Privacy Policy

Welcome to the Herts Mind Network privacy notice.

We want everyone who supports us, or who comes to us for support, to feel confident and comfortable with how we look after your personal information.

This Privacy Policy explains how we collect, use and store your personal information. Personal information means any information that could identify you.

The Herts Mind Network Privacy Policy may change so please remember to check back from time to time.

This version was updated on 22nd May 2024.

This privacy policy applies to all websites under the control of Herts Mind Network :

www.hertsmindnetwork.org

www.hertfordshiremindtraining.org

www.nightlightcrisis.org

This privacy policy also applies to our Children & Young People’s services at www.withyouth.org

To find out more about this policy and how we look after your personal information, contact our Marketing team at [email protected] or on 020 3727 3600.

 

1. Who we are

Here at Herts Mind Network , we are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.

We are a “data controller” for the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (“Data Protection Law”). This means that we are responsible for the processing of your personal information.

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below.

Emailing at [email protected]

Writing to , The Wellbeing Centre. 501 St Albans Road, Watford, Hertfordshire. WD24 7RZ

Calling us on 020 3727 3600

Emailing to [email protected] 

Charity number: 1112487

Company number: 5532977

ICO Registration Number:  Z1045032

2. How we collect information about you

Everything we do, we do to ensure that we can help people experiencing a mental health problem get both support and respect. We want to make sure you receive the information and communication that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. 

We collect information from you in the following ways:

When you interact with us directly:

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • create an account on our website;
  • make a referral to our services and access our services. 
  • request marketing to be sent to you e.g. our newsletter;
  • give us some feedback e.g. email or survey
  • register with us for training or an event
  • make a donation to us
  • purchase something
  • complete a survey
  • apply for a job or volunteering opportunity
  • or otherwise provide us with your personal information.

This includes when you phone us, visit our website, make a referral to our services and access our services, make a purchase from our shops, or get in touch through the post, or in person.

When you interact with us through partners or suppliers working on our behalf: This could be if you access a service which is delivered through a trusted organisation working on our behalf and always under our instruction.

When you interact with us through third parties:

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with.

  • All our website financial transactions are handled through our payment services provider, Stripe. You can review the provider’s privacy policy at https://stripe.com/gb/privacy . Direct Debits are handled through GoCardless. You can review the provider’s privacy policy athttps://gocardless.com/legal/privacy/
  • We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use “cookies” to help our site run effectively. There are more details below – see ‘Cookies’.

We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.

3. Information we collect and why we use it

Personal Information

Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase or donation), as well as information you provide in any communications between us. You will have given us this information while making a referral to our services, making a donation, registering for an event, placing an order on our website or any of the other ways to interact with us.

We will mainly use this information:

  • To process referrals to our services, ensuring that you receive the right support from the right team.
  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services or goods that you have requested.
  • To update you with important administrative messages about your donation, an event or services or goods you have requested.
  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.
  • If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide goods and services you have requested.

We may also use your personal information:

  • To contact you about our work and how you can support Herts Mind Network  (see section 6 on ‘Marketing’ below for further information).
  • To invite you to participate in surveys or research.

Sensitive Personal Information

If you share your personal experience or the experiences of a friend or relative, we may also collect this health information. If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy.

You can of course decide if you want to remain anonymous, if you are happy to share your personal details with staff members or if you would like us to share your story with the media or other parties as part of our work telling people’s personal stories about mental health.

A special note about the Sensitive Personal Information we hold

Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.

If you contact us by phone at Herts Mind Network or in other more general communications with us such as blogs or emails, you may choose to provide details of a sensitive nature.

We will only use this information:

  • For the purposes of dealing with your enquiry, training, and quality monitoring or evaluating the services we provide.
  • We will not pass on your details to anyone else without your explicit consent except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
  • Where you have given us your explicit consent or otherwise clearly indicated to us (for example, by submitting your story to us) that you are happy for us to share your story, then we may publish it on our blog or in other media.

Information about Children and Young People

We receive data about children and young people if they access our services, decide to fundraise for us, and we may collect data about children for events we organise specifically for young people or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people under the age of 13.

4. Legal basis for using your information

In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you (for example, because you have placed an order on our website).

However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Herts Mind Network  to process your information to help us to achieve our vision of ensuring that everyone experiencing a Mental Health problem gets both support and respect.

Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.

