ADVICE LINE
0207 987 9379
(Tuesday 10am-12pm only)
Island Advice Centre is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the General Data Protection Regulations and the UK’s Data Protection Act 2018. We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.
When you access our services, we will collect and use your personal information in order to help solve your problems, improve our services, and campaign for wider issues in society that affect people’s lives. We will only access your information when we have good reason to do so, will only share what is necessary and relevant, and will not sell it to anyone else.
Personal data includes any information about you that can be used to identify you, including your name and address, date of birth, work, family, financial and health.
We need to collect this information in order to
Some information will only be collected with your explicit consent – this includes information about your gender, ethnicity, marital status or sexual orientation. With your consent, we will also collect and store your data in order to evaluate and improve our services:
We will normally only share your data with third parties with your written consent and only for the purpose of progressing your advice or case, except in certain exceptional cases for example where we suspect that someone may be at risk of serious harm we have a legal duty to disclose this to police or social services.
We will also ask your consent to allow your file to be looked at by an external reviewer for the purpose of maintaining the quality of our advice; these will always be carried out by someone we trust, who has signed a confidentiality agreement with us.
As an organisation, we are committed to achieving the best possible outcome for our clients. We strive to maintain the highest possible levels of quality across our service delivery and as such, may seek external endorsement on the quality of our work through achievement of publicly recognised quality standards. As part of this external assessment, we are required to make a sample of client files available to an independent Assessor in order for them to verify the quality of our advice and file management. External Assessors are required to maintain confidentiality in relation to your file, and it is important to note that they are assessing us as an organisation and not you as an individual. If you preferred that your file did not form part of this process, please let your adviser know so that this can be recorded on your file.
With your consent, we may also contact you from time to time in order to ask for feedback about the service you received from us.
Whether you get advice face to face, over the phone or by email, our adviser will log all your information, correspondence, and notes about your problem into our secure case management system AdvicePro. Information will only be uploaded when a consent form is signed or legitimate interest is established. All data is held within the UK on servers based in Dundee and Aberdeen. All storage is secure, and their hosting provider has GDPR procedures in place. Advice Pro has a notification process in place for any breach and provides appropriate tools to allow all customers to properly enact the right to erasure process. Their full privacy policy is available to read on the below link.
https://www.advicepro.org.uk/privacy-policy/
If you have seen our adviser at a GP surgery session, the data and case notes are stored on a different case management system called Salesforce. Salesforce limits exposure of data to its users and implements appropriate security controls. Information is again put on when a consent form is signed or when legitimate interest is established. Their full privacy policy is available to read on
https://www.salesforce.com/uk/gdpr/platform/
Other information may be held on our IT systems stored in our secure server or on emails stored by Microsoft Office 365. Paper records of your case may be kept in locked offices or filing cabinets and securely shredded once they have been uploaded to one of our case management systems.
We will keep your information for 6 years after which time it will be deleted. We keep data for this length of time in case it is subject to a complaint or insurance claim.
Our data controller is Suna Mala who can be contacted on admin@island-advice.org.uk. For further information, please ask to see our Data Protection Policy.
By clicking continue, you are acknowledging that you have read and understood our privacy policy.
To make our website easy to view, we have designed it in accordance with guidelines set out by the Web Accessibility Initiative (WAI).
The website can be viewed across a wide range of browsers.
We recommend Firefox 3.5 and above or Microsoft Internet Explorer Version 11 or above to take full advantage of all our website’s facilities.
If you are not sure what browser you are using, click on “Help” on the menu. At the bottom it should say “About Browser Name”. Click this and it will open a small window which will tell you what version you are using. The site is optimised for a screen resolution of 1024 x 768.
To ensure that website fonts and colours are optimised for accessibility:
There are other options to tailor web pages that help make them easier to read. These may be found under the ‘Tools’ menu
For further assistance in changing your browser settings, there is also a ‘Help’ menu on your browser toolbar. Please refer to this for further information.
