Our privacy notice
This privacy notice is designed to outline how Saving Lives UK uses Personal Data to both operate as a Charity and employer, and how we deliver our services to you.
We’ve written this in as plain English as possible, however we do need to outline some legal things to you in certain places. We have tried our best to do this as plainly as we can. If you do have any queries, however, do get in touch and we’ll be happy to help.
Who ‘we’ are & how you can reach us
‘Saving Lives UK’ is the ‘controller’ for the personal information we process, unless otherwise stated. Saving Lives UK is a registered charity in England and Wales under reference 1144855.
Where we have a direct relationship with you then we are often responsible for, and the controller of, your Personal Data. For example, if you came directly to us for a testing kit or if we employ you.
However, where a Council or NHS trust (or other) has commissioned or contracted a service to us, and we do it on their behalf, it is likely they are the data controller, and we share your data with them. In those situations, you will be informed of you your data controller is.
There are many ways you can contact us, including by phone, email and post. A full list of how you can reach us can be found on this page of our website.
Our postal address is:
Saving Lives
Lifford Hall
Lifford Lane
Kings Norton
Birmingham
B30 3JN
Our main telephone is: 07838 214191
Our Data Protection Officer’s contact details
As a small charity we rely on a third-party specialist company to help us with our Data Protection obligations. Our Data Protection Officer is Scott Sammons at Lighthouse IG. You can contact him at scott@lighthouseig.com.
Why and how do we use your Personal Data?
All our ‘reasons’ for using your personal data are known as ‘purposes’. Each purpose must be justified under the UK GDPR for it to be ‘lawful’.
We have therefore listed our various purposes below, and the justification for each one under Article 6 (for your basic personal data like your name) or Article 9 (for your special category data like your health data) of the UK GDPR.
You have made a request to us for a postal testing kit. This is primarily based on your consent. More information can be found on the TakeATest website here.
You have a complaint or enquiry to us. We use our legitimate interests to use any Personal Data to investigate your complaint or answer your enquiry. We will avoid the use of any Special Category data unless we are legally obligated to use it to resolve your complaint.
You wish to attend, or have attended, an event. Depending on the nature of the event will depend on whether we use your data with your consent (for free events) or under contract where you have paid to attend. For some events where food is provided, we collect your allergy or other information to meet our legal obligations.
You have donated to us. Where you have donated some money to use either via cheque or our fundraising page, we collect basic information on you to process the payment. Most of this is a legal obligation to ensure the payment is validated and to meet tax and account purposes.
You subscribe to our e-newsletter or other marketing. We use your data to send you the newsletter or other promotional material with your consent.
You have applied for a job or secondment with us. We use your Personal Data as part of the recruitment and onboarding process. This will be in line with your contract of employment and UK employment law. Some information may also be used to meet our legal obligations as a Charity. This is outlined to people as part of the onboarding process.
You are representing your organisation and working with us on a project, campaign or initiative. We will use our legitimate interests to use your data to work with and liaise with you. This might vary depending on the project; therefore, we will outline anything specific to you as you get involved with that project, campaign or initiative.
You have made an information request to us. We process all your personal data to meet our legal obligations under the UK GDPR and Data Protection Act 2018.
Do we process information on Children?
We do not provide services directly to children or proactively collect their personal information. All our services are aimed at people over the age of 18.
Where do we get your data from?
Most of your personal data we get from you directly. However, there might be some situations where we get personal data on you from somewhere or someone else.
These might include:
- We have received the results of our postal testing kit which you requested and returned.
- We have contacted an organisation about a complaint you have made, and it gives us your personal information in its response.
- We have been contacted by another organisation in respect of a Subject Access Request that you have made.
- A complainant refers to you in their complaint correspondence.
- An employee of ours gives your contact details as an emergency contact or a referee.
If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.
As part of the work of Saving Lives UK, we process special category data. Please read our Safeguards Policy for details of how we might handle such data, especially in sensitive situations.
Do we share your information?
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We do use external service providers in the UK for the case management system we use to manage our IT systems and services as well as our website and provide our DPO (Data Protection Officer) services.
In some circumstances we are legally obliged to share information. For example, under a court order. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
We may also share your information in the event of the non-payment of any monies owed to ourselves as a Charity by yourself. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty. As a result, Saving Lives UK will share personal data with the litigation and recovery specialists it instructs for them to identify assets and undertake recovery action through the courts.
Does your data leave the UK?
Where possible we aim to keep Personal Data within the United Kingdom. However, where a supplier is based outside of the UK, we have and will ensure that the supplier meets the requirements under the UK GDPR and appropriate safeguards are put in place.
How long do we keep your data for?
Typically, we keep data for around 6 years, however this is not always the case, especially for ongoing services between us. We will publishing our full retention schedule shortly which will outline all the different retentions we have. In the meantime, if you wish to know more, please contact our DPO.
Use of our website & ‘cookies’
We use cookies on our website to both help the website function and to learn more about which parts of the website are uses over others. We will obtain your consent for the use of these analytical, performance and advertising cookies before they are placed on your device.
You can control and find out more about all the cookies we use via clicking on the blue cookie icon at the bottom left-hand side of our website.
Links to other websites
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
Your data protection rights
Under data protection law, you have rights we need to tell you about. The rights that you have depend on the reason we have for processing your information.
Right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
Right to object to processing
You have the right to object to processing if we can process your information because the process forms part of our contractual obligations or is in our legitimate interests.
Right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Please contact us at scott@lighthouseig.com if you wish to exercise any of your rights under Data Protection law.
Your right to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at scott@lighthouseig.com and we’ll respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to us.
Changes to this privacy notice
We keep our privacy notice under regular review to make sure it is up to date and accurate. This notice was last updated in July 2024.