Privacy Policy

Home / Privacy Policy

Privacy Policy

FCC Privacy Policy

Future Care Capital understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.futurecarecapital.org.uk (“Our Site”), and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

Definitions and Interpretations

In this Policy, the following terms shall have the following meanings:

  • Account” means an account required to access and/or use certain areas and features of Our Site;
  • Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out  below;
  • Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
  • personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and
  • We/Us/Our” means Future Care Capital, a limited company and charity registered in England and Wales under company number 2887166 and charity number 1036232. Their registered address and main trading address is Future Care Capital, Thomas House, 84 Eccleston House, London SW1V 1PX.

Information About Us

Our Site is owned and operated by Future Care Capital, a limited company and charity registered in England and Wales under company number 2887166 and charity number 1036232. Their registered address and main trading address is Future Care Capital, Thomas House, 84 Eccleston House, London SW1V 1PX.

Please note that due to the COVID-19 pandemic, we now have a shared office space and work predominately from home, utilising a hybrid model. We cannot guarantee timely receipt of post correspondence. If you require an urgent response, please contact us via email or telephone.

We are registered with the Information Commissioners’ Office, registration reference ZA255511.

What Does This Policy Cover?

This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

Your Rights

As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:

  • The right to be informed about Our collection and use of personal data;
  • The right of access to the personal data We hold about you ;
  • The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using our details provided;
  • The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time,  but if you would like Us to delete it sooner, please contact Us using the details provided;
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
  • The right to object to Us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling.

What Data Do We Collect?

Depending upon your use of Our Site, We may collect some or all of the following personal and non-personal data (please also see  Our use of Cookies and similar technologies, below):

  • Name;
  • Gender;
  • Age (as a range);
  • Profession;
  • Email address; and
  • Contact information such as email address.

How Do We Use Your Data?

All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under GDPR at all times. For more details on security, see below.

Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by subscribing to emails), or because it is in Our legitimate interests. Specifically, we may use your data for the following purposes:

  • Providing and managing your Account;
  • Providing and managing your access to Our Site;
  • Personalising and tailoring your experience on Our Site;
  • Supplying Our services to you (please note that We require your personal data in order to enter into a contract with you);
  • Personalising and tailoring Our services for you;
  • Replying to emails from you;
  • Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by logging into your account and selecting the unsubscribe option; and
  • Analysing your use of Our Site to enable Us to continually improve Our Site and your user experience.

With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email with information on Our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Third parties whose content appears on Our Site may use third party Cookies, as detailed below. For more information on controlling Cookies, please see below.

Please note that We do not control the activities of such third parties, nor the data they collect and use, and advise you to check the privacy policies of any such third parties.

You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.

We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):

Our data retention periods vary depending on the information and form of external communication received via the website;

  • Correspondence (General including email) Retained for legal and commercial enquires relating to the subject matter discussed in any email correspondence. Statute of limitations applies under this form of communication. 6 years
  • Client, Beneficiary Data General Client data e.g. from web contact on external site Retained by FCC for policy research and external campaigns. Consent is obtained to use this type of data from the source and deleted on request when data is no longer relevant to current activities. The crowdsourcing platform does allow for participants to disclose personal information in an anonymised format. Data Protection Act requirement to delete when no longer needed.

How and Where Do We Store Your Data?

We only keep your personal data for as long as We need to in order to use it, as described above, and/or for as long as We have your permission to keep it.

Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).

Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Site.

Do We Share Your Data?

We will not share any of your data with any third parties for any purposes.

In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.

We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.

What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.

How Can You Control Your Data?

In addition to your rights under the GDPR, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details and by managing your Account).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

Your Right to Withhold Information

You may access Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may restrict Our use of Cookies. For more information, see below.

How Can You Access Your Data?

You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us for more details at curtis-james.marshall@futurecarecapital.org.uk, or using the contact details below.

Our Use of Cookies

Our Site may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Site and to provide and improve Our services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.

By using Our Site you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than Us. Third-party Cookies are used on Our Site for advertising services. More details on this are provided throughout this policy. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.

