How we use your information

How we use your information.

Data Privacy & Protection

Your data is important to you. It’s important to us too. The following page is for you to understand more about why, how, when and where we process, store or otherwise use your information. 

The short version

The All Call Signs Group (which we’ll refer to as ACS for the remainder of this page) is committed to only ever using your personal data for the purposes it was intended. We’ll never sell your data or share it with third parties without your express permission and a legitimate business reason to do so. You have the right to request a copy of the personal data we hold about you, the right to correct data you believe to be incorrect, object to your data being used in a way you’re not comfortable with or request the deletion of your data. A full list of your rights regarding your personal data is included at the bottom of this page.

 

Data Protection Principles

  1. ACS is committed to processing data in accordance with its responsibilities  under current legislation.  
  2. Personal data shall be: 
  3. processed lawfully, fairly and in a transparent manner in relation to individuals; 
  4. collected for specified, explicit and legitimate purposes and never used in a manner that is incompatible with those purposes. These purposes are explained at the point of collection;
  5. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (we don’t need to know your mother’s maiden name if all you’re doing is buying a t-shirt); 
  6. accurate and kept up to date as far as is practicable (and steps are to be taken to  ensure that personal data that is inaccurate, is erased or rectified without delay); 
  7. retained for no longer than is required; and 
  8. processed in a manner that ensures appropriate security of the personal data. 

 

General provisions 

  1. This policy applies to all personal data processed by ACS. 
  2. ACS appoints its Director as the Responsible Person (as defined in current legislation). The  Responsible Person shall take responsibility for ACS’s compliance with this policy. 
  3. This policy shall be reviewed at least every year. 
  4. ACS shall remain registered with the Information Commissioner’s Office as an organisation that  processes personal data for as long as it is processing personal data for any reason. 
  5. ACS will only ever provide personal data to third parties: 
  6. where the explicit consent of the individual(s) has been obtained; or 
  7. where there is a statutory obligation to do so; or 
  8. when there is deemed to be an imminent risk of, or actual, harm to an individual; or 
  9. for the purposes of, or in connection with, legal proceedings (including prospective legal proceedings); or 
  10. as part of any investigation by a statutory authority or regulator.
  11. ACS will take all reasonable steps to ensure that staff, third party advisers and  beneficiaries will only have access to personal data where it is necessary for them to carry  out their duties. 
  12. The Responsible Person is to ensure that Subject Access Requests are dealt with  appropriately and a response is provided within 28 days of any request being  made. 

Subject Access Requests 

  1. ACS will accept a Subject Access Request in any format that complies with current  legislation.  
  2. A Subject Access Request form is available at the bottom of this page. Receipt of Subject Access Requests will be sent to the Responsible Person within three days of receipt.

Data Retention 

  1. Personal data must only be kept for the period necessary.  

Data Breaches 

  1. Any breach of data, whether or not the breach is known at the time to be a breach in accordance with current legislation, is to be brought to the attention of the Responsible Person as soon as it is discovered.
  2. The Responsible Person shall assess the breach as soon as they are notified and, unless the Responsible  Person determines there is unlikely to be any risk to individuals from the breach, it must be notified to the Information Commissioner’s Office within 72 hours of the breach having come to the attention of ACS, unless a delay can be justified. 
  3. The Responsible Person shall then be responsible for instigating an investigation into the  breach, including how it happened, and whether it could have been prevented. Any recommendations for further training or a change in procedure shall be reviewed by ACS and it’s advisers and a decision made about implementation of those recommendations.

 

Privacy

The All Call Signs Group is a ‘Private Limited Company by guarantee without share capital use of ‘Limited’ exemption’ (Company number 11973092).

Our head office is located at 50 Albert Road Southsea PO5 2SJ. 

The All Call Signs Group is registered as a Data Controller with the Information Commissioner’s Office (ICO) under the Data Protection Act 2018. Our registration number is: ZB040066.

Any questions regarding our use of data or this web page should be addressed to the Data Protection Officer by emailing dpo@allcallsigns.org or by writing to us at our head office (FAO The DPO).

Privacy Statement

Legislation exists to govern how personal information can be collected and used. The relevant legislation is currently included in the General Data Protection Regulation (GDPR) tailored by the Data Protection Act 2018.  

