Privacy Policy

Victim First is committed to protecting the privacy of website visitors.

What information do we collect?

We may collect, store and use the following kinds of personal data:

• any personal information that you choose to send to us when requesting support via email, data that we might collect through the volunteer interest form on our website and data sent through the webchat function.

Specific detail of each processing activating is provided below:

• make our website work as you’d expect
• improve the speed/security of the site
• allow you to share pages with social networks like Facebook and Twitter
• store answers from surveys that we may ask you to fill in from time to time
• continuously improve the website for you

Disclosures

Victim First does not normally disclose your personal information to third parties. We may disclose information about you to any of our employees or data processors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose information about you:

• to the extent that we are required to do so by law
• in connection with any legal proceedings or prospective legal proceedings
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
• to prevent harm to you or another person
• Except as provided in this privacy policy, we will not provide your information to third parties without your consent.

Data Processing through Website/Webchat functionality:

Here we will outline the nature of the processing: how we will collect, use, store and delete data, where the source of the data is captured, and aim to outline whether we would be sharing data with anyone, in both the website and webchat function.

Website: You will find a copy of The Bureau of London, website developers and hosts to Catch22, privacy policy by clicking The Bureau Privacy Policy.

Traffic through webchat will not be captured or recorded on the website servers. The only data capture that will go through the website will be through the ‘Volunteer Interest Form’ where an individual can contact the Victim First team via a contact form to express interest in a published volunteering opportunity. The form will be via a form builder interface on the website and will automatically be redirected to or contact us email account. Although The Bureau of London have a robust privacy policy in place they are also now looking into obtaining ISO 27001 accreditation to further assure customers of their data security arrangements.

Webchat: Collection of Data – the provision of this function will remain anonymised unless the service user specifically requests to share the personal details. You will have sole control of how much information you may wish to share through the webchat function, and can  exercise your rights afforded to you under the General Data Protection Regulation (GDPR) i.e. right to access, right to rectification, right to erasure etc., easily by contacting victimfirst@catch-22.org.uk or by contacting the Data Protection Officer (DPO) directly DPO@catch-22.org.uk.

Any chats that will require follow up or containing information that will assist the case manager in putting together a support plan can be stored (Live chat has 256 encryption built in) on a secure server and only accessible by registered Catch22 team members at Victim First. Chats currently are only accessible to administrators to the service (namely the Head and Deputy Head of Service, Senior Caseworkers and Data analyst). Data is currently set to automatically delete after 365 days, we can change this at any time, with a view to amend to a minimum of 3 months. Manual deletions can take place at any time. Once a case manager is able to transfer the details of the chat, (if the service user wishes to proceed with support) to the secure CMS Niche system, the chat will be deleted. The only other data we want to capture beyond this would be anonymised number of chats, who dealt with the call, peak chat times and two customer satisfaction survey questions to ascertain ease of use of the chat service and age group demographics. This will be for evaluation and traffic gauging of the service and how many calls each staff member deal with, in the form of a basic report.

The webchat provider, Click4 Assistance – As a UK based company with data center’s in London conforming to ISO 9001 and 27001 standards, Click4Assistance adheres to the stringent regulations laid out by the FCA for data storage, Data Protection Act 2018 and PCI compliance.

The source of the data – will be within the chat itself and service users advised to not use this service to relay personal details, rather encouraged to call or email the case manager. Click to access the Click4 Assistance Privacy Notice.

We would not be sharing data with anyone, beyond the figures from the basic reports mentioned above if requested by the webchat contract owner (Leicestershire OPCC).

Security of your personal data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure and firewall protected servers. As data transmission over the internet is inherently insecure, we cannot guarantee the security of data sent over the internet.

Where information is held on our behalf by data processors, we will ensure, to the best of our ability, that they hold your information securely and in line with data protection legislation.

Policy amendments

We may update this privacy policy from time-to-time. Check this page occasionally to ensure you are happy with any changes.

Your rights

Please contact the data protection officer if you have any queries regarding this Privacy Policy or if you would like to exercise or query any of the following rights afforded to you under the General Data Protection Regulation (GDPR):

• right to access
• right to erasure
• right to object
• right to rectification
• right to be informed
• right to restrict processing
• right to data portability
• rights in relation to automated decision making and profiling
• right to lodge a complaint with the Information Commissioners Office (ICO) – https://ico.org.uk/concerns 0303 123 1113
• For further information on your rights, please visit the website below: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Please see below Victim First Privacy Notice:

Victim First Privacy Notice – August 2020

Data Protection information

Fair Processing Notice

 

What does Catch22 do?

What does this service do?
Victim First is a free, independent and confidential support service for victims and witnesses of crime, in Leicester, Leicestershire and Rutland. We support victims and witnesses of all ages through offering emotional support, practical support, advocacy and signposting to other support services for more specialist provision.
What information do we collect and why do we need it?
Below is a list of the data that we will/may process in the course of our contact with you and the lawful basis that applies to each processing activity:

•       Full name

•       Date of Birth

•       Address

•       Contact number

•       Email address

•       Crime type

•       Crime details

•       Parent/Carer details (if you are 13 years old or under)
Catch22 is a national organisation that works across England and Wales delivering services in a variety of settings.  These include schools, colleges, social care, victim services, family support, prisons, apprenticeships and employment support.

We have been around for over 200 years and our focus is about making a difference to people by delivering our 3 ‘P’s – having good people around, having a good place to live/study/work, and having good purpose in life.  Different services will focus on different aspects but we aim to address those three elements to support people to thrive.

We may ask you to give us some more sensitive information (also known as ‘special category data’) like your gender, age, ethnicity, sexual orientation, religion and/or any disabilities. We will explain to you why we need this information and you can refuse to give it if you do not wish to do so.

