Privacy Policy

The Nottinghamshire Crisis Sanctuaries recognises its responsibility to comply with the General Data Protection Regulations (GDPR) 2018 and is committed to safeguarding the privacy of anyone who uses our services. This statement sets out how we will treat your personal information.

The GDPR sets out high standards for the handling of personal information and protecting individuals’ rights for privacy it also regulates how personal information about people, electronically or on paper is processed.

Your acceptance of this policy, and out right to change it

By using The Nottinghamshire Crisis Sanctuaries services and providing your information, and/or using our webpage or social media pages, you consent to our collecting and using the information you provide as set out in this policy. Do not use our services, website or social media if you do not agree to the terms set out in this policy.

Changes and updates may be made to the policy, these changes will apply from the time that we upload them. The policy was created in September 2022 with revisions in 2025.

The Crisis Sanctuaries are delivered through a partnership of Framework and Nottinghamshire Mind to collectively support the communities of Nottinghamshire by using the expertise of each partner data is shared between these 2 organisations through a shared data system.

What Information We Collect:

We collect personal data and sensitive data to provide our services and communicate with you safely. We will only collect data that we need, this may include data that will help us improve and develop our service.

Personal data we collect includes:

  • Your name, address, phone number, and email
  • Date of birth (if needed)
  • Interests and hobbies

This information helps us identify you, respond to your requests, and improve our services.

Sensitive data we collect includes:

  • Racial or ethnic background
  • Health information
  • Sexual orientation

We may collect online identifiers: this includes data such as IP addresses (the address that identifies your device on the internet) this data helps us determine how many people visit our sites and pages which ones are being viewed so that we can monitor and improve our service. This information allows us to measure the effectiveness of the service we provide and how it can be developed.

We use personal information where it’s necessary for our legitimate interests in running and improving The Nottinghamshire Crisis Sanctuaries Service. We only do this when it does not unfairly impact your privacy. If we use information about your wellbeing or mental health, we do so because it’s necessary to provide appropriate care or with your clear consent.

How we obtain your data

We use different methods to collect your data;

  • Direct interaction – This may be filling in forms or verbally sharing information with us. We record any contact we have with you.
  • Third parties – We may receive your personal data from third parties who refer you to our service. This is usually with your explicit consent but could be because there is a legal obligation that applies to the third party.
  • Via automated technologies/ interactions – This data such as;
  • Telephone number
  • Email address
  • IP address

is collected by the use of our online and communications systems.

What we do with your personal data and why

  • To provide you with support: if you have agreed, we use your information to give you updates, guidance, and resources that may help you.
  • To improve our services: we analyse aggregated and pseudonymised information about client demographics, interests, and behaviour to better understand needs and enhance the services provided by The Nottinghamshire Crisis Sanctuaries. This may be done internally or by a trusted third party.
  • To communicate with wider stakeholders and supporters: to raise awareness of The Nottinghamshire Crisis Sanctuaries and its work.

When dealing with personal data we will ensure that:

Data is fairly processed, lawful and transparent, this means that data should only be collected if the staff member has been open and honest about why they want the information.

Data is kept no longer than needed. Data that is no longer needed will be shredded, deleted or securely disposed of.

Data is accurate and kept up to date. Data is processed in accordance with your rights, these include, the right to be forgotten, the right to access information that the service hold about you, the rights to have inaccurate data rectified, be erased or destroyed.

Your Rights Under GDPR

Both the UK GDPR and DPA give rights to individuals in respect of their own personal data held by others, these rights are;

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (in certain circumstances)
  • The right to restrict processing
  • The right to data portability (in certain circumstances)
  • The right to object
  • Rights in relation to automated decision making and profiling

Correcting your details

If you would like us to correct or update any of your information that we hold about you please email us at dataprotection@nottinghamshiremind.org.uk  or 0800 470 0203 or write to The Data Protection Officer (DPO) at Nottinghamshire Mind, 6 Hardy Street, Worksop, Notts S80 1EH.

