St. Hilda’s East – Privacy Statement

Introduction

St. Hilda’s East (SHE) is committed to protecting the personal data of our service users, staff, volunteers, and partners. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Information We Collect

We collect personal data such as names, contact details, demographic information, and health-related data, depending on the services accessed. In some cases, we may also collect sensitive data (known as “special category data”) including ethnicity, health, or religious beliefs.

How We Collect Information

We collect data:
– Directly from you when you sign up for our services or support.
– From referrers or partner agencies.
– Through engagement with our website or communications.

Our Legal Basis for Processing Your Data

We process personal data based on:
– Your consent
– Performance of a contract
– Legal obligations
– Legitimate interests
– Tasks in the public interest
– Protecting vital interests

Special category data is only processed when necessary and with appropriate legal justification under Article 9 of the UK GDPR.

How We Use Your Information

We use your data to:
– Provide and improve our services
– Contact you about appointments or updates
– Report anonymised data to funders
– Comply with legal and safeguarding obligations

We do not sell or rent personal data to third parties.

Data Sharing

We may share your data:
– With trusted partners assisting in service delivery
– With authorities when legally required
– To protect your vital interests in an emergency

All recipients must comply with GDPR and data protection standards.

How Long We Keep Your Data

We retain most personal data for seven years, in line with legal and funder requirements. After this, data is either securely deleted or anonymised.

Your Data Protection Rights

You have the right to:
– Be informed about how we use your data
– Access your personal data
– Request corrections
– Request deletion (where applicable)
– Restrict or object to processing
– Request data transfer (portability)
– Object to automated decisions or profiling

You can withdraw consent at any time where consent was the legal basis for processing.

Security

We apply strict controls to safeguard your data, including encryption, access restrictions, and staff training. All staff with data access have undergone DBS checks.

Marketing

We will only send you marketing materials with your consent. You can unsubscribe at any time.

Your Right to Complain

If you are unhappy with how we handle your data, you can contact us or complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113

Our Contact Details

Data Protection Officer: Daniel Charcharos
Address: 18 Club Row, London, E2 7EY
Phone: 020 7739 8066
Email: [email protected]

Changes to our Privacy Statement

Updates to this privacy statement will appear on this website.  This privacy statement was last updated in May 2025