Who are we?
We are Pembroke College Settlement, more commonly known as ‘Pembroke House‘, and we’re a Southwark-based charity, working in our local community since 1885 (registered charity number 211025).
What data do we collect from you?
Depending on whether you’re a service user who comes in to access our projects, a member of staff, a trustee, volunteer or visitor, we collect different kinds of information on you. We collect things like your name, email address or telephone number for contact purposes, but we may also collect more sensitive information from you, like information on your race, ethnicity and medical health.
Race and ethnicity information will be collected through an anonymous form in order to help various projects comply with the Equality Act 2010. Health information helps us to monitor the needs of our service users and determine if they might require additional assistance depending on the nature of projects and work they are involved with. Sensitive financial information may also be collected for compliance purposes in accordance with UK law, such as for Right to Work checks.
How do we use this data?
- To provide you with the advice, support and services you’ve requested of us
- To facilitate the relationship that we have with you
- To manage and respond appropriately to enquiries and requests made of us
- To provide you with necessary updates about our projects
- To improve the projects and services we provide at Pembroke House
- To communicate to you information that we think might be relevant to you (via newsletters from which you can always unsubscribe)
- We may need to disclose your information to third parties if we are for any reason required to by law (for example, for compliance with certain laws, regulations and codes of practice, or in response to a valid request from a competent authority).
Use of Sensitive Information
If you have provided us sensitive health information, or have joined us through a referral from our partners at SLAM, we may hold information on you of a sensitive nature. We will always treat such information with extra care, though we have a legitimate interest (see below) to confidentially inform certain persons working with you of this information, for your safety and the safety of other individuals. Outside this exception, we will not pass on your details to external organisations without your permission outside of exceptional circumstances. An example of this would be reports of serious self-harm or threats of harm to others, where we might need to call the emergency services to protect your vital interest. We periodically delete data when its retention period has expired, or when the need to continue holding such data is no longer necessary.
Who sees your data?
The personal information we collect about you will be used by our staff and volunteers in order to support you and provide services that you have requested of us. It will also be used by a select few organisations working with us or on our behalf to deliver our services, and by legal and regulatory authorities if required by law. We ensure that they store your data securely and delete it when it is no longer needed. Our donors and sponsors might also view information, but not before it has been anonymised or we have received your express consent to share certain personal information.
We will never sell or share your personal information with other organisations so that they can contact you for marketing activities.
On what legal grounds do we collect and process this information?
Pembroke House generally collects and processes the personal information that we hold on you on several bases:
- on the basis of consensual information that you have directly provided to us (e.g. by filling in a registration form),
- on the basis of a contractual obligation that we may have to you (e.g. as an employer),
- on the basis of a legal obligation that we may have to comply with law and ruling authorities (e.g. collecting and providing financial information on employees to HMRC), and
- on the basis of the legitimate interests of our charity (e.g. directly marketing our projects to you via email or post). See more on our legitimate interests at the bottom of this document.
- In extreme situations, such a medical emergency, we may rely on the basis of vital interests in order to share your personal information with emergency services if it is necessary to the preservation of your life or another person’s. In such a scenario, we will afterwards try to inform you of how we used your information in response to this emergency situation.
Your information might be used to send you details of products or services that we offer that we believe may be of interest to you, based on preferences you indicated when you contacted us through online data capture forms, paper-based forms and our social media networks (such as Twitter, Instagram and Facebook).
We will only send you information about our events, services, news, where you have expressly signed up to receive such with your email address, and/or where you have completed a paper based form and indicated that you wish to receive information from us through a specified communication channel – typically, email, telephone or by post.
If at any point you would like to update your communication preferences or opt-out of our communications, please see our the Updating and accessing your information section below. You can click the ‘unsubscribe’ link in the footer of the emails we send you.
How long do we keep your information?
We will not retain your personal information for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed, subject to certain legal obligations we must comply with or to legitimate interests that we may pursue (and as identified above).
