What type of information do we collect?
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews and recommendations.
How do we collect information?
When you conduct a transaction on our website or apply to join Prespect, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
What about third party apps?
When you interact with any third party apps such as Facebook, Instagram or Twitter, you are agreeing to their privacy policies. We have no control over these apps or the cookies they may place on your browser.
Why do we collect such personal information?
We collect such Non-personal and Personal Information for the following purposes:
To provide and operate the Services;
To provide our Users with ongoing customer assistance and technical support;
To be able to contact our Visitors and Users with general or personalised service-related notices and promotional messages;
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
To comply with any applicable laws and regulations.
How do we store, use, share and disclose our site visitors' personal information?
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
How do we communicate with our site visitors?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
You can find which cookies and tracking tools are used by our site by setting your browser to incognito mode and clicking the secure icon in the address bar and clicking on Cookies. More information about cookies is available here.
How can you withdraw your consent?
If you don’t want us to process your data anymore, please contact us at firstname.lastname@example.org.
Questions and your contact information
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at email@example.com.
Data Protection Notes & Privacy Notice with respect to Third Party (HELIX) Data Storage, Google and Notion Data Storage - (This applies to Prespect participants who have not made a special request regarding their data)
In order to provide an effective service to help you achieve your goals, we need to record and store data about you. This document tells you how we store and share this information in accordance with the Data Protection Act 1998 and the General Data Protection Regulation 2018. It also explains how you can go about viewing this data. If you have any questions please ask your caseworker, if these questions arise at a later date please feel free to call the project. Contact details are at the end of this notice.
This document is for you, a copy will be kept by the project. It explains to you ▪ what the data you have provided will be used for ▪ what your rights are in terms of accessing the data ▪ it explains who we are, the networks that we are part of and who in terms of data protection the Data Controller is.
Benefits to You
Allowing us to store and share your data means that we can provide you with a wide range of personalised information and services which may include; Employment and employability support Volunteering opportunities Local courses Skills training Specialist support Financial help We are able to call upon partner organisations, where appropriate, to provide you with additional support to help you progress and, with your permission, pass information across so that partners are aware of what support you have received and what your goals are.
Collection and Storage of Data
• We collect and store data you have given us on paper files which are held securely within our offices or in secure password protected digital files stored in the cloud using Notion and Google GSuite.
• In addition, your data will be stored on ‘HELIX’, a Management Information System developed by Hanlon software and managed by Capital City Partnership. This system allows Capital City Partnership, the Local Authority supporting your service and Prespect to monitor services for people wishing to progress into volunteering, employment, training etc. or for people currently in work but may require some assistance to stay in work.
• We may store information related to employability services you receive.
• You can see and amend any of this information at any time, simply contact your caseworker to discuss what you will need to do.
• This information will be retained on HELIX no longer than 7 years after your last support session or for some projects this will be 7 years after a particular project has finished. This is to allow the organisations who fund the project to Audit the records.
• In most instances the recording on HELIX is mandatory and is a condition of funding for the project as it will allow us to evidence to our funders what we have done with public money.
• The information is held securely on an ISO27001 and ISO9001 certified data hub accessed through a security vetted data transfer protocol.
• On certain occasions, the data on HELIX will be collated, anonymised and used to provide reports on progress towards achieving strategic goals and help to better inform policy and future actions.
•Helix Data is stored within the UK.
•Prespect Data is stored in the UK and USA.
• Google information is held securely on an ISO27001 and ISO9001 certified data hub accessed through a security vetted data transfer protocol.
• Notion information is held securely conforming to SOC2 types 1 & 2 and the data hub is accessed through a security vetted data transfer protocol.
Sharing of Data
• Whilst we are an independent organisation, we are part of the wider Joined up for Jobs network that provides support in Edinburgh and the Lothians. This is a group of services who help people into work, voluntary activities, training etc.
• Personal information given to us will be used to check whether you already have a record on HELIX through working with another orgasation.
• If it is appropriate, we may share your data in order to match you to job and volunteering opportunities, training courses etc and also to verify your outcomes for our funding partners .
• Each employability organisation is a separate data controller for the data that they hold about you and you are required to read and sign a privacy notice for each one.
Conditions of Processing
Our legal basis for processing your information is:
• 6 (1) (e) It is necessary for the performance of a task which we carry out in the public interest as part of our official authority
• 9 (2) (j) It is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, with appropriate safeguards in place Your Statement of Understanding On the registration form that you have completed, you will have signed to allow us to hold and process information about you. You can rest assured that the information that you give us will remain confidential according to the Data Protection Act 1998 and 2018 GDPR. All information is treated in the strictest of confidence by Capital City Partnership (the data processor) and Prespect. The information we record is stored on HELIX and only authorised members of staff of the services that you use, have access to your client record via secure logins.
Please read the following carefully and then tick the consent box on the registration form. If you have any concerns please discuss them with a member of staff.
1. I understand that Prespect can hold electronic and paper records about me for the purpose of providing me with a service related to
i. Employment and employability support
ii. Volunteering opportunities
iii. Local courses
iv. Skills training
v. Specialist support
vi. Financial help
2. I understand that the information provided by me may be shared with other service providers who can contribute to my employment, volunteering, training and education opportunities.
3. I understand that in some cases Prespect may need to contact my employer, college, placement etc. to verify an outcome. Due to funding criteria, Prespect would need to verify employment for example at start, 4 weeks and 13 week periods. If verification cannot be obtained 4 from your employer then I may have to provide payslips.
4. I understand that this information will primarily be used only for the purposes of providing a service to me but may also be used for monitoring and statistical purposes.
5. I understand that I have a right to restrict what information maybe shared and with whom.
6. I understand that I have a right to review all information and records about me subject to providing a satisfactory notice period to Capital City Partnership, as stated in the Data Protection Act 1998.
Subject Access Request
If you, as the client, require access to the data stored in relation to the support you are receiving, in the first instance you should contact your caseworker who will be able to assist you.
Alternatively you can contact: Chris Nicol, Monitoring and Evaluation Co-ordinator, Capital City Partnership, 1-3 Canon Street, Edinburgh EH3 5HE, firstname.lastname@example.org.
All requests should be in writing and you should receive a response within one month.
If you have any complaints, feel that data is being held against your wishes or generally want some advice, please look at the Information Commissioners Website https://ico.org.uk/forthe-public/personal-information/
The Information Commissioners Office are the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Safety and Security
Whenever personally identifiable information is used for internal processing within Prespect Ltd or Prespect Hub, this information is kept in encrypted vaults using the AES-256 algorithm before uploading to our cloud servers. In this way the information is protected behind strong encryption both on site, on our online storage and when in transit. Strong passwords are used throughout and we utilise full disk encryption. As much as possible, we use open source apps that are independently assessed by cyber security professionals.