Privacy Policy

1. The purpose of this policy
The Sunnybank Trust takes privacy seriously. This policy sets out how we use and keep safe any information that is given to us.

2. Who are we?
For the purposes of this policy, the Data Protection Act 1998 and (from 25th May 2018) the EU General Data Protection Regulation (GDPR), The Sunnybank Trust Ltd. (“Sunnybank”, “we”), are a “data controller”. This means we are responsible for and process any personal information you give us.
You can get in touch with us about this privacy policy and how we look after your data:
Email: info@sunnybanktrust.org
Phone: 01372 732376
Post: The Sunnybank Trust, St. Barnabas Church, Temple Road, Epsom, KT19 8HA
The Sunnybank Trust is a registered charity (charity number 1143663) and a company limited by guarantee (company number 7759018).

3. What information do we collect?
We may collect the following information:

  • Your name and any contact/personal information you provide to subscribe to our emails, to donate, to join as a member/support someone to join as a member, to volunteer, or to get in touch with us.
  • Other relevant information you provide to become a volunteer or join as a member (e.g. hobbies, languages you speak etc.).
  • Information about your computer and your visit to our website. See our cookie policy for more details.

Personal information is data that can be used as part of identifying you as an individual (e.g. your name, address, email address or phone number). Non-personal data can be helpful to us in developing and evaluating our services, but it can’t identify you as an individual. Some pieces of personal information are more sensitive. These pieces of information are known as sensitive personal information or special category data.

4. Sensitive personal information/special category data
Special category data is more sensitive and needs more protection. Examples of special category data, according to the Information Commissioner’s Officer are a person’s race, ethnic origin, political opinions, religious beliefs, genetics/health, sex life or sexual orientation.
Depending on how you get in touch with Sunnybank and how you are involved with our work (e.g. if you’re a member or volunteer) we may collect some of this information from you and you may choose or be required to provide details of a sensitive nature.
We may use this information as part of providing a service to you or someone you support (e.g. advocacy). We may also use this information for evaluating our work, and may share it with a third-party evaluation service, but this kind of evaluation will always be anonymised so your data cannot be connected to you as an individual.
We will not share your information without your permission apart from in exceptional circumstances and where we are required to do so by law. For example, if the information you provide us suggests you or someone you care for is at risk of abuse or exploitation etc. Please refer to our safe guarding policy for further details on how we address such issues.

5. Where do we collect your information from?
The majority of the data we collect will be information you have given to us directly, but we may also collect your data through third-parties where you’ve told them they can give us your data (e.g. if you donate using our JustGiving page and tell them that we can get in touch with you).
We may get your personal information from:

  • Emails/letters/phone calls you make to us,
  • Forms you fill in to volunteer or work with us,
  • Messages you send on our social media sites,
  • Donations you make to us/fundraising you tell us about,
  • Visits to our website (see our Cookie Policy)
  • Signing up to our e-newsletter
  • Other contact you make with us.

6. Why do we collect and use your information?
First and foremost, we collect your personal information because we need it for a specific reason, such as to contact you about your enquiry, to thank you for a donation, to tell you about your volunteering/the services you’ve joined, and to keep a record of your relationship with us etc.
We might also use your personal information to contact you about other Sunnybank news and how you can be involved/support us. We will only contact your about our work and how you can support Sunnybank if you have agreed for us to do so. However, if you have provided us with a postal address we might still send you information about our work and how you can support us that way. If you don’t want to hear from us via post please let us know.

7. How do we keep your information secure?
We treat all your personal data as confidential. We only allow people to access your personal information if they need to see it. We only access your personal information when we need to. We do not sell or lease your data.
We take reasonable steps to prevent the loss or misuse of your personal information, and to make sure it is treated securely and in accordance with this privacy policy by all those who have access to it (staff and volunteers). We train anyone who has access to personal information held by Sunnybank on how to treat data securely.
We store your personal information on a secure database and case-recording system that can only be accessed by the necessary staff and volunteers at Sunnybank. Paper copies of your information may also be stored securely at our offices. If you use our Advocacy service, paper copies of your personal information may also be stored at our advocates’ homes in secure, locked storage.
Our aim is to have all personal information on cloud-based systems and all paper copies stored securely in our offices by the end of 2020.
You are responsible for providing accurate information and we take steps to ensure the information you provide us with is only changed if you tell us it needs to be updated.
However, transferring data over the internet is not completely secure. We cannot guarantee the security of data sent via the internet, but we will always do our best to protect your personal information.