All Cookies used by and on Our Site are used in accordance with current Cookie Law.

Before Cookies are placed on your computer or device, you will be shown a notification bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended.

Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown below. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings as detailed below, but please be aware that Our Site may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

The following first party Cookies may be placed on your computer or device:

  • Name of Cookie Purpose Strictly Necessary
  • PHPSESSID Native to PHP and enables websites to store serialised state data No
  • and the following third-party Cookies may be placed on your computer or device:
  • _ga Google Analytics Used to distinguish users
  • _gid Google Analytics Used to distinguish users
  • _gat Google Analytics Used to throttle request rate
  • __cfduid Cloudflare Used to identify individual clients behind a shared IP address and apply security settings on a per-client basis

Our Site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Site and the services offered through it. You do not have to allow Us to use these Cookies, however, whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.

In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

You can choose to delete Cookies on your computer or device at any time, however, you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.

It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

Contacting Us

If you have any questions about Our Site or this Privacy Policy, please contact Us by email at john@futurecarecapital.org.uk, or by telephone on 07808 400022, or by post at Future Care Capital, Thomas House, 84 Eccleston House, London SW1V 1PX. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you (as stated, above).

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

This document was last updated on 14th April 2022.

FCC Data Protection Policy

Policy Overview:  We are committed to data protection, and this policy sets out your individual rights and obligations in relation to personal data. We are also committed to being transparent about how we collect and use the personal data of those that use our products or services, and to meeting our own data protection obligations.

This policy applies to the personal data of external parties or clients that use our website, sign up to our newsletter or any other activity that processes data for business purposes. It does not apply to the personal data of job applicants, employees, workers, contractors, volunteers, interns, apprentices, and former employees, referred to as HR-related personal data. 

General Data Protection (GDPR)

We have appointed CJ Marshall as the person with responsibility for data protection compliance for the organisation. CJ can be contacted at cj.marshall@futurecarecapital.org.uk

With regards to any HR data, Taryn Kershaw has been appointed as the person who holds this information, and she can be contacted on taryn.kershaw@futurecarecapital.org.uk

Purpose

This policy sets out how personal data must be collected, handled, and stored to meet Future Care Capital’s (FCCs) data protection standards and to comply with legislation. FCC is registered with the Information Commissioner.

FCC gathers and uses certain information about individuals in the conduct of its operation. These can include customers, suppliers, business contacts, employees, services users and other people FCC have a relationship with, engages with, provides a service to or may need to contact.

This policy ensures that FCC:

  • Complies with data protection law and adopts good practice
  • protects the rights of staff, customers, partners and service users
  • Is transparent about how it stores and processes individual’s data and
    protects itself from the risk of data breach

The Data Protection Act 2018 and the General Data Protection Regulations (GDPR) describe how organisations must collect, handle and store personal information.

These rules apply regardless of whether data is stored electronically or in hardcopy.

Personal information must be collected fairly, stored safely and not disclosed unlawfully.

The new GDPR is underpinned by several important principles. These principles require the Data Controller to be aware of and act in accordance with:

  • Lawfulness, fairness, and transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

FCC ensures that personal data is not transferred to a country outside the European Economic Area unless the country to which it is sent ensures an adequate level of protection for the rights (in relation to the information) of the individuals to whom the personal data relates.

Definitions

Processing of information – how information is held and managed.

Information Commissioner – formerly known as the Data Protection Commissioner.

Notification – formerly known as Registration.

Data Subject – used to denote an individual about whom data is held.

Data Controller – used to denote the entity with overall responsibility for data collection and management.  FCC is the Data Controller for the purposes of the Act.

Data Protection Officer – used to denote the executive responsible for compliance with the Act. This is the Director of Government Relations and Impact.

Sensitive data – information under the Act which requires the individual’s explicit consent for it to be held by the Charity.

Accountabilities and scope

This policy applies to FCC, all employees, volunteers, contractors, suppliers, and people working on behalf of FCC.

