Data Privacy & Protection
Data Privacy and Protection
The General Data Protection Regulation (GDPR) came into force on 25 May 2018. The Data Protection Act 2018 applies the same standards as the GDPR but amends it to better suit the requirements of the United Kingdom (UK). This privacy statement sets out how we use data and protect any information that you give us when you use this website. Registered charity No. 1186836
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain
information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
We may change this policy from time to time by updating this page.
Who we are
Our contact details are:
- Synergy East referral and support line: 0300 003 7777
- Email: hello@synergy-east.org.uk
Data Collection
Personal information submitted through this website is collected by Synergy East, a partnership of Rape
Crisis Centres in the East of England.
We collect data from:
- Our online referral forms
- From third parties who may refer you to our service for support
- Directly from you when you use our service
- Police, Crown Prosecution Service and HM Court service if you have reported an incident to police
The online referral form uses SSL to encrypt the form data so it cannot be intercepted in transit when it is posted to the database. It uses the same system as the banks for data encryption. The Padlock symbol can be seen in the top left of the browser to show it is secure. The data is then stored in an encrypted database on a UK based Microsoft Azure database.
What we collect
We may collect the following information:
- We may collect the following information:
- your name
- your contact details such as email address
- specific enquiry details that relate to experiences of sexual violence and sexual abuse
- your computer’s IP address
- date of birth
- sex
- race
- ethnic origin
- religious or philosophical beliefs
- health data
- sexual orientation
- gender reassignment
Why we collect this information
We process your information lawfully (GDPR Article 6). This information helps us to understand your needs and provide you with a service, in particular for the following reasons:
- to be able to respond to your contact, process your information and contact you (consent)
- to provide services tailored to your needs (legitimate interest)
- to meet the terms and conditions of our grants and contracts (contracts)
- to ensure that Synergy East complies with the law (legal obligations)
- to ensure those using our services are safe (vital interests)
How long we keep this information
All of the above information is kept on an encrypted secure system. It is pseudonymised after 5 years and anonymised after a further 2 years. If the data subject is a child the file will be kept until the child is 25 (this is seven years after they reach the school leaving age) (Information and Records Management Society (IRMS), 2016).
There are some circumstances where data can be held for longer:
- the records provide information about a data subjects personal history, which they might want to
access at a later date - records have been maintained for the purposes of research or statistical purposes within the public
interest - the information in the records is relevant to legal action that has been started but not finished
- the records have been archived for historical purposes (for example if the records are relevant to
legal proceedings involving the organisation or a data subject)
Data that is used to give examples of why our services are needed is always anonymised and not
identifiable to an individual client. In this form it is not classed as personal data.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or
disclosure we have put in place suitable procedures to safeguard and secure the information we collect
online.
Controlling your personal information
You may choose to restrict the collection or use of your personal information if you have previously supplied personal data, or if you have previously agreed to us processing your personal information.
We will not sell, distribute or lease your personal information to third parties.
Under the GDPR (the UK GDPR & the Data Protection Act) you have a number of specific rights with
regards to your personal information. These include:
Data Subject Rights
Right of access – if you want to know if we are storing or processing any personal data about you, you can contact us to find out. If this is the case, you may find out what purpose it is being stored for and request a copy of your data by contacting us. There is normally no charge for making a request, but if the number and frequency of requests is unreasonable, we may charge an admin fee.
Right to correction – if you believe that any information we are holding on you is incorrect or incomplete,
please contact us as soon as possible. We will promptly correct any information found to be incorrect.
Right to erasure – if you want us to remove your personal data from our records, you can request this by
contacting us. We will remove the data as far as it is practically within our power, and where we are not
legally obliged to retain it.
Right to object – if you no longer want us to process your data you can request this by contacting us
Data Sharing
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Cookies help us see understand visitors to our website by tracking how you use our website, in a way that doesn’t ever
identify you personally.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages are
useful and which are not. A cookie in no way gives us access to your computer or any information about
you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you
can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Who we share data with
You might sometimes ask us to share your data for the purpose of progressing an enquiry, we will always
check with you what type of information can be shared on each occasion, and some examples of when this might happen are:
You may have nominated our service as a single point of contact during a criminal justice process
as per the victim’s code 2020 (section 4.8)
- You may have instructed one of our advocates to assist you with communicating with a
homelessness service or benefits service - You have asked us to write to an employer or educational establishment
- You have agreed to take part in a research program e.g., completing questionnaires, taking part in a
focus group, part of government research into the delivery of specialist support services
There are certain circumstances when we are required to share data with others for example if a person is at risk of serious harm. We will always work with you around these types of information sharing unless by doing so it would place somebody at greater risk of harm. Some examples of times when we may share data:
- The individual has given ‘explicit consent’ to share information; or
- sharing information is necessary to establish, exercise or defend legal rights; or
- sharing information is necessary for the purpose of, or in connection with any legal proceedings; or
- sharing information is necessary to protect someone’s vital interests and the person to whom the
information relates cannot consent, is unreasonably withholding consent, or consent cannot
reasonably be obtained or - sharing information is necessary to perform a statutory function; or
- is in the substantial public interest and necessary to prevent or detect a crime and consent would
prejudice that purpose; or - processing is necessary for medical purposes and is undertaken by a health professional; or
- processing is necessary for the exercise of any functions conferred on a constable by any rule of
law
Here are some examples of who we may share information within some circumstances:
- Children’s safeguarding services
- Adults safeguarding services
- Criminal Justice agencies e.g., Police, The courts, Crown Prosecution service, probation services
- Mental Health services
- Medical & forensic services
- Housing & Benefits services
- Local Authority
- Education Services
- Employment services
- Researchers (anonymised statistical data) e.g., universities
- Our funders e.g., Ministry of Justice, Big Lottery, Police & Crime Commissioner
How can I access my personal data?
If you want to know what personal data [we] have about you, you can ask [us] for details of that personal
data and for a copy of it (where any such personal data is held). This is known as a “subject access
request.”
We will respond to your subject access request within one calendar month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How to contact the Data Protection Officer (DPO)
If you wish to contact the DPO to discuss any of the above, please email hello@synergy-east.org.uk or
write to us at: Synergy East c/o SERICC The Hall West Street Grays Essex RM176LL.
International transfer
We do not transfer information outside of the UK
Right to complain
If you are unhappy with how we are managing your personal data, you can lodge a complaint with our
service in the first instance. You can also complain to the UK supervisory authority, the Information
Commissioner’s Office (ICO).
For a full explanation of your data rights, or in the event that you wish to lodge a complaint, please go to
www.ico.org.uk. The Information Commissioner’s Office (ICO) is the data privacy supervisory authority in
the UK
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to
leave our site, you should note that we do not have any control over that other website. Therefore, we
cannot be responsible for the protection and privacy of any information which you provide whilst visiting
such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.