Purpose of this notice
Sanctum are committed to protecting your privacy when you use our services
This Privacy Notice explains how we use information about you and how we protect your privacy.
How to contact us
- We can be contacted at Sanctum, 10 Saffron Central Square, Croydon, Surrey, CR0 2FT Telephone 0203 907 6789.
- We have a Data Protection Officer (DPO) who is responsible for informing and advising the company on its data protection obligations and monitoring our internal compliance together with acting as a single point of contact for you. If you wish to contact the Data Protection Officer, Ramona Ardelean, please email firstname.lastname@example.org or telephone on 0203 907 6789 and ask to speak with the Data Protection Officer.
Where can I get independent advice?
For independent advice about data protection you can contact the Information Commissioner’s Office at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5A or email email@example.com or call 0303 123 1113 or 01625 545 745
Do you know what personal information is?
Personal data can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify you. Examples of personal data could be your name, address, telephone number, date of birth or financial information.
Did you know that some of your personal information might be “special”?
Some data is categorised as “special category data” and needs more protection due to its sensitivity. Often, it is information that is very personal to you and is likely to include:
- racial or ethnic origin
- religious or other beliefs of a similar nature
- physical or mental health or condition
- sexuality or sexual health
- trade union membership
- genetic/biometric data
- political opinion
- physical or mental health
- criminal history
Why do we need to collect and use your personal information?
We may need to use some information about you to deliver services to you for example:
- We need to know that you are compliant legal before placing you into work and provide evidence of this this if required.
How the law allows us to use your personal information
Sanctum will process (that means collect, store and use) the personal information you provide to us in accordance with the law.
There are a number of legal reasons why we need to collect and use your personal information. Each privacy notice from the menu on the top explains for each service which legal reason(s) is being used to process your personal information
Generally, we collect and use your personal information where:
- you or your legal representative, have given consent
- you have entered a contract with the Sanctum
- the data is necessary to perform our statutory duties or it is required by law
- it is necessary to protect you or someone in an emergency
- it is necessary to perform a task carried out
If we have consent to use your personal information, you have the right to remove the consent at any time. If you want to remove your consent, please contact firstname.lastname@example.org so we can action your request.
We only use what we need
Where we can, we will only collect and use your personal information for the specified purpose for which it was collected except where the law allows us to use it for another purpose. We shall keep your personal information accurate and updated. It shall not be kept longer than necessary and shall be relevant and not excessive in relation to the purpose or purposes for which it was collected.
If we do not need personal information, we will keep your information anonymous. For example, in a survey we may not need your contact details but only your survey responses. If we use your personal information for research and analysis, we always keep you anonymous unless you have agreed that your personal information can be used for that research
The law gives you a number of rights to control what personal information we use and how it is used. .These are some of your rights:
You can ask for access to the information we hold about you
This applies to your personal information that is in both paper and electronic records.
You can ask to change information you think is inaccurate
You should let us know if you disagree with something written on your file, we may not always be able to change or remove that information but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
You can ask us to delete information (the “right to be forgotten”)
You have the right to ask us to delete your personal information for example where your personal information is no longer needed for the reason why it was collected in the first place or where you have withdrawn your consent for us to use your personal information and there is no legal obligation for the company to use it. Where your personal information has been shared with others legally, we will use reasonable endeavours to make sure the 3rd party also deletes your data where you request this.
You can ask us to limit how we use your personal information
You have the right to ask us to restrict what we use your personal information for where for example you have identified inaccurate information and have told us of it or where you want us to restrict what we use it for rather than erase the information altogether.
You can ask to have your information moved to another provider (data portability)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format; this only applies where we are using your personal information with your consent and not if we are using it under any other legal basis.
How do we protect your information?
We will do what we can to make sure we hold personal records about you (paper and electronic) in a secure way and we will only make them available to those who have a right to see them. Examples of our security processes include:
- Encryption – meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what is called a “cypher”. The hidden information is said to then be “encrypted”.
- Pseudonymisation – meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was you.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Training our staff to make them aware of how to handle personal information and how and when to report when something goes wrong.
- Regular testing of technology and upgrading security measures including keeping up to date on the latest security updates (commonly called “patches”)
You can find more information in our Security Policy by contacting email@example.com
Where is your information stored?
Your personal information is stored on a secure cloud-based system.
How long do we keep your personal information?
We will not keep your personal information for longer than is necessary. Where your information is held for a set period of time this will always be supported by a legal reason. These reasons are set out in our document retention policy. If you wish to see the retention schedule you can send your request to firstname.lastname@example.org
Web site privacy provision
Sanctum will endeavour to safeguard the privacy of its website visitors. The following information explains our website data processing practice.
We are keen to ensure that we are providing our candidates with all the information that they need. Consequently, candidates may receive occasional e-mail messages from the company on matters that we consider may be of interest to you relating to the service we provide.
Information to improve our site
We collect web statistics automatically about your visit to our site based on cookies and your IP address. This information is used to help us track what people are doing on the site so that we can improve it. We don’t use this information to identify you as an individual and you will remain anonymous, unless you’re asked to identify yourself by completing a form or an online transaction.
21 May 2018