Who we are
We are Carlisle House, a substance use residential treatment centre based at 4 Henry Place, Belfast, BT15 2BB. Our website address is: https://www.carlislehouse.org
Carlisle House is the “data controller”. This means that they are responsible for deciding how we hold and use personal information about you.
If you have questions about our use of your personal data, you can get in touch with us at firstname.lastname@example.org
Data we Collect
The information we collect about you is required for us in order to:
- for our monitoring of the use of the website;
Types of personal information we collect:
- Website use
- details of any contact forms submitted
- details of your visits to the website, or of opening marketing emails
- browser information and online identifiers (such as your browser types, browser version host operating system, browser language and your IP address);
- information about your visit to the website (such as full Uniform Resource Locators (URL) clickstream to, through and from our site, whether your visit was directly from a marketing email we have sent, products viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse overs) and methods used to browse away from the page);
What we do with your data
We do not sell, trade or rent personal information to third parties.
What security procedures do we have in place
It is our policy to ensure that all Personal Data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.
Where do we store the personal information we collect
For Customers based in the EEA we only use servers in the EEA (and Britain). Our current host servers are provided by WordPress.com.
Some of our third party service providers may be based outside the EEA. We will only use processors who ensure that they have adequate safeguards in place to protect Personal Data relating to you.
If you are based outside the EEA and would like further information about where we hold your data, please contact us by email: email@example.com
Who we share your data with
We do not share data with any other provider/
What rights you have over your data
You have the following rights in respect of any Personal Data which we hold about you as a controller:
- Right to be informed: the right to be informed about what Personal Data we collect and store and how it’s used.
- Right of access: the right to request a copy of the Personal Data we hold, as well as confirmation of:
- the purposes of the processing
- the categories of personal data concerned;
- the recipients to whom the personal data has/will be disclosed;
- for how long it will be stored; and
- if data wasn’t collected directly from you, information about the source.
- Right of rectification: the right to require us to correct any Personal Data we hold which is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances, the right to have the Personal Data we hold erased from our records.
- Right to restriction of processing: the right to request us to restrict the processing we carry out. You might want to do this, for instance, if you think the data we hold is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary.
- Right of portability: the right to have the Personal Data we hold transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
- Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
- Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on you.
If you want to avail of any of these rights, you should contact us immediately at firstname.lastname@example.org. If we are not the controller, we will need to transfer your request to the controller – but we will only do so with your consent.
If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.
Your acceptance of these terms
Date of last update: 28th January 2021
CARLISLE HOUSE DATA PRIVACY NOTICE JUNE 2019
Personal data is any information relating to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
- Data Controller?
We, Carlisle House, are the data controller. This means that we decide how your personal data is processed and for what purposes.
- How do we process your personal data?
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Our primary purpose for collecting personal information is to ensure that those engaging with Carlisle House receive the best level of service possible.
We use your personal data for the following purposes: –
- To enable us to accept your referral onto the residential therapeutic treatment programme for a period of 6 weeks.
- To administer your records
- To fundraise and promote the interests of Carlisle House
- To manage our employees and volunteers
- To maintain our own accounts and records
- To inform you of news, events, activities and services organised by Carlisle House
- What is the legal basis for processing your personal data?
This is dependent upon the data subject and the purpose of the data processing.
The data processing for an employee in terms of what data is collected and how it is further processed is different from that of a Service User
Legal bases we rely on will primarily consist of one or more of the following:
- Processing is necessary for the purposes of LEGITIMATE INTERESTS pursued by us or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. This is where we need to use your data to engage in our normal day to day activities.
Examples of these are:
- Name, Address, Contact details
- Next of Kin Contact details
- Referral Assessment Information
- Safety Assessment Information
- Health and Medication Records
- Treatment Plans
- Alcohol and Drug Screening Results
Employment information e.g. current and past employment, work related issues, job demands, next of Kin contact details, training details etc…
- Explicit consent of the data subject. An example of this would be your consent to joining a mailing list so that we can keep you informed about news, events, activities and services.
- Processing is necessary for us to comply with the law. Examples of this could be our legal obligations to maintain certain records so that we may carry out our obligations under employment, social security or social protection law, or a collective agreement.
- Processing is necessary for us to protect the vital interests of a data subject that cannot physically or legally give consent.
- Sharing your personal data
Your personal data will be treated as strictly confidential. We will not normally share your personal data with any third party and will only share your data with third parties outside of ourselves with your consent.
However there are limitations to this confidentiality, known as PUBLIC INTEREST. We are legally required to pass on information if you tell us of any the following:
- If you are at risk of harming yourself or someone else.
- If a child is at risk.
- If a crime has been committed that has not been reported.
In any of these circumstances when we pass the information onto the relevant organisations, we will try to do so with your consent.
Where we use other organisations to provide a service (such as cloud storage) they are only selected if they are GDPR compliant, and they will only use your data as instructed by us.
- How long do we keep your personal data?
We will retain Service User’s personal data for 8 years after the year to which the data relates, as agreed with the Regulation Quality Improvement Authority. All personal data will be destroyed at this point.
Employee personal data will be destroyed after one calendar year following their termination of employment.
- Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you
- The right to request that we correct any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for us to retain such data
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioner’s Office.
- Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- Contact Details
In an attempt to ensure this privacy statement is clear and concise, it does not provide exhaustive detail of every aspect of how we collect or use your personal data. If you require further information, and to exercise all relevant rights, queries or complaints contact the Data Protection Lead at:
Carlisle House, 2-4 Henry Place, Clifton Street, Belfast BT15 2BB