1. Our commitment to you
We understand that privacy and the security of your personal information is extremely important. Because of that, this notice sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.
This notice applies to you whenever you use our products or services, including online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media. This notice gives effect to our commitment to protect your personal information
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
2. Who we are
Any personal information provided to or gathered by us is controlled by Mates in Mind, a company limited by guarantee registered in England and Wales (No. 10338868) and registered as a charity in England and Wales (No. 1172460) whose registered office is at 70 Chancellors Road, London W6 9RS.
- The legal basis we rely on to process personal information
- When we collect your personal information
- The personal information we may collect and how we may use it
- Sharing your personal information
- Your rights
- Notification of changes to the contents of this notice
The law on information protection sets out a number of different bases on which an organisation may collect and process your personal information, including:
In specific situations, we can collect and process your information with your consent.
For example, when you tick a box to receive email newsletters.
Performance of a contract
In certain circumstances, we need your personal information in order to perform a contract that we have entered into with you.
For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.
If the law requires us to, we may need to collect and process your information. We may also need to pass your information onto a third party if required by law.
For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies.
In specific situations, we require your information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
We may collect your personal information on a number for occasions. For example, when you:
- Visit any of our website(s);
- Create an account with us;
- Use your account to buy products and services;
- Complete one of our application or registration forms;
- Complete a booking form to purchase a product or service;
- Engage with us on social media;
- Download or install one of our apps;
- Contact us by any means with queries, complaints etc;
- Ask us to email you information about a product or service;
- Book to attend an event;
- Choose to complete any surveys, we send you;
- Comment on or review our products and services;
- Have had your information passed to us by a third party. For example, when your employer books a training course with us or a training centre registers your details with us in order for you to be assessed for one of our qualification.
- Attend our events, and we take photos at the events.
Personal information provided to or gathered by us may include items such as:
- Your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
- Your account login details, including your user name and chosen password;
- Information about any device you have used to access our services (such as your device’s make and model, browser or IP address) and also how you use our services; and
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our services.
- To provide information, goods and services to you;
- To enrol or register you for a training course;
- To make a tailored website available to you;
- To manage any registered account(s) that you hold with us;
- To verify your identity;
- Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
- With your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
- For market research purposes - to better understand your needs;
- To enable us to manage customer service interactions with you;
- ensure that the content of the website is presented in the most effective manner for you and for your device;
- To customise the service to your preferences;
- To assist in the administration of your service;
- To assist in making general improvements to our services;
- To carry out and administer any obligations arising from any agreements entered into between you and us;
- To review your application for a job role (including being a trustee);
- To analyse how our services are used and to identify trends; and
- To administer our services and for internal operations, including troubleshooting, information; analysis, testing, research, statistical and survey purposes.
We may also use aggregated, anonymised information which includes personal information you have supplied to sell advertising space on the website or market services to other users.
To make certain services available to you, we may need to share your personal information with some of our service providers. These include, for example, IT, delivery and marketing service providers, as well as providers of training services.
We only allow our service providers to handle your personal information when we have confirmed that they apply appropriate information protection and security controls. We also impose contractual obligations on service providers relating to information protection and security, which mean they can only use your information to provide services to us and to you, and for no other purposes, unless you have given your consent for other purposes.
Aside from our service providers, we will not disclose your personal information to any third party, except as set out below. We will never sell or rent our customer information to other organisations for marketing purposes.
We may share your information with, for example:
- Between the different companies in our group where necessary to provide the services/support that you have requested;
- Credit reference agencies where necessary for card payments;
- Your employer, where it has sponsored the training or qualifications services we provide to you;
- Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of our employees and customers.
- Protecting our servers by both hardware and software firewalls;
- Locating our information use storage facilities in secure locations;
- Encrypting all information stored on our server with an industry standard encryption method that encrypts the information between your computer and our server so that in the event of your network being insecure no information is passed in a format that could easily be deciphered;
- When necessary, disposing of or deleting your information so it is done so securely; and
- Regularly backing up and encrypting all information we hold.
To deliver products and services to you, it is sometimes necessary for us to transfer your personal information to places outside the European Economic Area, where it may be stored and processed. If this happens, we will ensure that the transfer will be compliant with information protection law and all personal information will be secure. By submitting your personal information to us you agree to the transfer, storing or use of your information outside the EEA in the manner described above. Should you wish to obtain a copy of the information that has been shared please contact us at firstname.lastname@example.org.
We will not retain your information for longer than necessary for the purposes set out in this Notice. Different retention periods apply for different types of information. The longest we will normally hold any personal information is 6 years after the last time interacted with us. However, we may hold information on courses you have attended for longer, so that we can verify your attendance, if necessary.
- Update your personal information or let us know the personal information we hold is incorrect and you may do so by contacting us on the details below
- Know about how we protect your personal information, (as set out in this notice);
- Unsubscribe from our newsletter, marketing or any other services where we rely on your consent for holding your personal information. We will ensure you are unsubscribed as soon as possible;
- Ask us to restrict our use of your personal information and to object to your personal information being processed;
- Ask us to stop using your personal information in certain ways (as set out in the notice);
- Ask us to delete your personal information. Unless we have reasonable grounds to refuse to delete your personal information, we will securely delete the personal information in question within one month. The personal information may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible; and
- Request access to the personal information that we hold about you.
We will endeavour to comply with such requests as soon as possible but, in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
If a breach is likely to result in a risk to your information rights and freedoms, we will notify you as soon as possible and we may also report it to the Information Commissioner’s Office.
If you would like to exercise any of your rights, please contact us at:
Mates in Mind
70 Chancellors Road
London W6 9RS
We may also collect information automatically about your visit to our site. This information includes demographic information and browsing patterns. If you would not like us to store such information, you may choose not to accept cookies from our site.
We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):
We will ensure that our employees are aware of their privacy and information security obligations. We will take reasonable steps to ensure that the employees of third parties working on our behalf are aware of their privacy and information security obligations.
This notice and our procedures for handling personal information will be reviewed as necessary.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information in accordance with data protection laws, we cannot guarantee the security of your information transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try to prevent unauthorised access.
We will post details of any changes to our policy (for example any change to the purpose of our data processing) on the website and the Apps to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.
If you are not happy with the way your information is being handled, or with the response received from us, we would like to hear from you. You can seek recourse through our internal complaints procedure by writing to us at:
Mates in Mind
70 Chancellors Road
London W6 9RS
Information Commissioner’s Office
Cheshire SK9 5AF
Telephone: 01625 545 745
Fax: 01625 524 510