Privacy Policy - Employees

This Privacy Policy was last updated on 11 June 2018.

Privacy Policy

At Blind Veterans UK we respect the privacy of our current and past employees and pensioners.  This policy explains how and why we collect, manage, use and protect your personal data.  It also makes clear how you control your personal information.  It should be read in conjunction with our Terms of Use for our website and cookies policy.

Our Privacy Promise

We take our duties when processing your personal data very seriously.  We promise that we will tell you what data we are collecting and why.  We will make every reasonable effort to collect, process, store and share your data safely and securely.  We will also make sure that our trusted partners do the same.  We also promise that we will be open and clear with you about our use of your personal information and that you will be able to control your personal information with ease.    

Your data

In order to provide services to you, during and after your employment with us, we need to collect and keep a little data about you, like your name, contact details, health details where appropriate, banking details and employment and salary records.  Some of this information we may need to share with our trusted partners, such as specialist service providers and professional advisors.  This is to provide you with the support and services you require from us.

We use your data for employee services

We use the information you provide to fulfil your contract of employment and the legitimate interests we have in providing employer’s support such as pay, pensions, performance review, learning and development, absence management and holidays, security screening, information about the charity and to support your employment. 

You are in control

If you would like to make any changes to the way we are processing your data, if you believe it is inaccurate or incomplete, or you have any concerns regarding how it is being processed you can discuss your preferences with your Line Manager or a People Services representative or the Payroll and Pension administration office.  If you have comments, questions or a complaint regarding your personal data and how we are processing it you can contact the Data Protection Officer directly using the contact details in Section 9 of this policy “How to Contact Us”.

Changes to this Policy

We may change this document from time to time to reflect the latest views of what we do with your information and legal and regulatory changes.  Please check back frequently.  You will be able to see changes have been made by the date it was last updated.

 

Our Privacy Policy in detail

  • 1. Who we are

    Our Privacy Policy applies to personal data collected and used by Blind Veterans UK.  Under data protection law and regulation, we are a ‘data controller’ and are registered as such with the Information Commissioner’s Office (Registration Number: Z6040633).

    Since 1915, Blind Veterans UK has held to the belief that no-one who has served our country should battle blindness alone.  That's why we're here to help with lifelong practical and emotional support for blind veterans, regardless of when they served or how they lost their sight.  We help veterans recover their independence and discover a life beyond sight loss.

    References to "Blind Veterans UK", ‘the charity’, “our’, ‘us’ and "we" mean Blind Veterans UK registered charity 216227 in England and Wales and SCO39411 in Scotland. 

    This also includes: our wholly owned subsidiary charitable trading company, Blind Veterans UK Trading Limited (registered company in England & Wales No. 06446944) which trades on our behalf to raise funds; Four Seasons NWMC Housing Limited (registered company No. 01882050); and the St Dunstan’s Retirement Benefits Plan (1973).

  • 2. What personal data we collect and why

    What we need to collect

    The term ‘personal information (or data)’ means information that relates to you or another individual that means you can be identified, either directly or in combination with other information that we may hold.  We need personal information about our current and former employees and pensioners to allow us to provide you with employment and pension services and support. 

    As an employee and subsequently as a pensioner, we will process personal data about you in order to set up and maintain your contract of employment while also meeting our legal obligations and pursuing our legitimate interests as your employer including administering the payment of pensions under the St Dunstan’s Retirement Benefits Plan (1973).  This information may include:

    • Name.
    • Postal address, telephone number, email address.
    • Date and place of birth.
    • Gender.
    • Your national insurance number, passport details and where necessary valid visa documentation.
    • Bank account details, salary, tax, pension status, pension entitlement and expenses details.
    • Learning, development and performance details. 
    • Photos and biographic details.

    We will be very clear with you that we wish to collect such information, our reason for collecting such information and we will only do so when we have a lawful basis for processing the information. 

