This notice describes how your personal information is collected, used, and shared when you visit www.adasuk.org (the “Site”).
ADAS is a confidential multi-disciplinary service intended to help and support you and our policy on confidentiality is to work within the current legal frameworks updated in May 2018 in line with GDPR.
We recognise our responsibility to treat your personal information with care and to comply with all relevant legislation, in particular the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) which we refer to as the “legislation” in this document. This notice covers our requirement to provide you with information on how and why we use your personal data and of your rights under the legislation.
The Data Protection Officer (“DPO”) is responsible for ensuring that all potential data subjects have sight of this notice prior to the collection and/or processing of their personal data by ADAS.
All employees of ADAS who interact with data subjects are also required to ensure that this notice is brought to the attention of all data subjects, securing their consent for the processing of their personal data.
ADAS will always gain your consent if we feel there is a legitimate reason to share information with agencies within the Essex Drug and Alcohol Partnership to fully understand your current situation and to meet your needs. Any information shared would be strictly relevant to your health and care needs. You have the right to object to the processing of your data at any time by speaking to your counsellor or emailing firstname.lastname@example.org but please bear in mind that this may affect our ability to provide the right level of support and services to you.
You hereby confirm that you are consenting to ADAS’s use of your personal data for the aforementioned purposes(s) and are granting ADAS permission to carry out those actions and/activities.
You may withdraw your consent at any time by reading our Right to Withdraw Consent Procedure 92017-I
The EU’s General Data Protection Regulation (“GDPR”) defines “personal data” as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The GDPR classifies certain data as belonging to “special categories”, as follows:
The GDPR requires that consent is provided by the data subject for all types of personal data, including those pertaining to the special categories set out above and otherwise. Consent must be explicitly provided.
When ADAS requests sensitive data from data subjects, it is required to confirm why the information is required and how it will be used.
ADAS is committed to ensuring that all personal information collected and processed is appropriate for the stated purpose(s) and shall not constitute an invasion of your privacy. We may share your personal data with third party service providers with whom we are contracted to and we shall ensure that they will hold your personal data securely and shall use it only in order to fulfill the service for which we are contracted. We will never share your personal data with third parties until we have received your consent, unless we are required do so by law.
ADAS will use the personal data collected from you for the following purposes:
ADAS will process your data (i.e. collect, store and use) according to the requirements of the GDPR at all times and shall endeavor to keep your personal data up-to-date, ensuring its accuracy and will not keep it for longer than it is required. Your data will be managed in accordance with our data retention policy. In most cases the period will be for a maximum of 7 years following the closure of your support episode with us, unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. For clients under the age of 18, we keep data up until the age of 18 and then for two years after that.
We shall never be intrusive or invasive of your personal privacy and shall not ask you to provide data that is irrelevant or unnecessary and we will enact strict measures and processes to ensure that the risk of unauthorised access or disclosure of your personal data is minimised as much as possible.
We always aim to offer you the best service possible, if however you have a complaint about how we have handled your personal information you may contact us via email email@example.com and we will investigate your complaint in line with our complaints policy. You also have the right to lodge a complaint with a supervisory authority (i.e. the ICO) once you have tried to resolve the issue with us.
For further information on this Privacy Notice, to access your personal information or to exercise any of your other rights, please contact The Data Protection Officer via email firstname.lastname@example.org of at the address below or call 01279 641347
The Data Processor is the owner of this policy document and must ensure that it is periodically reviewed according to the review requirements contained herein.
The latest version of this policy document dated 25th May 2018 is available to all employees of ADAS.
This policy document was approved by ADAS’s Board of Trustees and is issued by the Chief Executive Officer (“CEO”) on a version controlled basis.