Please read the following to understand how we use your data. 

Summary

  • Only information that we need is collected. 
  • Your personal information is only used for the purpose for which we collect it.
  • Your personal information is only seen by those who need it to do their jobs. 
  • We will only disclose data when we have your consent, or where we are obliged to disclose  personal data by law, or as expressly permitted under the GDPR (through contract; legal obligation, vital interests; public task; or legitimate interests).
  • We will keep your information up to date. Inaccurate or misleading data will be corrected as soon as possible. 
  • Personal information is retained only for as long as it is required for the purpose collected. 
  • Your information will be protected from unauthorised or accidental disclosure and processed in an appropriate manner to maintain its integrity and confidentiality. 
  • We will provide you with a copy of your personal information on request. 

 

What information do we collect? 

Personal data is information about a living person who can be identified from that information (directly or indirectly). We collect, store and use (or “process”) personal data which may include: 

  • your name; 
  • your contact information (email address, phone number, home address); 
  • your date of birth; 
  • your gender; 
  • information relating to your health (if this affects how you might access one or more of our  services); 
  • any other personal information we collect in accordance with this notice

For our clients/members, we also process certain types of personal data which are considered to be in a ‘special  category’ (because they are considered more sensitive) under the Data Protection Act 2018. 

 

Examples of this are: 

  • information about your health, physical and mental, or other issues relating to social status or hardship.
  • detailed personal information you willingly share with us that is not ordinarily sought by us but  which can be helpful to us in supporting you (which could include information about your military service history, your health, your sexual orientation, your relationship status, your racial or ethnic origin, your religious or  philosophical beliefs, and your membership of a trades union or other representative body). 

 

How do we collect your personal data? 

We directly collect your personal data where you:  

  • provide us with information (for example, over the phone, face-to-face, or in an email); and/or 
  • consent to your information being provided to us through a third party (for example: through signposting from a partner service).

If you provide services to ACS, we will collect information in line with your contract for services. 

We collect technical information relating to your use of our website, including your browser type or the Internet Protocol (IP) address used to connect your computer to the internet, and which pages users visit  most often and which services, events or facilities are of most interest. 

 

Why do we collect this information? 

We use your personal data for the following purposes: 

  • to promote the aims of ACS; 
  • to provide you with access to the services which you have requested; 
  • to communicate with you in general; 
  • to provide you with information you have requested; 
  • for publicity and profile-raising purposes (for example the sharing of ‘success’ stories) and to aid our fundraising ( where you might be able to be identified your specific consent will always be sought); 
  • to administer and improve our website; and 
  • to satisfy legal and regulatory obligations

 

Lawful basis for collecting and processing your personal data 

Data privacy law requires us to rely on one or more lawful bases in order to process your personal data. For  members of ACS, we rely on the following: 

Your consent 

From time to time, we may seek explicit consent from you for a specific  activity, for example identifying you in publicity material. This consent will never be assumed but will be required to be provided by you in a positive  and informed manner. Where you have provided us with your consent  previously, you can change your mind at any time and choose to withdraw  that consent.

Our legitimate interest 

This is the principal lawful basis for processing personal data, where our  legitimate interest means the running of ACS as an organisation and pursuing our aims and ideals

For those other people we interact with we  rely on:

Your consent 

For example, by visiting our website you consent to us collecting technical information about your device. Where you have provided us with your consent previously, you can change your mind at any time and choose to withdraw that consent.

Our legitimate interest 

We have evaluated the basis upon which we lawfully collect, hold and process personal data for marketing and fundraising. The balance test we carried out concludes that we have a lawful basis to communicate with existing and potential supporters and volunteers. We therefore rely on legitimate interest to communicate with you.

Performance of a contract 

Where processing is necessary for the performance of a contract to which you and ACS are parties. For example, where we are obliged to share personal data of employees with service delivery partners.

Do we share your information with anyone else? 

We may need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation. 

If we become aware that you are at imminent risk of harm, or you are actually suffering harm, or believe you may harm someone else, we will alert the appropriate emergency services and this may require disclosing your personal data. 

We do not share any personal data except as described above without your express content.

