East Anglian DriveAbility (EAD) is a registered charity with charity number 100889 and company registration number 02663550.
EAD believes that privacy and the security of your personal information is very important. This policy sets out what we do with your information and how we keep it safe. It explains how we collect your information, how long we keep it, who we share it with as well as your rights over any personal information we hold about you.
What information do we have or hold on you?
We may collect personal information about you when you contact us regarding any of our services. We will ensure that we only collect enough information in order to allow us to provide the appropriate service, report to our funders, and which is reasonable and fair. Information we hold will include:
- Personal information relevant to the service you are accessing, such as your contact details, date of birth, financial details and any feedback you give to us;
- Information about the services we provide to you;
- Information regarding the outcome of any assessment we provide and reports summarising these outcomes including medical references;
- Information about how you have used our services
- Sensitive personal information regarding your racial/ethnic origin and your health including disabling conditions.
Providing your personal information is a condition of using our service and if you are unable to share this information with us then we may be unable to provide you with certain services or personalise your experience and tailor our services for you.
The GDPR requires us to rely on one or more lawful grounds to process your personal information. The grounds we think are relevant are:
- Where you have given us your consent to for us to use your personal information in a certain way.
- Where necessary so that we can comply with a legal obligation.
- Where necessary for the performance of a contract which we have with you or to take steps before entering a contract ( for example, if you wish to arrange an assessment with us).
- Some processing is undertaken on the basis that it is in our legitimate interests and not overridden by your rights. For example information about how you have used our services.
How we use your information
Personal information which you provide us with may be used in several ways:
- To provide you with an efficient assessment of your needs;
- To help us understand more about you and improve our service;
- To provide the services you requested;
- To ensure efficient and accurate administration of your request;
- To process your request or payment;
- To manage your case or complaint;
- To help answer your questions and solve any issues you have
- For statistical analysis to:
provide services to the wider community using anonymised information
support a grant or funding application using anonymised information
report to existing funders
inform annual reports
Information will be kept for 7 years after which it will be securely disposed of.
How we will ensure your information is kept safe
We take security measures to ensure your information is kept safe by:
- Storing paper-based information in lockable areas
- Limiting access to paper based and electronic information to those who need to see it
- Running through ID verification questions before disclosing information over the telephone
- Implementing access controls to our information technology
- Disposing of data at the end of the retention period
How we share your information
The outcome of your assessment and associated notes may be disclosed to:-
- Your funder including solicitors, insurance companies and employers
- The referring agent
- Healthcare professionals within the NHS or private practice including your GP, hospital consultants/specialists, local therapy teams, and the DVLA medical branch.
- Someone with Power of Attorney or a court appointed deputy to act on your behalf in financial or medical decisions
We may disclose your personal data to third parties when permitted to do so including:
- Where we are acting as the data processor for another data controller
- Where we have a contract with a processor acting on our behalf
- If we have a lawful basis for doing so
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
We will not disclose your data to anyone else without your consent.
We will ensure that you can exercise your rights in relation to the personal data you supply us with.
You have the right : of access; to rectification; to erasure; to restrict processing; and to object.
If you have any privacy related questions please contact us at firstname.lastname@example.org or write to the Chief Executive, 2 Napier Place, Thetford, Norfolk IP24 3RL.