    Data protection law and regulation recognises certain information as ‘special category’ data and as being particularly sensitive.  This includes:  racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, certain biometric data, data concerning health or a person's sex life or sexual orientation.  Sometimes we may need to collect or may indirectly obtain such data.  For example:

    • Health details (e.g. pre-exisiting health conditions, occupational health or ill health early retirement), where we need to make reasonable adjustments for your safe and productive employment or appropriate pension payments.
    • Race or ethnic origin, for the purpose of, for example, equal opportunities monitoring or when confirming eligibility to work in the UK.
    • You may reveal some of this information if you share photos or personal information in our Review magazine, on our website or social media channels.

    If you provide, either at our request or voluntarily, any sensitive personal information, you explicitly agree that we may collect and use it in order to provide our services in accordance with this Privacy Policy.

    The accuracy of your personal information is really important to us.  If you wish to update or correct any information we hold, please contact your Line Manager, a People Services representative or the Payroll and Pension administration office using the contact details in Section 9 of this policy. 

    Why we need it

    We need your personal information in order to perform functions such as:

    • Manage your contract of employment.  As part of the recruitment process and to confirm your security vetting and references and to administer other pre-contractual requirements.  To administer your working hours, holidays and absences, pay, pension and tax.  To administer benefits under the St Dunstan’s Retirement Benefits Plan (1973).
    • Provide performance review, learning and development.  To develop your skills and knowledge within your chosen profession and career path.  To manage your performance and to promote and improve employee effectiveness.
    • Communicate with you.  To communicate with you about employment and pension matters in an appropriate way and to provide you with specific services, updates, newsletters, feedback and information.  To assist with technical problems related to our services.
    • To improve our services and administration.  To ensure the most efficient and appropriate use of the resources we have. 

  • 3. How we collect your personal data

    We collect information about you in a variety of ways.  We may collect information you provide directly to us as well as information indirectly available from other sources, such as referees or HMRC. 

    Direct from you

    You will give us personal data directly yourself: during the recruitment process and subsequently when establishing and enabling your contract of employment; for personal development and training; for routine personal management purposes; if you use our websites or apps; sign up for an event; or communicate with us. 

    Indirectly from other sources

    We may obtain your personal data indirectly when you give permission to others to share it or it is publicly available:

    • Third party organisations or individuals.  We may obtain information from third parties if you have agreed that they can approach us or we can approach them, for example a recruitment agency, a referee, professional body or qualifying organisation or the Disclosure and Barring Service.  We will also obtain information about you from official sources as part of enabling your employment services, such as HMRC for tax purposes or for the purpose of paying appropriate pensions under the St Dunstan’s Retirement Benefits Plan (1973) using the scheme’s Actuary’s data.  Like all companies, through our website and mobile apps, we may collect information about what browser you are using, your IP address and computer operating system and may use this information to improve the services we offer.
    • Social media.  Depending on your settings or the privacy policies for social media and messaging services like LinkedIn, Facebook or Twitter, you might give us permission to access information from those accounts or services.
    • Publicly available sources.  Public information may include information from places such as Companies House, the electoral register and information that has been published in articles / newspapers / social media.  Additionally, the Post Office’s National Change of Address database allows us to keep your information up to date.

  • 4. The lawful basis for processing

    Data protection law and regulation require us to have a lawful basis for processing your personal information.  These include:

    • Where you have given explicit consent to do so for notified purpose(s). This may include sending you e-mails / texts / material or to provide you with a service or information that you have requested or require.  Where we need your consent, it will be clearly identifiable as a consent for a specific purpose.
    • To comply with a legal obligation. For example, where we are required to do so by a court, regulatory authority the police or security services or we are legally required to, such as to comply with Health and Safety law, pension regulations and HMRC tax regulations.
    • In performance of a contract.  To fulfil the requirements of the contract of employment we have with you.  This might include confirming your eligibility and suitability for employment through checks such as references and qualifications, DBS, eligibility to work in the UK or driving licences; tracking work hours, leave and absences; administering pay and charity assets such as cars; compliance with policies and procedures and health and safety; occupational health assessment.
    • Where we as a charity have a legitimate interest.  Where we have a legitimate interest, we must ensure that we are not harming any of your interests or rights and only use it in a manner that you would reasonably expect us to.  For example, we need to administer your pension scheme; be able to contact you for employment purposes; track our assets such as mobile information systems and data; and understand any health issues (such as disability) to make reasonable adjustments for your employment under Equality law.

