Privacy

How we use your information

This privacy notice tells you what to expect when the SAF collects personal information. It applies to information we collect about:

  • visitors to our websites
  • complainants and other individuals in relation to a data protection or freedom of information complaint or enquiry
  • people who use our services, eg who subscribe to our newsletter or request a publication from us
  • people who notify under the Data Protection Act
  • job applicants and our current and former employees

Visitors to our websites

When someone visits our site we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Search engine

Our website search and decision notice search is powered by System Associates. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either SAF or any third party.

People who email us

All calls are handled with the utmost discretion.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not, identify any complainants unless the details have already been made public.

People who use SAF services

The SAF offers various services to the public. We use a third party to deal with some publication requests, but they are only allowed to use the information to send out the publications.

We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.

People who register (notify) under the Data Protection Act 1998

Many businesses are required by law to ‘notify’ certain specified information to the Information Commissioner. This may contain personal information, for example where the business is a sole trader. The SAF compiles this information into a register which it is required by law to make publicly available. The SAF puts technical measures in place to prevent the bulk download of the electronic version of the register. However, as the register is publicly available, the SAF cannot give any guarantees as to how the information contained on the register will be used by those accessing it.

When businesses fill in their registration forms, they are asked to provide the contact details of a relevant member of staff. SAF will use this for its own purposes, for example where we have a query about a registration, but will not put it on the public register.

When we request information as part of the registration process, we make it clear where the provision of information is required by law and where it is voluntary.

Service providers reporting a breach

Public electronic communications service providers are required by law to report any security breaches involving personal data to the SAF.

We provide an online form for this purpose, hosted by Egress. We use the data collected by the form to record the breach, to make decisions about the action we may take, and as relevant in order to carry out those actions. We retain personal information only for as long as necessary to carry out these functions, and in line with our retention schedule. This means that logs and breach reports will be retained for two years from receipt, and longer where this information leads to regulatory action being taken. We retain de-personalised information about organisations for as long as is necessary to help inform future actions, but no individuals are identifiable from that data.

The ICO and Egress have measures in place to ensure the security of data collected and transferred to the ICO via this form. Egress is a data processor for the ICO and only processes personal information in line with our instructions.

Job applicants, current and former SAF employees

When individuals apply to work at SAF, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with the SAF, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with SAF has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 16 November 2014.

How to contact us

If you want to request information about our privacy policy you can contact us or write to:

Sarah Agnes Foundation
Fortis House
160 London Road
Barking
London
IG11 8BB