We collect and handle personal data and information with respect and sensitivity
Only essential data is held, and we always follow the law when we collect, use, store, and share your data.
You have a legal right to be informed about how Threshold uses any personal information that we hold about you. This privacy notice explains how we collect, store, and use personal data about you.
Threshold is the ‘data controller’ for the purposes of data protection law. Our Data Protection Officer (DPO) is Ben Harman (see ‘Contact’ below).
The personal data we hold about you
We hold some personal information about you to make sure we can support you.
For the same reasons, we get information about you from some other places too – like Swindon Borough Council, and other voluntary and public sector organisations.
This information includes but is not limited to:
Why we use this data
We use this data to help run Threshold including to:
- get in touch with you when we need to
- check how you’re doing in your recovery or your progress towards independence, and whether you need any extra support
- track how well Threshold is performing
- look after your wellbeing
Our lawful basis for processing your data
We respect your personal data and process information that you share with us in order to appropriately support you. Processing your information is necessary not only to support your progression and development with us but it is necessary for compliance with our legal obligations.
Processing is necessary to protect your vital interests and those with whom we work.
We process personal information for the purposes of legitimate interests. This processing enables us to enhance, modify, personalise or otherwise improve our services and communications with you and to identify and prevent fraud.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing your information are:
- you have given us permission to use it in a certain way (Article 6(1)(a) of UK GDPR)
- we need to comply with the law (Article 6(1)(c) of UK GDPR)
- we need to use it to carry out a task in the public interest (Article 6(1)(e) of UK GDPR)
Sometimes, we may also use your personal information where:
- we need to protect your interests (or someone else’s interest) e.g., in a life-or-death situation (Article 6(1)(d) of UK GDPR)
We may also collect and use information about your health or other protected characteristics such as your religion or ethnicity. These are special categories of personal information, and we will only collect and use it when it is necessary for public health, e.g., protecting against serious threats to health. The legal basis here is Article 9(2)(i) of UK GDPR.
Where we have got permission to use your data, you may withdraw this at any time. We will make this clear when we ask for permission and explain how to go about withdrawing consent.
Some of the reasons listed above for collecting and using your information overlap, and there may be several grounds which mean we can use your data.
Collecting this information
While in most cases you must provide the personal information we need to collect, there are some occasions when you can choose whether or not to provide the data. We will always tell you if it’s optional. If you must provide the data, we will explain what might happen if you don’t.
Data sharing
We do not share personal information about you with anyone outside of Threshold without permission from you, unless the law and our policies allow us to do so.
Where it is legally required, or necessary for another reason allowed under data protection law, we may share personal information about you with:
| Who we share with | Why we share |
| Local Authorities | To meet our legal duties to share certain information with it, such as concerns about your safety |
| Your family | Only with your consent, or in exceptional situations, such as where you lack capacity and your or others' health and wellbeing is under serious risk |
| Police forces, courts, tribunals and security services | As we are required to by law |
| Health and social welfare organisations | Such as the Adult Social Care or mental health services to help look after your health and wellbeing |
| Our payment service providers | So that you can pay for your service charges |
| InForm CRM | To allow us to keep case notes of key working sessions |
| To manage and claim housing benefit |
International transfers of personal data
We have audited where we store all the personal data processed in Threshold and by third party services. If a third-party service stores data in the EU or US, we have ensured that safeguards such as standard contractual clauses are in place to allow the safe flow of data to and from Threshold.
Our data retention periods
We will keep personal information about you while you are a service user at Threshold. We may also keep it after you have left Threshold, where we are required to by law.
Our record retention schedule/records management policy is based on the Information and Records Management Society’s toolkit and sets out how long we keep information about service users.
Personal data processed for any purpose shall not be kept for longer than is necessary for a particular purpose or purposes.
How to access personal information we hold about you
You can find out if we hold any personal information about you, and how we use it, by making a ‘subject access request’.
If we do hold information about you, we will:
Your other rights over your data
You have other rights over how your personal data is used and kept safe, including the right to:
- say that you don’t want it to be used if this would cause, or is causing, harm or distress
- stop it being used to send you marketing materials
- say that you don’t want it used to make automated decisions (decisions made by a computer or machine, rather than by a person)
- have it corrected, deleted or destroyed if it is wrong, or restrict our use of it
- claim compensation if the data protection rules are broken and this harms you in some way
- let you know if we are using your data to make any automated decisions (decisions being taken by a computer or machine, rather than by a person)
You may also ask us to send your personal information to another organisation electronically in certain circumstances. If you want to make a request, please contact our Data Protection Officer (see ‘Contact’).
Complaints
We take any complaints about how we collect and use your personal data very seriously, so please let us know if you think we’ve done something wrong.
You can make a complaint at any time by contacting our Data Protection Officer by emailing ben.harman@thl.org.uk
If you have a concern about how you think we are handling your data, you can also report it to the ICO. You can also complain to the Information Commissioner’s Office in one of the following ways:
You can find guidance on your obligations under information rights legislation on the ICO’s website (www.ico.org.uk)
Contact
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our Data Protection Officer: ben.harman@thl.org.uk
