Privacy Notice
Birmingham Nightline Privacy Notice
Date privacy notice was completed: 19/3/22
Our organisational details:
Name: Birmingham Nightline
Phone Number: N/A
Email: coordinators@birmingham.nightline.ac.uk
Our governing body’s details:
Name: Nightline Association
Phone Number: N/A
Email: harry.twohig@birmingham.nightline.ac.uk
Useful Definitions
‘Personal data’ is information that is personally identifiable, i.e. you can use the data to find out who it is about. This could be a name, date of birth or location data.
‘Special category data’ is more sensitive information, for example, health or genetic information.
‘Processing’ is the action that Birmingham Nightline or a trusted third party takes when collecting, updating, storing, or sharing an individual’s personal data.
‘We’ or ‘Nightline’ refers to Birmingham Nightline.
Why we collect your data
We aim to minimise as much as possible the amount of personal data we process. We may process personal data where the law requires us to do so, in order to safeguard vulnerable individuals, to protect our volunteers’ wellbeing and to continuously improve and develop the services we provide.
All of our practices comply with UK GDPR. We have lawful bases for processing your personal data and special category data. The main lawful bases we rely upon are:
- We have a legal obligation
- Protecting vital interests
- Our legitimate interests as an organisation
How we protect your data
At Nightline, we only collect the data we need and we only share it on a need-to-know basis.
We do not share personal data externally with the exception of the circumstances outlined in this policy. In this situation, we will always make you aware of how your personal data might be affected and will always check that the organisation’s systems comply with privacy laws and have robust privacy and security practices.
We store most of our data on Google Workspace (i.e. Gmail, Google Drive etc). It is secured and supported by Google and has been security assessed by independent organisations (including the National Cyber Security Centre: https://www.ncsc.gov.uk/guidance/g-suite-security-review). We store some personal data on other systems too. For every system we use, we check that it complies with privacy laws and has good privacy and security practices.
We use Three Rings to hold volunteer information and manage shifts. Three Rings’ Privacy Policy can be found here: https://www.threerings.org.uk/privacy-policy/
How we process your data
Nightline Service Users
As a general rule, Nightline does not store personal data of service users in call records. We keep call logs, but these are limited to primarily statistical information and no identifying information is recorded.
On some occasions, in order to detect and prevent abuse to Nightline services, we do collect data about calls we believe to be non-genuine, in order to prevent such calls taking place again in the future. This information includes details of the caller and the topics discussed on the call.
Some personal data (IP addresses, email addresses, etc.) and messages are stored in the databases of our anonymous instant messaging and email software, which is provided to Nightline by our umbrella organisation, the Nightline Association. Volunteers at Nightline cannot access any personal data, and the Nightline Association does not access the databases (unless requested by us as outlined below), except in exceptional circumstances where system administrators must undertake system maintenance.
In certain circumstances, Nightline may share personal data with a third party:
- Terrorism
Any information relating to an act or potential act of terrorism will be reported to the police in order to comply with our legal obligation under the Terrorism Act 2000
- Safeguarding
Any calls where there is a threat to either a child or an adult at risk may require us to make a report to the police or to the local authority. This is done to meet our responsibilities to protect vulnerable individuals. - Suicide
Where we receive a call where there is a serious risk of harm to the caller we may pass personal data onto the emergency services in order to protect the vital interests of the caller - Court Order
Personal data may be disclosed to the police if requested under a court order. This is in order to meet our legal obligation to cooperate.
- Abuses of the Service
Where a caller acts in an abusive or threatening manner towards our volunteers, we may disclose personal data of that caller to appropriate third parties. These parties include the police, other Nightlines, the Nightline Association and other authorities with responsibility for the welfare of our volunteers such as X University and X Student’s Union/Guild. This is done in order to serve our legitimate interest to protect our volunteers from harm and to keep the service available for genuine users.
Volunteers and Potential Volunteers
During the process of recruiting new volunteers, we collect some information from everyone who registers their interest in volunteering. The data collected includes the following:
- Name
- Personal and university email address
- Course Information
- University
- Year of graduation
Once the recruiting procedure is over, we retain the information of unsuccessful applicants for three months. The information is not shared with anyone outside of Nightline before, during or after the recruitment drive.
For our volunteers, we store this data while they volunteer with us, as well as the following:
- Address
- Emergency contact information
- Phone number (optional)
- Date of birth (optional)
We store this data (along with other relevant information such as the number of shifts you complete and ongoing training sessions you attend) for as long as they are a volunteer. After a volunteer leaves the Nightline, their shift information and email address are retained for three years (extendable/reducible at individual’s request); all other information is deleted immediately.
We collect this information in order to administer the recruitment process and effectively run the service.
Website Visitors
When you visit the Birmingham Nightline website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
Birmingham Nightline uses “cookies” to collect information. You can opt-out of cookies but you are required to do this proactively by changing the setting in your browser – unfortunately, we cannot control this on your behalf. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
Anonymised data from visitors to our website will be collected, including your interaction with our website and cookies to track with pages you visit. This helps us to analyse how our website is being used and how we can improve.
Social Media
Birmingham Nightline may choose to use sponsored advertising on our social media platforms. In this case cookies enable the advertiser to offer customised suggestions to you and to understand the information we receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in.
To show adverts that are relevant to you, the advertiser uses information about what you do on social media and on third-party sites and apps you use. For example, you might see ads based on the people you follow and things you like on Instagram, your information and interests on Facebook, and the websites and apps you visit.
To know more about the information collected by Facebook, for example, please check the following link: https://www.facebook.com/about/privacy.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info
Data Retention Periods
We only keep your information for as long as is necessary for the relevant purpose. We use a number of criteria for determining the retention period, including obligations under law, our legitimate interests, and consideration of the original purpose we collected it for.
Your rights
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and rights. This is why we are providing you with the information in this policy. If you have any additional questions, you can contact us using the contact details at the end of this policy.
The right to object
You always have the right to object to certain types of processing, including the option to stop receiving information from us across all of our communication channels (which is known as processing for direct marketing). This is at your discretion and we will respect your choice. However, for us to enact this we encourage you to notify us. You can use unsubscribe links on emails or contact us using the contact details at the end of this policy.
The right to access a copy of the personal data we hold.
You, or an organisation with legal purpose, can request a copy of your personal data for legitimate purposes. This is known as a ‘Subject Access Request’. To request this, contact us using the contact details at the end of this policy. Please note that proof of identity may be required and providing the reason for your request will allow Birmingham Nightline to respond most appropriately. We may ask for further details if needed.
The right to erasure
This is where you can request that Birmingham Nightline delete the data that we hold on you. Please note that this will not apply if there is lawful basis for us to continue to use the data we hold about you. To request this, contact us using the contact details at the end of this policy.
The right to rectify inaccurate data
As detailed above you can make corrections to the data we hold about you. To request this, contact us using the contact details at the end of this policy.
The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portability
You have rights to obtain and re-use your personal data for your own purposes across different services.
The right to lodge a complaint
You can lodge a complaint about the way we handle or process your personal data with us or your national data protection regulator.
Contact coordinators@birmingham.nightline.ac.uk. We will respond to your complaint within 48 hours.
The national data protection regulator for the UK is the Information Commissioner’s Office (ICO) and they can be contacted here: https://ico.org.uk/global/contact-us/.