Privacy Notice for Clients
IMARA CIO Clients Privacy Notice
Your privacy is important to us and central to how we run our service. We always aim to be discrete and would never share information that is not relevant or needed. However due to the nature of our work it is sometimes necessary to share information, and so we cannot promise complete confidentiality. Imara processes your personal data in order to provide its service to you. The lawful basis for this is legitimate interests. This means we will only process data where it is necessary for us to deliver the service to you and where our interests and rights are balanced with your interests and rights.
What information do we hold as data?
We hold a range of personal information about you, some of which you give us directly and some of which is passed to us by other organisations, such as the East Midlands Children and Young People’s Sexual Assault Service, Nottingham Police and Social Care. This information is passed to us on a need-toknow basis and we do not keep any information we are given that we do not need. Some examples of types of information we hold on you include:
- Your name, age and contact details
- The school you attend and the GP you are registered with
- The names and details of your immediate family members who may also wish to receive support from us
In addition, if you go on to receive therapy or CHISVA support from us, we will start keeping data like:
- Dates and times of your meetings and contact with us
- Your scores and responses to questionnaires and measures you complete with us
- Any outcomes of your legal case, if relevant
- Content of your sessions or meetings with us. For therapy this is recorded just by key words and themes, and not in any detail. For the CHISVA service, this is recorded in more detail as we need to conduct an ongoing and thorough assessment of your risks and needs.
Why do we hold this data?
There are a few reasons we hold this information. These include:
- To provide the best quality service to you
- To monitor our own performance and report back to our funders and professional bodies
- To contribute to and conduct our own research in order to improve the quality of services and support available for other people like you in the future.
- To contribute evidence to your legal case and safeguard yourself and other young people. The lawful basis for this data processing is legal obligation.
What do we do with your data and who do we share it with?
Your data will usually be recorded on paper to begin with and kept securely until it can be logged as an electronic record in our secure cloud-based server, at which point the paper record is destroyed or stored in a locked cabinet. How the data is then processed and accessed depends on the specific purpose from the list above. It is important to note that:
- Your data will be kept securely on our cloud-based server, which can only be accessed by members of the Imara team when necessary for reference.
- From time to time, we have to produce reports for our funders and professional bodies so they can monitor our progress and performance and continue to allow us to support others like you in the future. All data is anonymised and bundled together to answer questions like “How many clients accessed the service in a year?” and “What is the breakdown of ages, genders and ethnicities of clients accessing the service?”, so nothing we give to our funders or professional bodies could identify you as an individual.
- We occasionally conduct our own research within Imara or assist in projects by our research partners such as Universities and the Centre of Expertise on Child Sexual Abuse. We do this to identify and make improvements to Imara and other similar support services. For all research, as in point number 2 above, your data will be anonymised and bundled with all of our other clients so you cannot be identified as an individual. Occasionally there may be opportunities for you to contribute to research in a way that cannot be anonymised, such as taking part in an interview or focus group with other clients. In these cases, you will always be informed by one of us personally and asked if this is something you would like to do before any of your information is passed along to the research project. The lawful basis for this type of processing is your consent. You may always say no to these opportunities and this will not affect the service you receive from Imara in any way.
- In some instances we are legally bound to pass information on to the police and courts or safeguarding bodies. This is only if a legal case is ongoing, or you tell us that you or another young person may be at risk of harm. You will always be notified of this and we will support you to understand what is happening.
In the instance of support being provided remotely, we will do our best to encourage and facilitate the use of the most secure video call and messaging platforms. We remind you of your responsibility as the end user to be aware of and understand the data processing of any third party platforms you choose to use to communicate with Imara.
How long do we keep your data?
We keep your data for 7 years beyond you finishing work with the service; this is a legal obligation on us as Practitioners, and also allows us to respond to you as quickly and efficiently as possible if you refer back in to our service.
Where can you get more information?
If you have any questions, please ask the therapist or CHISVA that is supporting you in the first instance, or you can ask our Data Controllers or Data Protection Captain on the email address: firstname.lastname@example.org
All of our Data Policies are on our website and can be found at: http://www.imara.org.uk/our-policies. You have the right to see the data we hold on you, for instance if you want to verify it or make any corrections. If you would like to do this, please email email@example.com with the subject heading “Subject Access Request”.
You also have the right to challenge our legitimate interests and request that we stop this data processing. However, if you choose not to provide us with certain personal data or restrict our processing, we may not be able to provide certain parts or any of the Imara services to you. It might also stop us from complying with certain legal obligations and reporting duties we have.
If you would like to make a complaint about our data policy or processing, you can access our full Complaints Procedure on our website at: http://www.imara.org.uk/our-policies. If, following a full complaints procedure, you are still not happy that your complaint has been handled sufficiently and any necessary improvements made, you can report a concern to the Information Commissioner’s Office: https://ico.org.uk/concerns/
Last updated May 2018