Privacy policy
We take the privacy of our customers, learners and staff very seriously. This privacy policy sets out the types of information we collect, when this is collected and why. You can read the full policy on this page or download a copy for your records below.
We are committed to protecting your personal information and being transparent about what we do with it, no matter how you interact with us. This includes when you apply to work or volunteer for us, buy goods, use our medical services, request information, book training or want to learn more about what we do.
We are committed to using your personal information in accordance with our legal responsibilities. We are required to provide you with the information in this Privacy Notice under applicable law which includes:
- The European Union General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’)
- The Data Protection Act 2018 (‘DPA’)
- The Privacy and Electronic Communications Regulation (2003)
Processing of your personal information is carried out by, or on behalf of, Lifesaver First Aid Services (LFAS), a partnership based in Dover, Kent.
This notice, together with our Website terms and conditions and our Cookie policy tells you about how we collect, use and protect your personal information.
If you have any queries about our Privacy Notice, please get in touch with us:
- Email:dataprotection@lfas.org.uk
- Phone: 0330 133 2444
- Write to us at: Data Protection Officer, Lifesaver First Aid Services, 43 Oswald Road, Dover, Kent, CT17 0JP
This policy is available on our website (both to view and download) and in either electronically or in printed booklet form, on request by email or call to the details above.
When you directly give us information
We may collect and store information about you when you interact with us. For example, this could be when you:
- Book, enquire or participate in our training
- Receive treatment or medical services
- Buy goods from our online shop
- Submit an enquiry or booking
- Register for or use our services
- Give us feedback
- Make a complaint
- Make an academic appeal or enquiry
- Apply for a job
- Register as a volunteer
- Enter into a contract with us
When you indirectly give us information
When you interact with us on social media platforms such as Facebook, WhatsApp, Twitter, Instagram or LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.
We may obtain information about your visit to our site, for example the pages you visit and how you navigate the site, by using cookies. Please visit our Cookies policy for information on this.
When a third party gives us information about you
There may be occasions when you give permission for your details to be shared with us. Most commonly this might include other treatment and medical providers who you agree can share your details with us to enable our team to treat you.
In other rare cases your information may be given to us without your direct consent or knowledge, for example if you are mentioned in a complaint that you were not aware another delegate on a course was making.
Personal information
When you engage with us by phone, mail, in person or online, we may collect information about you (referred to in this Privacy Notice as ‘personal information'). This may include your:
- Name
- Address
- Email address
- Telephone number
- Date of birth
- Job title
- Your device IP address
- Details of your education and career
This list is not exhaustive, as other personal data that you choose to provide to us may also be included.
Sensitive and special category information
Data protection law recognises that certain types of personal information are more sensitive. This is known as 'sensitive' (DPA) or 'special category' (GDPR) personal information and covers information revealing:
- Racial or ethnic origin
- Religious or philosophical beliefs
- Political opinions and affiliations
- Trade union membership
- Genetic or biometric data
- Health conditions or medical information
- Details concerning a person's sex life or sexual orientation.
Sensitive information will only be collected where necessary, for example, we may need to collect health information from you to be able to treat you, or apply for a special consideration or reasonable adjustment as part of your training course with us. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.
With your explicit consent, we may also collect sensitive personal information if you choose to tell us about your experiences relating to our services for use in a case study.
We will use your personal information for the following purposes:
- To provide your training course and certificate: We will process personal information in order to manage your booking, submit your results and issue a certificate.
- To provide treatment or medical interventions: We will process personal information and sensitive or special category information in order to be able to assess and treat you. This will always be with your consent, wherever possible, but otherwise we will act to protect your vital interests (see below).
- Responding to a request: If you contact us with a query, we may use your personal information to provide you with a response.
- Fundraising or direct marketing: We will only send you marketing information by email, SMS, or phone if you have given us specific consent. If you withdraw your consent and then subsequently opt in to receive marketing information again, then your most recent preference may supersede.
- Monitoring and evaluating: We may use your information in order to improve current and future delivery of our services, including the management of complaints and legal action.
- Co-production: We may invite you to participate in projects or initiatives that enable you to help develop or review our services, or shape our research, media, policy and advocacy activity. Participation is always voluntary. No individuals will be identified as participating in co-production projects, unless they explicitly consent to this.
- Processing an application to work with us: If you apply to work or volunteer with us, we will only use the information you give us to process your application or to monitor recruitment statistics on an unidentified basis. If we want to disclose information to someone outside LFAS, for example, if we need a reference from your previous employer, we will tell you beforehand. The only exception is where the law obliges us to disclose information to a third party (such as the police) and we are not allowed to tell you.
If you are unsuccessful in your application, we may hold your personal information after we've finished recruiting for the post you applied for, for up to 12 months. This is to deal with any follow up queries or issues.
We keep statistical information about all applicants to develop our recruitment processes however no individual applicant would be identifiable from this information.
If you commence employment or volunteering with LFAS, your personal information will be processed in accordance with your employment contract / volunteer agreement and other applicable human resources policies.
