Privacy Policy

Website Privacy Policy – The Basement Recovery Project

Important information and who we are

Welcome to The Basement Recovery Project (TBRP)’s Privacy Policy.

TBRP has a well-established reputation for helping some of the most vulnerable people in our communities. Individuals rely on our trust, discretion and integrity when engaging with our recovery services. We extend our commitment to maintaining this trust and confidence to all visitors of our website. We respect your privacy and are committed to protecting your personal data.

Purpose of this Privacy Policy

This Privacy Policy provides information on when, why and how we collect your personal information, how we use it and how we keep it secure.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this Privacy Policy together with any other notice (including our Cookie Policy) or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements any other notices and is not intended to override them.

Controller

The Basement Recovery Project (collectively referred to as “The Basement Recovery Project”, “TBRP”, “we”, “us” or “our” in this Privacy Policy ) is the controller and responsible for any personal data we may process.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the data controller using the details set out below.

Contact details

Full name of legal entity: The Basement Recovery Project
Addressee: Attn: Data Controller
Email address: admin@thebasementproject.org.uk
Postal address: Basement House, 10 Carlton Street, Halifax, HX1 2AL

Collection and use of personal information

Personal information means any information that may be used to identify you, such as your name, title, phone number, hair colour, email address or postal address. In general, you can browse our website without giving us any personal information.

We use Google Analytics to analyse visitor traffic to our website in order to understand visitor behaviour and needs so we can continually improve our site for them. This is done through the use of Cookies (see our Cookie Policy for more detailed information). We also use Facebook Insights and YouTube cookies for similar anonymised statistical analysis.  We consider Google, Facebook and YouTube to be third-party data processors.

Our statistical analysis collects only anonymous, aggregate technical statistics i.e. we do not link a specific IP address, name or any other personal information which can directly identify you as an individual.

Your IP address is also used by our security software to protect us (and other site visitors) from malicious malware, attacks and spam.

The exception to this is if you wish to sign up for our newsletter email list. Our newsletter email list collects your name and email address to enable us to personalise and send you occasional news, stories and event information that are relevant to TBRP or our sector in general. Our newsletter is no more frequent than monthly but typically is more like quarterly. You can unsubscribe at any time from our newsletter email list, either by emailing us from the email address you used to sign up or by following the unsubscribe link in the newsletter itself.

Our newsletter email list is managed by MailChimp, a well-respected, trusted and secure emailing platform. You will be required to sign up to their terms and conditions as they are the ones controlling your data. By signing up through the TBRP website, we directly connect your information to the MailChimp servers. TBRP has access to this data for the use of creating and sending our newsletters, gathering statistics around delivery; opening and clicks using standard technologies to help us improve future newsletters and you will have agreed to this as part of signing up to the MailChimp service. For more information please refer to the MailChimp’s Privacy Policy that you will receive as part of the confirmation process. We consider MailChimp to be a third-party data processor.

TBRP’s email servers and services are registered and authorised for use with MailChimp using DKIM and SFP records.  All our newsletters will come from the thebasementproject.org.uk domain.

Third-party links

This website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website by following external links, we encourage you to read the Privacy Policy of every website you visit.

Correspondence Via Email

You may use our contact form on the website to send a message to one of our offices. The information you enter through our contact form is information you freely provide and is forwarded via secure email protocols. This is the same process as if you had emailed us direct, except no email is stored on the website and nothing is in your email sent items. The information received in our email system will be treated with confidence, like all emails, and will be used only to deal with your enquiry.  Our email forms are sent via SMTP protocols over Transport Layer Security (TLS) to encrypt and protect email traffic.

How do we handle your personal information (Principles of processing)

We handle personal information according to the requirement of the UK Data Protection Act 2018 and UK GDPR which applies the EU’s General Data Protection Regulation, GDPR, standards for the processing of data considered as “general data”. Your personal information held by TBRP is secure and is accessed by our staff, volunteers, contractors and data processors working on our behalf when required to do so for lawful purpose and the principles of processing your data.

TBRP will ensure that we comply with one or more key principles of processing personal data:

a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the UK GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

Individual Rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right to be informed

    • You have the right to know how we obtain your personal information and how we use, retain, store and who we may share it with. This Privacy Policy explains how we will use your personal information and tells you your rights.

Your right of access

    • You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

    • You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

    • You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

    • You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

    • You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.

Your right to data portability

    • This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Special Categories of Personal Data

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Security

We have implemented reasonable technical and organisational measures designed to secure your personal data from accidental loss and from unauthorised access, use, alteration or disclosure.  However, the Internet is an open system and we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your personal information for improper purposes.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.
In some circumstances, we may be legally obliged to share information. For example, under a court order or where we cooperate with supervisory authorities in providing our services. We might also share information with other bodies in order to further their, or our, objectives in helping you to attain the most from our services. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

Your right to complain

We work to high standards when it comes to processing your personal information. If you have any queries or concerns, please contact us using the information above (Controller) and we’ll respond in a timely manner. If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office.

Changes to this Policy

We may change this Privacy Policy at any time and from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website. We encourage you to review this Privacy Policy often, so you can stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy.

[Page Updated: 2 March 2022]