 

How we protect your personal data 

We use appropriate technical and organisational safeguards to ensure we keep your personal data secure.  We limit access to personal data on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this notice. 

 

How long will we keep your personal data? 

We will keep your information only for as long as we need it to provide you with the services or  information you have required, to administer your relationship with us, to inform our research or the  preferences of our supporters, to comply with the law and tax accounting rules, or to ensure that we do  not communicate with people who have asked us not to. 

When your information is no longer required, we will always dispose of it securely, in accordance with our retention of records policy. 

Your rights  

You have rights to the personal data about you that we hold. You are entitled to request: 

  • a copy of your personal data; 
  • correction of your personal data if it is incorrect; 
  • erasure of your personal data;
  • that we stop using your personal data if you believe that the information, we hold is wrong, or that  we don’t have a valid reason for using it; and 
  • that we stop using your personal data where you object to us using it 

These rights are all subject to eligibility and to legal exemptions. 

If you seek information about the personal data we hold about you, we will ask you to complete a Subject  Access Request Form. We will ask you for proof of your identity before we can act upon your request. 

You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You should note that we are entitled to retain some or all of your personal data for statistical purposes; to comply with our legal obligations; or for the establishment, defence and/or enforcement of legal claims (potential or actual). 

You have a right to report any of your concerns about our use of your data to the Information  Commissioner’s Office. 

You may do so by calling their helpline at 0303 123 1113. 

Please note: ACS is not subject to the Freedom of Information Act 2000 and we will not therefore respond  to requests for information made under this Act.

 

Staff Privacy Notice

ACS must meet its contractual, statutory and administrative obligations with respect to personal data of volunteers and staff. We are committed to ensuring that this data is handled appropriately.  This privacy notice tells you what to expect when ACS collects personal information about you.  

It applies to: 

  • Volunteers (including ex-volunteers); and  
  • Staff (where ‘staff’ means employees, ex-employees, agency staff, and contractors).  

However, the information we will process about you will vary depending on your specific role and personal circumstances.  

ACS is the controller for this information unless this notice specifically states otherwise. ACS’s Data Protection Officer is the Director. Any question relating to this notice should be addressed to the Data Protection Officer by emailing dpo@allcallsigns.org or by writing to us at our head office. 

When necessary, we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document. 

 

How do we get your information? 

We get information about you from some or all of the following sources: 

  • directly from you; 
  • an employment agency; 
  • your employer if you are a secondee;
  • referees, either external or internal;  
  • Disclosure Barring Service information about you; 
  • Occupational Health and other health providers;  
  • pension administrators and other government departments (for example tax details from HMRC); 
  • publicly available information 

 

What personal data do we process and why? 

We process the following categories of personal data:  

We use some or all of the following information to manage your engagement with us, provide you access to business services required for your role, and manage our human resources processes. We will also use it for our regulatory purposes as required. 

  • Personal contact details such as your name, address, contact telephone numbers and personal email addresses. 
  • Your date of birth, gender and NI number. 
  • A copy of your passport or similar photographic identification and / or proof of address documents. 
  • Marital status. 
  • Next of kin, emergency contacts and their contact information. 
  • Employment and education history including your qualifications, job application, employment  references, right to work information and details of any criminal convictions that you declare. 
  • Location of employment. 
  • Details of any secondary employment, political declarations, conflict of interest declarations or gift  declarations. 
  • Your responses to staff surveys if this data is not anonymised.

 

Information related to your salary, pension and loans 

We process this information for the payment of any salary, wages, consultancy fees, pension and other employment-related benefits due to you. We also process it for the administration of statutory and contractual leave entitlements such as holiday or maternity leave. 

  • Information about your job role and your employment contract including; your start and leave  dates, salary, any changes to your employment contract, working pattern (including any requests  for flexible working). 
  • Details of your time spent working and any overtime, expenses or other payments claimed. 
  • Details of any leave including sick leave, holidays, special leave etc. 
  • Pension details including membership of both state and occupational pension schemes. 
  • Your bank account details, payroll records and tax status information. 
  • Details relating to Maternity, Paternity, Shared Parental and Adoption leave and pay. Information relating to your performance and training 

 

We use this information to assess your performance, to conduct pay reviews (for staff) and to deal with any employer / employee related disputes. We also use it to meet the training and development needs  required for your role. 

