Whitby & District Community Transport
 admin@wdctwhitby.org  01947 602982

HOME / Privacy Statement

Safeguarding Data (privacy notice)

Whitby and District Community Transport is an independent charity who operates with a membership of service users, volunteers and employed staff. The charity performs different activities, for all ages, but older people are the majority user. To be able to operate the social groups, transport services, and other activities, the charity gathers personal information from people involved with the charity.

The charity understands itís responsibility to safeguard data, including personal data, and this guidance is designed to make how we gather, use and safeguard data clearer for people whose data we hold.

For the purpose of this document, when we say the "subject of data", we mean an individual person who we have personal data about.

Why do we gather personal data?

We gather personal data to uphold legal responsibilities, for example with employed staff to conform to employment and tax laws or for members to be able to communicate or care for them.

The majority of our members are aged 60+ and from time to time are taken ill, or their health deteriorates. We gather personal information to be able to give best possible care that we can, or to pass on to a paramedic or hospital so that they can give best possible care, and in some cases this timely information will save a life.

How do we gather personal data?

Personal data is gathered using the following methods:

Employed staff: Paper forms, interviews, meetings

Volunteer staff: Paper forms, interviews, meetings

Members: Paper forms, e-Referrals, meetings

From time to time, we are sent forms or data in other forms electronically attached to emails.

We receive names, addresses and phone numbers via an online encrypted portal when referrals are made.

We receive information sent via our website feedback form.

How do we use personal data?

We use personal data to:

  • Communicate with people (name, phone number, email, address)
  • Care for people (understand health, dietary, mobility or other similar requirements)
  • Charge people (invoicing to name and address)
  • Transport people (name and address)
  • Apply for (employed or volunteer) staff safeguarding checks
  • Apply for driver checks
  • Process training documentation

Who do we give personal data to?

We do not pass on personal data to anyone other than for health or legal reasons.

Health:

On occasions, we would pass on limited personal data to a health body such as a paramedic, public health or a hospital, so that they can give appropriate and immediate care for someone.

Legal:

On occasions, we would pass on limited personal data to a representative of local government or an officer, so that we do not obstruct English or European law. This would include mandatory safeguarding and driver checks required by our organisation.

How long do we keep personal data?

It depends on which circumstances that data is gathered to the time in which it is held. Below are the general guidance to the time in which personal data is kept:

Employment data: 7 years

Volunteer data: 7 years

Member data: 7 years

Finance data: 7 years

How do we make an individualís personal data available to that individual?

The "subject of [personal] data" (see top of page) may request to know what personal data is being held and may do this in writing to the Chief Officer of the organisation, who will provide sight of the data, and must provide suitable photographic identification in order to protect it from other people or organisations.

How can a subject of personal data request for data to be destroyed?

The "subject of personal data" may request that personal data relating to them is destroyed. The organisation will comply with the exception of limited data governed by legal governance. For example, finance records are required under the Charity Act, so someoneís name, address and amount paid must be recorded for 7 years, however the rest of the data including health data would be destroyed.

The "subject of data" who has an unsettled account may only request for personal data removing that is not linked to that bill. For example, health data would be destroyed, but contact data would be kept until the account is cleared and then for the required 7 years afterwards.

How do we destroy data?

Paper data is destroyed using an office shredder.

Electronic data is destroyed by deletion and followed by purging.

How can a "subject of data" make a complaint?

The "subject of data" may make a complaint initially to the Chairman of the Board of Director Trustees in writing, to the registered address of the organisation found at: www.ddc.org.uk/contact

Further complaints may be raised to the Information Commissioners Office by visiting their website at:

www.ico.org.uk/make-a-complaint/your-personal-information-concerns/

To book a journey:

  • CALL 01947 602982

Or you can call into our office at:

  • Whitby and District Community Transport
  • Church House
  • Flowergate
  • Whitby
  • North Yorkshire
  • YO21 3BA