This notice explains how Autism Together as a data controller (referred to as ‘We’ or ‘Our’) collects, uses and share information about visitors, suppliers and contractors (referred to as ‘You’ or ‘Your’). We are required to notify you of the information contained in this Privacy Notice under data protection legislation. This notice does not form part of a contract to provide services.
The personal data we hold
Depending on your relationship with us, the type of personal information we collect, use, store and share (when appropriate) about you includes, but is not restricted to:
- Contact details
- Information relating to visits to our organisation e.g. the individual’s company or organisation name, arrival and departure time and car registration number
- Any other personal information you post, email or otherwise send to us
In addition to the above, there will be personal information that will fall into ‘special categories’ of more sensitive personal data. This includes, but is not restricted to:
- Information about any access arrangements that may be required
- Information concerning health
- Images captured by our CCTV (signs are on display where CCTV is in use)
How we collect this information
We collect this information mostly from you, or from the organisation you work for, or from our CCTV, but in some instances, we may receive information from other people/organisations or professionals.
Legal basis for processing your information
We will use your personal information in one or more of the following circumstances:
- where we need to do so to perform the professional contract we have entered into with you
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.
- where we may need to protect your interests (or someone else’s vital interests)
Why do we use this information
This is for the following purposes:
- to identify you while at any of our premises
- to safeguard our premises
- to protect your health and safety and the health and safety of others e.g. staff and People We Support
- to help you with your enquiry or request
- to meet Fire in the Workplace Legislation
- to assist in the organisation of meetings and events
- to provide a safe and secure environment as part of our commitment to safety, security and crime prevention
- to decide whether to enter into a contract with you
- to maintain accurate records of visitors, suppliers and contractors
- to perform the contract we have entered into with you
- to process payments and receipts
Sharing your information
Your personal information is shared internally with personnel within our organisation where access to your personal information is necessary for the performance of their roles.
There are a number of reasons why we may share your information outside of our organisation. This can be due to:
- Our obligations to comply with current legislation
- Our duty to comply with a court order
- You have consented to the sharing/disclosure
- The purpose of preventing risk of harm to yourself or to another individual
- The prevention and/or detection of crime
The data you provide may be passed on to a public authority representative if required, such as the fire service in the event of a fire or police in the event of a security incident.
We have put in place internal controls and policies to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long do we keep your information for
We will only retain information for as long as it is necessary to fulfil the purposes we collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Our retention schedule is available upon request.
Transfers outside of the European Economic Area (EEA)
We do not store or transfer your personal information outside of EEA.
Automated decision making and profiling
We do not currently process personal data through automated decision making or profiling.
Under data protection law, you have a number of rights as outlined below:
- the right to make a subject access request to receive certain information about how we use your information, as well as to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- the right to request rectification of any incomplete or inaccurate personal information that we hold about you
- the right to request that we delete or remove personal information that we hold about you where there is no good reason for us to continue processing it
- the right to request that we restrict our processing of your personal information in certain circumstances e.g. where there is a dispute in relation to the accuracy or processing of it
- the right to object to our processing of your personal information where we are relying on our legitimate interest (or those of a third party), where cannot show a compelling reason to continue the processing
- the right to request transfer of your personal information to another provider in a commonly used format
Note that these rights are not absolute and, in some circumstances, we may be entitled to refuse some or all of your request.
Should you wish to exercise your rights, or if you have any concerns or complaints as to how your data is processed, contact in the first instance our Data Protection Officer: firstname.lastname@example.org
If your concern or complaint is not resolved to your satisfaction, you can raise a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/global/contact-us/email/
Changes to this notice
We may update this privacy notice from time to time to reflect any necessary changes in our privacy practices. You are encouraged to regularly check for any updated version of this privacy notice.