Privacy Policy

Your Information: how we use and keep it

The Support Finder website is provided and managed by Surrey Independent Living Charity (SILC). The service is designed to support disabled people with finding appropriate support and services in their local community and to enable PAs and traders to find work.

To provide the service, we need to keep records about you, your membership of the website and how we are supporting you.

As an organisation, our guiding principles are that we hold your records in strict confidence, and in accordance with the current data protection legislation. All of our staff contracts of employment contain a requirement to keep your information confidential and our staff receive annual training on data protection.

What is the legal basis for processing your information?

Where you create an account on the website, our legal basis for processing your personal information is Contract (Article 6(1)b of the GDPR) with the associated condition of not-for-profit bodies for processing special category data (Article 9(2)d of the GDPR). This means that when you create an account on the website, you enter into a contract with SILC for the Support Finder service. Please be assured that we only use your information insofar as it is necessary for us to provide the service to you.

Where you create an account on behalf of another person, for example a parent creating an account for a child who needs support, our legal basis for processing the personal information about the person who is not the account holder is Legitimate Interests (Article 6(1)f of the GDPR) with the associated condition of not-for-profit bodies for processing special category data (Article 9(2)d of the GDPR).

In the latter situation, you must either be in a legal position to act on behalf of the other person, or you must have obtained the other person’s consent to act on their behalf. It is your responsibility to keep a record of their consent.

What information is recorded?

The information we record about you depends on the type of membership you choose. For all account holders on the website, we record basic details like your name, address, contact details and the type and level of membership you have selected.

In addition to these, we also record information relevant to the specific type and level of membership that you have chosen. For example (these lists are not exhaustive):

Employers:

PAs:

Traders:

If you would like a complete list of the information that we hold about you, please contact us to request this. This is necessary because the exact information that we hold about you will depend on which type and level of account you are using.

If you contact us by telephone, our phone system will record your telephone number and the time of your call. However, we only use this information to produce anonymised statistics on call volumes and monitor staff performance.

What about Cookies?

When you visit the Support Finder website [(www.supportfinder.org.uk)]((https://supportfinder.org.uk), we capture some information about your visit using cookies. Cookies are small text files that are placed on your computer by websites that you visit. They help us analyse how the website is used and to identify areas for improvement.

In particular, we use cookies to authenticate your contact details when you set up an account and also to see the volume of visitors to the website and analyse how the content of our website is viewed. Some of this information is gathered by our web content management system and some is gathered by Google Analytics.

You can choose not to allow cookies to be used by adjusting your browser settings, however this may affect website functionality. For further information, visit allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.

Please note that if you restrict cookies for this Website then there is a risk the Website may not function correctly.

How do we store information?

In order to maintain your privacy, we have a number of measures in place to make sure your information is kept safe and confidential.

Information relating to our Support Finder service is held electronically. Access to this electronic information is restricted by staff role to ensure that only members of staff who have a genuine need to view the information can do so. The information is held in Digital Ocean servers based in the UK. Digital Ocean is certified to ISO 27001 security compliance standards.

We anonymise your Support Finder record when you delete your account. The information retained is used to monitor usage of the service and cannot be used to identify you.

We use Postmark App to facilitate the exchange of emails between Support Finder clients and SILC staff. Postmark adhere to both the EU-US Privacy Shield Agreement and the Standard Contractual Clauses accepted by the European Union in order to ensure data security where data is transferred outside the EU.

Emails exchanged with the Support Finder team relating to the Website are held in Microsoft Office 365 within data centres in the EU. Microsoft Office 365 uses service-side technologies that encrypt customer data at rest and in transit. Furthermore, Microsoft has in place the accepted Standard Contractual Clauses which ensure that data transfer to and from the UK are managed securely. The information is backed up to a secure Microsoft Azure datacentre in the United Kingdom which meets ISO 27001 security compliance standards and the data is encrypted both during transfer and while at rest in the datacentre.

Our Google Analytics account can only be accessed by people who are authorised to do so by SILC. This is done solely for the purpose of monitoring the usage of the website. The Google Analytics account has been set to anonymise IP address before data processing and storage takes place. In any case, the Google Analytics product has been certified to ISO 27001 security compliance standards. Anonymised data is stored in Google’s data centres. Google has the accepted Standard Contractual Clauses in place to ensure data security where data is transferred outside the UK.

Payments are made through the Stripe processing system. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Stripe also has in place the accepted Standard Contractual Clauses governing the security of international data transfer. SILC staff do not have access to your payment card details.

Where members choose to join the Support Finder mailing list, their contact details are stored in a database held by MailChimp in the US. MailChimp adhere to both the EU-US Privacy Shield Agreement and the Standard Contractual Clauses accepted by the European Union in order to ensure data security.

Support Finder uses Google Maps reverse geocoding to complete the address field when a member enters their postcode. Google adhere to both the EU-US Privacy Shield Agreement and the Standard Contractual Clauses accepted by the European Union in order to ensure data security.

How do we use your information?

We use your information to provide you with access to the Support Finder service and enable your profile and/or listings to be available to other members and to help you communicate with other members of the Website. We do not use your information for any other purpose.

We work in accordance with the current data protection legislation. All of our staff contracts of employment contain a requirement to keep your information confidential and our staff receive annual training on data protection.

Our Support Finder service uses profiling in general to generate search results and 'matches'. However, we do not use any automated decision-making processes for any of our services.

To provide the service, we may need to share your information with or receive information from other organisations and individuals.

The information held about you will not be shared for any reason, unless:

Who we may need to share information with will depend on the type and level of your account. For example:

Information about Employers with Gold level membership may be shared with:

Information about PAs with Gold level membership may be shared with:

If you would like a complete list of who we may share your information with, please contact us to request this. This is necessary because it will depend on which type and level of account you are using.

Where your information needs to be shared, it will be done in a secure manner, for example external emails containing personal information will be encrypted by Egress Switch or equivalent unless you tell us that you do not want us to do so. Anyone who receives information from us also has a legal duty to keep this information confidential, subject to recognised exceptions such as the ones listed above.

We are compliant with the National Data Opt-Out.

How do we use information for marketing?

We will only use your information for marketing purposes if you have opted-in to our mailing list. Once you have done so, we will use your information to contact you with any newsletters or communications that we send out to members.

You do not have to opt-in to the mailing list to receive essential emails about your account, for example account verification emails.

What are your rights?

If you no longer want us to hold information about you, you may cancel your contract with us by providing 4 weeks’ notice in writing.

If you are not happy with the way that we manage the information we hold about you, then you have the right to register a complaint with us. To read about our complaints process, please refer to clause 14 of our Terms and Conditions.

If you think any information we hold about you is incorrect; you would like to request the erasure or restriction of your personal information; you would like to make a data portability request; you would like to object to the processing of your personal information; or you would like to withdraw consent then please contact us.

You may withdraw your consent for us to process your special category information, however, please note that this will necessitate the deletion of your Support Finder account.

Your right to view your records

You have the right to ask for a copy of the records that we hold about you. We are required to respond to your request within 30 days. You will need to give us enough information in order for us to identify you (for example, full name, address and date of birth).

We will ask you to provide ID - for example a passport, full driving license or credit/debit card - before any information is released to you. This is a safety check to make sure you are who you say you are.

Contact us

If you have additional questions about how we use your information, then please contact us using the details listed below.

Telephone: 01483 458111

Text: 07771 108624

Email: admin@supportfinder.org.uk

Website: www.supportfinder.org.uk

Address: Astolat, Coniers Way, Guildford, Surrey, GU4 7HL.