Some examples of where we have a legitimate interest to process your Personal information are where you are accessing a service that we provide, we contact you about our work via post, use your personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.

Cookies

When you first visit our website, we will ask for consent to set any cookies (and to process any personal data collected by these cookies) which are not strictly necessary to make our pages work: you will be able to set your preferences at this stage. Where cookies are strictly necessary, we consider that we have a legitimate interest in processing the personal data they collect.

You can always withdraw your consent by clearing cookies from the cache in your computer and rejecting them next time you visit our site.

We may also use similar technologies to identify when our emails are opened. This allows us to identify whether our marketing campaigns are effective and we consider that we have a legitimate interest in doing so.

For more information about our use of cookies and tags, different types of cookies, the information they collect and further information about how you can control the types of cookies that are placed on your browser, please see How we use Cookies.

5. International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

The only exception to this is in relation to financial transactions and the Tidio platform which hosts our With Youth instant messaging service

Financial transactions

All our website financial transactions are handled through our payment services provider, Stripe.

You can review the provider’s privacy policy at https://stripe.com/gb/privacy. Direct Debits are handled through GoCardless. You can review the provider’s privacy policy at https://gocardless.com/legal/privacy/

With Youth instant messaging 

Our With Youth instant messaging platform on our Children and Young People’s website www.withyouth.org is hosted by Tidio. You can read the provider’s privacy policy at https://www.tidio.com/privacy-policy

6. Marketing

We will only contact you about our work and how you can support Herts Mind Network  by phone, email or text message, if you have agreed for us to contact you in this manner.

If you agree for us to contact, you through one of these channels we will send you information about our work and how you can help us to make sure that everyone experiencing a mental health problem receives both support and respect. As well as sharing our latest news, we will contact you about events and fundraising for Herts Mind Network , our campaigns and the many ways you can shape our work.

However, if you have provided us with your postal address we may send you information about our work and how you can support Herts Mind Network  by mail unless you have told us that you would prefer not to hear from us in that way.

You can update your choices or stop us sending you these communications at any time by contacting [email protected] or clicking the unsubscribe link at the bottom of the relevant communication. Please note that when you update your communication preferences it can take up to 28 days to take effect across all of our systems.

7. Sharing your Information

The personal information we collect about you will mainly be used by our staff (and volunteers) at Herts Mind Network so that they can support you.

We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

Herts Mind Network may however share your information with our trusted partners and suppliers who work with us or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.

Each local Mind is an independent Charity and affiliated to National Mind through a membership agreement. On occasions we will share your personal information with national Minds to ensure that they are able to provide their services effectively, when there is a reason to do so we will only share your personal information with national Minds with your consent.

With Youth

We share anonymised information with the organisations that fund the projects so they can monitor our contracts, but we do not share any personal information with them.

The only time we will provide identifying data is for a legal requirement.  The data that you provide us with will not be on your medical record.

As we receive funding from the NHS, we are required to provide information to NHS digital via the mental health services data set (MHSDS) which supports access rates into mental health services.

If you would like to opt out of this, please ring NHS Digital Contact Centre on 0300 303 5678.

Legal disclosure

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.

8. Keeping your information safe

We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.

Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.

We use a cloud based Client Record Management (CRM) platform called Charity Log to securely store all of our service data. This CRM has been designed specifically for charities and other service providers. All client data is held on servers operated by Rackspace and are located in the UK. 

Charity Log Privacy Policy

 

9. How long we hold your information for

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

Clients

The retention period for the majority of our service contracts is seven years. This means that we will keep your data for seven years.

For our children and young people’s services we retain data until the individual’s 21st birthday.

Applicants for vacancies

If you send us an application for a job vacancy or volunteer role with Herts Mind Network we will retain your data for a period of six months. 

Donors

If you make a donation to Herts Mind Network through this website, we will retain your data for a period of six months after your donation. The only exception to this is where an individual has also signed up to our receive our newsletter. 

 

10. Your rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at Herts Mind Network, The Wellbeing Centre. 501 St Albans Road, Watford, Hertfordshire. WD24 7RZ, by email at [email protected] and by phone on 020 3727 3600.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

The ICO’s address:

Information Commissioner’s Office Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113 ICO

website: www.ico.org.uk

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

  • Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing and provide us with evidence of your identity.
  • Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
  • Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
  • Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, or you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
  • No automated decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances, where one of your rights does not apply, we will communicate the reason to you.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.