Visit the Website Privacy Cookies Statements section of this website.
ASCERT are one of the largest charities addressing drug and alcohol issues in Northern Ireland. We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to make sure you receive the best support when you engage in one of our services.
ASCERT are registered as a data controller with the Information Commissioners Office and our registration number is ZA241457 and our registered address is: ASCERT, 23 Bridge St, Lisburn, BT28 1XZ.
ASCERT recognises the importance of privacy of personal information. We are responsible for the personal information we collect, use, maintain and disclose. We are therefore committed to protecting the security and privacy of this information. To ensure this accountability, we have developed a set of privacy statements, and have trained our staff about our policies and practices.
This Policy (version 1.1) may change from time to time and, if it does, the up-to-date version will always be made available on our website and/ or we may contact you directly.
COLLECTION OF PERSONAL INFORMATION
The type of personal data we may collect from you varies according to the nature of the engagement or activity you may be involved in.
Some examples of the type of personal data we may collect and/or receive during the normal course of our role are:
- Identification and Contact information (such as, but not limited to; name, address, date of birth)
- Health information * (such as, but not limited to; symptoms, diagnosis, medical history, reports, and treatment)
- Employment information (such as, but not limited to; current and past employment, work related issues, job demands)
- Activities of Daily Living information (such as, but not limited to; daily activities, transportation, childcare, leisure, self-care).
- Racial or ethnic origin, political opinions, religious or philosophical beliefs. *
* This is known as special category data and is held by ASCERT for several reasons including:
- To ensure you receive the best level of service suitable to your needs.
- ASCERT funders require ASCERT to collect service user information as part of contractual monitoring e.g. ethnic origin.
PURPOSE OF USE AND LAWFUL BASIS FOR PROCESSING
ASCERT’s primary purpose for collecting personal information is to ensure that those engaging with ASCERT services receive the best level of service possible.
The lawful reason that allows ASCERT to process your personal information is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for ASCERT to process your information to help us to achieve our vision of ensuring that everyone engaging in ASCERT services gets both support and respect.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
ASCERT’s lawful basis for processing special category data is consent. Consent can be withdrawn at any time.
PROTECTING PERSONAL INFORMATION
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is kept secured in a locked or restricted area and/or cabinet.
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, all IT equipment and mobiles are password protected.
- Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
- Electronic information is transmitted either through a direct line or is anonymized or encrypted.
- External consultants, agencies or suppliers with access to personal information must enter into privacy agreements with us.
SHARING YOUR PERSONAL DATA
Where we use an external service provider to act on our behalf, we will disclose only the personal information necessary to deliver the service and will have a contract in place that requires the provider to comply with ASCERT data protection and information security requirements.
We may also share your information with other service providers for the purposes of the provision of health, social care or treatment.
We will gain your consent before sharing your information with third parties.
As a funded organisation, we regularly share anonymized information with our funders, however at times we are also subject to funder audit requirements, requiring ASCERT to provide evidence of service delivery.
We will never share, sell or swap your details with any third parties for the purposes of their own marketing or the monetising of your data.
EXCEPTIONS TO DISCLOSURE
All information provided during delivery of our services will remain confidential. However there are limitations to this confidentiality. We are legally required to pass on information if you tell us of any the following:
- If you are at risk of harming yourself or someone else
- If a child is at risk
- If a crime has been committed that has not been reported
In any of these circumstances we will pass the information onto the relevant organisations, we will try to do so with your consent. Other than the circumstances described above, the information you discuss during a session will only be shared at your request.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
We retain your personal information as per ASCERTs data retention policy and data processing register which is guided by requirements related to law and professional regulations. Your information will be stored in ASCERT offices. We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed.
WHERE DO WE STORE YOUR INFORMATION
For technical reasons we may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA.
By submitting your personal data, you agree to this transfer, storing and processing at a location outside the European Economic Area.
At ASCERT we have taken all steps reasonably necessary to make sure that your data is treated securely and in accordance with this privacy statement. We have done our best to protect your personal data, and ensure that it will be held in compliance with European data protection regulations.
OBTAINING ACCESS TO AND CORRECTING YOUR PERSONAL INFORMATION
We make every effort to ensure that all of your information is recorded accurately. We ask that you help us keep your information accurate by contacting us at firstname.lastname@example.org should any of the details we have belonging to you change.
Individuals can ask to see personal data about themselves that is being held by ASCERT. If an individual wants to exercise this subject access right, there is a procedure to follow. You will be provided with the information only if you have provided satisfactory proof of your identity.
We invite SAR requests to be made by:
- Writing to Information Officer, ASCERT, 23 Bridge St, Lisburn, BT28 1XZ marked Subject Access Request on the outside of the envelope
- By email to email@example.com, subject: Subject Access Request.
Individuals have the right to have incorrect information held about them changed.
If you believe that ASCERT has not replied to your access request or has not handled your personal information in a reasonable manner, please contact ASCERT at firstname.lastname@example.org.
If you still feel the situation has been dealt with unsatisfactorily, you can contact: The Information Commissioner’s Office, Water Lane, Wycliffe House, Wilmslow – Cheshire, SK9 5AF Tel: 0303 123 1113.
Further details of our complaints process can be found at www.ascert.biz.
FURTHER CONTACT INFORMATION:
In an attempt to ensure this privacy statement is clear and concise, it does not provide exhaustive detail of every aspect of how we collect or use your personal data. If you require further information please contact our information officer Siobhan Wolfe, who will attempt to answer any questions or concerns.
Contact: Information Officer, ASCERT, 23 Bridge Street, Lisburn, N.Ireland, BT28 1XZ
Email email@example.com Tel: 0800 2545 123