- Transactional purposes: We will need to use your personal information in order to carry out our obligations arising from any contracts entered into between you and us for goods or services, for example, processing your order and payment for a product from our online shop.
- Providing and developing our website: We may use your personal information to help provide you with access to our website, personalise your experience, and improve and develop it further.
- Administration: We may use your personal information to record and deal with a complaint, record a request not to receive further marking information, record what our volunteers have done for us, and for other essential internal record keeping purposes.
- Prevention of crime: We may record your image on CCTV which we use to prevent crime and keep our team, customers, delegates, patients and members of the public safe.
- Protecting your vital interests: We may process your personal information where we reasonably think that there is a risk of serious harm or abuse to you or someone else.
- Market research and surveys: We may invite you to participate in surveys or market research to help us improve our website, fundraising, services and strategic development. Participation is always voluntary and no individuals will be identified as a result of this research, unless you consent to us publishing your feedback. This may include sensitive or special category data if you choose to provide it and consent to us holding such data, for example being part of a survey about how disabled people found accessing our services.
- Legal, regulatory and tax compliance: Where required we are subject to a legal obligation, we may process your personal information to fulfil that obligation.
We will only use your information for the purposes for which it was obtained. We will not, under any circumstances, sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us.
We will only share your data for the following purposes:
- Third party suppliers: We may need to share your information with data hosting providers or service providers who help us to deliver our services, projects, or fundraising activities and appeals.
- Awarding organisations: For regulated qualifications, results must be submitted to awarding organisations to allow for certificates to be validated and issued, therefore we will need to share personal information to be able to facilitate this. The qualification regular, Ofqual, are also entitled to examine, by law, any records held by LFAS or our awarding organisations.
- Medical services and the National Health Service: If you receive treatment from us, we may share your personal and sensitive/special category information with other medical providers and the National Health Service (NHS) in order for them to be able to facilitate your ongoing treatment.
- Where legally required: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement agencies for the prevention and detection of crime.
- To exercise a legal defence: We will share your information (including special category information) with our solicitors, accountant or other professionals (such as employment consultants) to exercise a defence to any legal claims, complaints or similar.
We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice.
We use technical and corporate organisational safeguards to ensure that your personal information is secure. We limit access to information on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this Privacy Notice. This includes:
- Limiting user permissions on our company systems to allow our staff and volunteers to access only what they need to know to be able to do their job
- Keeping paper documents under lock and key when not in use, with key control limited to those that require it
- Disposing of information after an appropriate period, when no longer relevant or required
All staff and volunteers receive mandatory annual training in data protection and information governance, at an appropriate level for their role.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
Our website is protection by Secure Socket Layer (SSL) encryption. If you use your credit or debit card to buy something or make a booking online, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and do not store the details on our website.
However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.
We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).
If you request that we stop processing your personal information for the purpose of marketing we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.
In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
We may, on limited occasions decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.
However we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the European Commission approved standard contractual clauses. When we transfer your personal information and process it in the United States, we do so in accordance with the EU-U.S. Privacy Shield Framework and the European Commission approved standard contractual clauses. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
Data protection legislation gives you the right to request access to personal information about you which is processed by LFAS and to have any inaccuracies corrected.
You also have the right to ask us to erase your personal information, ask us to restrict our processing of your personal information or to object to our processing of your personal information.
If you wish to exercise these rights, please complete our Subject access request form and send it along with copies of two separate identification documents which provide photo identification and confirm your address, such as a passport, driving licence, or utility bill.
Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records.
The use of this form is not obligatory in law, however it does ensure that we have all of the information necessary to process your request and may avoid further clarifications being required.
You can send us the documents via:
- Email:dataprotection@lfas.org.uk
- By post to: Data Protection Officer, Lifesaver First Aid Services, 43 Oswald Road, Dover, Kent, CT17 0JP
We will respond within 30 days of receipt of your written request and copies of your identification documents.
If you would like more information, have any questions about this policy or wish to make a formal complaint about any matter related to your information and how we process it, you can contact us by:
- Email:dataprotection@lfas.org.uk
- Phone: 0330 133 2444
- Write to us at: Data Protection Officer, Lifesaver First Aid Services, 43 Oswald Road, Dover, Kent, CT17 0JP
If you would like to make a complaint in relation to how we have handled your personal information, please follow our Complaints procedure, available on our website or on request by email or telephone. If you are not happy with the response you receive, then you can raise your concern with the Information Commissioner’s Office (ICO) using these details:
- Phone: 0303 123 1113
- Website: ico.gov.uk, where you will find an online contact form and webchat facilities
- In writing: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We are registered with the Information Commissioner’s Office as a Data Controller under number ZA494822.
LFAS will review this policy on an ongoing basis as part of our continuous improvement activities and revise it as and when necessary in response to staff, service user and customer feedback, changes in our practices or the outcome of investigations. In addition, we may update this policy in light of operational feedback to make sure our arrangements remain effective.
Adoption:
By: Ben Robinson (Director of Operations)
On: 01 August 2020
Version: 1.0