Open Road is committed to protecting and respecting all personal data that we hold. This Privacy Notice explains why we collect and use personal data, how we keep it safe and provides information about individuals’ rights.
Personal data is any information relating to an identified or identifiable living person. When collecting and using data, our policy is to be transparent about why and how we process data.
We have a Data Protection Officer who is responsible for ensuring we respect your rights and follow the law.
Why we use your personal information
Where we can, we’ll only collect and use personal information if we need to deliver a service or meet a requirement. We may need to use some information about you to:
- Deliver support services
- Train and manage the engagement of our workers/volunteers who deliver those services
- Investigate any worries or complaints you may have about our services
- Manage and check the quality of the services we provide
- Keep track of spending for the provision of services
What personal information do we hold?
The data that is processed is dependent on the service that is being provided and the recipient of this service. Given the scope of our services to individuals, personal data may include the following:
- Name and contact details
- Details about your health and wellbeing
- Details about the problem we are helping you with, such as substance misuse
- Legal information
- Financial information
- Letters, emails and text messages
- Reports that we send and or receive from other people
- Notes of conversations
Where you don’t provide information that we need to deliver a service, we will inform you about how that affects what we can do.
Who do we share your information with?
Your personal data will be treated as strictly confidential. However, our service is required to provide specific information for monitoring and service planning purposes. We will only share information with other agencies which is relevant to your health and care needs and with your permission.
We have a duty to share information relevant to safeguarding concerns or serious crime, in line with legislation, Local Safeguarding Boards and Open Road’s policies and procedures.
How we keep your information safe
We take the security of all the data we hold seriously. All staff are trained on data protection, confidentiality and security, and we maintain a culture of confidentiality. We have a framework of policies and procedures which ensures that we keep the data we hold secure.
All information you provide to us is stored on our secure computer systems. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
Your rights and your personal data
Where we can, we will only collect and use personal information if we need to deliver a service or meet a requirement. Under the General Data Protection Regulation (GDPR), European based individuals have been given a set of “Individual Rights:”
- Right to be informed – you will be told about the collection and use of your data for the purposes of transparency.
- Right to access – to request data held about you via a ‘Subject Access Request’.
- Right to rectification – if data held about you is incorrect, you have the right to get it changed.
- Right to erasure – your data can be destroyed at your request if certain criteria are met.
- Right to restrict processing – your data can be stored, and not processed in certain circumstances.
- Right to data portability – allowing you to transfer your data from Open Road to another service
- Right to object – you can refuse for your data to be processed in certain circumstances.
- Rights in relation to automated decision making and profiling – organisations can only automatically process some data if certain criteria is met.
For more information on your rights under the GDPR visit: www.ico.org.uk.
People who visit our premises
Personal data is collected when individuals visit our Head Office and Centres by CCTV and/or a visitor’s sign-in book. We have security in place at our offices, for the physical security of client information and for the benefit of our staff, volunteers, visitors and clients. CCTV images are held securely and only accessed (when needed) when investigating an incident.
Why do we process data?
Fire regulations, CCTV and building access controls may require visitors to our premises to sign in at reception and keep a record of visitors. This is retained in case of emergency, theft or other incident and to protect the staff and information in the office.
What data do we hold?
Personal data that may be stored on CCTV will be footage of those visiting our offices. Our visitor book may include name, business, times and car registration.
How long do we hold data for?
Visitor records are accessed on a need to know basis only. CCTV recordings are overwritten after thirty days. However this data may still be retained by a third party (e.g., the Police) if obtained from us prior to the thirty day period, and in connection with a criminal investigation.
How long do we keep your personal Information?
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. In this regard, there’s often a legal reason for keeping your personal information for a set period of time. Our data retention schedule reflects data retention legal requirements and best practice. This can range from months for some records to decades for more sensitive records. This document will be available on our website together with all our data protection policies and information.
Where can I get advice?
The administration of personal data is managed at the Open Road Head Office. If you have any questions about how your personal information is handled, please contact our Data Protection Officer at DPO@openroad.org.uk. Alternatively, you can call and ask to speak to the Data Protection Officer on 01206 369782.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Cheshire SK9 5AF
Alternatively visit https://ico.org.uk or call 0303 123 1113 (local rate).
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor has visited the other website.
Retention of data
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Form submissions will be sent via email from our web server to our email server, and may be checked through an automated spam detection service. Signing up to our newsletter will send your data to our newsletter circulation provider. Logs may be kept for diagnostic purposes.