  • Information relating to your performance at work. 
  • Grievance and dignity at work matters and investigations to which you may be a party or witness. 
  • Disciplinary records and documentation related to any investigations, hearings and warnings or penalties issued. 
  • Whistleblowing concerns raised by you, or to which you may be a party or witness. • Safeguarding concerns raised by you, or to which you may be a party or witness. 
  • Information related to your training history and development needs. 

Information relating to your health and wellbeing and other special category data 

We use the following information to comply with our legal obligations and for equal opportunities monitoring. We also use it to ensure the health, safety and wellbeing of our trustees and staff. 

  • Health and wellbeing information either declared by you or obtained from health checks, eye  examinations, occupational health referrals and reports, sick leave forms, health management  questionnaires or fit notes (eg Statement of Fitness for Work from your GP or a hospital).
  • Accident records if you have an accident at work. 
  • Details of any desk audits, access needs or reasonable adjustments. 
  • Information you have provided regarding Protected Characteristics (as defined by current  legislation) for the purpose of equal opportunities monitoring. This includes racial or ethnic origin,  religious beliefs, disability status, and gender identification, and may be extended to include other  protected characteristics. 

 

Lawful basis for processing your personal data 

Depending on the processing activity, we rely on the following lawful basis for processing your personal data: 

  • your consent; 
  • performance of a contract; 
  • our legal obligations as an employer; 
  • to protect your vital interests or those of another person; and 
  • for the purposes of our legitimate interest 

 

Do we share your information with anyone else? 

In some circumstances, such as under a court order, we are legally obliged to share information. We may  also share information about you with third parties including government agencies and external auditors.  For example, we may share information about you with HMRC for the purpose of collecting tax and national insurance contributions. 

With your consent, we may also share your personal data with specified third parties. 

How we protect your personal data 

We use appropriate technical and organisational safeguards to ensure we keep your personal data secure.  We limit access to personal data on a need-to-know basis and take appropriate measures to ensure that  our people are aware that such information is only used in accordance with this notice.

How long will we keep your personal data? 

For information about how long we hold your personal data, see our data retention schedule below. 

Your rights  

You have rights to the personal data about you that we hold. You are entitled to request: 

  • a copy of your personal data; 
  • correction of your personal data if it is incorrect; 
  • erasure of your personal data; 
  • that we stop using your personal data if you believe that the information, we hold is wrong, or that  we don’t have a valid reason for using it; and 
  • that we stop using your personal data where you object to us using it 

 

These rights are all subject to eligibility and to legal exemptions. 

You also have a right to lodge a complaint with the Information Commissioner’s Office about our management of your personal data. You may do this by calling their helpline at 0303 123 1113 

For more information on your rights, please see ‘Your rights as an individual’

 

Data Retention 

The table below sets out retention periods for personal data held and processed by ACS. It is intended to be  used as a guide only. ACS recognises that not all personal data can be processed and retained for the same  duration, and retention will depend on the individual circumstances, while recognising the primacy of  statutory obligations.

 

Description  Period of retention Starting Comments
Beneficiary personal data  Whilst a member  On Joining  To provide contact and enable  support
Beneficiary personal data  6 months  When discharges from service  Reasonable time to re-onboard.

Name, home town, and period of service may be retained to facilitate a decision by the client to re-onboard at a later date 

Personal data is to be retained in the  event there is ongoing legal action with the member, the prospect of legal action with the member, or a  regulatory or other statutory investigation relating to the client.

Beneficiary financial data  6 years  End of financial year the  payment was made.
Employee Personal Data  – Personal files, including  training records and  

notes 

7 years after  

leaving  

employment

Start of employment  ‘Employee’ includes consultants  engaged as ‘staff’ of the organisation
Employee Financial  

Records – Payroll, Income  Tax and pension information

7 Years  When payment was made  ACS will only conduct a deletion  process every six months, so actual  retention period may slightly exceed  the legal requirement
Prospective employee  1 year  Receipt of information  ‘Employee’ includes volunteer  positions. 
Documents proving the  right to work in the UK 2 years  On leaving employment

 

Subject Access Request