We take the safeguarding of personal data very seriously
Homeless Link (“we”, “us” or “Homeless Link”) is a company limited by guarantee with company number 04313826 and a registered charity with charity number 1089173. We are listed on the Information Commissioner’s Office (“ICO”) register of data controllers with registration number Z7398932.
1. General
1.1 This Privacy and Data Protection Policy is designed to tell you how and why we collect and use personal information about you, including:
1.1.1 any personal information in our manual filing systems; and
1.1.2 information that may be provided when you access or use any of our websites such as www.homeless.org.uk, or www.streetlink.org.uk (“Website”) or when you access or use information and services provided by us using a mobile or online application (“Application”) or any other digital product we provide or collected through other means such as an online form, email, or telephone communication.
1.2 Websites, Applications and other services offered by Homeless Link through electronic means will collectively be referred to as “Services” in this policy.
1.3 By using any Services we offer, you are agreeing to be bound by this Privacy and Data Protection Policy.
2. Ways that we collect personal information
2.1 We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
2.1.1 Certain information required to use our Services;
2.1.2 Information provided to register or subscribe to our Services;
2.1.3 Information provided in order to apply for or renew membership of Homeless Link;
2.1.4 Information provided if you sign up for information, newsletters or other updates;
2.1.5 Information provided in connection with orders you place through the site for paid-for content;
2.1.6 Information provided in connection with booking places for events or meetings with the Site;
2.1.7 Details of the Services you access;
2.1.8 A record of any correspondence between you and us;
2.1.9 Your replies to any surveys or questionnaires that we may use for research purposes;
2.1.10 Payment information we may use to collect payment for events, training goods, job advertising membership subscriptions or otherwise;
2.1.11 Information we may require from you when you report a problem or complaint.
2.2 You do not have to supply any personal information to us but you may not be able to book a training course or attend an event without doing so. You may withdraw our authority to process your personal data (or request that we restrict our processing – see section 6) at any time but our Services may not be fully operable should you do so.
2.3 An Internet Protocol (IP) address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. We use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our site, and to administer and improve the site.
3. How we use personal information
3.1 We may use your personal information to:
3.1.1 Provide or deliver services to you;
3.1.2 Provide or deliver services to third parties including homeless individuals and the organisations which provide services to the homeless;
3.1.3 Deliver and despatch content to you;
3.1.4 Assist in the administration of your registration;
3.1.5 Assist in the administration of your membership of Homeless Link;
3.1.6 Assist in making general improvements to our materials and services;
3.1.7 Carry out and administer any obligations arising from any agreements entered into between you and us;
3.1.8 Contact you and notify you about changes to our services or bookings or the services we offer but only where we have a legal basis for doing this;
3.1.9 Analyse how our services are used.
4. Basis on which we process personal data
4.1 Personal data we hold about you will be processed for one or more of the following reasons:
4.1.1 you have consented to the processing for the specific purposes described in this notice;
4.1.2 the processing is necessary in order for us to comply with our obligations under a contract between you and us, or because you have asked us to take specific steps before entering into a contract with you;
4.1.3 the processing is necessary for us to comply with a legal obligation;
4.1.4 the processing is necessary for our legitimate interests (or the legitimate interests of a third party) unless your interests in data privacy and security override our legitimate interests.
4.2 We do not normally collect special category or sensitive personal data. In the event you provide us with any special category or sensitive personal data, we will take extra care to ensure your rights are protected, in accordance with applicable data protection laws.
5. Sharing your information
5.1 We do not disclose any personal information you provide to any third parties except:
5.1.1 where you instruct us to share your personal information with a third party, you authorise us to deliver that content via email, SMS or other electronic messaging or communication system;
5.1.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
5.1.3 in order to enforce any terms and conditions or agreements for our Services that may apply;
5.1.4 we may transfer your personal information to a third party as part of a transfer of some or all of our organisation and assets to any third party or as part of any restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
5.1.5 to protect the rights, property, or safety of Homeless Link, our users and contributors or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5.2 Please note that certain of our Services allow for the location of rough sleepers to be notified to appropriate organisations and local government agencies. If you notify us of the location of a rough sleeper you agree that we may notify relevant organisations and agencies. This information will not include names or other personally identifiable information.
