who we are
Space2grieve is a registered charity with the Charity Commission for England & Wales; charity number 1195114
The Data Controller for space2grieve is the Board of Trustees who are appointed at an Annual General Meeting and are Charity Trustees. The Chair of the Charity Trustees is Barbara Davies, firstname.lastname@example.org
From this point on space2grieve will be referred to as “we”.
Being a small charity, we are not required to appoint a Data Protection Officer.
the data we may process
The majority of the personal information we hold, is provided to us directly by you or by the parents or legal guardians of clients verbally or in digital form. In the case of clients, data may also be provided by third parties, such as referral partners.
We may collect the following personal information:
- Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
- Date of birth – so that we can ensure our services are provided age appropriately and to act as a security identifier.
- Gender – so that we can address individuals correctly and accommodate for any specific needs.
- Emergency contact information – so that we are able to contact someone in the event of an emergency.
- Government identification numbers e.g., national insurance, driving licence, passport – to be able to process volunteer criminal record checks, in the case of employees.
- Bank account details, payroll information and tax status information – so that we are able to pay any employees that might be employed by us and collect gift aid from HMRC where donations are made.
- Training records – so that we can ensure that employees are suitably qualified to provide the Charity services.
- Race or ethnic origin – so that we can make suitable arrangements based on clients or employees’ cultural needs.
- Criminal records – to ensure our Charity is a safe space for clients and employees.
Our clients’ case records including any case notes are captured and maintained in our client management system.
the lawful basis we process your data by
We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
In most cases the lawful basis for processing will be through the performance of a contract for personal data of our clients and employees. Sensitive (special category) data for clients will mostly align to the lawful basis of legitimate activities of a Not-for-Profit organisation.
We use personal data for the following purposes:
- Provide you with information, products or services you’ve requested or that we feel might be of interest to you.
- Process one-off or regular donations and to claim Gift Aid.
- Respond to direct requests where you contact us with a query – we will use your personal information to respond.
- Carry out general administrative tasks like dealing with complaints and feedback, essential record-keeping.
- Transact: we will use your personal information to take payments from you when processing orders and payments for goods and services.
- Keep you safe: in the event that we reasonably think you (or someone else) is at risk of serious harm or abuse.
- Monitoring and evaluation: we use your personal information to inform and develop our service delivery.
- Process applications to work at space2grieve for example, if you fill in an application form or send us your CV or send us information speculatively in respect of possible contract opportunities.
We use personal sensitive (special) data for the following purposes:
- for the protection of a person’s health and safety whilst in the care of space2grieve
- to respect a person’s religious beliefs with regards to activities, food and holidays
- for equal opportunity monitoring and reporting.
our retention periods
We will keep certain types of information for different periods of time in line with our retention policy. These are defined in our Data Protection Policy, Section 5 Data Retention Periods.
sharing your information
We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.
We may share your personal information with others outside of space2grieve where we need meet a legal obligation. This may include space2grieve insurance supplier, local authority services and law enforcement. We will only share your personal information to the extent needed for those purposes.
Other third parties –
We may share your personal information with your GP or statutory mental health service
We will never sell your personal information to any third party.
Where personal data is shared with third parties, we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018.
how we store your personal data
We generally store personal information in the following ways:
client Management System – is the online Client Management System, this system is used for the collection and storage of client personal data.
Other digital systems –
Some paper records for counselling notes may be captured as part of our services. This will be handled securely. We will minimise the use of paper to only what is required.
A link to this website page is provided to those whose data is being processed by us. A printed version is also available on request.
As a Data Subject, you have the right to object to how we process your personal data. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk).
Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data:
- The right to be informed – you have a right to know how your data will be used by us.
- The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request.
- The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.
- The right to erasure – this means that you have the right to request that we delete any personal data we have about you.
- The right to data portability – this means that if you ask us, we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.
- The right to object – you can object to the ways your data is being used.
- Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input, it’s highly unlikely that this will be used by us.
who to contact
Last updated: June 2022