Privacy Policy
Not Beyond Redemption is a charity that is committed to protecting and respecting the privacy of individuals.
This notice sets out the basis on which any personal data we collect from you, or that is provided to us, will be processed by us. Please read the following carefully to understand how we will treat your information, protect it and to understand more about your rights. Where applicable, by providing your personal information to us you are agreeing to us using your information as described in this policy.
Definitions
We or Us: | Not Beyond Redemption, 3 Charles Street, London, W1J 5DD. |
Personal data: | Any data or information, in electronic or organised hard copy, that identifies you personally or which relates to you when you are identifiable. |
Special categories of personal data: | Sensitive information relating to you, namely: health records; information regarding your sex life, sexual orientation, political opinions, religious or philosophical beliefs, racial or ethnic origin, trade union membership; and genetic and biometric data. |
Types of personal data we process:-
- Names and contact details – for those accessing assistance through us, those who make contact with us about helping another, those involved in any matter we help with and those who kindly donate, fundraise or volunteer for the charity.
- ID and other information we require to conduct due diligence – for those accessing assistance through us.
- Personal and financial information relating to our clients’ legal matters – for those accessing assistance through us or those involved in a matter.
- Special categories of personal data (i.e. ‘sensitive personal data’), where relevant to our clients’ legal matters – for those accessing assistance through us or those involved in a matter. It is possible that for volunteers we may need some information relating to health and safety, any reasonable adjustment requirements, and DBS/CRB checks.
Our lawful basis for processing your personal data and special categories of personal data:-
- If you have given consent to the processing of your personal data (including special categories of personal data), then we may process that data for the purposes for which you have given consent.
- If you are a client, processing of personal data is necessary for the performance of our contract to provide legal services and/or in order to take steps at your request prior to entering into such a contract, including with a law firm. The solicitor-client relationship is a contractual one, and to perform our contract, it is unavoidable that this requires us to process personal data.
- We are permitted by law to process personal data where this is necessary to comply with legal duties. We have legal and regulatory duties to process certain personal data, including ID and other information we require to conduct due diligence.
- We have a legitimate interest in processing the personal data of our clients, those who kindly donate, fundraise or volunteer or those people who we think may be interested in donating to or fundraising for the charity for the purposes of marketing our services.
- For special categories of personal data, we are permitted to process personal data (e.g. health records) where it is necessary for the establishment, exercise or defence of legal claims.
How will we use your personal data
We collect your information because we need it to help us fulfil your requests, keep in touch with you with relevant communications and fundraise legally and cost-effectively. We use personal data processed by us for the following purposes:
- To identify clients and other parties in a matter and provide clients with legal services;
- Provide information, which you have requested, about ways to support Us, our service and our campaigns.
- Process donations or other payments and verify financial transactions;
- Process Gift Aid donations;
- Involve you as a volunteer;
- To check on your preferences from time to time to ensure they are up to date;
- Prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf;
- Carry out research on the demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them and to enable us to improve our service. This may be carried out internally by our employees or we may ask another company to do this work for us.
- Provide you with information that we think may be of interest to you if you have agreed to receive it for example, send fundraising appeals or invite you to participate in campaigns;
- to carry out our obligations arising from any contracts entered into between our clients and us and to provide clients with the information and services that they request from us;
- to carry out checks in relation to conflicts of interest and due diligence; and
- to deal with, and to respond to, feedback, queries or complaints;
Where we get your personal data from:-
- Our clients and our clients’ representatives
- From others involved in a client matter
- Public records
- When you make a donation (name, contact details ad financial details)
- When you attend an event we organise;
- When you work for us as a member of staff or volunteer or you are a trustee; and
- Other parties whom we contact in the course of carrying out legal services for our clients (e.g. doctors, employers, estate agents, accountants, banks, surveyors, medical professionals, friends, family, witnesses, other parties with an interest in a particular legal matter (and their representatives), courts, regulatory bodies and other advisors and specialists involved in the matter).
When you use our website
Like most websites, we use ‘cookies’ to help us improve how we create, and how you use, our site. Cookies mean that a website will remember you, and can obtain an overall view of visitor habits and volumes to our website. You can read about the cookies we use and how to manage them on our cookies page.
Data rights
Subject to certain exceptions, you may have the right, free of charge, to:
- Access your personal data (known as a subject access request)
- Have mistakes rectified
- Have your personal data erased by us or restrict the way we process your personal data (subject to certain conditions)
- ‘Port’ your personal data to another provider
- Object to us using your personal data for direct marketing
- Not be subject to ‘automated processing’ (often referred to as ‘profiling’).