We require your information in order for us to remain in contact with you and maintain accurate records of the support you are receiving from or through Victim First.

We will not share this information with others without your explicit consent.

The information we hold and process will be used by our staff for providing you with support and we will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately. Your information is collected and used whilst you receive support from Victim First.  We will hold your data for a period of time after your support ends with us unless you tell us otherwise.  This is so that if you choose to return for further support you will not have to tell us all of the information again.
What law applies and which bits set out the legal basis for us to collect and hold your personal information?
The two main pieces of law that apply are:

1.       The EU General Data Protection regulation 2016 (also known as GDPR), and

2.       The Data Protection Act 2018

We do have to have a legal basis for processing your information and this is:

•       Public task (GDPR Article 6.1e)

•       Performance of a contract (GDPR Article 6.1b)

•       Individual consent (GDPR Article 6.1a)

The ‘special category data’ that we collect has to meet even more of a legal test and our legal basis for collecting this is:

•       Explicit consent (GDPR Article 9.2a).

•       Law (GDPR Article 9.2.g)

•       Provision of health or social care (GDPR Article 9.2.h)

•       Section 10(3) of the Data Protection Act 2018 by virtue of Schedule 1 Part 2 (18) as the processing is necessary for the safeguarding of children and individuals at risk.

The Information Commissioner’s Office has given further guidance that sets out when these conditions can be used as the legal basis for processing your information and this can be supplied to you if you wish to see it.

Where did we get your data from?
The majority of the information we hold comes from you. Additionally though we will hold information that has come from other organisations that have referred you to our service with your consent, including: –

•       Leicestershire Police

•       Action Fraud

•       Sentinel

•       British Transport Police

•       Other support organisations
It is important to note that we will only contact you where it has been identified that you have given your explicit consent to the referring agency before they passed on your information to us.
Who will we share your information with?
Where we wish to share any information to help us support you with any other agencies, we will only do this with your consent.

(We may have to share information if we are legally obliged to do so, for example where we have serious concerns about your safety or that of someone else associated with you.  In these cases we would share the relevant information with safeguarding organisations (Social Service, the Police or any other Emergency Service) if you or anyone else is at risk of harm. We will only share information where the law allows.).

Your information is held on the Victim First Niche Case Management System. Only Victim First has access to this information.

How long will we hold on to your information for?
We will only hold on to you information for as long as permitted and depending on the type of service you have received from Victim First. If you declined support, we will delete your details within 6 weeks. We will hold your data for a period of time after your support ends with us unless you tell us otherwise.  This is so that if you choose to return for further support you will not have to tell us all of the information again.  Sometimes there may be legal reasons we have to retain the information for a longer specified period of time and there may also be circumstances where it is appropriate within legal and best practice requirements to retain the information for a longer period but you will be informed of this.

What happens if the information in the records is wrong?
You will need to be specific about what information you think may be wrong and why, along with what you think we should do to correct it.  If we cannot amend your record in the way you would like, we will explain the reason for this. We will always mark disputed records to show that the record is disputed. You will be able to see a copy of your amended record.
What rights do you have over the information that we hold on your behalf?

You have a number of rights over your data that we are required by law to uphold. You have the following rights:

•       The right to be informed – how we will use your information

•       The right of access – how to access information we hold about you

•       The right to rectification – request that information that is held about you and is inaccurate or incomplete be rectified

•       The right to erasure – requests that under special circumstance information held on you may be removed or deleted if applicable

•       The right to restrict processing –Block or suppress processing of information about you

•       The right to data portability – Obtain and re-use information held about you for your own purposes across different services if applicable

•       The right to object – Object to processing of information about you

•       The right to withdraw consent – at any time where your information is being processed based on that consent.

•       The right to lodge a complaint with the Information Commissioners Office (ICO)

If you would like to request a copy of the information we hold about you, please contact  DPO@catch-22.org.uk

If you think the information we hold on you is wrong, please contact us on    DPO@catch22.org.uk .

If you have any questions about this privacy policy or of our treatment of your personal data, email dpo@catch-22.org.uk or write to:

Data Protection Officer

Catch22

27 Pear Tree Street
London

EC1V 3AG

If you feel we have not processed your data correctly and in accordance with GDPR and the Data Protection Act 2018, you have the right to make a complaint to the Information Commissioners Office (body that regulates Data Protection).  Please visit https://ico.org.uk/ or call 0303 123 1113 in order to lodge a complaint with the regulator.

Catch22 Covid19 Privacy Notice

COVID-19 Privacy Notice addition

In the course of responding to the Covid-19 pandemic and providing you with the support you need, we will also temporarily keep the following information for 21 days to assist with any NHS Test and Trace requests:

Date and time of attendance
Full name
Address
Phone number
Email address
Emergency contact number
Address
Parent/Carers details (if individual is under 16)

We rely on the following as the lawful bases on which we collect and use your personal data:
‘Vital Interests’ (the processing is necessary to protect someone’s life), GDPR Article 6(1)(d);
‘Public Task’ (the processing is necessary to perform a task in the public interest or for our official functions), GDPR Article 6(1)(e).

This separate set of information will be held securely for the 21 days and then destroyed.  It will only be used to advise Public Health England, if you or someone within your group confirms or suspects that they have Coronavirus.

This information is:
subject to the same security measures in place to prevent it from being accidentally lost or used or accessed in an unauthorised way.
only to be accessed by those authorised and are subject to a duty of confidentiality

Data controller

Victim First is a service delivered by Catch22. Catch22’s data protection registration number is Z1473239.

Contact

If you have any questions about this privacy policy or of our treatment of your personal data, email victimfirst@catch-22.org.uk or write to:

Victim First, Leicestershire Police Force Headquarters, St Johns, Enderby, Leicester, LE19 2BX