Volunteers Privacy Notice
Introduction
In accordance with the GDPR, organisations are required to inform individuals of what they do with their personal data (any information about an individual which is personally identifiable). This Privacy Notice explains how we (Autism Together), as a data controller, collect, store, use and share the personal information of our volunteers.
We are committed to being transparent about how we handle personal data, and in meeting our data protection obligations.
Why do we process your personal information?
The information we hold and process is to enable us to run the organisation and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are volunteering for us, at the time when your volunteering ends and after you have left. This includes using information to enable us to comply with the agreement we have with you, to pursue legitimate interests of the organisation or those of third parties, provided your interests and fundamental rights do not override those interests.
The personal information of volunteers shall be accurate and kept up to date in line with our Data Quality Policy.
What types of personal information do we collect about you?
During your time with us and depending on your volunteer role, we will collect, obtain and hold a range of information about you. If and when you cease to volunteer with us, we will continue to hold some information about you, for a predefined period of time in order to fulfil our remaining tasks and obligations.
The sort of personal information which we collect (as applicable) about you includes:
- name, title, address, telephone number and personal email address
- date of birth
- gender
- marital status
- next of kin and emergency contact information
- photographs
- bank details for repayment of expenses
- your volunteer role and working hours and related correspondence
- recruitment records, application form, cover letter, interview notes, references, copies of qualification certificates, copies of driving licences and other background check documentation
- details of your previous employers, records relating to your career history, start and end dates of your employment, your training records, supervisions and performance management
- details of your qualifications, skills and experience
- your professional memberships
- any disciplinary, grievance records, including investigation reports, collated evidence, any outcome and related correspondence
- any termination of volunteering or engagement documentation, including resignation letters, dismissal letters, settlement agreements and related correspondence
- details of periods of leave taken by you, including holidays and the reasons for the leave
- voicemails, emails, correspondence, documents, and other work products and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment
- CCTV footage (at designated site locations) and other information obtained through electronic means such as swipe card/proximity card records
- details of your driving licence and vehicle-related information if you drive for work purposes
- record your use of Autism Together vehicles if you drive for work purposes
We may also collect information about criminal convictions and offences, and the following special categories of your personal information (as applicable) which receive additional protection under the law:
- information about your health, including any medical condition, whether you have a disability in respect of which we need to make reasonable adjustments
- sickness absence records (including details of the reasons for sickness absence being taken)
- medical reports
- information about your racial or ethnic origin, political opinions, religion or beliefs and sexual orientation
How do we collect your information?
Much of the information we hold will have been provided by you through the application and recruitment process, and over the course of your time with us via emails, documents, computers, but some may come from other internal sources, such as your supervisor, or from external sources, such as referees about your suitability to the role, driving licence background checks and criminal record checks from the Disclosure and Barring Service (DBS).
You will, of course, inevitably be referred to in organisation documents and records that are produced by you and your colleagues in the course of carrying out your duties.
How do we use your personal information?
The situations in which we process your personal information include:
- making a decision about your recruitment and confirming your suitability for volunteering
- administering the agreement that we have entered into with you
- maintaining accurate record of your volunteering terms
- ascertaining your fitness to work
- ensuring compliance with your statutory contractual rights
- communication to you about a volunteer role change or a change to hours/location of work
- providing references on request for current or former volunteers
- ensuring effective HR, personnel management and business administration
- complying with applicable laws, regulations, legal processes or enforceable requests
- complying with our health and safety, and occupational health obligations
- dealing with legal disputes involving you, or other employees and contractors, including accidents at work
- ensuring efficient fleet management by tracking the location of Autism Together fleet vehicles to make full use of vehicle availability, to reduce insurance costs, to ensure the safety of drivers and passengers
- ensuring safety and security in work locations
- recording and monitoring your performance, training and development
- reporting safeguarding or reporting potential crimes
- providing you with relevant facilities such as access to IT and monitoring your use of IT systems to ensure compliance with our IT-related policies
For special category data, we will use your information for purposes such as managing absence and ensuring cover, determining reasonable adjustments, and monitoring equality of opportunity and diversity in our organisation.
What are our legal bases for processing?
We will process your information where the law allows us to. Most commonly personal data will be processed in the following circumstances:
- to fulfil our obligations under Section 3 of the Health and Safety Act 1974
- where we need to comply with a legal obligation e.g. the detection or prevention of crime and regulations
- to protect your vital interests or those of another person
- it is necessary to protect our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
We may process special category information in the following circumstances:
- processing is necessary for the establishment, exercise or defence of legal claims against the organisation
- we have asked for and received your explicit consent to process your data for a specific purpose
- the processing is necessary for a legal obligation in the field of employment and social security law
- where it is needed in the public interest, such as for equal opportunities monitoring
- the processing is necessary in order to protect the vital interests of the individual or another person where they are physically or legally incapable of giving consent e.g. in the case of a medical emergency
- to prevent the spread of infectious diseases and to ensure workplace safety
What if you fail to provide personal information?
If you do not provide particular information to us, we may not be able to perform the agreement we have entered into with you (such as paying your expenses), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our volunteers).
Who has access to the personal information?
We take care to allow access to personal information only to those who require such access to perform their tasks and duties. There may be other circumstances in which we may lawfully share your data with third parties where, for example, we are required to do so by law, by court order, safeguarding matters or to prevent fraud, or other crimes. Where we share data, however, we shall do so in accordance with applicable data protection laws.
Where we may have to share your information with third parties, including third-party service providers such as occupational health professionals, accreditation bodies, auditors, information management system providers, IT service providers, insurance companies and brokers, and training providers, we require third parties to respect the security of your data and treat it in accordance with the law.
Data security
We have put in place internal controls and policies to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way.
We limit access to your personal information to those employees, agents, contractors and other third parties that have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.
Data retention
We only retain your personal information for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
Your rights in relation to your personal data
- the right to be informed about the data we hold on you and what we do with it
- the right of access to the data we hold on you. All data subject access requests will be dealt with accordingly
- the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’
- the right to have data deleted in certain circumstances. This is also known as ‘erasure’
- the right to restrict the processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, e.g. if you want us to establish its accuracy or the reason for processing it
- the right to object to the processing of your data where we are relying on legitimate interest (or those of a third party) as the legal ground for processing
- the right to transfer the data we hold on you to another party. This is also known as ‘portability’
Contact details of data controller:
Autism Together
Wirral Centre for Autism
Oak House
6 Tebay Road
Bromborough
Wirral
CH62 3PA
Tel: 0151 334 7510
If you have any concerns or complaints about the way we handle your personal data, or to exercise your rights, contact in the first instance to Data Protection Officer, data.protection@autismtogether.co.uk
If your concern or complaint is not resolved to your satisfaction, you can raise a complaint with the Information Commissioner’s Office (ICO), https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Changes to this notice
We may update this privacy notice from time to time to reflect any necessary changes in our privacy practices. You are encouraged to regularly check for any updated version of this privacy notice.
April 2024