Bridge 86 Limited Privacy Policy 24th January 2024

Bridge understands that your privacy is important to you and that you care about how your personal data is used and shared online.

We are regulated by the Charity Commission and the ICO.

Our contact details

Name: Bridge 86 LIMITED

Address: Deepdene House, 30b Bellegrove Rd, Welling DA16 3PY

Phone Number: 020 8298 9677

E-mail: info@bridgesupport.org

Introduction

  • Bridge treats the privacy of our service users’ personal data seriously. This notice identifies for you some key information about data processing and sets out the type of data we collect from you, why we collect it and how we manage it.  Managing data includes identifying the lawful basis for processing data, as well as how we gather, store, process, share, protect and ultimately destroy data.
  • Our responsibilities relating to data processing are set out by the General Data Protection Regulations (GDPR) and Data Protection Act (2018).  In line with these provisions, data processing is overseen by our designated Data Protection Officer (DPO) whose principle duties are to inform, advise and monitor Bridge’s compliance with the GDPR.

  • This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

 

  • 2.     What is Personal and Sensitive Data?

    Personal data means any information that may be used to identify you on its own or when combined with other information, will enable identification. Sensitive data is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation. We may collect, use, store and transfer different kinds of personal and sensitive data about you which we have grouped together as follows:

    a.          Identity Data includes first name, last name, username or similar identifier, date of birth and gender and NHS number.
    b.          Contact Data includes your address, phone number and email address.
    c.          Health Data includes any information about your physical or mental health from how you use our Services.
    d.          Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our services available online.
    e.           Usage Data includes information about how you use our services.

  • Depending upon your use of Our Site, We may collect some or all of the following personal and non-personal data

    1) name;

    2) date of birth;

    3) gender;

    4) business/company name

    5) job title;

    6) profession;

    7) contact information such as email addresses and telephone numbers;

    8) demographic information such as post code, preferences, and interests;

    9) financial information such as credit / debit card numbers;

    10) IP address;

    11) web browser type and version;

    12) operating system;

    13) a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to

 

  • 3.     Why do we ask for your data?

    Your personal data is required to effectively assess you for the appropriate options and support you. In addition key data may be used to support our safeguarding / risk responsibilities and other statutory obligations. We also require your data to measure the effectiveness of the services we provide and how they can be improved. This uses aggregated statistics which do not identify you.

    4.     How do we obtain your data?

    We use different methods to collect data from and about you, including through:

    a.         Direct interactions: You may give us any of the categories of data identified in section 2 by filling in forms or by corresponding with us by, phone, email or otherwise. 
    b.         Automated technologies or interactions: As you interact with our services online, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
    c.         Third Parties: We may receive your personal data from third parties who are referring you to our services. This is typically performed with your explicit consent but could be because there is a legal obligation that applies to the third party.

    5.     What do we do with your data?

    All of the data gathered is processed to effectively assess you for our services and treat you accordingly.  Our lawful reasons for processing data are detailed in the table below along with the type of data. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. 

 

Purpose/Activity

Type of Data

Lawful basis for processing including basis of legitimate interest

To register you as a new service user

(a) Identity
(b) Contact

Necessary for our legitimate interest (to provide our services to you)

To process and deliver your request for our services.

(a) Identity
(b) Contact
(c) Health 

a)      Necessary for our legitimate interests (to provide our services to you)
b)      The processing is necessary for medical purposes, and is undertaken

by a health professional or by someone who is subject to an equivalent duty of confidentiality

To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy

(a) Identity
(b) Contact
(c) Profile

a)      Necessary to comply with a legal obligation
b)      Necessary for our legitimate interests

(to keep our records updated and to study how service users use our services)

To refer you to external organisations for additional services relevant to achieve your care goals

(a) Identity
(b) Contact
(c) Health

a)      You have given clear consent
b)      The processing is necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality

To include your attributable information in data returns to organisation like NHS and Department of Health to aid in the production of statistics for performance management and service improvement purposes

(a) Identity
(b) Health

a)      You have given clear consent
b)      Necessary to comply with a legal obligation

To comply with Information Sharing Agreements where the service is a member which can be for the purpose of Safeguarding, Anti-social behaviour, Criminal Justice orders, etc.

(a) Identity
(b) Contact
(c) Usage

a)      You have given clear consent              
b)      Necessary in order to protect the vital interests

To administer and protect our business and online services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical

a)      Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
b)      Necessary to comply with a legal obligation

To use data analytics to improve our services, relationships and experiences

(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of service users for our services, to keep our services updated and relevant, to develop our business)

We may use your data for the following purposes:

2.1) Providing and managing your access to Our Site;

2.2) Personalising and tailoring your experience on Our Site;

2.5) Replying to emails from you;

2.6) Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by either clicking on the ‘email preferences’ link in the email footer to manage your preferences, or unsubscribe from all emails by clicking on the ‘unsubscribe from all future emails’ in the email footer;

2.7)Market research;

2.8) With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email, telephone, text message or post with information, news and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR

2.9) You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.