It applies to all data that FCC holds relating to identifiable individuals, even if that information technically falls outside the Data Protection Act 2018 and GDPR. This can include:

  • Names of individuals
  • Postal Address
  • Email address
  • Telephone numbers
  • Plus, any other information relating to individuals.

The subject of sensitive data is covered in detail under clause 14 below.

Data protection risks

This policy helps to protect FCC from some very real data security risks, including:

  • Breaches of confidentiality for instances information being given out inappropriately
  • Failing to offer choices for instance, all individuals should be free to choose how the company uses the data relating to them
  • If there is a data breach, FCC will notify the ICO without undue delay and where feasible within 72 hours unless the data breach is unlikely to result in a risk to an individuals or individuals. If this is not possible, FCC will justify the delay to the ICO by way of a “reasoned justification”.
  • If a data breach is likely to result in high risk to an individual or individuals, FCC is required by the GDPR to inform data subjects “without undue delay”, unless an exception applies.

Reputation damage for instance FCC could suffer if so-called hackers successfully gained access to sensitive data.

Responsibilities

Everyone who works for or with FCC must ensure that personal data is handled and processed in line with this policy and the data protection principles.

The Board is ultimately accountable for ensuring that FCC meets its legal obligations. Since the introduction of the GDPR, FCC has a range of additional data protection responsibilities.

There are six lawful bases for processing personal data which are set out in Article 6 of the GDPR. At least one must apply whenever FCC processes personal data:

  • Consent: the individual has given clear consent for FCC to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract FCC have with the individual, or because they have asked FCC to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for FCC to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for FCC to perform a task in the public interest or the performance of the charity’s official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for FCC’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Data subjects have the right to request deletion or removal of their personal data by FCC (the data controller) without undue delay in the following circumstances:

  • Where it is no longer necessary for the purposes it was collected;
  • the data subject withdraws consent and there is no other legal basis for processing;
  • the data subject objects to processing under Article 19 and there is no overriding legitimate ground for the processing;
  • the data was unlawfully processed; or
  • there is a legal requirement to erasure.

Where the right applies, and FCC agrees to erase data then the charity will inform any third party that it may have passed the data onto in order to ensure that they also delete any links or copies to the data unless doing so would be impossible or would involve a disproportionate effort.

Article 17(3) of the GDPR sets out five reasons why FCC may refuse to comply with a request for erasure, these are:

  • Where the processing is necessary to establish, exercise or defend legal claims;
  • where it is necessary to exercise freedom of expression (most likely applicable in the context of social media where requests for deletion are likely to prove unworkable given the reach of digital media);
  • compliance with a legal obligation or performance of a public task;
  • any reason of public interest particularly in the context of public health; or
  • for archiving, historical or statistical purposes.

All erasure requests will be handled by FCC’s Data Protection Officer.

Right to restrict processing: An individual can require FCC as data controller to ‘restrict’ processing of their personal data particularly where complaints for e.g., about accuracy are unresolved or pending, or if the processing is unlawful but the individual objects to erasure and wishes to restrict processing instead.

All requests to restrict processing will be handled by FCC’s Data Protection Officer. If FCC has disclosed personal data to a third party which will be restricted, the charity will inform the third party about the restriction unless it is impossible or disproportionate to do so. The Data Protection Officer will inform the individual if and when FCC decides to lift the restriction e.g., once a complaint has been resolved.

Right to object: GDPR grants data subjects a right to object to certain types of processing in three specific circumstances

  • Performance of public task of public task or official authority;
  • purposes of scientific/historical or statistical research; and
  • direct marketing.

Right to object requests are likely to only be submitted in relation to the charity’s research activities and/or newsletter. FCC will cease processing data for a research task if it receives a request of this nature unless it is necessary in connection with the performance of a public task i.e., in the public interest. Further to this, in relation to the newsletter:

  • FCC will only send content relating to its events and/or other services to people who have proactively opted in to receive such communications.
  • FCC will remove the data from any mailing list of any person making a request of this nature.

All right to object requests will be handled by FCC’s Data Protection Officer.

