Introduction
Contact is committed to protecting personal data. This statement explains in clear terms how and why we collect, use, store, and dispose of personal information.
We process personal data in line with applicable law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contents
- Important information about who we are.
- Personal data collected, how we collect it, and how we use it.
- Working with third parties.
- How Contact keeps personal data safe.
- Where Contact stores and processes information.
- Legal rights.
- CCTV.
- Glossary.
1. Important information about who we are
Who we are:
Contact is a Charitable Incorporated Organisation. Our charity registration number is 1178557.
Registered address:
Contact, 339 Wilbraham Road, Whalley Range, Manchester, M16 8GL.
Website:
This privacy notice applies to our website at https://contact.openandhonest.design.
Data Protection Officer:
Our Data Protection Officer is Hannah Martin. The DPO may be contacted at the registered address, by email at hannah@contacthostel.co.uk, or by telephone on 0161 861 9806.
Complaints:
We hope any enquiry or concern regarding information we hold can be resolved informally. Formal complaints about data protection can be made to the Information Commissioner’s Office at www.ico.org.uk.
ICO registration:
Contact is registered with the ICO. The ICO reference number is ZA233943.
Review of this policy:
This statement is reviewed regularly and updated when legislation or practice changes.
2. Personal data collected, how we collect it, and how we use it
Children and young people who use our service
Information collected:
Contact may obtain and hold information including name, date of birth, previous addresses, next of kin, culture, religion, sexuality, GP, nationality, National Insurance number, support evidence, risk assessments, assessment/progress/review documents, state benefit documents, referral documents to other agencies, housing applications, and personal images on external CCTV.
Why the information is collected:
We need this information to assist young people in accessing services and to help them live more independently and safely.
Information sharing:
Within Contact, personal information is shared only with people who need it to support each young person. Information may also be shared with funders, regulators, inspectors, referral agencies, or where legally required, including where there is risk of harm. Consent is used where required and may be withdrawn at any time.
Responsibility for information:
Contact is responsible for the information it holds (Data Controller).
Keeping and storing personal information:
Contact retains relevant personal data for appropriate periods, typically between 2 and 10 years, or longer where legally required, including safeguarding reasons.
Subject access requests:
Young people may request access to their personal data. Requests are handled under section 6 of this policy. Information connected to safeguarding or criminal investigations may be restricted where legally permitted.
People who support us
How information is collected:
Contact collects supporter information when people make enquiries, donate, send or receive emails, or ask about our services. Publicly available information may also be used for due diligence checks.
Information collected:
This may include name, address, email address, and telephone numbers.
Using personal information:
Supporter information may be used to deal with enquiries, process donations, provide updates about Contact, claim Gift Aid where applicable, and support fundraising and marketing activity.
Communicating with supporters:
We communicate with supporters according to their preferences and respect privacy choices.
Consent and preferences:
Supporters can opt in or opt out of communications at any time by contacting Contact at the registered address, by email at hannah@contacthostel.co.uk, or by telephone on 0161 861 9806.
Disclosures:
Contact does not sell supporter data and does not pass supporter data to other organisations for their own marketing. Data may be shared with trusted processors acting on Contact’s instructions or where required by law.
Job applicants (paid, volunteer and trustee roles)
Information collected:
During recruitment, Contact may collect personal and role-relevant information to assess suitability, complete checks, and meet legal obligations.
Why personal data is needed:
Personal data is processed to run recruitment fairly and lawfully.
Retention:
Unsuccessful candidate data is retained for a limited period and then securely destroyed. Successful candidate data is transferred into personnel records.
Current and former employees, volunteers and trustees
Information collected and used:
Contact processes workforce data to manage working relationships, safeguarding responsibilities, administration, and legal compliance.
Sharing and retention:
Data is shared on a need-to-know basis and retained in line with legal and safeguarding requirements.
Visitors to our website
Website scope:
This policy applies to Contact’s website. Linked third-party websites operate under their own privacy notices.
Forms, donations and marketing tools:
Our site uses Ninja Forms for enquiries, Donorfy/Stripe for donations, Google reCAPTCHA for anti-spam protection, and Mailchimp services for mailing list functions where used.
Cookies and embedded content:
Our site may use cookies and embedded third-party content, which may process data under those providers’ own policies.
3. Working with third parties
General principle:
Contact never sells personal data.
Service providers and legal obligations:
Contact may share personal data with trusted processors and statutory bodies where required to deliver services or comply with law.
4. How Contact keeps personal data safe
Security controls:
Contact uses appropriate technical and organisational safeguards to protect personal data from loss, misuse, unauthorised access, or disclosure.
5. Where Contact stores and processes information
Storage and transfers:
Personal information may be stored electronically and in paper records. Where processing occurs outside the UK, appropriate safeguards are applied.
6. Legal rights
Your rights:
Individuals may have rights including access, rectification, erasure, restriction, objection, portability, and complaint rights.
How to contact us about rights:
Requests should be made to the Data Protection Officer with sufficient detail and proof of identity where required.
7. CCTV
Use of CCTV:
Contact uses external CCTV to support safety and security.
Retention and access:
Access is restricted and retention is limited to lawful and necessary periods, including longer retention where needed for safeguarding or evidential reasons.
8. Glossary
Anonymisation:
Removing identifying details so individuals are no longer identifiable.
Data Controller:
The organisation deciding how and why personal data is processed.
Data Processor:
A person or organisation processing personal data on behalf of a controller.
Personal data:
Information relating to an identified or identifiable person.
Subject access request:
A request for a copy of personal data held about an individual.
9. Photography and identity protection
Photography on this website:
To protect the identity of individuals, photography used throughout this website is for illustrative purposes only, unless explicitly stated otherwise.