We hold personal data relating to:
- Donations made to us; for 7 years from the date of the last donation
- Legacy donations; for 7 years after date of legacy being received
- Volunteers; for 5 years since you last volunteered with us
- Employees; for 6 years since you left our employment or for 1 year from the date of your application if you are an unsuccessful applicant,
- Newsletter subscriptions; you can unsubscribe from these at any time
- Registrations for a community project or club that we run; for 2 years from the date that you last attend project activities or communicate with us (a member of staff or volunteer), unless you request the erasure of your information before that time; or else as soon as that project comes to an end.
- Purchasing services, such as venue hire; for 3 years from the date of purchasing the service.
We are legally required to hold some personal information permanently or for fixed periods in order to fulfil statutory obligations, for example for the collection of Gift Aid. ou may withdraw your consent to any usage of your data at any time, with no need to specify a reason. You can do this by emailing us at email@example.com (please include ‘My Personal Data’ in the subject title) or calling us at 020 7703 3803.
What rights do you have?
You have the following rights to your information:
- The right to be informed about the ways in which your personal information is being collected and processed
- The right to access your personal information and supplementary information. An access of information request is free of charge, unless we deem such requests manifestly repetitive, unfounded, and excessive in which case we may charge a £10 fee based on the administrative cost of providing the information.
- The right to rectification of your personal information (you can ask us to make changes to information we hold on you through the communication channels we highlighted above)
- The right to erasure of your personal information in certain circumstances
- The right to restrict processing of your personal information in certain ways, or to allow us to store the data but not process it further
- The right to data portability, that is, to obtain and reuse your own personal data for your own purposes across different services
- The right to object to certain forms of data processing
- Rights in relation to automated decision making and profiling.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe that your data has been processed in a way not compliant with the GDPR, which you can do by calling the ICO helpline on 0303 123 1113 or contacting them via their website.
Updating and accessing your personal information
You have the right to see the personal information that we hold on you. To obtain a copy of this personal information, you may contact us at the following channels:
80 Tatum Street,
Email: firstname.lastname@example.org (please use the subject title ‘My Personal Data‘)
Tel: 020 7703 3803
You may also use the above communication channels to ask us at any time to update your details, correct or remove information you believe is inaccurate.
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies, see this website.
When you view pages on our website and select the option to ‘Remember Me’, a cookie will be placed on your computer that will remember your computer’s details. The cookie does not seek to identify you as an individual, only the computer used, in order to make using the website easier for you next time by keeping track of your browsing patterns. Cookies help us to assess the effectiveness of our website and can as such provide us with useful information.
Most browsers will allow you to turn off cookies if you desire not to use them. If you want to know how to do this, please look at the ‘Cookies’ menu on your browser (usually under any ‘Settings’ menu), or look here .
By continuing to use our website you are agreeing to the use of our cookies as detailed above.
More on our Legitimate Interests
We have a number of legitimate interests that we believe are necessary to our role as a charity, and we make sure that we will comply with the three-step test of:
- Whether the action we seek to carry out is a legitimate interest
- Whether it is necessary, and
- Whether there is an appropriate balance between our legitimate interests and the interests and rights of the individual(s) affected by our exercise of that action
Our legitimate interests are:
- To directly market to you what we consider necessary to promote our Charity work, where you have provided your email address to us and not opted-out
- Processing some personal and financial information about our employees either in-house or via external providers
- Analysing information provided to us in order to determine if marketing is relevant to certain individuals (but we do not engage in any form of automated profiling)
- Taking security measures that may affect our service users, in order to safeguard both their data and our own
- Processing donations
- Retaining certain information or data for historical/archival purposes which are connected to our long history as a charity
- Using images, names, and other non-sensitive information about employees and volunteers in our annual report and other publications, on our website or social media, and in presentations to the public or funders
- Sharing the sensitive health information of service users with specific and relevant staff, volunteers and contractors delivering services on our behalf, only when these specific groups of people are working with those service users about whom we hold sensitive health data
- To process the information of individuals listed as emergency contacts by our service users, volunteers and employees with the processing restricted only to contact in an emergency situation
Last updated 27.06.18.