Young People’s Privacy Notice
Redthread Privacy Notice
Who we are
Redthread is a registered charity and a company limited by guarantee (ie a company that does not have shareholders, so all profits or surpluses are channelled back into organisation, to help to pay for the work we do with young people).
Redthread works with young people supporting and empowering them to find the best way of dealing with a wide range of challenging situations – often in a health setting, such as a hospital, or in a GP clinic, but also in the community. In order to do this we collect some personal data about you to make sure we are giving you the best possible support and advice.
This policy describes what personal information we collect, how we use it, what we do to keep it safe and your rights about how we process your data. If you need further information about this, please contact us at firstname.lastname@example.org and we’ll be happy to answer your questions.
Redthread is registered as a Data Controller with the Information Commissioner’s Office under our full name of Redthread Youth Limited – our number is ZA082237. Our registered charity number is 1051260 and we are also a registered company in England and Wales – our company number is 31331121.
What is personal data
Personal data is any data about, or that identifies, you the individual. Personal data can vary in its nature and can include:
- your name
- your address and other contact information such as your e-mail address and your mobile telephone number
- date of birth
- your living situation – housing status, family connections etc
- our notes about discussions with you and the support which we have given you
Some kinds of personal data is considered to be more sensitive, for example information about your
- racial or ethnic origin
- sexual orientation
- religious or philosophical beliefs
- physical or mental health
- alleged or actual criminal offences
and in order to collect this kind of information we have to demonstrate that it is necessary for us to use this information in order to provide you with the best possible advice and support. We also have to demonstrate that we take particular care of this type of information.
When you consent to working with us, we collect information about you. This may include any of the examples above, including the reasons you were referred to us in the first place, and notes based on any other information about your situation that you choose to share with us.
Sensitive information will only be collected where necessary, for example, we may need to collect health information from you when you are referred to us, in order to understand your needs and make sure we are sensitive to your current situation. We may need to understand more about your background to support the monitoring of the effectiveness of our programmes, and in some cases, we may need to know about your criminal record, and other contact you have had with the criminal justice system, We will always explain why we collect this information, stating what information is needed, and why and we will obtain your explicit consent to use sensitive information.
Information we collect from other sources
We sometimes receive your personal contact information from other sources, such as a health practitioner, (for example a doctor or nurse who is treating you in hospital) who makes a referral to us when they are concerned about you, and believes that we can offer additional support that will assist you in your current situation. Where possible the person making the referral will get your verbal consent that this is ok. We will make you aware of information which we have received from other sources.
Why we collect personal data and how we use it
We collect information about you in order to administer, deliver and monitor the services and support we provide to you, to carry out risk assessments and manage the way we handle your case, and to contact other professionals in order to advocate and improve your situation.
Redthread will use your personal information on the following basis:
- with your consent
- in order to protect your vital interests
- where necessary to perform a task that is in the public interest
- for compliance with our legal obligations
We may also anonymise and combine personal information to improve our service, to carry out research or to report to funders – in these cases we will make sure that you cannot be personally identified from such data.
Redthread has strict safety and safeguarding policies in place which means that as well as collecting data about the young people we work with, we also collect data about our employees and volunteers for the purpose of their role with us, including data in relation to criminal records.
Once we have made contact with you, and discussed how we may be able to support you, we will ask for your consent to add your personal details to our systems (which are separate to those kept at the hospital). This will normally be verbal consent, which we will record. You have a right to withdraw this consent at any time (see the section on your rights below). That consent will include explicit consent to include any appropriate sensitive data as described above. If you withdraw your consent, we will no longer be able to offer support services.
We only share your information with other parties where you have previously given us your consent, or where we are legally obliged to do so in order to stop you or other people coming to any harm.
For example, we will never talk to another professional (eg social worker, housing officer) without your permission.
Protecting your information
We take all appropriate technical and organisational measures to ensure that we keep your information secure, accurate and up to date. We have a working group which regularly reviews our systems and how they are being used, in order to maintain the highest standards of data security that we can. All of your information stored in our computer system, including sensitive information, will be protected by encryption and by limitation of who within our team can access your information.
How long we keep your information
We try and make sure we hold your information for only as long as you would consider reasonable – so in practice this means we will hold your information on our systems for as long as we need to in order to provide you with the support you need, or for as long as we are obliged to keep it because of the law. We regularly review how long we keep all such information and what we do with it (delete or archive) once we reach the time limit we have decided to apply.
Using photos, video or audio content
Redthread sometimes takes photos of our work and makes video or audio content. These may be used on social media, promotional materials, publications, press releases or other illustrations of our work, and can help us celebrate the successes and achievements of our children and young people, provide a record of our activities, and raise awareness of our organisation with funders and supporters.
We will always ask for written consent from individuals that will be used in photos where they may be identifiable. Where the individual is under the age of 18 or a vulnerable adult we will seek consent of the parent/guardian. Consent can be withdrawn at any time (see ‘Your Rights’ section). If consent is withdrawn we will stop using the photos/videos/audio content for future purposes but may not be able to retract publications already in the public domain.
The rights you have with regard to your personal data are defined by law, and include:-
- you have the right to see a copy of all the data we hold about you
- you have the right to ask us to delete what we have or to stop processing it
- you have the right to ask us to correct your data, if you think what we have recorded is incorrect
- you can choose to withdraw your consent at any time
- you can complain to the independent Data Protection Officer (DPO) who we have appointed to handle queries and to give us assurance that we comply with the law
- you can also complain to the Information Commissioner’s Office
To exercise any of your rights, you can
- email us: email@example.com
- write to us: 158 Buckingham Palace Road, London SW1W 9TR*
- contact our independent Data Protection Officer by
- email: firstname.lastname@example.org
- post: Securys Limited, 161-165 Farringdon Road, London EC1R 3AL*
You can contact the Information Commissioner’s Office through their website.
*IMPORTANT NOTICE: Whilst the UK remains under lockdown due to the coronavirus outbreak, the office addresses are not accessible to our staff team, so all communications must be sent by email until further notice.