The Friendly Almshouses takes its data protection responsibilities seriously.
Your data are protected by the General Data Protection Regulation 2016 (GDPR) and our Privacy Statement explains how we collect, store and use your data.
The Friendly Almshouses (“TFA” / “we” / “us”) will only collect the information that it needs to appoint beneficiaries and assure their health and well-being for as long as they remain residents; and to assess, appoint and manage Trustees.
What data does TFA collect about me and why?
Applicants & Beneficiaries
The data we collect comes initially from the data that you provide on our application form. It includes information about where you live now; marital status; nationality and leave to remain; details of your finances (income, savings investments & assets), employment and health; and references and next of kin details. We ask you for this information in order to assess your eligibility to be a beneficiary and your ability to live independently with us; and to manage your appointment if you are successful. If you become a beneficiary of the charity and your circumstances require it, we may request from you (verbally and/or in writing) additional information relating to your health, finances and benefits, for us to discharge our responsibility to ensure your welfare and well-being as one of our residents. We will not collect this additional information without your knowledge or permission.
Trustees
The data we collect comes from the data that you provide when you apply to become a Trustee. This is typically name, address, date of birth and CV. We ask you for this information in order to assess your suitability to be a Trustee and the relevance of the skills/experience that you have to the needs of the Charity. Depending on your role and any legal obligation the Charity might be required to meet, we may ask for additional information, such as NI numbers and personal banking details.
How long do you keep my data?
Applicants and Beneficiaries
If we cannot offer you accommodation or cannot add you to our waiting list, your application form will be securely destroyed at the point we notify you of this decision. However, we will keep indefinitely anonymised information from your application form in order to monitor the effectiveness of the charity and to ensure maximum social benefit in the community. This information will include age, nationality, current location (not your address), the reason for your application and how you heard about us.
If you are added to our waiting list, we will keep the data you provided in the format you provided it until you are offered accommodation and become a beneficiary of the charity. If you notify us, while on our waiting list, that you no longer need accommodation, your data will be securely destroyed at the point you notify us. However, we will keep indefinitely anonymised information from your application form in order to monitor the effectiveness of the charity and to ensure maximum social benefit in the community. This information will include age, nationality, current location (not your address), the reason for your application and how you heard about us.
If you become a beneficiary of the charity, we will retain the information you provided in the format you provided it and any additional information requested and received, in a personal file for as long as you remain a beneficiary. When you leave your accommodation, we will keep your file in its entirety for two years after which time it will be securely destroyed. We will ask you for, and keep for 6 months, a forwarding address. We will keep indefinitely a record of your name, date of arrival and date of departure for our archives.
Trustees
We will keep your data for as long as you remain a Trustee of the charity. We will keep your data for one year from the date you cease to be a Trustee, at which time it will be destroyed securely.
If you are not a Trustee, but hold a governing position, we will keep your data for as long as you remain in that position. We will keep your data for one year from the date you resign your role, at which point it will be destroyed securely.
How are my data stored?
Applicants and Beneficiaries
We keep your data securely in hard copy in locked cabinets with restricted key access and in electronic formats on our own local system, access to which is passworded and restricted. This is backed up regularly and protected by firewall, anti-virus and malware protection software kept up-to-date by our IT provider. We do not store your data with or sell it to third parties.
Trustees
We keep your data securely in hard copy in locked cabinets with restricted key access and in electronic format on our own local system, access to which is pass-worded and restricted. This is backed up regularly and protected by firewall, anti-virus and malware protection software kept up-to-date by our IT provider. We do not store your data with or sell it to third parties.
Who has access to my data within the organisation?
Applicants
Your data will be accessed by the wardens and two Trustees, one of whom is the Chair.
Beneficiaries
Your data will be accessed by the wardens. Some of your data may subsequently be shared (verbally) with Trustees on a need-to-know basis, such as in cases of emergency or when the advice of a Trustee is sought in matters of safeguarding and well-being (yours or other residents)
Trustees
Your data will be accessed and maintained by the wardens and shared with the Chair and Vice-Chair only.
Will you share my data with anyone outside the organisation?
Applications & Beneficiaries
We may share/disclose your data outside the organisation only if you become a beneficiary, and only in the following circumstances
- we are legally required to do so
- the effective provision of care and support requires it
- there are issues of safeguarding/capability
- to prevent fraud
- you have asked us to investigate/intervene in a matter on your behalf
The organisations we may share information with in such circumstances include, but are not necessarily limited to, our remote support provider, Lambeth council, local care providers, local surgeries and hospitals, police and emergency services.
Trustees
We will share your data outside the organisation in the following circumstances
- compliance with charity governance requires it
- compliance with money laundering procedures requires it
- compliance with procedures of the financial organisations we work with requires it
The organisations we may share information with in such circumstances include, but are not necessarily limited to, Charity Commission, HMRC, CAF and our banks and investment company.
Can I see my data?
Applicants, Beneficiaries & Trustees
Yes. You have the right to see the data we retain and ask us to make changes to it if it is not accurate. You must make a Subject Access Request in writing to the Trustees, who will require proof of identity before releasing any information. SARs will be answered within forty calendar days of receipt.
This privacy statement was last updated in May 2018.
