Bereaved by Suicide – Contact HOPE on 07548 315080

CONTACT US
HOPE Logo

CLICK HERE
for
Immediate Support

Privacy Policy

Privacy Policy

This privacy policy sets out how HOPE After Suicide Loss uses and protects any personal information we collect about you.

HOPE After Suicide Loss is committed to ensuring that your privacy is protected and your data is secure under the General Data Protection Regulation (GDPR). Should we ask you to provide certain information by which you can be identified when using this website or supplying information by email, in writing or by phone then you can be assured that it will only be used in accordance with this privacy policy.

HOPE After Suicide Loss may change this policy from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes.

FAQs

What information do we collect about you & how is it processed?

  • We collect personal information about you when you contact us via www.hopeaftersuicideloss.org.uk, by email, phone, calendar tools, online meetings or in writing. Its processing is necessary for the contract we have with you (or steps you asked us to take before entering into a contract).
  • We also collect and process personal information when you voluntarily choose to receive marketing communications from us (see marketing section below).
  • Your website usage information is also collected using cookies (see cookies section below).

Who will my personal information be shared with?

  • Your personal information may be shared with third party organisations, but only for the purposes of the contract we have with you (including discovery stages prior to contracting with us), or to deliver marketing communications from us that you have consented to.

How long will you keep my information for?

  • We will keep your information only for as long as it is relevant and useful for the purpose for which it was originally collected and in line with legal requirements to keep accounting records for 6 years from the end of the last company financial year.

How is my information kept secure?

  • We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

  • This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website (https://www.aboutcookies.org/) which offers guidance for all modern browsers.

Links to other websites

  • Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website.
  • Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy.
  • You should exercise caution and look at the privacy policy applicable to the website in question.
Our Data Protection Policy

Data Protection Policy for Hope After Suicide Loss (HOPE) 

1. Data Protection Principles

The Charity is committed to processing personal data in accordance with its responsibilities under the UK GDPR. Article 5 of the UK GDPR requires that personal data shall be:

    1. Lawfulness, fairness and transparency: processed lawfully, fairly and in a transparent manner in relation to individuals;
    2. Purpose limitation:  collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
    3. Data minimisation – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
    4. Accuracy:  accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
    5. Storage limitation:  kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
    6. Integrity and confidentiality (Security):  processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures; 
    7. Accountability: The controller shall be responsible for, and be able to demonstrate compliance with Data Protection Legislation.

2. General Provisions

    1. This policy applies to all personal data processed by the Charity;
    2. The responsible person shall take responsibility for the Charity’s ongoing compliance with this policy;
    3. This policy shall be reviewed at least annually;
    4. The Charity has assessed that it is exempt from registering with the Information Commissioner’s Office as a Data Controller on the basis of the charity meeting all four of these conditions:
          • only process information necessary to establish or maintain membership or support;
          • only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it;
          • we only hold information about individuals whose data you need to process for this exempt purpose;
          • the personal data we process is restricted to personal information that is necessary for this exempt purpose;
    5. 5. The charity will review these grounds to ensure that they remain correct whenever this policy is reviewed. 

3. Lawful, Fair and Transparent Processing

    • To ensure its processing of data is lawful, fair and transparent, the Charity shall maintain a Record of Processing Activity (RoPA) containing at least enough information to meet the legal record keeping requirements;
    • The RoPA shall be reviewed at least annually;
    • Individuals have the right to access their personal data and any such requests made to the charity shall be dealt with in a timely manner (See section 11 for other rights);
    • We will maintain and publish a Privacy Notice and make it available to all data subjects in a timely fashion. 

4. Lawful Purposes

    • All personal data processed by the charity must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests;
    • The Charity shall note the appropriate lawful basis in the a Record of Processing Activity;
    • Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent,  collected in a way that is complaint with the expectations of the UK GDPR,  shall be kept with the personal data;
    • Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Charity’s systems;
    • At times, in supporting individuals we are likely to process especially confidential data including Special Category data (Sensitive). We will give extra care and consideration to security and confidentiality of this data. We will record the additional legal basis (Article 9 basis) for this processing in the Record of Processing Activity. 

5. Data Minimisation

    1. The Charity shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 

6. Accuracy

    1. The Charity shall take reasonable steps to ensure personal data is accurate;
    2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

7. Archiving and erasure

To ensure that personal data is kept for no longer than necessary, the Charity shall:

    • Identify and record appropriate retention periods in the Record of Processing Activities;
    • Communicate these retention periods to data subjects in the Privacy Notice;
    • Implement appropriate operational procedures to ensure that data is deleted in line with the documented retention periods.

8. Security

    • The Charity will ensure personal data is stored securely using modern software that is kept-up-to-date;
    • Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information;
    • Where special category data is processed additional security and access controls will be considered, recognising the increased risk of harm this can present to data subjects;
    • When personal data is deleted this should be done such that the data is irrecoverable;
    • Appropriate back-up and disaster recovery solutions shall be in place. 

9. Personal data breaches

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO.

10. Training and awareness

We will ensure that everyone who processes personal data on behalf of the charity has received appropriate training appropriate to their role and the risk associated the work undertaken.

11. Individuals Rights

Under the UK GDPR, individuals have several rights regarding their personal data:

    1. Right to Be Informed: Individuals must be informed about how and why their data is used. This includes details such as the purposes of processing, retention periods, and recipients of their data;
    2. Right of Access: Individuals can request access to the personal data held about them (the right of subject access);
    3. Right to Rectification: Individuals can request corrections to inaccurate or incomplete data;
    4. Right to Erasure (Right to Be Forgotten): Individuals can request the removal of their personal data under certain circumstances;
    5. Right to Restrict Processing: Individuals can limit the processing of their data;
    6. Right to Data Portability: Individuals can obtain and reuse their personal data for their own purposes;
    7. Right to Object: Individuals can object to processing based on legitimate interests or direct marketing.

The charity will ensure that everyone knows how to recognise a rights request, and will put in appropriate operating practices so that it able to honour the requests in a complete and timely manner.

12. Engaging third-parties and sharing data

    • When sharing data or engaging third-parties to process personal data the charity will take appropriate steps to consider the protection of personal data and will have written data processing or sharing agreements in place;
    • As well as a responsibility to limit data sharing to protect confidentiality, the charity recognises that sharing information can be as important as protecting patient confidentiality. There may be times when there is a legal or moral obligation to share personal data and staff and volunteers should have the confidence to share information in the best interests of those the charity is supporting.

13. Managing Risk

We will consider data protection risks when planning systems and processes and when required under UK GDPR or when appropriate we will undertake Data Protection Impact Assessments.

 

Last updated: July 2024