Privacy policy
Age UK Oxfordshire Privacy Notice
- Introduction and contact details
Age UK Oxfordshire and Action for Carers Oxfordshire (“the Charity”) are committed to protecting and respecting your privacy.
This privacy notice explains when, how and why we collect personal information about people who receive a service from us or visit our websites. It explains how we use that information, the conditions under which we may disclose it to others, and how we keep it secure.
Queries regarding this policy and our privacy practices should be sent to our reception team in the first instance. Contact details for our reception team:
- Email: contactus@ageukoxfordshire.org.uk
- Telephone: 0345 450 1276
- Post: Age UK Oxfordshire, 9 Napier Court, Barton Lane, Abingdon OX14 3YT
- Who are we?
Age UK Oxfordshire is an independent local charity dedicated to helping everyone make the most of later life.
Action for Carers Oxfordshire supports unpaid adult carers aged 18 or over who care for a child or adult unable to do something for themselves.
Age UK Oxfordshire is a registered charity (no. 1091529) and a company limited by guarantee (no. 04328143). The registered address is 9 Napier Court, Barton Lane, Abingdon, OX14 3YT. The Age UK Oxfordshire Group comprises Age UK Oxfordshire, its trading subsidiaries, and Action for Carers (Oxfordshire) Ltd (charity no 1149577). We are a brand partner of Age UK.
- What is Personal Data
Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details and less obvious information such as identification numbers, electronic location data, and other online identifiers.
- How Do We Collect Your Data?
Depending on how you use our websites and services, we may collect your personal data either directly from you when you contact us via the website, phone, email, in-person, or social media or indirectly from a relative, carer, volunteer, referral from a healthcare or social care professional, or publicly available sources, such as records of recently deceased individuals.
- What Data Do We Collect and Why It’s Collected
Under the Data Protection Legislation, we must always have a legal basis for using personal data. The table below also describes the type of personal data we process, the purpose for processing and our lawful basis for doing so.
Type of personal data |
Purpose |
Legal Basis |
Special Category? |
Contact details of Service User |
· The team can contact individuals about support/services being provided. · Ability to demonstrate engagement with service. · Respond to initial enquiries/signposting.
|
Legitimate Interests |
N |
Details of carer / relatives |
· Understand situation. · Provide support to a carer if needed. · Emergency Contact. · Legal Power of Attorney (decision-making required). · Respond to initial enquiries/signposting.
|
Legitimate Interests |
N |
Financial information |
· Assess eligibility for financial support services. · Provide information and advice on potential financial options. · To process a donation or fees. · Collection of Gift Aid |
Legitimate interests
Legal Obligation |
N |
Health Information |
· Assess suitability/requirement for support and services. · Understand situation. · Understand eligibility for onward referral (internal and external to AUKO) · Provide advice and guidance. · Delivery of services.
|
Legitimate interests |
Y
|
Case notes |
· Recording services delivered, changing needs, conversations, referrals made etc |
Legitimate Interests |
N |
Entire Case Files |
· Demonstrate work done with service users for internal and external audit and accreditation purposes. · AUKO legal defence in case of challenge |
Consent Legitimate Interests |
Y |
Activities engaged with |
· Events or sessions attended (e.g., physical activity sessions). |
Legitimate Interests |
N |
Photo / Image |
· For use in marketing materials (hard copy and electronic). |
Consent |
N |
Email address |
· Send email newsletter. · To send you updates on campaigns, appeals and other fundraising activities, and promotion of our services. · Used to respond to questions, enquiries, and general correspondence, to seek your views or comments on the services we provide. · To invite you to a meeting etc. |
Consent
Legitimate Interests |
N |
Safeguarding alerts |
· To protect AUKO Team when there are known safeguarding issues. · To ensure AUKO are protecting the service user, and those individuals around them. |
Legitimate Interests |
N |
Management Reports / Analytics |
· Aggregated numbers to support service improvement / understanding. · Individual’s data informs the aggregate, but no individuals identified in the reporting |
Legitimate Interests |
N |
Digital Information |
· IP Address · Which web pages on our website have been accessed |
Consent |
N |
We do collect ‘special categories of personal data’ (e.g., health data, ethnicity, and sexual orientation) on individuals either referred to our services or accessing our services. To process this type of sensitive information, we are required under Data Protection Legislation to identify a condition for processing, which we have listed below:
- Where we are under contract with the Oxfordshire County Council, we rely on Processing, which is necessary to carry out the obligations and exercise specific rights of the controller or of the data subject in the social security and social protection law field.
