Privacy Policy

Effective Date: 27th June 2023

  1. Introduction
  2. Who can you contact for privacy questions or concerns?
  3. How do we collect personal data?
  4. What are the categories of personal data that we collect?
  5. What are the lawful bases we use for processing personal data?
  6. Why do we need personal data?
  7. Do we share personal data with third parties?
  8. Do we transfer personal data outside the European Economic Area (EEA)?
  9. Do we use cookies?
  10. What are your data protection rights?
  11. Personal data security
  12. How long do we retain personal data?
  13. Job applicants, current and former employees (including volunteers working on the site)
  14. Visitors to our websites
  15. Links to other websites
  16. People who email us
  17. Changes to this privacy policy
Introduction

HelpMyStreet CIC (“we”, “us”, or “our”) is dedicated to protecting personal data. We comply with the EU General Data Protection Regulation (GDPR). This Privacy Policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this Privacy Policy or as otherwise stated at the point of collection.

Personal data means any information relating to an identified or identifiable natural (living) person. HelpMyStreet processes personal data for a number of reasons, and the means of collection, lawful basis of processing, use, disclosure and retention periods for each reason will differ.

The HelpMyStreet CIC (Community Interest Company) was registered by the founders of Factor 50 Ltd as a not-for-profit entity in response to the UK Coronavirus outbreak (www.factor-50.co.uk). Factor 50 Ltd will act as a data processor and provide skills and services for HelpMyStreet CIC, including but not limited to data environments, information governance framework and technical resource. Factor 50 Ltd is registered with the ICO (Registration number: ZA488135) and self-certify against the NHS Digital Data Security and Protection Toolkit (ODS: 8K896). More detail on how we share data with our data processors can be found below in the section ‘Do we share personal data with third parties?’.

Who can you contact for privacy questions or concerns?

If you have questions or comments about this Privacy Policy or how we handle personal data, please contact contact@factor-50.co.uk.

You may also contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/ to report concerns you may have about our data handling process. Our ICO registration number ZA737386.

How do we collect personal data?

Directly

We obtain personal data directly from individuals in a number of different ways. These can include:

  1. via our website (e.g. ‘Contact Us. Join Us.’, account registrations, requests for help, email subscriptions)
  2. via email (e.g. response to recruitment posts or our contact email addresses)
  3. meeting attendances (e.g. telephone/video conferences)

We may also obtain personal data directly when we are establishing a business relationship, or through performing professional services through a contract.

Indirectly

We obtain personal data indirectly from a number of sources. These can include:

  1. recruitment services (e.g. agencies, former employers and recommendations)
  2. brought-in lists where there is a lawful basis for processing (e.g. referrals from other services)
  3. requests submitted on somebody else’s behalf
  4. public registers
  5. framework agreements
  6. internet searches
  7. news articles

Our services may also include processing personal data under our clients’ control on our hosted cloud applications, which may be governed by different privacy terms and policies.

What are the categories of personal data that we collect?

We may obtain the following categories of personal data through either direct interactions, client engagements, suppliers, job applications or other situations including those described in this Policy.

Personal data

Personal data we commonly collect to conduct our business activities may include:

For people working on our platform:

  1. professional details (e.g. career history, professional memberships)
  2. contact details (e.g. name, job title, contact number, email address)

For volunteers offering help and anyone registering an account with us:

  1. contact details (e.g. name, contact number, email address)
  2. location (e.g. current residential address)
  3. date of birth
  4. a photograph (e.g. a profile picture, proof of identity)

For people submitting requests for help on behalf of someone else:

  1. contact details of the requester (e.g. name, contact number, email address)

For people requesting help (including where help is requested on their behalf):

  1. contact details (e.g. name, contact number, email address)
  2. location (e.g. current residential address)
  3. age

Special categories of personal data

We may collect some special categories of personal data about individuals where it is necessary to do so. In the event that we do process special categories of personal data, it is with the explicit consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of special categories of personal data we may obtain include:

  1. health information related to an individual’s ability to fulfil their role (e.g. self-certifying the presence of any medical history that puts them at high-risk from coronavirus or presence of Coronavirus symptoms)
  2. health information related to a request for help which is necessary to fulfil the request (e.g. a concern for health or wellbeing which will help volunteers prioritise incoming requests)
  3. personal identification documents that may reveal race or ethnic origin

Personal data relating to criminal convictions

We may obtain personal data about employees, contractors or any other individual providing services for us that reveals information about criminal convictions.

