VIP+ Privacy Notice
1. Who are we
VIP+ is an Oxfordshire based charity who engage with 5 -18 year olds of the Oxfordshire Hospital School, The Virtual School for Looked After Children and Meadowbrook College, Oxfordshire’s Pupil Referral Unit and Integration Service.
Empowering children and young people to use their voice in decisions affecting themselves, providing opportunities to develop supportive skills and further enhance and enrich their own lives through education, play, leisure and cultural activities.
We are a charity registered in England (number 1150160)
2. How you can contact us
We operate in partnership with the Oxford Hub and are based in their office at 16/17 Turl Street, Oxford .
You can contact Emma Anderson the VIP+ Coordinator on email@example.com if you have any questions.
3. What data do we collect from you and how do we use it
Below, we’ve outlined the different ways in which we collect and process data from people engaging across our activities and services. Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights.
3.1 People who refer a young person to one of our programmes
We collect the information that you provide to us when you complete a referral form for a young person to take part in one or more of our programmes. This information includes:
Referrers details (name, contact details, job title and team)
Child’s basic details (name, DOB, Sex, Address/Postcode)
Carer’s contact details (name, relationship to child, email, phone)
Why the child is being referred
Details of relevant background information and any concerns about child’s behaviour
Particular interests the child has and any activities they engage in
Any safeguarding concerns concerning the child
We will only process your data in the following ways where you have given us explicit consent to do so by agreeing to the terms of this privacy notice and opting in using a checkbox. The information that you provide forms a ‘person record’ that is stored securely on our computer system.
We use this information to:
Place the child/young person onto one of our programmes (e.g. reading through the form and sharing the information with the relevant community partner/activity provider)
Contact you for any further information on the referral or to inform of upcoming programmes you may want to make a referral to.
3.2 People who complete a consent form
We collect this information after a referral has been made and a child has been placed in a programme. This information will be used to confirm you are happy for the child/young person in your care to take part in our programme and will be shared with the relevant community partner/activity provider. Information additional to the referral form includes:
Details for an emergency contact (name, relationship to child, home and mobile number)
Contact details for family doctors (name, address and telephone number)
3.3 People who register to hear via our newsletters
We collect your name and email address for the following purposes:
To provide you with information that you have requested (e.g. a newsletter)
To contact you about other relevant opportunities internally (such as an upcoming activity day, new programmes for young people and opportunities for young people in the area)
We use a third party provider, Mailchimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies, to help us monitor and improve our newsletter. For more information, please see Mailchimp’s privacy notice.
3.4 Visitors to our website
By using our website, you’re agreeing to be bound by the terms of this privacy notice.
3.4.1 We collect log data about you whenever you visit our websites. We will only use this data in order to troubleshoot problems with your use of the website (for example, if a form will not load) and never to do any individual profiling of you for marketing purposes. The information that we collect includes: originating IP addresses, internet service providers, the files viewed on our site (e.g. HTML pages, graphics, etc.), operating system versions, device type and timestamps.
3.4.2 We use a third party service, SquareSpace, to collect standard internet log information and details of visitor behaviour patterns. We do this in order to:
Find out things such as the number of visitors to the various parts of the site
Make improvements to the ways in which we market our opportunities and how people interact with our websites
This information is only processed in a way which does not identify anyone. We do not make, and do not allow SquareSpace to make, any attempt to find out the identities of those visiting our website.
We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect data about visitors to our websites. This data includes usage and user statistics.
3.5 People who email us
To encrypt and protect email traffic we use Transport Layer Security (TLS) by default, but when a secure connection isn’t available (both sender and recipient need to use TLS to create a secure connection), messages will be delivered over non-secure connections. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
3.6 Job applicants, current and former VIP+ employees
3.6.1 What information do we ask for and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t. Information that we collect might include:
Your personal details including name and contact details
Your previous experience, education, referees and answers to questions relevant to the role you have applied for
Written tests or interview notes generated at assessment or interview days
Pre-employment checks (such as proof of your identity and your right to work in the UK)
An enhanced Criminal Record check via the Disclosure and Barring Service
A questionnaire about your health. This is to establish your fitness to work and to ensure that we can provide any support or reasonable adjustments required by you
Bank details – to process salary payments
Emergency contact details – so we know who to contact in case you have an emergency at work
We might also contact your referees, using the details you provide in your application, directly to obtain references
3.6.2 How long is the information retained for?
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 2 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
4. How do we share and transfer your personal data to other organisations?
We will never sell, rent, or trade your personal data. We may disclose your data to service provides who render services to us or on your behalf (e.g. Mailchimp or SquareSpace), all of which are obliged to operate in accordance with applicable laws, including GDPR..
We also share specific data with other affiliated organisations (e.g. community partners), as part of a contractual agreement which includes a data sharing agreement. If you have questions about any of our affiliated organisations, please get in touch using the contact details provided at the start of this privacy notice.
We also may disclose your information if required by law or to enforce our legal rights.
Some of our service providers lie outside of the EEA (e.g. Mailchimp and SquareSpace.) Therefore, sometimes we transfer your data outside of the EEA. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as mechanisms like the EU-US Privacy Shield Framework.
You can read more about how our service providers comply with GDPR here:
5. What rights do you have?
You are not required to provide any personal data to us. However, your failure to do so may affect our ability to provide you with the services that you request. For example, we are unable to contact you with information about an activity if you do not provide your email address.
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided us. If you wish to access or amend any Personal Data we hold about you, or to request that we delete any information about you, you may contact us at: firstname.lastname@example.org.
Please note that while any changes you make will be reflected in our active user databases instantly or within a reasonable time period, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so
At any time, you may object to the processing of your Personal Data by contacting the above email address, on legitimate grounds, except if otherwise permitted by applicable law.
If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact VIP+ Coordinator Néidín Hendron at email@example.com. You also have a right to lodge a complaint with data protection authorities.
6. How do we retain your personal data and how do we keep it secure?
Internally, your data and the data of the young person you refer is shared with staff members responsible for managing the activities with which you are involved. Relevant data will also be shared with our community partners/activity providers who we work with to deliver our holiday programmes.
As we work in partnership with Oxford Hub who are a student-led organisation, your data may also be shared with selected individuals who have been selected as student leaders in accordance with our recruitment policy, and who have signed a data sharing agreement. Data is only shared with individuals who require access in order to provide the services or activities to which you have signed up.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity. Please see section 2 above for more information on how long we hold your information for.
We use reasonable organisational, technical and administrative measures to keep any information collected and/or transmitted to us secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts transmitted data, however, no data transmission or storage system can be guaranteed to be 100% secure.
7. How often is this policy reviewed and updated?