Empowering People, Launching lives
BeyondAutism is committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by a third party acting on behalf of an individual. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting it.
Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process that data. This can be for a number of purposes; the means of collection, lawful basis of processing, use, disclosure and retention for each purpose is set out in this policy.
Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference can be made to this privacy statement.
We take the security of all the data we hold seriously. Staff are trained on data protection, confidentiality and security.
We have a framework of policies and procedures which ensure we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online. However, once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
3.1 Our services
We provide services to individuals as well as organisations. The exact data held will depend on the service being provided. Where we engage with individuals, we may collect and process personal data in order to assess the needs of a child or young adult and their parent(s)/carer(s). We will only ask for personal data that is required for us to fulfil our contractual or operational obligation.
3.1.1. Why do we process this data?
Where data is collected for admissions into one of our services, it is used for a number of purposes, as follows;
Delivery of service:
Individual needs: When communicating with and assessing the needs of the individual and the parent(s)/carer(s), personal data may be processed in order to ensure that we are appropriately meeting their needs.
Administration: In order to manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal records of the individual and maintaining internal safeguarding processes.
Regulatory: For us to carry out our role, we may from time to time be required to collect and process personal data in order to fulfil regulatory, legal or ethical requirements. This may include (but is not limited to) the verification of identity of individuals.
3.1.2. What data is processed?
This is dependent on the service that is being provided and on the recipient of this service.
Services to customers: Individual’s names, date of birth, address, medical history, questionnaires, consent forms, unique pupil number, religion, ethnicity, siblings’ data.
Parent / Carer / Power of Attorney: Emergency contacts, names, legal guardians and power of attorneys, criminal cases, marital status, financial data, religion, ethnicity, and data captured from other third parties.
Local authorities: Names, email, contact details, job titles.
3.1.3. How long do we hold data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. There may also be occasions which will require data to be kept for longer, however this will typically be for legal purposes. We will periodically review this data, to ensure that it is still relevant and necessary. For more information regarding legal requirements and how long data is kept for please see our Data Retention Policy.
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. We will periodically review this data, to ensure that it is still relevant and necessary.
We collect and process personal data about those involved in our training – this includes parents, carers and professionals within the industry. The data is held to provide you with training, to manage the relationship, and to ensure your needs are fulfilled. We may also use this data to send you information on further training that we think maybe of interest to you. You can choose to opt out of these correspondence at any time.
3.2.1. Why do we process this data?
We have different services which you may have enquired about, are currently attending or previously attended. These include:
We will collect and process your data for one of the following reasons:
Complying with any requirement of law: we are subject to legal, regulatory and professional obligations. We need to keep certain records to show we comply with those obligations and those records may contain personal data.
Administration: In order to manage and administer our business and these services, we may collect and process personal data.
3.2.2. What data do we hold?
We will hold names, email address, contact details, addresses, photos, and videos where consent has been given.
3.2.3. How long do we hold this data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights. We will periodically review this data, to ensure that it is still relevant and necessary.
3.3. Fundraising and marketing
We process personal data for fundraising and marketing purposes. We will only do this when we have your explicit consent, or we believe we have a legitimate purpose to do so.
3.3.1. Why do we process this data?
We have different ways we carry out fundraising and marketing. This can include:
3.3.2. What data do we hold?
We will hold names, email address, contact details, address, photos, and videos where consent has been given.
3.3.3. How long do we hold this data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights. We will periodically review this data, to ensure that it is still relevant and necessary. For more information on this please ask to see our Data Retention Policy.
We process personal data on all staff, including full and part time staff, temporary staff and volunteers, to enable us to comply with our obligations as an employer.
3.4.1. Why do we process this data?
We need to collect data about staff to enable us to comply with all applicable employment laws and to fulfil required activities such as HR and payroll. This includes:
3.4.2. What data do we hold?
We will hold names, email address, contact details, address, photos, work entitlement, data relating to pension provision, education and career development data, data relating to professional life and economic situation (e.g. pay grade, tax deductions), DBS and safeguarding records including criminal records checks, and videos where consent has been given.
Not all of this information will be kept on every group within the organisation. For example, we would typically keep less personal data relating to volunteers than employees.
3.4.3. How long do we hold this data for?
We retain the personal data processed by us for as long as is considered necessary for us to comply with our legal obligations. This is especially so for areas such as Pensions and certain Health and Safety requirements.
Personal data may be collected when individuals fill in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our websites, subscribes to our services, or makes an enquiry.
Individual services on our website may ask you to set cookies to remember you on this device. You don’t need to accept these cookies for the services to work and you can delete them at any time.
We track the pages you visit on this site using Google Analytics. This tells us what’s popular and what’s not so we can do more of what you like. Tracking is optional; even if you have it turned on we aren’t collecting any personal data about you. You can also choose to opt out of tracking when you first visit our website.
We will only share personal data with others when we are legally permitted and/or obliged to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to:
We use third parties to support us in providing our services and to help provide, run and manage our internal database.
We may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Where we have any safeguarding concerns, we are permitted under GDPR to disclose personal data to the relevant authorities without the consent of the data subject.
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
If you wish to exercise any of these rights, send an email to firstname.lastname@example.org
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to email@example.com – we will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns
The data controller for BeyondAutism Charity is BeyondAutism Charity. If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
17 Oval Way
This privacy statement will be kept up to date with the latest developments required.
This privacy statement was last updated on 30/11/2021.