    Where we process special category personal information (such as health) we will ensure we do so in accordance with at least one of the additional conditions required such as having your explicit consent or for the purpose of preventive or occupational medicine or for the assessment of working capacity.

  • 5. Sharing and Protecting your information

    How we keep your personal data safe

    We ensure that there are reasonable and appropriate technical and organisational controls in place to protect your personal details against unauthorised or unlawful processing and against accidental loss, destruction or damage.  For example, our computers, online systems and our network are protected and routinely monitored.  We have policies and procedures in place which staff and volunteers are expected to comply with and for which they receive training.

    • Online security.  Blind Veterans UK will ensure that when collecting personal information over the internet that this is done securely.  Our online forms are always encrypted and our network is protected and routinely monitored.  If you use a credit or debit card to donate to us, buy something or make a booking online, we pass the card details securely to our payment processing partners.  We are Payment Card Industry (PCI) Data Security Standard (DSS) compliant (for more information go to: www.pcisecuritystandards.org/pci_security/) and use external compliant providers to collect this data on our behalf.  We and our partners use TLS (Transport Level Security) to encrypt data sent between you and us or our partners.  We do not use cookies to store this type of information nor do we store credit or debit card details following completion of your transaction.  To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems that are regularly updated / patched and have malware protection.  Only connect your devices to networks that you trust.  We cannot guarantee the security of data disclosed or transmitted over public networks.
    • Password security.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our information systems and sites, you are responsible for keeping the password confidential.  You agree not to share that password with anyone else.
    • Third party website links.  Our website and apps may include links to other third-party websites, not owned or managed by Blind Veterans UK.  Whilst we try our best to only link to reputable websites we cannot be held responsible for the privacy of data collected by sites not managed by Blind Veterans UK, nor can we accept responsibility or liability for the implications to you of those policies.  For this reason, you should consult the privacy policy on any external website you link to before you submit any data to those websites.

    You should be aware that the use of the Internet is not entirely secure and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.  Any transmission is at your own risk.

    Who has access to your personal data

    We undertake regular reviews of who has access to information that we hold to ensure that your information is accessible only by the necessary and appropriately trained staff and trusted third parties.  Where we share your data with a third-party, we require that they have appropriate technical and organisational measures in place to protect your information.  However, we may be compelled by law to disclose your personal data to a third-party, such as law enforcement agencies, courts or government bodies (e.g. HMRC) and have limited control over how it is protected by that party.

    Occasions, other than by law, when we may share your data include:

    • If you have agreed that we may do so.
    • When we use external service providers to collect or process personal data on our behalf, for example, providing training services; providing pay and pension services including the St Dunstan’s Retirement Benefits Plan (1973); occupational health or work station assessments; or online tracking and analysis. 
    • To our subsidiaries (i.e. the companies owned by Blind Veterans UK).
    • If we receive a complaint about any inappropriate content you have posted or transmitted to or from one of our sites, forums, social media pages or apps we may share your personal data with your internet provider or law enforcement agencies. 
    • To enforce or apply the terms of your contract or other agreements or if we believe that we need to protect the rights, property or personal safety of Blind Veterans UK, our supporters, members, visitors or websites and for other lawful purposes. 
    • We may disclose aggregate statistics about our employees and pensioners to describe our charity to prospective supporters, partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics won’t include any personally identifying information without explicit consent.
    • If we run an event in partnership with other named organisations your details may need to be shared.  We will be very clear what will happen to your data when you register.
    • If we merge with another organisation to form a new entity, information may be transferred to the new entity.

    We will never rent or sell your personal information.  We will not share or swap it with other organisations for their own purposes or to make money out of your data without your consent.

    Where we store your information

    The information that you provide to us will be held in our systems and servers, which are located in our premises or those of a trusted third-party who processes data on our behalf. 