We also collect, use and share aggregated data such as statistical or demographic data for performance monitoring purposes. This is not considered personal data in law as this data does not directly or indirectly reveal your identity.

We will not use the personal data you give us or which we collect from you, for marketing purposes without your consent. We will only use your contact details to correspond with you about your treatment and appointment.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

  1.    Sharing your data

Data is shared within the organisation as part of our lawful basis to process and is only shared relevant to the processing requirement. We will not share data with third parties unless there is a lawful / regulatory / legal / contractual requirement or where you have given clear consent. We will aspire to share the minimum amount of data necessary for the purpose and restrict the use of data that directly or indirectly reveals your identify. This can include anonymising your data or producing aggregated statistics or demographic information.

Examples of where we share such information in line with the above include:

  1. Contractual reporting
  2. Health and Social Care Datasets
  3. A referral made on your behalf with your clear consent
  4. A referral made for medical purposes including to protect your vital interests.

We do not transfer any of your personal data outside of the European Economic Area.

Examples of third parties include but are not restricted to Local Authorities, Clinical Commissioning Groups (CCGs), Public Health England (PHE), NHS Digital, Housing Associations, Hospital units, etc.

  • Retaining your data

    The length of time we will retain your information depends on who you are and the type of information. In general we will retain the information you provide for the purposes set out in this notice for a period 8 years after the last contact with you. The circumstance where this may be different includes if you are subject to the Mental Health Act. For a full description of how long we retain data for please request our Data Retention policy.

    Privacy Notice – Data Subject Rights
     
    The following information is intended to help you understand you rights in relation to personal and sensitive data as provided by either the Data Protection Act (2018) or the General Data Protection Regulation 2016.
     
    The right to be informed: This relates to what information we are required to provide you about data processing.  This Privacy Notice and the wider Bridge Privacy represents the way in which we inform you of this information.

    Right of access: You (i.e. the data subject) have the right to access particular personal and sensitive information that we hold about you.     This is known as a Subject Access Request.  We shall respond promptly (usually within one month from the point of receiving the request and all necessary information from you).  This provision is usually free of charge.  However we retain the right to charge a reasonable fee when we believe a request is unfounded, excessive or repetitive.  Further information is contained in our found in our Information Governance Policy (Personal Information Procedure).

    Right to rectification: You have the right to obtain from us, without undue delay, the rectification of inaccurate or incomplete personal data that we hold concerning you.

    Right to erasure: You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.    We have the right to refuse to comply with a request for erasure and if this applies we will tell you the reason why.

    Right to restrict processing: Subject to exemptions, you shall have the right to restrict processing where:
    ·You contest the accuracy of the information we hold and it is restricted until the accuracy is verified,
    ·You have objected to processing (where it is necessary for the performance of a public interest task / legitimate interest) and we are considering whether our grounds override your rights
    ·Processing is unlawful and you oppose erasure, requesting restriction instead,
    · We no longer need the data, but you require the data to establish, exercise or defend a legal claim.

    Right to Data Portability: This applies when processing is carried out in an automated way.   You shall have the right to receive the personal data you have provided to us in a structured, commonly used and machine readable format.   Where technically feasible, this right extends to us transmitting the data to another organisation at your request.  For data portability to apply, the processing of your data must relate to information that is either i) based on your consent or ii) processed for the performance of a contract.

    Right to Object: You have the right to object to processing on grounds relating to your personal circumstances.  This provision applies to the processing that is undertaken for legitimate interests / the performance of a task in the public interests (includes personal profiling) and processing for purposes of scientific / historical research and statistics.    In such cases we will stop processing  unless we can demonstrate i) compelling legitimate grounds which override your interests, rights and freedoms  ii) the processing is for the establishment , exercise or defense of legal claims.     This right extends to processing for the purposes of direct marketing (including profiling) which must be stopped outright.

    Right not to be subject to decisions based solely on automated processing:  We do not carry out any automated processing which may lead to automated decision making based on your personal data. 

    Information accuracy: We take all reasonable steps to ensure the accuracy of the personal/ sensitive data that we hold and provide.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint via Our Data Protection Officer Vicki Jones, who can be contacted by email at info@bridgesupport.org, by telephone on 0208 298 9677, or by post at Deepdene House, First Floor, 30b Bellegrove Road, Welling, Kent DA16 3PY.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk