Who are we?
We are Pembroke College Settlement, more commonly known as Pembroke House, and we’re a Southwark-based charity, working in our local community since 1885 (registered charity number 1177866).
What data do we collect from you?
Depending on whether you’re a service user who comes in to access our projects, a member of staff, a trustee, volunteer or visitor, we collect different kinds of information on you. We collect things like your name, email address or telephone number for contact purposes, but we may also collect more sensitive information from you, like information on your race, ethnicity and medical health.
Race and ethnicity information will be collected through an anonymous form in order to help various projects comply with the Equality Act 2010. Health information helps us to monitor the needs of our service users and determine if they might require additional assistance, depending on the nature of projects and work they are involved with. Sensitive financial information may also be collected for compliance purposes in accordance with UK law, such as for Right to Work checks.
How do we use this data?
- To provide you with the advice, support and services you’ve requested of us
- To facilitate the relationship that we have with you
- To manage and respond appropriately to enquiries and requests made of us
- To provide you with necessary updates about our projects
- To improve the projects and services we provide at Pembroke House
- To communicate to you information that we think might be relevant to you (via newsletters from which you can always unsubscribe)
- We may need to disclose your information to third parties if we are for any reason required to by law (for example, for compliance with certain laws, regulations and codes of practice, or in response to a valid request from a competent authority).
Use of sensitive information
If you have provided us sensitive health information, or have joined us through a referral from our partners at SLaM, we may hold information on you of a sensitive nature. We will always treat such information with extra care, though we have a legitimate interest (see below) to confidentially inform certain persons working with you of this information, for your safety and the safety of other individuals.
Outside this, we will not pass on your details to external organisations without your permission outside of exceptional circumstances. An example of this would be reports of serious self-harm or threats of harm to others, where we might need to call the emergency services to protect your vital interest. We periodically delete data when its retention period has expired, or when the need to continue holding such data is no longer necessary.
Who sees your data?
The personal information we collect about you will be used by our staff and volunteers in order to support you and provide services that you have requested of us. It will also be used by a select few organisations working with us or on our behalf to deliver our services, and by legal and regulatory authorities if required by law. We ensure that they store your data securely and delete it when it is no longer needed. Our donors and sponsors might also view information, but not before it has been anonymised or we have received your express consent to share certain personal information.
We will never sell or share your personal information with other organisations so that they can contact you for marketing activities.
On what legal grounds do we collect and process this information?
Pembroke House generally collects and processes the personal information that we hold on you on several bases:
- on the basis of consensual information that you have directly provided to us (e.g. by filling in a registration form),
- on the basis of a contractual obligation that we may have to you (e.g. as an employer),
- on the basis of a legal obligation that we may have to comply with law and ruling authorities (e.g. collecting and providing financial information on employees to HMRC), and
- on the basis of the legitimate interests of our charity (e.g. directly marketing our projects to you via email or post). See more on our legitimate interests below.
In extreme situations, such a medical emergency, we may rely on the basis of vital interests in order to share your personal information with emergency services if it is necessary to the preservation of your life or another person’s. In such a scenario, we will afterwards try to inform you of how we used your information in response to this emergency situation.
Your information might be used to send you details of products or services that we offer that we believe may be of interest to you, based on preferences you indicated when you contacted us through online data capture forms, paper-based forms and our social media networks (such as Twitter, Instagram and Facebook).
We will only send you information about our events, services and news where you have expressly signed up to receive such with your email address, and/or where you have completed a paper based form and indicated that you wish to receive information from us through a specified communication channel – typically, email, telephone or by post.
If at any point you would like to update your communication preferences or opt out of our communications, please see the updating and accessing your information section below. You can click the ‘unsubscribe’ link in the footer of the emails we send you.
How long do we keep your information?
We will not retain your personal information for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed, subject to certain legal obligations we must comply with or to legitimate interests that we may pursue (and as identified above).
We hold personal data relating to:
- Donations made to us – for seven years from the date of the last donation
- Legacy donations – for seven years after date of legacy being received
- Volunteers – for five years since you last volunteered with us
- Employees – for six years since you left our employment or for one year from the date of your application if you are an unsuccessful applicant
- Newsletter subscriptions – you can unsubscribe from these at any time
- Registrations for a community project or club that we run – for two years from the date that you last attend project activities or communicate with us (a member of staff or volunteer), unless you request the erasure of your information before that time; or else as soon as that project comes to an end
- Purchasing services, such as venue hire – for three years from the date of purchasing the service.