    We may need to use the services or provide access and processing to service providers and other organisations located outside of the European Economic Area (EEA). This may mean your data is transferred, processed and stored outside of the EEA. However, we will put in place appropriate safeguards to protect your data and rights, such as asking for your explicit consent, using appropriate contractual clauses and / or Privacy Shield (for the US) with our third-party supplier and / or by using encryption.  With the appropriate safeguards in place, by submitting your personal information, you agree to this transfer, storing or processing at a location outside the EEA. In cases when we use external websites provided by other organisations such as Twitter or Facebook, then we would ask you to consult their privacy policies too.

     

  • 6. Retaining your information

    We hold your information for only as long as is necessary to fulfil the purposes for which the data was collected and our legitimate interests or in order to comply with legal or regulatory rules and requirements.

    When your employment with Blind Veterans UK is terminated, we will retain some basic information in order to record your employment with us to meet any legal or regulatory requirements or to protect our legitimate or legal interests, for example in the event of an employment dispute, confirmation of employment for referees or to process any ongoing requirements such as a pension.

  • 7. Your details on the internet and website

    Like most organisations, our website and apps use “cookies” and other tracking software to help us make our site and the way you use it better and more relevant to you.  We will not be able to personally identify you from the information gathered but it may help us improve our online services.

    • Cookies mean that a website will remember you.  They’re small text files that are transferred to your computer (or phone or tablet).  They make interacting with a website faster and easier, for example by automatically filling your name and address in text fields.  Please read our cookies policy for more information.  You can change your cookie preferences whenever you wish.
    • When visiting our website or apps we may collect information about the type of device you’re using to access them and the settings on that device.  This might also include the IP address and your operating system and certain device settings as well as diagnostic information.

  • 8. What are your rights?

    The new General Data Protection Regulations (GDPR), effective from 25 May 2018, gives everyone a number of very important rights.  In abbreviated form these are:

    • The right to be informed.  Transparency over how we use your personal information.  This Privacy Policy falls under this right.
    • The right of access.  Request information that we hold about you.
    • The right of rectification.  Update or amend the information we hold about you if it is incomplete or inaccurate.
    • The right to erase or ‘right to be forgotten'.  Ask us to remove your personal information from our records where there is no compelling reason for its continued processing.
    • The right to restrict processing.  Ask us to supress the processing of your information.
    • The right to data portability.   Obtain and reuse your personal data for your own purposes.
    • The right to object.  Object to the processing of your information for certain purposes (such as marketing, research, statistics or our legitimate interests).
    • Rights in relation to automated decision making and profiling. 

     

    If you would like to know more about your rights under the data protection law see the Information Commissioner’s Office (ICO) website which also explains how to contact them.

     

    Remember, you can exercise your rights in relation to your personal information at any time by contacting your Line Manager, a People Services representative or through the contact details set out in the ‘How to contact us’ section of this policy.

     

    If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law and your rights, you can complain directly to the Information Commissioner’s Office.

  • 9. How to contact us

     

    If you wish to raise any comments or questions regarding this Privacy Policy or you would like to discuss how we process your information you are very welcome to do so.  As an employee, in the first instance, refer to your immediate Line Manager or your Director.  Alternatively, or for other individuals, you can contact:

    Employees

    • Post: People Services, Blind Veterans UK, 12-14 Harcourt Street, London, W1H 4HD
    • Phone: via on-line directory
    • Email: via on-line directory

    St Dunstan’s Retirement Benefits Plan (1973) (deferred or current pensions)

    • Post: Payroll & Pension Administration Office, St Dunstan’s Retirement Benefits Scheme (1973), Blind Veterans UK, Greenways, Ovingdean, Brighton, BN2 7BS
    • Phone: 01273 391442
    • Email: payroll@blindveterans.org.uk

    If you wish to enquire further about your rights, ask for information to be provided, or to raise a complaint, please contact our Data Protection Officer. 

    • Post: Data Protection Officer, Blind Veterans UK, 12-14 Harcourt Street, London, W1H 4HD
    • Email: dpo@blindveterans.org.uk