- Where we are not under contract, we will rely on processing if necessary for reasons of substantial public interest, on the basis of Domestic Law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject”.
With your consent and/or where permitted by law, we use your personal data for marketing purposes, including contacting you by email or telephone and posting information, news, and offers on our services. You can withdraw your consent at any time.
You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003.We will always obtain your consent before sharing your personal data with third parties for marketing purposes, and you will be able to opt-out at any time.
- How Long Will You Keep My Data?
We are legally required to hold certain information to fulfil our statutory obligations (for example, the collection of Gift Aid). Where there is no legal or contractual requirement to retain your data, we will not keep your personal data for any longer than is necessary, considering the reasons for which it was first collected.
Where we no longer need to retain your data, we will delete it securely in line with our data protection policies.
- Do You Share My Data?
If you have used our services, we may occasionally share basic, anonymised demographic and service information with Age UK, the national charity, so they can help us monitor and improve the services we provide. When we do this, we will do so under the lawful basis of legitimate interests and the information we share will not include your name or contact details unless we ask you and you consent to do so for a specific purpose, such as sharing your story.
We share information across Age UK Oxfordshire to provide the best service possible. When required, we will share your information with other third parties, including NHS and Social Care partners, and will do so under the agreed data-sharing agreement.
Where we provide a service to you under contract with a third party (such as Oxfordshire County Council) we may share your data with them to assess the effectiveness of our service and to ensure service continuity. When we share your data in this way we will do so under the lawful basis of legitimate interests and in line with an agreed data sharing agreement. The third party will not share your data with others except for anonymised aggregate data from which you will not be identifiable.
In some limited circumstances, we may be legally required to share specific personal data, including yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We contract several third parties, including Microsoft Office 365, Salesforce, Cezanne, Care For, and Oxford Code Labs, to deliver specific technical solutions. We ensure that your personal data is handled safely, securely, and under your rights, our obligations, and the third party's obligations under the law.
- How and Where Do You Store or Transfer My Data?
We do store some or all your data in countries outside of the UK. These are known as “third countries”. We will take additional steps to ensure that your data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:
- We will only store or transfer personal data in or to countries deemed to provide adequate protection for personal data. Please refer to the Information Commissioner’s Office for further information about adequacy decisions and regulations.
- We will use specific approved contracts that ensure the same levels of personal data protection that apply under the Data Protection Legislation. For further information, please refer to the Information Commissioner’s Office.
Please contact us using the details provided at the beginning of this notice for further information about the data protection safeguards used by us when transferring your data to a third country.
- How Secure is My Personal Data?
The security of your data is essential to us, and to protect your data, we take several important measures, including the following:
- Limiting access to your data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality.
- Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data), including notifying you and/or the Information Commissioner’s Office where we are legally required.
- Any sensitive data transferred via our websites is encrypted and protected using 256-bit TLS 1.2 encryption.
- When you are on a secure page, a lock icon will appear in the address bar of web browsers such as Microsoft Internet Explorer.
- Non-sensitive details (your email address, etc.) are transmitted normally over the Internet, which can never be guaranteed 100% secure.
As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we will ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
- What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e., the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e., prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. If we rely on your consent as the legal basis for using your personal data, you can withdraw that consent at any time.
- The right to data portability. It gives you the right to receive personal data you have provided to Age UK Oxfordshire in a commonly used and machine-readable format (e.g.,. a Word document). This right applies when our legal basis for processing the data was consent or necessary for the performance of a contract, and the processing was carried out by automated means.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Further information about your rights can be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
You can complain about how we handle or process their personal information with the Information Commissioner’s Office (ICO). Complaints can be submitted to the ICO either in writing, via phone or on the ICO website, and the details are as follows:
- Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- Phone: 0303 123 1113
- Website: https://www.ico.org.uk
- How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details and a copy (where any such personal data is held). This is known as a “subject access request”. To obtain our subject access request form or to make a subject access request, you can use the contact details below:
- Email: contactus@ageukoxfordshire.org.uk
- Telephone: 0345 450 1276
- Post: Age UK Oxfordshire, 9 Napier Court, Barton Lane, Abingdon OX14 3YT
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests), a fee may be charged to cover our administrative response costs.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response within that time, including a copy of your personal data. In some cases, however, if your request is more complex, more time may be required. You will be informed of our progress and will always receive a final response within three months of the date we receive your request.
- Changes to this Notice
We will post Any changes to this policy on our website. If we make any significant changes, we'll make this clear on our website.
- Review of this Notice
This policy is reviewed annually and may change during a review. This privacy notice was last updated on 19th July 2024.