What are the lawful bases we use for processing personal data?

In order to process personal data we must have a lawful basis for doing so. We may depend on the following lawful bases when collecting and using personal data to perform our business activities and provide our services:

  1. Legal obligations and public interests: We may process personal data to meet certain regulatory and public interest obligations or mandates
  2. Legitimate interests: We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced.
  3. Consent: We may rely on your freely given consent
  4. Contract: We may process personal data in order to perform contractual obligations
Why do we need personal data?

We will always endeavour to explain our rationale for collecting personal data and maintain transparency throughout. Reasons can include:

  1. supporting local communities to offer and receive help during the Coronavirus outbreak
  2. providing professional advice and delivering reports related to our professional services
  3. seeking qualified candidates
  4. fulfilling employment or contractual obligations
Do we share personal data with third parties?

Sometimes we may share personal data with trusted third parties to help us deliver effective and quality services. These recipients are either contractually bound to safeguard the data we entrust them or will sign an agreement to ensure this is the case. Recipients that we engage with can include:

  1. parties that support us as we provide services (e.g. IT system support, providers of identity verification, telecommunication, document production, cloud-based software or other required services)
  2. sub-contractors and partner organisations involved in delivering our professional services
  3. professional advisers such as lawyers and insurers
  4. recruitment service providers
  5. law enforcement and regulatory agencies
  6. partner organisations or community groups involved in submitting or managing requests for help, for example our charity partners

We may also share your information with a third party if there is a legal obligation to do so (e.g. a court order), or in extreme circumstances where we believe it is in the service user’s best interest to do so (e.g. contacting the emergency services).

We will also share your information with other verified users where it is necessary to deliver our service.

We will never share your information with a user that has not been verified unless you have given your consent to do so. Examples of sharing include:

  1. sharing volunteer contact details with other local volunteers to help find local support
  2. sharing volunteer contact details with administrators of groups, for example where the volunteer is a member of the group, or where the volunteer has accepted a request submitted through a group
  3. sharing contact details of people requiring help to enable volunteers to fulfil requests
  4. sharing contact details of users requesting help on someone else’s behalf to provide an update or to request more information

When a user submits a request for help in an area where we do not currently have any volunteers, we may share some of the details collected with third parties to help us recruit volunteers to provide coverage. Where we do this, we will use high-level or aggregated data only and will not share any personal data in. For example, we might approach a local community groups and say ’We have had 10 requests for help in your area over the last 24 hours’.

Do we transfer personal data outside the European Economic Area (EEA)?

We endeavour to store personal data on servers located in the EEA. In the event that we store personal data outside the EEA, we will always ensure that appropriate safeguards are in place to guarantee individuals’ rights remain enforceable (such as the EU-US Privacy Shield).

Do we use cookies?

This website uses cookies. We use cookies to help make our website usable and to understand how visitors interact with us.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. The following types of cookies may appear on our site:

  • Necessary Cookies - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Preferences - Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Statistics - Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Marketing - Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

What type of cookies are used and why?
The table below explains the cookies we use and why.

Type
Cookie Name
Provider
Purpose
Expiry
Necessary
.AspNetCore.Antiforgery.#
ARRAffinity / ARRAffinitySameSite
Consent
helpmystreet.org
YouTubeRead Google’s Privacy & Terms for YouTube
Helps prevent Cross-Site Request Forgery (CSRF) attacks.
Used to distribute traffic to the website on several servers in order to optimise response times.
Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.
When the browsing session ends
When the browsing session ends
2 years
Preferences
firebaseLocalStorageDb#firebaseLocalStorage
helpmystreet.org
Facilitates the notification function within the chatbox, allowing the website’s support team to notify the user, when a reply has been given in the chatbox.
Persistent
Marketing
yt-remote-cast-installed / yt-remote-fast-check-period / yt-remote-session-app / yt-remote-session-name / yt-remote-cast-available
yt-remote-connected-devices / yt-remote-device-id
LAST_RESULT_ENTRY_KEY / nextId / requests
ytidb::LAST_RESULT_ENTRY_KEY / YtIdbMeta#databases
yt.innertube::nextId
YouTubeRead Google’s Privacy & Terms for YouTube
Stores the user’s video player preferences using embedded YouTube video
Stores the user’s video player preferences using embedded YouTube video
Used to track user’s interaction with embedded content
Used to track user’s interaction with embedded content.
Registers a unique ID to keep statistics of what videos from YouTube the user has seen
When the browsing session ends
Persistent
When the browsing session ends
Persistent
Persistent

Where cookies are used, a statement will be sent to your internet browser explaining their use. You can change or withdraw your consent at any time by changing your browser settings.

