Action in Mind is a charitable company, limited by guarantee, registered with the Office of the Scottish Charity Regular, No SC016267 and Companies House (SC377159).

We support people, their families and carers affected by mental ill-health through a range of community-based social care services and work towards tackling stigma and discrimination related to mental health.

Action in Mind is committed to protecting the privacy of people whose personal information we collect from or about, and to meeting our obligations under the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act (DPA) 2018.

We are registered with the UK Information Commissioner Office (ICO).  Our registration number is Z2124165.

Sometimes I use different educational services to do my assignment on time. Everyone knows that students need to do a lot of work, so, to read more and do everything on time I use this service. I like that I’ve got excellent content and professional help every time. It’s really reliable service.

What is meant by the following terms?

  • Data Subject– this is the person about whom we hold and process information about
  • Data Controller–Action in Mind is the data controller
  • Data Protection Officer – this is the senior officer who ensures that Action in Mind complies with data protection legislation, policies and procedures. The Chairperson is the Data Protection Officer.
  • Data processor/s – these are the staff who process personal data on behalf of the Data Controller (Action in Mind).
  • Data processing – is any type of activity, whether manual or electronic, that is performed to collect, record, hold, alter or dispose of your personal information.

What information do we collect about you?

Personal information is what identifies and relates to a living person. This can include any personal information that when put together with other information can identify a person.  This includes:

  • a person’s name
  • address
  • date of birth
  • an online identifier (e.g. email address, internet cookies and IP address)
  • any expression or opinion communicated about an individual, such as a job or testimonial reference, referral forms, professional correspondence
  • emails, texts, file notes, handwritten notes

Special categories of personal information, are what may be sensitive about any one individual and which they may not wish to be widely known.  This includes:

  • any individual’s characteristic as defined by The Equality Act 2010:

age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership and pregnancy and maternity.

  • an individual’s political affiliation, views or opinions
  • membership of a political party or trade union
  • information about an individual’s health condition, including HIV status
  • any criminal or legal actions

Why we collect and use your personal information?

We process personal information for one or more reasons:

  • to perform our legal and contractual role as an employer
  • to deliver community mental health services and allied activities in line with our charitable objectives, including any notifications of changes to our services.
  • we may also seek your views about our services or to participate in consultation events, internally and externally, as part of our Service User Reference Forum.
  • conducting data and statistical analysis to monitor performance of our services and make improvements
  • to recruit, train and deploy volunteers within designated support services, office and administration roles, as board trustees and directors, and fundraisers
  • when you offer to fundraise or when you make a donation (we may ask you to Gift Aid, if eligible) and/or join our Collective AiM as a supporter of the charity.

How we protect your personal information?

We are committed to ensuring that your right to privacy is respected and that your personal information is secure and only available to those who have a right to see it.  We do not sell personal information to anyone.

We will only disclose information about you to third parties if we are legally bound to or where we need to in order to comply with our contractual responsibility to you, such as HR, payroll or pension, or where we need to comply with contractual obligations to our statutory service commissioners and funders or regulatory bodies such as the Care Inspectorate.

We have adopted a number of measures to ensure that we protect and secure your personal information.  These include:

  • controlling access to our manual and electronic filing systems
  • ensuring our server and computer systems are appropriated protected and serviced by our IT services, and that transmission of personal information is password protected
  • having joint policy procedures and agreements in place to protect any personal information that we share, disclose or transfer with third parties, with your knowledge and agreement
  • verifying the identity of any person that has access to your personal information
  • having policies and procedures in place to mitigate risk of any breach of your personal information
  • ensuring that our staff (data processors) who handle your personal data are appropriately trained and adhere to Action in Mind’s policies and procedures.

Sharing your personal information when using our support services

As a mental health service provider we are obliged by our statutory commissioners, local authorities and Health and Social Care Partnerships, to hold clients’ files in good order and make them available in the event of any routine inspections.

We are registered with the Care Inspectorate which is the independent regulator of social care and social work services across Scotland, formed under the Public Services Reform (Scotland) Act 2010.  As the scrutiny and improvement body for social care and social work services across Scotland, the Care Inspectorate has powers under Part 5 of the Public Services Reform (Scotland) Act 2010 to collect and process personal information about people experiencing care and the people who provide, manage, and work for care services.

The main legal basis the Care Inspectorate has to process your personal data is so that it can perform its public duty as a regulator and to ensure high standards of care are delivered.  It does this through unannounced inspections of registered service providers.