8. Who else do we share your information with?
We never sell or lease your information to anyone.
We might share your data with third party suppliers to help us do our work (e.g. our database and case-recording provider or email provider). We only use third-party suppliers where necessary to give you the best experience and to make our work efficient. We make sure they store your data securely and never use it for any other purposes than those we specified. We will only work with third-party suppliers who are compliant with the latest rules and regulations regarding data protection.

We currently use the following third party providers:

  • Microsoft Office 365 – we use this to send and receive emails, and store documents and pictures.
  • Google Drive – this is where we archive our old documents and photos.
  • Lamplight – this is our case recording and database system, where we store contact details, advocacy information and keep track of our relationships with people, groups and businesses.
  • Egress – a secure email system we use to contact Adult Social Services when required. This is used by our Advocacy Manager and Safeguarding Officer.
  • Xero – this is our accounting system that integrates with our bank account and helps keep track of donations and outgoings.
  • MailChimp – this is our email system for sending our monthly e-newsletter etc. so it holds our e-mailing lists.

We only share relevant and necessary bits of your information with our staff and the appropriate volunteers. This is to ensure you get the best and most efficient experience of Sunnybank.
We might share your information where we are required to by law or in connection with legal proceedings.

9. How long do we hold your data?
We hold your data for as long as is reasonable and necessary, either to fulfil our statutory obligations or as is required by the service or activity you are involved with.

10. How long does consent last?
We will, after a reasonable length of time, ask you to re-consent. This means we will get in touch to check you are still happy for us to hold your information and for us to keep processing it and contacting you. It will also be a way for us to check if you want to make any changes to your personal information or how we contact you.
But do remember, you can do that at any time by getting in touch with us.

11. How can you control your data?
All the data you give us remains yours. You can make changes to the personal data we hold on you at any time. You can ask to have your data removed from our records at any time. You can ask us to send you copies of any personal data we hold about you at any time by getting in touch. However, you may be required to provide appropriate evidence of your identity – such as a driving licence, passport or birth certificate – before we will give you the information requested or before we change it.
Subject access requests – where you ask us to give you all the data we hold on you, where we got it from and why we are processing it – may be subject to a fee of up to £10.
We will only contact you via email or phone about our work generally and how you can support Sunnybank if you have agreed for us to do so.

You can change your mind about how and if we can contact you at any time. To update your preferences, please get in touch.
You can reach us by:
Email: info@sunnybanktrust.org
Phone: 01372 732376
Post: The Sunnybank Trust, St. Barnabas Church, Temple Road, Epsom, KT19 8HA
You can also unsubscribe from emails by clicking the unsubscribe button at the bottom of the relevant email.

12. What about links and third party websites?
We may occasionally link to other websites. We are not responsible for the content, practices and privacy policies of third party websites, this includes our social media accounts and fundraising page providers (e.g. JustGiving). Linking or sharing to third party websites on our website or social media accounts does not mean we endorse everything expressed by those third parties.
We will always do our best to link to or work with other website providers who are compliant with the latest legislation on data protection.

13. What are your rights?
You have rights:
To be informed – this means we need to tell you about how and why we collect your data and what we do with it. Essentially, that’s everything we’ve laid out in this policy.
Of access – this means you can request a copy of all the data we hold on you.
To rectification – this means you can ask us to change any information we have on you if it’s inaccurate or incomplete.
To erasure – this means you can ask us to delete the personal information we hold on you, as long as we aren’t required to retain it by law.
To restrict processing – this means you can say no to us using bits of your personal information and ask us not to use it.
To data portability – this means you can ask us to provide you or a third-party a copy of the information we hold on you in an accessible, electronic format.
To object – this means your can say no to us using (processing) your information if we are relying on legitimate interest or for direct marketing purposes.

In relation to automated decision making and profiling – automated decisions are where an electronic system makes a decision without a human being involved. We don’t use automated decision making, but if we did you have the right to say no or challenge decisions made against you.

If you want to use any of these rights or make a complaint, you can do so by getting in touch via the contact information listed at the beginning of this policy.
You can find out more about your rights or also make a complaint to the Information Commissioner’s Officer (https://ico.org.uk/).

If you have any questions about how we look after your personal information, please get in touch:
Email: info@sunnybanktrust.org
Phone: 01372 732376
Post: The Sunnybank Trust, St. Barnabas Church, Temple Road, Epsom, KT19 8HA