5.3 Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so.
5.4 When we share personal information with a third party, we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this Policy.
6. Privacy rights
6.1 The GDPR gives you the following rights in respect of personal data we hold about you:
Right of access
You can make a Subject Access Request (“SAR”) to request information about the personal data we hold about you (free of charge, save for reasonable expenses for repeat requests).
Right to rectification
Please let us know if the information we hold about you is incomplete or inaccurate and we will update our records as soon as possible, but in any event within one month.
We will take reasonable steps to communicate the change to any third parties to whom we have passed the information.
Right to erasure
Please tell us if you no longer wish us to hold personal data about you. Please note, it is not possible to provide all our Services without holding your personal data.
Unless we have reasonable grounds to refuse your request, we will securely delete your personal data within one month. The data may continue to exist in backup, but we will take steps to ensure that it will not be accessible.
We will communicate the erasure to any third parties to whom we have passed the information.
Right to restrict processing
You can request that we no longer process your personal data in certain ways. Please note, we will not automatically delete your data if you exercise your right to restrict processing.
Right to data portability
You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know what format suits you). You may also ask us to transfer your personal data to a third party (where feasible).
Right to object
You can object to us using your personal data for direct marketing purposes (including profiling), for research or statistical purposes, and/or for processing based on legitimate interests or the performance of a task in the public interest. We may refuse your request if we have compelling legitimate grounds for the processing, which override your interests, rights and freedoms.
Rights with respect to automated decision-making and profiling
You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.
Right to withdraw consent
If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time.
6.2 All requests or notifications in respect of the above rights must be sent to us in writing by completing the Privacy rights request form below. If you have any questions regarding the form or need help completing it, please contact Matt Harrison.
6.3 We will endeavour to comply with such requests as soon as possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
7. Data Retention
7.1 Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you in accordance with the following:
Category of personal data and Length of retention
Records relevant for tax purposes
8 years from the end of the tax year to which the records relate
Personal data processed in relation to a contract between you and us
7 years from either the end of the contract or the date you last used our Service, being the length of time following a breach of contract in which you are entitled to make a legal claim
Personal data held on marketing or business development records
3 years from the last date on which you have interacted with us
7.2 For any category of personal data not specifically referred to in this Policy, and unless otherwise required by law, our data retention period will be 7 years from the date we receive the data.
7.3 The retention periods in this Policy can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
7.4 We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that data we are holding are no longer necessary or accurate, we will take reasonable steps to correct or delete the data.
7.5 If you wish to request that data we hold about you is amended or deleted, please refer to clause6 above, which explains your privacy rights and your right to request access.
8. Other websites
8.1 Our Services may contain links and references to other third party websites and applications. Please be aware that this Privacy Policy does not apply to those websites.
8.2 We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via our Services. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
8.3 In addition, if you came to our Services via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
9. Transferring your information outside of Europe
9.1 As part of the services offered to you the information you provide to us may be transferred to, and stored at, countries outside of the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU or one of our service providers is located in a country outside of the EU. We may also share information with other equivalent national bodies, which may be located in countries worldwide. These countries may not have similar data protection laws to the UK.
9.2 If we transfer your information outside of the EU in this way, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy. If you would like to obtain details of the safeguards we have put in place then please contact us via Matt Harrison.
9.3 If you use our Site while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
9.4 By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
10. Children
10.1 Our Services are not intended for and should not be accessed by individuals under 13. Our policy is not to intentionally or knowingly collect, process, maintain or use personal information from any individual under the age of 13.
11. Notification of changes to our Privacy Policy
We will post details of any changes to our Privacy Policy on our Services to help ensure you are always aware of the information we collect, how we use it, and in what circumstances if any, we share it with other parties.
12. Contact us
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to the way we use your personal information, you can do so by way of our contact page.
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.
Privacy rights request form
In line with clause 6) of our Privacy policy, the GDPR gives you the right to request access to the personal data we hold about you. To make a subject access request, please complete the following form. If you have any questions regarding the form or need help completing it, please contact our data protection lead who is our Deputy CEO, Matt Harrison.