data we have stored and where it is kept. Data relating to individuals and The Charity’s operations may be stored on a variety of services and devices, including but not limited to:

• Email accounts
• Chat messages
• Social Media messages
• SMS messages
• Online storage facilities
• Spreadsheets and databases
• Devices such as phones, tablets, laptops, and hard-drives.

We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.

Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to us and any transmission is at your own risk.

6.The period for which the personal data will be processed.

We will retain personal data securely and only in line with how long it is necessary to keep for the purposes or for a legitimate and lawful reason.

Our typical retention periods are as follows:

Accident or Incident forms: Lifetime of the data subject.

Trustee / Volunteer personnel documents: Deleted 7 years after the appointment ends.

Job / volunteer applicants (unsuccessful): Deleted 6 months after the post applied for closing date (or 6 months for speculative applications)

Grant applicants data (unsuccessful): Deleted 1 years after the application denial date: identifying photos, identity documents, chat transcripts, emails
Archived 1 year after application denial date: full name, phone numbers, phone network, phone IMEI, social profile URLs, location.

Successful grant recipients data: Deleted 1 years after the final awarding of a grant: identifying photos, identity documents, chat transcripts, emails.
Archived 1 year after the final awarding of a grant: full name, phone numbers, phone network, phone IMEI, social profile URLs, location.

Trustee register of interests: 7 years after appointment ends

Full name of grant applicants:

Photographs and case studies: In accordance with image rights agreements.

Name and details submitted by donors: Indefinitely

Some personal data may be retained for longer where it is in our legitimate interest to do so, such as to protect and defend our legal rights; or for research, archiving or statistical purposes.  Individuals can request that other information relating to them be erased and we will deal with such requests in accordance with the law.

7. Transfers outside the European Economic Area:

We, or carefully selected third parties that we contract with, may send personal data to countries outside the European Economic Area (‘EEA’). If and when this occurs, there will be protections in place to ensure the recipient protects the data to the same standard as the EEA.

The protections include:

Transferring to a non-EEA country with privacy laws that give the same protection as the EEA.

Putting in place a contract with the recipient that means they must protect personal data to the same standards as the EEA.

Transfer personal data to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for personal data sent between the US and EU countries which makes sure standards are similar to what is used within the EEA.

8.Data subject’s rights:

As an individual, you have the following rights as a data subject under applicable Data Protection Laws in relation to the processing of your personal data:

The right to request from us access to information held about you.

The right to request that inaccurate data held about you is rectified.

The right to request the erasure of personal data.

The right to restriction of processing.

The right to object to processing.

The right to data portability.

For more information and guidance about any of these rights please go to the website of the Information Commissioner’s Office at https://ico.org.uk/.

9.Legal Requirements

There are Legal requirements that apply to the rentention of data and records such as:

• The General Data Protection Regulation May 2018
• The Limitation Act 1980
• The Human Rights Act 1998
• The Equality Act 2010

In the absence of any legal requirements, personal data may only be retained for as long as necessary for the purpose of processing. Exceptions may apply to the
processing for historical, statistical or scientific purposes. After the end of a retention period of personal data, the information may not have to be completely erased if the
data is anonymised.

10.Complaints

If you think there is an issue in the way in which we handle your personal data, you have a right to raise a complaint with the Information Commissioner’s Office. Their website contains details of how to make a complaint: https://ico.org.uk/

Changes to this Privacy & Fair Processing Notice

We keep our Privacy & Fair Processing Notice under regular review and reserve the right to update and amend it.  This notice was last updated on 13/2/2022

Further information

For further information about the proposed data sharing set out in this notice, or about any aspect of The Charity’s processing of your personal data, please contact us and we will reply within 5 days.