Privacy Notice Summary
Our privacy notice sets out how Humankind uses and protects any personal data that we collect from you.
Humankind is a company registered in England, Registered Company No. 182 0492 and a Registered Charity No. 515 755, VAT No 334 6763 43, Registered Social Landlord (RSL) 4713.
Our registered office is: Head Office Humankind, Inspiration House, Unit 22, Bowburn, North Industrial Estate, DH6 5PF
The purpose of our privacy notice
Personal data is information about a living, identifiable individual and includes any information that can be attributed to you personally, including your name and contact information.
There are more sensitive types of personal dafta which are known as ‘special categories’ which includes information about your health. Criminal offence data is also considered more sensitive.
You can find out more about categories of personal data on the Information Commissioner’s Office website.
Humankind is committed to ensuring that your privacy is protected. Humankind offers a range of services which include substance use, clinical, employment training and education, housing services, housing support and health, young people and families services.
A Data Controller is a term used in the Data Protection Act 2018 to describe an organisation that has the most responsibility for protecting personal data.
Humankind is a Data Controller for some of its services but not for all. For other services, Humankind is a Data Processor. A Data Processor acts upon the instructions of another Data Controller and is not accountable for privacy information.
Each service where Humankind is the Data Controller, has its own Humankind privacy notice. We offer a layered approach to providing privacy information in these services. This means that when we first make contact with you, we usually read you a short privacy script, then, when we hold our first meeting with you, we give you an A4 privacy factsheet and some other information. We have two different factsheets with two different privacy videos (see below). One factsheet is for services that support adults and the other factsheet is for services that support children and young people. The factsheets also signpost to the service’s Full Version Privacy Notice so that you are aware that there is a long notice with more detail in it. Our privacy information is only relevant when we are a Data Controller.
Our privacy videos
Your data rights
You have data rights, but these rights vary depending upon which lawful reason the Data Controller has applied to the use of your data.
Our privacy information explains what your rights are and how you can use them and we have provided an overview of the Data Subject Rights below. Please note that when the word “processing” used, this means any use of your personal information (for example, collection, storage, sharing, updating etc). You can find out more about these terms and about your rights at www.ico.org.uk
- Your right of access: You have the right to ask for a copy of your information or to know what information a Data Controller has about you. This right always applies. There are some exemptions, which means you may not always receive all the information.
- Your right to rectification: You have the right to ask that your information is rectified if you think it is inaccurate. You also have the right to ask the Data Controller to complete information you think is incomplete. This right always applies.
- Your right to erasure: You have the right to ask the Data Controller to erase/delete your personal information in certain circumstances. This is also known as the right to be forgotten.
- Your right to restriction of processing: You have the right to ask the Data Controller to restrict/pause the processing of your information in certain circumstances.
- Your right to object to processing: You have the right to object to processing if the Data Controller is processing your information as part of their public tasks, or is in their legitimate interests.
- Your right to data portability: This only applies to information you have given the Data Controller. You have the right to ask the Data Controller to transfer the information you gave them from one organisation to another, or give it to you. The right only applies if your information is used based on your consent or under (or in talks about entering into) a contract and the processing is automated/done by machine.
- Your right to withdraw consent: This only applies to information the Data Controller is using based upon your consent. Consent is just one of six lawful reasons (legally called “bases”) upon which a Data Controller can rely on. How data is used is only your choice if the data use was consent-based and this is not always the case. The Data Controller is the organisation that decides what the lawful basis should be, not the data subject.
You are not required to pay any charge for exercising your rights. Data Controllers have one month to respond to you, but this in some cases can lawfully be extended.
Accessing our privacy information
- Don’t worry if you lost the factsheet we gave you, as you can ask for another copy of the privacy information provided by a project, by asking the project staff directly or you can email email@example.com
- For transparency, each project (where Humankind is the Data Controller) has a custom-made Full Version Privacy Notice and our A4 factsheets summarise key elements. Every A4 factsheet reminds you that there is a Full Version Privacy Notice and you should read the Full Version Privacy Notice so that you are aware of all of the details which are specific to how we use your personal information in the service you are using.
- Each project where Humankind is the Data Controller, has a Full Version Privacy Notice. This is available to you at any time. You can see it on the project’s individual webpage. You search for each service’s individual webpage on our website’s homepage. You can ask the project directly or you can email firstname.lastname@example.org
- If there is no privacy notice on the services webpage this is because we are a Data Processor, so please phone or speak to staff in that particular service for more information. Where we are a Data Processor we will provide the privacy information that belongs to the Data Controller and in some services, we may need to signpost you to the Data Controller.
- Every project has a manager who can inform you and you can also email email@example.com
- You do not have to read any of the information we provide to you, but we have a legal obligation to make sure we have provided you with it.
How we use your information when you use this website
All websites use personal data and the law says we need to inform you about what happens to your information when you use our website.
Privacy notice review period
This notice was last reviewed August 2023 and will next be reviewed August 2025 unless there are significant changes to how we use your personal information.
Subject access request statement
In compliance with the UK General Data Protection Regulation (UKGDPR) Humankind (where we are the Data Controller) is obliged, upon request, to disclose any information we hold about you. This is called your Right Of Access.
This includes people who have accessed our services or support, staff, volunteers, students, placements apprentices, temporary staff and any other person working on behalf of Humankind.
We have one month to respond to your request, although this can be extended in certain circumstances. There are rules for what we can and cannot disclose, so all requests require a rigorous redaction process by our information governance team.
If you would like to view the records we hold about you please contact us at firstname.lastname@example.org or call us on 01325 731 160.
We also have a Staff Privacy Notice and Volunteer Privacy Notice which you can access by clicking on the links below:
Please note that if we are a Data Processor for your data, we will sign post you to the Data Controller who will manage your request.