- Our websites
- Social Media
- Any personal information you provide to us by phone, SMS, email, in letters and other correspondence and in person
- Any personal information you provide to us through your interaction with / use of any of our products / projects
VAST is registered as a Data Controller under the Data Protection Act. Certificate of registration number – Z6086369.
- What information we may collect and why we collect it
- How we will use information we collect about you
- When we may use your details to contact you
- Whether we will disclose your details to anyone else
- Your choices regarding the personal information you provide to us
VAST is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 1998 (these laws are referred to collectively in this Privacy and Cookies Policy as the “data protection laws”).
We have appointed a Data Controller to oversee our compliance with data protection laws. They can be contacted by emailing Danni.firstname.lastname@example.org who has overall responsibility for data protection compliance in our organisation.
Who are we?
VAST is a registered charity and a company limited by guarantee (Registered Charity No. 1049663; Company No. 2000818). Established in 1920, VAST delivers a range of business services to the VCSE and a number of projects supporting organisations and individuals.
Your rights as a data subject
You have the following rights in relation to your personal information:
- The right to be informed about how your personal information is being used
- The right to access the personal information we hold about you
- The right to request the correction of inaccurate personal information we hold about you
- The right to request the erasure of your personal information in certain limited circumstances
- The right to restrict processing of your personal information where certain requirements are met
- The right to object to the processing of your personal information
- The right to request that we transfer elements of your data either to you or another service provider
- The right to object to certain automated decision-making processes using your personal information
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us at email@example.com.
If you are unhappy with the way we are using your personal information, you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.
Giving Consent to VAST will only be undertaken where the individuals have:
- A genuine choice and level of control over how your data is used
- The right to only opt-in to give consent with no pre-ticked or implied consent options
- Individuals are made fully aware of what they are consenting to
- The right to withdraw consent at any time by speaking to a member of staff or email firstname.lastname@example.org
- The right to know the purpose of collecting and processing your data
There may be the need for VAST to collect and process personal data without consent in the fulfilment of its duties and obligations where appropriate. (For example: in the fulfilment of legal obligations in the delivery of contracts etc).
VAST will hold a copy of your consenting action in relation to who consented, when and how you were told. This information will be kept by VAST for as long as is deemed appropriate.
Collecting Personal Information
When you engage with one of VAST’s services or projects, you may provide us with or we may obtain personal information about you, such as information regarding your:
- Personal contact details that allows us to contact you directly such as name, title, email addresses and telephone numbers
- Date of birth
- Membership details including start and end date
- Records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us
- Any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you
- CCTV footage and other information obtained through electronic means such as swipecard and key fob records
- Records of your attendance at any events hosted by us
- Images in video and/or photographic form and voice recordings
- Your marketing preferences so that we know whether and how we should contact you
Within certain projects or contracts, often commissioned services, we may also collect, store and use the following ‘special categories’ of more sensitive personal information regarding you:
- Information about your race or ethnicity and sexual orientation
- Information about your health, including any medical condition, health and sickness records, medical records and health professional information
Children’s information is also classed as ‘special category’ data. Parental or Guardian consent is requested for all usage of data for children and adolescents up to the age of 16.
Using Personal Information
We use information we collect to provide you with services which you request and to improve our existing services.
When you contact us, we may keep a record of your communication to help solve any issues that you might be facing. Your information may be retained for a reasonable time for use in future contact with you, or for future improvements to our services.
In the event the information you provide to us is an application for employment, that application will be held in accordance with our Document Retention Policy.
Why we process your personal data:
How It’s Justified
- Fulfilling contracts
- Legal obligations
- Your consent
- Our legitimate interests
Our legitimate Interests
- Complying with laws or regulations that apply to us
- Being efficient about how we fulfil our legal duties and contractual duties
- Maintaining our records
- Developing or improving products and services and determining who may be interested in them
- Letting you know about relevant products and services
- Obtaining your consent when needed
- Conducting brand image and reputation protection activities to support and grow the business
Sharing Personal Information
We may also use or disclose your personal information when we believe, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of VAST, VAST’s users, or others. VAST reserves the right to transfer and disclose your information if VAST becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.