Sharing your information

We work in partnership with Framework housing Association to deliver the Nottinghamshire Crisis Sanctuaries service. To do so we use a shared data system therefore your personal information is available to both organisations for the purposes of delivering support.

We will only share your information with third parties if:

  • We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
  • If we believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or website
  • If we believe that there is risk or harm to you or other people
  • We are working with a carefully selected partner that is carrying out work on The Nottinghamshire Crisis Sanctuaries

What we don’t do with your information

We will never share or sell your information to other parties to use for their own purposes.

Security of personal data

The Crisis Sanctuaries Partnership will continually make every effort to ensure the safety of your personal data. We will take reasonable precautions and steps as required by law to protect your personal data that that comes into our possession from misuse, unauthorised access, modification and disclosure.

Use of the website

This Privacy Policy only relates to the Nottinghamshire Crisis Sanctuaries service and website. Our website contains links to websites, videos and other resources which you may be interested in. These websites, videos and resources platforms are responsible for their own privacy policies, and it is recommended that you read their respective privacy policies.

Data Breach

GDPR defines a personal data breach as a ‘breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Nottinghamshire Crisis Sanctuaries takes the security of personal data seriously, computers are password protected and have up to date security software.

A breach of personal data may result in a loss of control of personal data, discrimination, identify theft or fraud, financial loss, damage to reputation, loss of confidentiality of personal data, damage to property or social disadvantage. Therefore, a breach, depending on the circumstances of the breach, can have a range of effects on individuals.

Nottinghamshire Crisis Sanctuaries duty to report a breach

If the data breach is likely to result in a risk to the rights and freedoms of the individual, the breach must be reported to the individual and ICO without undue delay and where feasible not later than 72 hours after having become aware of the breach. The Data Protection officer must be informed immediately so they are able to report the breach to the ICO in the 72-hour timeframe.

Records and Files retention and archive

There is a legal requirement that certain information stored by the Nottinghamshire Crisis Sanctuaries is kept for a minimum of 6 years. The following will therefore be retained for this period of time from when they cease to be active;

  • All organisational financial information including correspondence with the bank and bank statements
  • Any legal documents including Trustee minutes
  • All personnel information for former staff, including records showing that Income Tax and National Insurance were properly deducted and the appropriate payments made
  • All personal information including, intervention information and associated risk for former service users
  •  All application forms for former employees and volunteers

Archive files are stored at the Head Offices of the 2 partners; Notts Mind, 6 Hardy Street, Worksop, Notts, S80 1EH. Framework HA, Val Roberts House, 25 Gregory Boulevard, Notts, NG7 6NX

DBS Disclosure handling and storage
Nottinghamshire Crisis Sanctuaries may carry out DBS (Disclosure and Barring Service) checks to assess the suitability of individuals for roles involving positions of trust.

Disclosure information refers to the sensitive information provided by a DBS check, which may include:

  • Criminal convictions, cautions, warnings, or reprimands
  • Information about whether an individual is barred from working with vulnerable groups

We handle all disclosure information in accordance with the DBS Code of Practice. It is:

  • Stored securely in lockable, non-portable storage containers
  • Accessed only by authorised personnel who require it to perform their duties
  • Retained only for as long as necessary for recruitment or volunteering purposes

Once an individual’s employment or volunteering ends, any disclosure information is safely and permanently destroyed to protect privacy.

Who to contact

We are committed to ensuring full compliance to ensure the safety of your personal information. If you have any questions or queries about this privacy statement please email us at dataprotection@nottinghamshiremind.org.uk, or call 0800 470 0203 or write to the Data Protection Officer (DPO) at Nottinghamshire Mind, 6 Hardy Street, Worksop, Notts S80 1EH.

For more information about your rights under the Data Protection Act please visit the Information Commissioners Office at www.ico.org.uk

If you are unhappy with The Nottinghamshire Crisis Sanctuaries response, then you have the right to take the matter further to the independent ombudsman. Please visit https://ico.org.uk/concerns/

Here when you need us speech bubble

Support to get through today and hope for tomorrow