We are legally required to hold some personal information permanently or for fixed periods in order to fulfil statutory obligations, for example for the collection of Gift Aid. You may withdraw your consent to any usage of your data at any time, with no need to specify a reason. You can do this by emailing us at firstname.lastname@example.org (please include ‘My Personal Data’ in the subject title) or calling us at 020 7703 3803.
What rights do you have?
You have the following rights to your information:
- The right to be informed about the ways in which your personal information is being collected and processed
- The right to access your personal information and supplementary information. An access of information request is free of charge, unless we deem such requests manifestly repetitive, unfounded or excessive, in which case we may charge a £10 fee based on the administrative cost of providing the information
- The right to rectification of your personal information (you can ask us to make changes to information we hold on you through the communication channels we highlighted above)
- The right to erasure of your personal information in certain circumstances
- The right to restrict processing of your personal information in certain ways, or to allow us to store the data but not process it further
- The right to data portability, that is, to obtain and reuse your own personal data for your own purposes across different services
- The right to object to certain forms of data processing
- Rights in relation to automated decision making and profiling.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that your data has been processed in a way not compliant with the GDPR, which you can do by calling the ICO helpline on 0303 123 1113 or contacting them via their website.
Updating and accessing your personal information
You have the right to see the personal information that we hold on you. To obtain a copy of this personal information, you may contact us at the following channels:
80 Tatum Street
London SE17 1QR
Email: email@example.com (please use the subject title ‘My Personal Data‘)
Tel: 020 7703 3803
You may also use the above communication channels to ask us at any time to update your details, and to correct or remove information you believe is inaccurate.
Our legitimate interests
We have a number of legitimate interests that we believe are necessary to our role as a charity, and we make sure that we will comply with the three-step test of:
- Whether the action we seek to carry out is a legitimate interest
- Whether it is necessary, and
- Whether there is an appropriate balance between our legitimate interests and the interests and rights of the individual(s) affected by our exercise of that action
Our legitimate interests are:
- To directly market to you what we consider necessary to promote our charity work, where you have provided your email address to us and not opted out
- Processing some personal and financial information about our employees, either in-house or via external providers
- Analysing information provided to us in order to determine if marketing is relevant to certain individuals (but we do not engage in any form of automated profiling)
- Taking security measures that may affect our service users, in order to safeguard both their data and our own
- Processing donations
- Retaining certain information or data for historical/archival purposes which are connected to our long history as a charity
- Using images, names, and other non-sensitive information about employees and volunteers in our annual report and other publications, on our website or social media, and in presentations to the public or funders
- Sharing the sensitive health information of service users with specific and relevant staff, volunteers and contractors delivering services on our behalf, only when these specific groups of people are working with those service users about whom we hold sensitive health data
- To process the information of individuals listed as emergency contacts by our service users, volunteers and employees with the processing restricted only to contact in an emergency situation
Last updated 27.06.18.
About this website
We have followed these privacy principles when designing and building this site to ensure your visit is a positive experience:
- No third party tracking pixels
- Only use our database
- Anonymise everything
We don’t use any cookies from third parties that could be used to build up a picture of your behaviour on this and / or other sites around the web. By not allowing tracking pixels or using services whose business models are based on the monetisation of your personal data, we protect you from harm.
The only cookies we set are for our analytics.
Analytics & GDPR compliance
We use Matomo Analytics to understand how users use our site. All data collected is stored within our own database, which means that no other business or organisation can access any of this information.
We anonymise all IP addresses so there is no personally identifiable information (PII) being collected or stored.
We have not displayed a cookie notice with an opt-in since we are operating under the basis that none of the data we are collecting is PII and we have a legitimate interest in understanding how people use the site so we can constantly improve the site.
The site respects Do Not Track, but you can opt-out of our anonymous tracking using the following section:
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Embedded content from other websites
Articles on this site may include embedded content (e.g. YouTube videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.