Unless otherwise specified or prohibited, VAST may share information with affiliates, business partners, service providers, subsidiaries or contractors who are required to provide you with services which you have requested from us.
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.
Generally, where there is no legal requirement we retain all physical and electronic records for a period of twelve months after your last contact with us. At this point, some of the data may be retained for statistical purposes but the majority will be deleted from our records.
Full details of how we manage the retention of data is outlined in our Data Retention Policy.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address. Changes can be made by emailing email@example.com.
We like to tell you about other services we offer. When you are accessing a service, project or becoming a member of VAST we will ask if we can market to you. We will also ask how you would like to be contacted.
All communication preferences last for as long as you are a member with VAST or use our services. At the end of your membership your data will be retained in line with our Data Retention Policy.
Within all electronic communications, there will be the option to directly unsubscribe or you can email firstname.lastname@example.org.
At any time, you are able to alter your preferences by emailing email@example.com.
The security of your personal information is important to us. We follow generally accepted best practice standards to protect the personal information submitted to us, both during transmission and once we receive it.
We use all reasonable measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our sites, we use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under our control. We also employ a range of measures and processes for detecting and responding to inappropriate attempts to breach our systems.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and VAST encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
Our websites are key communication tools for us. We take interaction with our website and the safety of our users very seriously.
Cookies are a technology that can be used to help personalise your use of a website. A cookie is an element of information that a website can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or decline at any time. To enable VAST to assess the effectiveness and usefulness of our sites, and to give you the best user experience, we collect and store information on pages viewed by you, the way in which you browse our websites and similar information.
Our sites makes use of strictly necessary and anonymous cookies for the purposes of:
- Storing your personal preferences
- Research and development
- Anonymous user analysis and decision-making
Social Media and Online Engagement other than the VAST Website
We use a variety of online engagement tools and social media options to communicate and interact with members, clients, potential clients, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, we use certain third-party platforms including, but not limited to, Facebook, Twitter and LinkedIn. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by VAST. When interacting with the VAST presence on those websites, you may reveal certain personal information to VAST or to third parties. Other than when used by VAST employees for the purpose of responding to a specific message or request, VAST will not use, share, or retain your personal information.
Employee Personal Information
We also collect personal information from our employees and from job applicants (human resource data) in connection with administration of our human resources programs and functions.
These programs and functions include but are not limited to; job applications and hiring programs, compensation and benefit programs, performance, review and development processes, training, access to our facilities and computer networks, employee profiles, employee directories, human resource record keeping, and other employment related purposes.
It is the policy of VAST to keep all past and present employee information private from disclosure to third parties. There are certain business-related exceptions and they are:
- To comply with local, regional, national contractual legislation requests
- Inquiries from third parties with a signed authorisation from the employee to release the information, except in situations where limited verbal verifications are acceptable (see below)
- Third parties with which VAST has contractual agreements to assist in administration of company sponsored benefits.
Prospective employers, government agencies, financial institutions, and residential property managers routinely contact VAST requesting information on a former or current employee’s work history and salary. All such requests of this type shall be referred to and completed on a confidential basis by the payroll department. For written verification of employment requests, information will be provided on the form only when it is accompanied by an employee’s signed authorisation to release information. The form will be returned directly to the requesting party and filed as part of the payroll department’s confidential records.
Compliance, Monitoring & Enforcement
VAST adheres to the Data Protection Act 1998 and the General Data Protection Regulations.
We do not transfer data outside the EU.
Accessing and Updating Your Personal Information
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address.
If you have provided us with your personal information, you have the right to inspect the information stored by us for accuracy or may request that the information be removed from our records. We will make all reasonable efforts to comply with such requests except where it would require a disproportionate effort (for example developing a new system or changing an existing practice).
We will require that you verify your identity before we act on a request to edit or remove your information.
Requests to update or any requests regarding your personal data held by VAST can be made by emailing firstname.lastname@example.org.