Cookies consist of portions of code installed in the browser that assist the Owner in providing the Service according to the purposes described. Some of the purposes for which Cookies are installed may also require the User's consent.
Where the installation of Cookies is based on consent, such consent can be freely withdrawn at any time, following the instructions provided in this document.
In addition to what is specified in this document, the User can manage preferences for Cookies directly from within their own browser and prevent – for example – third parties from installing Cookies.
Through browser preferences, it is also possible to delete Cookies installed in the past, including the Cookies that may have saved the initial consent for the installation of Cookies by this website.
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
With regard to Cookies installed by third parties, Users can manage their preferences and withdrawal of their consent by clicking the related opt-out link (if provided), by using the means provided in the third party's privacy policy, or by contacting the third party.
Notwithstanding the above, the Owner informs that Users may follow the instructions provided on the subsequently linked initiatives by the EDAA (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document.
Island Advice Centre, Island House, Roserton Street, London E14 3PG
Owner contact email: admin@island-advice.org.uk
Since the installation of third-party Cookies and other tracking systems through the services used within this Application cannot be technically controlled by the Owner, any specific references to Cookies and tracking systems installed by third parties are to be considered indicative. In order to obtain complete information, the User is kindly requested to consult the privacy policy for the respective third-party services listed in this document.
Given the objective complexity surrounding the identification of technologies based on Cookies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of Cookies by this Application.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small piece of data stored in the User's device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Application, if not stated otherwise within this document.
By continuing to browse or by closing this window, you accept the use of cookies.
This document sets out Island Advice Centre’s policy in dealing with a subject access request.
A subject access request is a written request for personal information (known as personal data) held about you by Island Advice Centre’s policy. Generally, you have the right to see what personal information we hold about you. You may make a request by emailing us at admin@island-advice.org.uk or writing to us, stating that you are making a ‘Subject Access Request’ and letting us know how to contact you and how you wish to receive the information.
The GDPR gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly. However, this right is subject to certain exemptions that are set out in the GDPR.
The GDPR works in two ways.
Firstly, it states that anyone who processes personal data must comply with eight principles, which make sure that personal data is:
Secondly, it provides individuals with important rights, including the right to find out what personal data is held on computer and most paper records.
Personal data will cover basic details and will include details such as name, address, telephone number, attendance at events, medical and consent information and information held about that person in files, etc.
When we receive a subject access request, we will first check that we have enough information to be sure of your identity. Often, we will have no reason to doubt a person’s identity, for example, if we have regularly corresponded with you.
However, if we have good cause to doubt your identity we can ask you to provide any evidence we reasonably need to confirm your identity.
We will gather any manual or electronically held information (including emails) and identify any information provided by a third party or which identifies a third party.
If we have identified information that relates to third parties, we will write to them asking whether there is any reason this information should not be disclosed. We do not have to supply the information to you unless the other party has provided their consent, or it is reasonable to do so without their consent. If the third-party objects to the information being disclosed, we may seek legal advice on what we should do.
We have 30 calendar days starting from when we have received all the information necessary to identify you, to identify the information requested, to provide you with the information or to provide an explanation about why we are unable to provide the information. In many cases, it will be possible to respond in advance of the 30-calendar day target, and we will aim to do so where possible. Copies of the information will be sent to you in electronic form or permanent form, depending on your preference and our ability to extract it.
The GDPR contains a number of exemptions to our duty to disclose personal data, and we may seek legal advice if we consider that they might apply. An example of an exemption is information which is subject to ongoing criminal investigation.
If we agree that the information is inaccurate, we will correct it and where practicable, destroy the inaccurate information. If we do not agree or feel unable to decide whether the information is inaccurate, we will make a note of the alleged error and keep this on file.
If you are not satisfied by our actions, you can seek recourse through our internal complaints procedure. If you remain dissatisfied, you have the right to refer the matter to the Information Commissioner. The Information Commissioner can be contacted at:
Information Commissioner Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 01625 545745 Fax: 01625 524510
Email: enquiries@ico.gsi.gov.uk