Privacy and Data Protection
Who are we?
We are The Lucie Blackman Trust, a UK registered charity (our registration number is 1118143 in England and Wales and SC044294 in Scotland). We are a charity providing vital assistance to British Nationals facing crisis overseas, and, is some instances, in the UK. We also provide training and advice on safety matters.
Who is our Data Protection Officer?
Our Chief Executive Matthew Searle MBE is our nominated Data Protection Officer. The Lucie Blackman Trust takes Data Protection very seriously and we are registered with the Information Commissioner’s Office (ICO) under the Data Protection Act 1998.
Matthew Searle is responsible for ensuring the charity properly protects your data under the Data Protection Act 1998 and from May 2018 the new Data Protection Act. He can be contacted on 01983 718802, option 2, or by email on firstname.lastname@example.org, or by post to:
Lucie Blackman Trust
The Old Tea Rooms
66 High Street
Isle of Wight
Why do you process my personal data?
We process your data – that means we use it – mainly to provide you with a service, or, in cases where you can’t give consent for us to use your data as you are either missing, seriously ill, out of contact or facing another crisis, to provide you and your family with a service.
We only collect, and store, data that is relevant to our service delivery.
We may also use personal data to create anonymous case studies, and where supporters have engaged with us or donated to us, we will use their data only in connection with that support or donation – to administer it, and to say thank you.
We do not seek donations through email, letter or cold calling. All our public fundraising efforts are through our website and social media channels.
We do keep some personal information about our staff and volunteers – but only what is necessary to support them in their roles with us.
What basis do you have in law to process my data?
Most of the data we collect is used to enable us to deliver a service to you or your family. For example, we need to know information about someone who needs our help, as a victim of crime, or as a missing person.
There may be some occasions where the information we process will be on the grounds of substantial public interest. In most cases the basis for processing the data will be the consent of the person themselves, having voluntarily provided the information once we have told them what we will do with it.
In cases where the person is absent, the basis in law is the provision of the information by police, government authority or next of kin where the information shared allows us to act in the best interest of the person concerned.
What sort of data do you collect?
In cases where people are seeking our services, we will collect identifying data, such as name, address, age and date of birth. We will also collect information relevant to the service required or crisis the person is facing – this may include medical history, state of mind, employment, education, religion, ethnic background and other relevant information to enable us to provide the best support. This will include details of the crisis, crime committed against them, or circumstances surrounding them becoming a missing person.
In supporter and donor situations, we will only collect identifying data such as name, address and email, as well as details of the donation or support offered.
Who do you share that data with?
We may share your data with a number of agencies who we work closely with to deliver our services. These include government departments (such as the Foreign and Commonwealth Office), police forces, other charities who can help, and relevant companies and organisations that may be useful in providing support (for example airlines, hotels etc.). We will always seek your explicit consent before sharing any information.
In the case of donors, we may share certain information such as name and address, and date and amount of donation, to HMRC in order to claim Gift Aid where you have indicated we may do so.
What about outside the UK?
In service delivery we do often have to share data with people across the worlds (naturally). Normally this would be only to government offices overseas, such as British Embassies, or overseas police forces, normally in conjunction with the relevant police force in the UK. Sometimes we may need to share your data with overseas businesses or authorities, such as hotels, hospitals etc.
We carry out these transfers in compliance with Chapter 5 of the GDPR. The two key areas of legislation here are that the transfer is carried out with the individual’s consent, or where it is necessary to protect the vital interests of the data subject or other persons, where the data subject is physically or legally incapable of giving consent. For example, if you have been seriously injured overseas and we are making arrangements to medically evacuate you, you might not be able to give us consent to speak to your doctor, or to call your hotel to arrange collection of your belongings.
How long do you keep my data?
In most cases we keep your personal data on file for 6 years after the service use has ceased. Sometimes there are legal reasons why we might extend that retention – examples might include where we reasonably expect the case to come up again in the future, such as an appeal, or where a pattern of repeat disappearance is evident, or where we are asked to do so by a government agency.
Where we have received an initial enquiry but service use has not been taken up, we would normally retain information for one year only.
Supporter and donor information is retained for six years after the last donation or support.
What rights do I have?
The new Data Protection Act provides you with many clear rights. These are:
The Right to Access – you have the right to ask us to provide you with any information we hold on you, once we have established your identity. We reserve the right to refuse to respond to any request which we deem to be unfounded or excessive in nature. Where this is the case we will let you know why we made this decision, and how you can complain if you wish.
The Right to Rectification – you can request that we correct any personal information we hold on you that is inaccurate or incomplete.
The Right to be Forgotten – in certain situations you can request that we delete the information we hold on you. These situations include where the information is no longer needed for the purpose it was originally provided; where you have withdrawn consent; where you object to the usage of the data and there is no legitimate interest for us to continue; where the information was processed unlawfully; where we are legally obliged to stop processing the data.
The Right to Restrict – you can request us to restrict the processing of your data or completely block it – in these cases we are permitted to keep sufficient data to ensure the restriction and / or block remains.
The Right to Data Portability – you can ask us for the information we hold on you to use across different services. In these requests we must provide the data to you in a format that is easily accessible, structured and machine readable (for example, PDf or Excel files.)
The Right to Object – you can object if we process your data for reasons of legitimate interest or public interest or by instruction of public office or authority; for marketing purposes; or for certain research and gathering of statistics. With the exception of marketing purposes though, we can reserve the right to continue processing in specific circumstances.
The Right to Withdraw – you can withdraw consent you have previously give nus at any time by contacting us using the methods above.
The Right to Complain – you can complain about the way we have processed your data by contacting the regulatory authority – the Information Commissioner’s Office (ICO). Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Other than me, where else do you get my data from?
We collect data directly from you when you call us, or when you email us, or when you fill out and submit our self-referral form. But there are other places we get your data from.
Government agencies and offices provide us with information about you when they refer you to our services – but they will always seek your consent to do so first. Police forces act the same way.
We also receive referrals from partner charities who we have established and robust data sharing agreements in place with. Again, they will seek your consent before sharing with us.
MP’s and their offices regularly share details of their constituents in need of help – but again they will seek your consent first.
Other charities and not for profit organisations refer people to us for support and again, will always seek your consent first.
Finally, in cases where you are unable to give consent through incapability due to the crisis you are facing, or when you are missing, your family, next of kin, or police and government agencies will provide us with your information when it is essential for us to act in your best interest.
Are there any exemptions to all of that?
There may be occasions where we discover information that we need to share without your consent. These exempt matters include, but are not limited to, matters of National Security, Public Security, Defence, enforcement of law, prevention and detection of crime, and other important matters of public interest.
I still don’t quite understand – can I talk to someone?
Of course. You can talk to us using the contact methods right at the top – we are happy to answer any questions.