You simply need to contact us to exercise any of your rights. In the case of marketing/fundraising campaigns, there is always an ‘unsubscribe’ button in our emails.
As this charity is assisting with the provision of legal advice to clients and those acting are bound by the professional code as solicitor, including a duty of confidentiality to clients, this may greatly limit how we can interact with you and what information we can provide to you. We may not be able to confirm whether we process your personal data or not because to do so may compromise client confidentiality or legal professional privilege.
To the extent that you have consented to our processing of your personal data, you have the right to withdraw this consent at any time, without affecting the lawfulness of any processing carried out prior to the withdrawal of your consent. However, where we also rely on other bases for processing your personal data, you may not be able to prevent processing of your data on those bases.
For more information on your legal rights see the Information Commissioner’s website (www.ico.org.uk).
Retention of personal data
We keep your data for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
The length of time that data will be kept depends on the reasons for which we are processing the data and on the law or regulations that the information falls under. We are required by our insurers and regulators to keep our client’s file and personal data for minimum periods.
Our retention policy is that the minimum period we will keep files and other personal data relating to a legal matter is 10 years after the date of the last work carried out on it. We may keep a file for significantly longer than that if it is necessary and in our legitimate interests to do so.
All our files and other documents containing personal data are destroyed securely.
Sharing your personal data
As a charity helping with the access to legal advice, we pass on the information relating to clients and others involved in the matter to a law firm, who will then represent the client. In providing these services, the law firm may need to share personal data with their staff, clients, other professionals who they instruct (e.g. barristers), third parties who are vital to a transaction, other parties with an interest in a particular legal matter (and their representatives) and providers of services that are necessary to progress a legal matter (e.g. to perform our client due diligence checks on you). In the case of personal data of clients, clients may instruct law firms to share their personal data with third parties (such as estate agents, family members or other representatives).
We may also need to share your personal data with regulators, insurers, the Charity Commission and law enforcement agencies.
External auditors are used to review our files for training, compliance and quality.
Where we share your personal data with third parties, we will ensure that they have appropriate data protection arrangements in place.
Where we hold your personal data
Your data will be stored at our offices and on our IT equipment, or where your information is shared with a third party, at their premises or on their IT equipment.
Transferring your personal data outside of the EEA
Since we do not have offices outside England & Wales, we have no reason to transfer your personal data outside the European Economic Area unless you or a third party with whom we must share your personal data are based outside the EEA.
Where we use third party IT services (e.g. ‘cloud’ based software) we shall ensure that their data centres are either within the EEA or that there are lawful safeguards in place to protect your personal data to the same standard as if it were held within the EEA.
Data Protection Officer
We do not have a Data Protection Officer (DPO) but have appointed a Privacy Manager to implement our data protection policies and procedures. Our Privacy Manager is Camilla Baldwin.
For the purpose of Data Protection legislation, the data controller is Not Beyond Redemption.
Complaints and questions
If you have a complaint or question about our use of your personal data, please contact in the first instance our Privacy Manager.
You may also make complaints direct to the Information Commissioner’s Office (web: www.ico.org.uk/concerns tel: 0303 123 1113).
Data processing flow record
Type of person | Type of data | Basis of processing | Purpose of processing | Shared with | Where from | Retained by NBR |
Client / person receiving assistance | All types: Contact, biometric, health, special category, criminal record etc | Contract Legal obligation (prospective legal matter with lawyer) | To provide assistance and legal assistance (via the law firm) to the client | Law firm | Client / person making initial enquiries | Same retention as law firm (up to child’s majority plus 3 years) |
Other people involved in matter | All types: Contact, biometric, health, special category, criminal record etc | Contract (with client) Legal obligation | To provide assistance and legal assistance (via the law firm) to the client | law firm | Client / person making initial enquiries | Same retention as law firm (up to child’s majority plus 3 years) |
Person making initial enquiries | Of self – contact details and name. of prospective client; contact details, prison information, criminal information may include all types | Consent (made the enquiry) | To help make contact with prospective clients in need of assistance | Law firm (if necessary) | Person making initial enquiries | Same retention as law firm (up to child’s majority plus 3 years) |
Person donating / prospective supporter | Name, contact details | Consent. Some cases legitimate interest | To receive and verify donations. To market to, to keep up to date with the charities events and activities and request future donations | Charity commission if required Mailchimp – used as processor? | Person donating themselves. | |
Volunteer | Name, contact details, date of birth, professional qualifications. May require criminal convictions via a DBS check | Consent Possible contract | To act safely to assist the charity in its aims | Name and work based contact details with clients and law firms. With Charity commission if necessary | Volunteer. DBS | Duration of volunteering plus 6 years. May be retained in archive (eg taking part in fundraisers) |