QEF Executive Office understands that privacy and the security of your personal information is extremely important. Because of that, this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, how long we will keep it, who we share it with as well as your rights over any personal information we hold about you.

Service user records

What information do we have or hold on you?

Trustee personal data, client complaints, financial records, accident related personal data, email correspondence, corporate governance (manual and electronic Board and Sub Committee minutes, Committee attendance lists, Chief Executive records), policies/strategies and business plans, non-clinical quality assurance records, staff timesheets, successful tenders, estates building plans, financial accounts, complaints and compliments and FOI requests.

Lawful basis

The GDPR requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are relevant:

  • Where you’ve given us your consent for us to use your personal information in a certain way. For example, storing Next of Kin details for Trustees in case of accident or emergency when visiting QEF.
  • Where necessary so that we can comply with a legal obligation. For example, where we need to share your personal information with regulatory bodies which govern our work and services.
  • Where it is in your/someone else’s vital interests.
  • Where necessary for the performance of a contract which we have with you or to take steps before entering a contract.
  • To enable information to be shared with you after FOI requests.

 

Some processing is undertaken on the basis that it is in our legitimate interests and not overridden by your rights. For example, information about how you have used our services.

How we use your information

Personal information which you supply to us may be used in a number of ways, for example:

  • To provide the services you requested
  • Help us understand more about you and to improve our service
  • To ensure efficient and accurate administration of your request
  • To process your request or payment
  • To manage your case or complaint
  • Help answer your questions and solve any issues you have

In an anonymised format only for statistical analysis to:  

  • Provide services to the wider community through the use of anonymised information
  • Support a grant or funding application through the use anonymised information
  • Report to existing funders
  • Inform annual reports

In accordance with our retention policy we will keep your personal information for 12 -20 years after which it will be securely disposed of.

How we will ensure your information is kept safe

We take security measures to protect your information including:

  • Ensuring only authorised personnel have access to administrative areas of the building
  • Storing paper-based information in lockable areas
  • Limiting access to paper-based and electronic information to those who need to see it
  • Running through ID verification questions before disclosing information over the telephone
  • Implementing access controls to our information technology
  • Disposing of data at the end of the retention period
  • Information will only be transferred outside of the UK with your consent and if specified secure conditions are met.

Your personal data including your progress will be disclosed to:

  • Funders including solicitors, insurance companies and employers
  • Information of QEFs trustees will appear on the QEF website

We may disclose your personal data to third parties when permitted to do so including:

  • Where we are acting as the data processor for another data controller
  • Where we have a contract with a processor acting on our behalf
  • If we have a lawful basis for doing so
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This includes providing your personal data to other organisations, such as the Police or Safeguarding Team for the purposes of prevention and detection of crime.

We will not disclose your data to anyone else without your consent.

Your rights

We will ensure you can exercise your rights in relation to the personal data you provide to us.

You have the right:

Of access; to rectification; to erasure; to restrict processing; and to object. You have the right to data portability and where QEF use an industry standard application, we will provide portable data formats. If you wish to exercise these rights, please contact dataprotection@qef.org.uk There is an additional right relating to automated decision making but QEF does not undertake any automated decision-making activities.

If you have any privacy-related questions or unresolved problems relating to the use of your personal data, you may complain to us by contacting us at dataprotection@qef.org.uk You also have the right to complain to the Information Commissioner’s Office about our collection and use of your personal data. They can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, www.ico.org.uk

Changes to our privacy notice

We keep our privacy notice under regular review and we place any updates on this web page. This privacy notice was last updated on 12 June 2019. Further information For further information on how your information is used, how we maintain the security of your information, your rights to access information we hold on you, or details on how long we hold your information, please contact us at, Executiveassistant.CEO@qef.org.uk or write to us at: QEF, Leatherhead Court, Woodlands Road, Leatherhead, Surrey, KT22 0BN