The Association for Real Change (ARC) is a membership organisation supporting anyone who is involved in the planning or delivery of support or services for people with a learning disability. Our work also benefits people with other support needs such as autism, mental health issues, long-term health problems and physical and sensory disabilities, and we are therefore committed to sharing our learning and experience across all sectors. Our vision is to promote real change that puts people with learning disabilities at the centre of decision-making, and in the heart of their communities.
This notice is mainly to provide information to our members, qualification applicants and individuals who purchase goods or services from us online about how we process your personal data. Other information will be made available to individuals whose data we process as part of our projects.
Name of our Data Protection lead: Martin Anderson
Address: ARC House, 10a Marsden Street, Chesterfield, Derbyshire S40 1JY
Phone Number: 01246 555043
E-mail: [email protected]
We currently collect and process the following information:
- Name and contact details
- Information about your employment, such as your job title
- Identification numbers for qualification candidates
- Previous qualifications for qualification candidates
- Records of any purchases
- Records of attendance at training events
- Records of any relevant health conditions to provide reasonable adjustments
Most of the personal information we process is provided to us directly by you or your employer.
Under the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent to receive information about us and our newsletter. You are able to withdraw your consent at any time.
(b) Where we have a contractual obligation directly with you to provide you with goods or a service, including qualifications and training.
(c) We have a legitimate interest in providing you with information about us or our services and you are the employee of a membership organisation.
We will only use health information so that we can make reasonable adjustments for the individuals we support or are providing a service to. We rely on the individual’s explicit consent to use this information which can be withdrawn at any time and once we have determined that we have a legitimate interest in processing it, for example, because without it, we would not be able to provide support, we ensure that they understand why we are asking for this information. This information will only be shared with ARC representatives as is necessary or it is required by other parties in an emergency. This could include the emergency services or a nominated emergency contact.
Members and other contacts
We use the information that you have given us in order to:
- Provide you with information as representatives of membership organisations
- Provide you with the advice, product or service you have requested
- To inform you about future training and provide you with our newsletter
We use the information that you and/or your employer provides to us to ensure that you are registered for the correct qualification and to administer the process of your receiving that qualification from the relevant qualification authority
To do that we share information about qualification candidates with the City and Guilds in England and Wales and the Scottish Qualifications Authority in Scotland. They will also share information with us to ensure that their records are up to date, and we will confirm this with candidates.
We also share information about candidates and their progress with the relevant contact at their place of employment.
The personal data we process will also be shared with third party service providers who provide specialist assistance to us so that we can concentrate on providing our services. These include: IT support, document management systems, cloud-based servers, document destruction providers and email marketing management.
We are confident that these providers have adequate security in place and we have written contracts with them that details our security requirements and only permits them to access the data for a specific purpose and in in accordance with our instructions. They are not permitted to use this data for their own purposes.
We store information about you in paper form and electronically have appropriate security measures in place to protect the confidentiality, integrity and availability of your personal data.
We have a retention schedule which refers to the retention times for employee data. Project data is retained dependent on the project and funding requirements. Following the period of retention personal data is reviewed and disposed of in a secure manner.
Under data protection law, you have rights including:
The right of access – You have the right to ask us for copies of your personal information and for further information about how we process your information. This notice should answer most of your questions but you should contact us if you have further queries.
The right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
The right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
The right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
The right to object to processing – You have the right to object to the processing of your personal information in certain circumstances. You have an absolute right to ask us to stop sending you direct marketing material and updates about our services.
The right to data portability – You have the right to ask that we transfer the personal information you have provided to us to another organisation, or to you, in certain circumstances.
There is no charge for exercising these rights unless your request is manifestly unfounded or excessive. If it is, we will charge a reasonable fee or refuse to comply with your request.
Once a request is made, it will be acknowledged and we may ask for confirmation of identification from the requester and seek clarification of this request.
We will do our best to respond without undue delay and within one month of receiving your request. However, if the request is complex we can extend that by a further two months but if we do need more time, we will let you know why.
Please make any requests using the contact details above.
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details above. We will do our best to address any concerns that you have.
If you have concerns about how we have managed your data you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). If you have not raised the issue with us already, the ICO may refer the complaint back to us to address your concerns so please do contact us in the first instance.
The contact details for the ICO can be found here.
We keep our privacy notice under review and if we are required to make any substantial changes we will highlight these on our website.