The Data Protection Officer is responsible for:

  • Keeping the Board updated about data protection responsibilities, risks and issues.
  • Respond to all GDPR related requests.
  • Reviewing all data protection procedures and related policies, in line with an agreed schedule.
  • Arranging data protection training and advice for people covered by this policy.
  • Handling data protection questions from employees and anyone else covered by this policy.
  • Checking and approving any contracts or agreements with third parties that may handle FCC’s sensitive data.
  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
  • Performing regular checks and scans to ensure security hardware and software is functioning properly.
  • Evaluating and third-party services the company is considering using to store or process data. For instance, cloud computing services.

The Head of Communications is responsible for:

  • Approving any data protection statements attached to the website, communication such as emails and letters.
  • Addressing any data protection queries from journalists or media outlets.
  • Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

The Head of Corporate Services is responsible for:

  • Ensuring that any consulting, projects, pilots, or research in which FCC has access to or contact with personal data, including sensitive data, complies fully with this policy.

General staff guidelines

The only people able to access data covered by this policy should be those who need it for their work.

Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.

FCC will provide training to all employees to help them understand their responsibilities when handling data.

Employees should keep all data secure, by taking suitable precautions and following the guidelines below:

  • All employees should abide by the IT security guidelines in the Use of IT Policy.
  • Personal data should not be disclosed to unauthorised people, either within the company or externally.
  • Data should be regularly reviewed and updated and if it is out of date, if no longer required, it should be deleted and disposed of.
  • Employees should request help from their line manager or the Data Protection Officer if they are unsure about any aspect of data protection.
  • When working from home, or from some other off premises location, all data protection and confidentiality principles still apply. All computer data, e.g., documents and programmes related to work for FCC should not be stored on any external hard disk or on a personal computer.
  • Any paperwork kept away from the office should be treated as confidential and securely as if it were held in the office.

Data Storage

Data should be stored in line with the process set out in the Use of IT Policy.

Data Use

Personal data is of no use to FCC unless it can make use of it, however it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption, or theft.

When working with personal data employees should ensure the screens of their computers are locked when left unattended.

Personal data should not be shared informally in particular, and due care and consideration should be taken when this information is communicated by email. Where personal data is communicated, it should be marked as confidential and where sensitive personal data is communicated by email it should be appropriately protected (password/encryption).

Where sensitive data records exceed 20 in number that must be encrypted before being transferred electronically.

Personal data should never be transferred outside of the European Economic Area unless the recipient country has been approved for having secure data protection satisfactory to the EU.

Employees should never save copies of personal data to their own computers and should always access and update the central copy of any data.

Data accuracy

The law requires FCC to take reasonable steps to ensure data is kept accurate and up to date.

It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to data as possible.

  • Data should be kept in as few places as necessary. Staff should not create any unnecessary data sets.
  • Staff should take very opportunity to ensure data is updated.
  • FCC will make it straightforward for data subjects to update the information FCC holds on them.
  • Data should be updated as accuracies are discovered. For example, if a customer can no longer be reached on a number the number should be deleted.

Subject access requests

All individuals who are the subject of personal data held by FCC are entitled to:

  • Ask what information FCC holds on them and why
  • Ask how to gain access to it
  • Be informed on how to keep it up to date
  • Be informed how the company is meeting its data protection obligations

If an individual contacts FCC requesting information, this is called a subject access request.

Subject access requests from individuals should be made by email, addressed to the data controller at the FCC enquiries email. The Data Controller must verify that the application is bona fide.

The Data Controller can supply a standard request form, although individuals do not have to use this.

Individuals have the right under GDPR to make subject access request without incurring an administrative fee. The Data Controller will aim to provide this within 14 days.

Subject access requests should be addressed to the FCC enquiries email address.

Disclosing data for other reasons

In certain circumstances, the GDPR, in conjunction with the Data Protection Act 2018, allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances FCC will disclose requested data. However, the data controller will ensure a request is legitimate, seeking assistance from the Board and FCC’s legal advisors where necessary.