What are your data protection rights?

Your rights are outlined below. To submit a request, please email contact@factor-50.co.uk

The right of access to personal data

You have the right to access your personal data held by us.

The right of rectification

You have the right to request the correction of personal data held by us to the extent that it is inaccurate or incomplete.

The right to data portability

You have the right (in certain circumstances) to obtain personal data in a format to allow you to transfer it to another organisation.

The right to withdraw consent

You have the right to withdraw consent at any time, and the process to withdraw consent will be as easy as the process to give consent.

The right to object

You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).

This right also applies to direct marketing and processing for purposes of scientific/historical research and statistics.

The right to restrict processing

You have the right (in certain circumstances) to “block” or suppress the processing of your personal data.

The right to object to automated decision making (including profiling)

You have the right (in certain circumstances) to object to automated decisions (including profiling) based upon the processing of personal data and request human involvement.

The right to erasure/to be forgotten

You have the right (in certain circumstances) to request the deletion of personal data where there is no compelling reason for its continued processing.

We may request specific information from you to help us confirm your identity and therefore ensure your rights. This will help us guarantee that personal data is not disclosed to any person who has no right to receive it.

Personal data security

The measures we use to ensure personal data security include:

  1. Putting in place policies and procedures to protect personal data from loss, misuse, alteration or destruction.
  2. Making sure that access to personal data is limited only to those who need access to it and that confidentiality is maintained.
  3. Applying pseudonymisation and anonymisation techniques to further protect the data.

Please be aware that the transmission of data via the Internet is not always completely secure. Whilst we will do our utmost to protect the security of your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

How long do we retain personal data?

We retain personal data to:

  1. provide our services
  2. stay in contact with you
  3. comply with applicable laws, regulations and professional obligations that we are subject to

Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual obligations, we retain personal data for two years from the most recent engagement or processing but no longer than three months from the termination of the site.

We will dispose of personal data in a secure manner when we no longer require it.

Job applicants, current and former employees (including volunteers working on the site)

Personal details you provide in your application for a job opening at HelpMyStreet will be used by us to process your application in accordance with the GDPR and other applicable laws.

Third parties

We may also share your data with approved organisations for fraud prevention purposes or with other third-party suppliers working on our behalf, such as employment verification service providers.

Data retention

In all instances we take steps to ensure that an adequate level of protection is given to your personal data. Any information provided will only be stored for the necessary amount of time required, after which it will be safely destroyed. By submitting your application you are agreeing to your data being processed in accordance with these terms.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Upon employment

Once a person has taken up employment with HelpMyStreet (including unpaid), we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete or anonymise it.

Visitors to our websites

When someone visits https://www.helpmystreet.org/:

  1. We collect standard internet log information and details of visitor behaviour patterns.
  2. We do this to find out things such as the number of visitors to the various parts of the sites.
  3. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.
  4. We will not associate any data gathered from these sites with any personally identifying information from any source.
Links to other websites / third parties

On our website (https://www.helpmystreet.org/) and its subdomains, we may provide links to other websites or third parties - known as external links. This privacy notice does not cover the links within this site linking to other websites or third parties. We encourage you to read the privacy statements on the other websites you visit.

External links are selected and reviewed when the page is published. However, we are not responsible for the content of external websites we have no control over. The content on external websites can be changed without our knowledge or agreement.

Some of our external links may be to websites which also offer commercial services, such as online purchases. The inclusion of a link to an external website from our website should not be understood to be an endorsement of that website or the site's owners, their products or services. Links may include websites (URLs), email addresses (for other organisations or individuals outside of the helpmystreet.org domain), telephone numbers etc.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.

Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Changes to this privacy policy

We keep our privacy notice under regular review. This privacy notice was last reviewed on 6th June 2023.