We are registered with the Care Inspectorate as we operate services that must be regulated. We are therefore subject to unannounced inspections by their officers who, as part of this process, may review how well we manage client files and secure client confidentiality.  For the last inspection report and further information refer to www.careinspectorate.com

In the event of an emergency we will contact your named contact as provided by yourself.  Should we have any concerns about your wellbeing we will follow our policy and procedures which may involve exercising our duty to report to the police or social work these concerns.

Any third party we receive your personal information from or with whom we share your personal information is also legally required to be compliant with the General Data Protection Regulations (GDPR) 2018.  Action in Mind does not accept responsibility for any transmission of a person’s information until we actually receive it from the original source, nor do we accept responsibility for how any third party handles the information received from us.

How long do we keep your personal information?

We will only keep your personal information for as long as we consider necessary to ensure our compliance with the General Data Protection Regulations 2018 or as stipulated by our statutory commissioners and funders.  How long we hold your personal information may depend on the purposes for which we process this and the sensitivity of the contents.

At the end of this period your personal information will be securely and confidentially destroyed with certification given by our approved shred it supplier.

Anonymising and password protection

We are not able to use the encryption systems of statutory commissioners and funders as we have not been granted shared protocols when receiving or sharing a client’s personal information.  Therefore, when we store and transmit your personal information electronically to third parties we do so by the use of passwords.

When collecting information about people who use our support services, website or social media, for monitoring and evaluation purposes we anonymise their personal information.

Using our website and social media

We make no attempt to identify individual users of our website.  We use cookies to help us with data collection, but these do not capture personal information. We reserve the right to try to identify and track any individual who is reasonably suspected of trying to gain unauthorised access to our website, server or IT systems.

Our online information contains links to third-party websites.  This privacy policy only applies to our online information.

We have Twitter and Facebook accounts that are managed by our social media staff group to largely promote the work of the charity and to support activities of others committed to similar charitable objectives. We use disclaimers to protect the charity’s reputation should there be any adverse comment published.

When you use our website or Facebook to obtain information or help for yourself or someone else, to enquire about employment, volunteer, student placement or internship, to fundraise or make a donation, we will collect personal information about you.

We will only use this for the purpose it was intended and retain your personal information for only as long as required.

Your rights

Under the General Data Protection Regulation (GDPR) 2018 there are a number of new rights relating to data protection.  These include:

  • the right to be informed about what personal information we hold about you and how we use it.  We are obliged to provide fair processing of your information and to be transparent about how we use it.  We are further required to ensure that the information we provide about the processing of your personal information is concise and intelligible, easily accessible and written in clean and plain language.   
  • the right to request access to your personal data and information relating to our use and processing of your personal data. Any personal information relating to other people will be redacted or removed before information is provided to you.  You will need to put in writing your request to access your personal information to the Data Protection Officer, Action in Mind, 19 Dean Crescent, Riverside, Stirling FK8 1UR or by email to info@actioninmind.org.uk
  • the right to request that personal data is corrected where it is found to be inaccurate or incomplete.  Where that information is shared with a third party we must inform them of the changes.
  • the right to request your personal data is deleted applies to specific circumstances, such as, where it is no longer necessary for the purpose for which it was originally collected or processed; when the person withdraws consent; when the person objects to the processing and there is no overriding legitimate interest for continuing the processing; if personal information was unlawfully processed or has to be erased in order to comply with a legal obligation.
  • the right to restrict processing of your personal information when there is no overriding legitimate interest or reason for continuing with the processing.  We are permitted to store personal information but not to process it further.  In this instance, we retain just what is required should there be any future requests regarding this person’s personal information.
  • the right to data portability enables people to obtain and reuse their personal information for their own purposes.  It also allows for their personal information to be moved, copied or transferred easily from one IT environment to another for legitimate reasons relating to the originally purpose for which your personal information is collected or used.
  • the right to object where there is no overriding legitimate interest or reason to process or retain your personal information.
  • the right not to be subject to automated decision-making, including profiling

Action in Mind does not use any automated decision-making or profiling systems.

You can find more information about these rights on the UK Information Commissioner’s website at ico.org.uk

Access to your personal information

To request a copy of what personal information we hold about you – whether to be informed about what information we hold, to correct information that is inaccurate, to delete or withdraw your consent or unsubscribe from receiving any information about our services or newsletter you should contact:

The Data Controller Officer

Action in Mind
19 Dean Crescent, Riverside, Stirling FK8 1UR

Tel: 01786 451203    Email: info@actioninmind.org.uk

Complaints

Should you wish to make a complaint about Action in Mind’s collection or use of your personal information, you can contact the UK Information Commissioner’s Office at ico.org.uk

Changes to our privacy notice

We will review our policy on a regular basis and post updates on our website.