Providing information

FCC aims to ensure that individuals are aware that their data is being processed, and that they understand:

  • How the data is being used; and
  • How to exercise their rights.

To this end, FCC has a privacy statement, setting out how data relating to individuals is used by FCC. This is included in Annex 1.

Sensitive Data and Consent

FCC does not currently undertake direct service delivery in health and care and does not hold related case records or other such sensitive information.

Where relevant for any research or other work, FCC must record service users’ explicit consent to storing certain information (known as sensitive personal data) on file.

For the purposes of the Act, sensitive personal data covers information relating to:

  1. The racial or ethnic origin of the Data Subject.
  2. His/her political opinions.
  3. His/her religious beliefs or other beliefs of a similar nature.
  4. Whether he/she is a member of a trade union.
  5. His/her physical or mental health or condition.
  6. His/her sexual life.
  7. The commission or alleged commission by him/her of any offence.
  8. Any proceedings for any offence committed or alleged to have been committed by him/her.

Sensitive information that might be collected by FCC will, in the main, relate to service users’ physical and mental health and/or the items listed above.

Consent is not required to store information that is not classed as sensitive personal data as long as only accurate data that is necessary for a service to be provided is recorded.

As a general rule FCC will always seek consent where sensitive information is to be held.

It should also be noted that where it is not reasonable to obtain consent at the time data is first recorded and the case remains open, retrospective consent should be sought at the earliest appropriate opportunity.

Obtaining Consent

Consent may be obtained in a number of ways and must be recorded on or maintained with the individual’s records:

  • face-to-face/written: a proforma should be used.
  • telephone: verbal consent should be sought and noted on the case record, for instance on a telephone or web survey the individual should be clear as to what is being asked for and consent if sensitive data is to be provided.
  • email – The initial response should seek consent.
  • website – see below.

Consent obtained for one purpose cannot automatically be applied to all uses e.g., where consent has been obtained from a service user in relation to information needed for the provision of that service, separate consent would be required if, for example, direct marketing was to be undertaken.

Although written consent is the optimum, verbal consent is the minimum requirement.

Specific consent for use of any photographs and/or videos taken should be obtained in writing.  Such media could be used for, but not limited to, publicity material, press releases, social media, and website.  Consent should also indicate whether agreement has been given to their name being published in any associated publicity. If the subject is less than 18 years of age, then parental/guardian consent should be sought.

FCC engages with the public on its website. Whilst this is not aiming to collect sensitive personal data it may occur due to the action of the individual member of the public. The same could occur in communications through other media. FCC’s website expressly states FCC’s Privacy Statement.

Direct Marketing

FCC does not undertake direct marketing for a fundraising response. However, it may contact members of the public or others in any of a variety of formats including mail, telemarketing, and email and through web services or third-party contractors. FCC does send a regular newsletter to individuals that have signed up to receive it directly via the website or through an FCC-led project. In addition, the responses should be recorded to inform the next communication. FCC will not share or sell its database(s) with outside organisations.

FCC holds information on our staff, volunteers, clients, and other supporters, to whom we will from time to time send copies of our newsletters, magazine and details of other activities that may be of interest to them.

We recognise that clients, staff, volunteers, and supporters for whom we hold records have the right to unsubscribe from our mailing lists.  This wish will be recorded on their records and will be excluded from future mailings or telephone contact.

The privacy statement is stated on FCC’s website.

Retention of Records

Paper records should be retained for the periods as set out in the Data Retention Policy.

Powers of the Information Commissioner

The following are criminal offences, which could give rise to a fine of up to £5,000 in a Magistrates Court or an unlimited fine in the Crown Court:

  • The unlawful obtaining of personal data.
  • The unlawful selling of personal data.
  • The unlawful disclosure of personal data to unauthorised persons.

Further Information

Further information is available at www.informationcommissioner.gov.uk

The Information Commissioner’s office is at:

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; Switchboard: 01625 545 700; Email: mail@ico.gsi.gov.uk; Data Protection Help Line: 01625 545 745; Notification Line: 01625 545 740.