Effective 25 May 2018
Who we are
West Cumbria Carers exists to improve the quality of life for Carers in West Cumbria by working to raise the profile of unpaid Carers in West Cumbria, encouraging a wider recognition of their contribution to society, and giving them information and support, which will assist them in their caring roles and enable them to fulfil their own needs as individuals.
We provide: Carers Assessments; information and signposting; one to one support; benefit information; newsletters, carers forums, including after-school clubs for Young Carers; social events, training and activities.
West Cumbria Carers (the Data Controller), is a Company Limited by Guarantee, registered in England & Wales company number: 6123034. West Cumbria Carers is also a registered Charity, number: 1119369
West Cumbria Carers registered offices are:
Unit 7F Lakeland Business Park
Cockermouth, CA13 0QT
What information do we collect from you?
We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with services you are seeking. If you request a service from us we may also request your preferences for receiving further marketing or promotional material.
How do we collect information from you ?
Should you choose to contact us using the contact/referral form on our contact us page or the email link on our webpage or register with us for the online “Caring with Confidence” course all traffic (transferral of files) between our website and your browser is encrypted and delivered over HTTPS.
If you submit a contact form, email or course registration via this website some personal information will be stored within this website’s database. This is currently the only occasion where personal data will be stored on this website.
This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is built on. In the near future we aim to change the storage of this data to a pseudonymous fashion, meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.
If you decide to proceed with our support, we will ask you to complete our ‘Consent to the Processing and Sharing of Information’ form which includes details of who you give consent for us to share information with.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computers IP address which could be used to personally identify you, but Google do not grant us access to this. We consider Google to be a third party data processor. Disabling cookies on your internet browser will stop GA from tracking your visit to pages within this website.
Why and how do we use your information?
To use your information lawfully, we rely on one the following legal basis:
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
We only pass on sensitive information if it is in your interests to do so and always with your consent (The only reason information will be passed on without your permission is if there is a legal requirement or duty to do so, or there is a risk of serious harm or threat to life)
We will never share your information with third parties for the purposes of marketing or fundraising.
You have the right to refuse sensitive information being shared with other organisations or individuals outside of West Cumbria Carers. However, if you do not give your consent this may affect the level of support we are able to give you. You may change your consent preference or withdraw your consent for us to process or share your information at any time by informing us you wish to do so.
How do we store your information ?
We protect your information with security measures compliant with GDPR. We keep our computers, files and office secure. When you contact us, we may ask you to identify yourself. This is to help protect your information.
How can I access the information you hold about me ?
You have the right to access, rectify, erase, restrict & object to processing of your data, as recorded on the Consent to the Processing and Sharing of Information’ at any time; we will act on your request to ‘access’ within 30 days and without undue delay for other requests.
You also have the right to receive your personal data which you have provided to us in a structured, commonly used and machine readable format and have the right to ask for that to be transmitted to another data controller directly by us where technically feasible provided the conditions in Article 20 of the GDPR are satisfied. If you would like further information on your rights, please contact us.
What if I had a complaint ?
If you have a complaint about the use of your personal information please let us know, giving us the opportunity to put things right as quickly as possible. If you wish to make a complaint, you may do so in person, by telephone, in writing and by email to the Chief Officer / Chair of Trustees. Following your complaint, you will be provided with details of our Data Protection Complaints Procedure. We will act on your complaint within 30 days. You can contact the ICO (Information Commissioner’s Office) at www.ico.org.uk, or 0303 123 1113, directly with your complaint. Please be assured that all complaints received will be fully investigated and dealt with.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Updates to this policy
A bit more on legislation
We will always seek to comply with the GDPR in the way that it collects, processes, maintains, stores and disposes of data, ensuring it is:
• Processed lawfully, fairly, and in a transparent manner
• Collected for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary for the purpose for which the data is processed
• Accurate and where necessary kept up to date
• Not kept for longer than is absolutely necessary for its given purpose
• Subject to appropriate security to safeguard against unauthorised or unlawful use, destruction or damage
The organisation is also required to demonstrate how it is complying with it’s obligations under GDPR, by ensuring that the appropriate systems, controls and procedures are in place.
The organisation will seek to comply with the Caldicott Principles, which apply to regulated care and support services and govern the use and management of personal information that allows an individual to be identified. The organisation will:
• Be able to justify the purpose of how they use and manage such information
• Not use it unless it is necessary
• Use the minimum necessary amount of information
• Ensure it is accessed on a need to know basis
• Ensure those accessing such information are aware of their responsibilities
• Understand and comply with the law
• Be aware that the need to share information can be as important as the duty to protect an individual’s confidentiality
With regard to data protection and the processing of confidential information, the organisation will also, where applicable, seek to comply with:
About this website’s server
This website is hosted by UKFast, who operate UK data centres that are built on best-of-breed, enterprise-grade infrastructure and combine this technology with high levels of resilience, super-fast connectivity and exceptional levels of on-site and server security.
Their external Certifications include:
Protection of Hardware & Data includes:
Not only do we protect your data from threats, we continuously monitor and control all of our security and fire systems using a number of additional systems. These systems include: network connectivity and latency CCTV systems, cage and entry door access controls as well as the physical grounds, temperature, moisture and humidity levels in individual suites and power levels (down to individual power bars within racks). Also a permanently manned security presence at all of our data centres and use of multi-layered physical security including a secure perimeter and video surveillance.
Our third party data processor
We use one party to process personal data on our behalf. The party has been carefully chosen and complies with the legislation set out in section 2.0. Google is based in the USA and is EU-U.S Privacy Shield compliant.