Privacy Policy

Who we are

Cyrenians tackle the causes and consequences of homelessness, supporting people to transform their lives and walking with them as they lead their own transformation.

Our clients, volunteers, supporters and employees are important to us, and we're committed to keeping your data safe, making it clear what information we collect from you, and how we use it.

Cyrenians is registered as a data controller with the Information Commissioner’s Office under number Z5986534 and is a Scottish Charitable Incorporated Organisation (SCIO) registered charity number SC011052.

You can change how we contact you at any time, simply by contacting central data management. As part of our commitment to you, we have appointed a Data Protection Representative, who can be contacted via email at: compliance@cyrenians.scot

How we use your information

This privacy notice tells you what to expect when Cyrenians collects personal information. It applies to information we collect about:

  • Clients
  • Volunteers
  • Supporters
  • Employees

Clients

Cyrenians is the data controller for the information you provide during the process unless otherwise stated.

The data we collect about you is only shared with third parties under contract or when there is a serious risk to you or people around you. In the course of your support, we will collect personal information about you, some of which will be shared confidentially within Cyrenians.

We will keep the data for up to six years, in line with contracts and government regulations.

If you accept support from us, the personal information you provide will be held on some of the following secure cloud-based applications: Lamplight, Outcomes Star, and HELIX.

Here is a link to Lamplight's GDPR Security page: http://www.lamplightdb.co.uk/the-system/gdpr/system-security/

Here is a link to Outcomes Star's Privacy Policy page: https://www.outcomesstar.org.uk/privacy-policy/

Here is a link to HELIX's Data Sharing and Privacy Notice page:

https://capitalcitypartnership.co.uk/iee-data-sharing-general

Volunteers

If you enquire about our volunteering opportunities we will collect your name, email address and/or telephone number and contact preferences.

If you apply to volunteer with us, we will collect your name, contact details, support needs and criminal convictions. There is opportunity to complete our separate and anonymous equalities form.

We collect this data so as to match you with appropriate roles where possible. It allows us to ensure the safety of our volunteers, staff and clients, recognise your contribution, and helps us anonymously measure our inclusion and accessibility across our volunteering programmes.

If you volunteer with us, we will then collect your emergency contact details in case of an emergency during your time volunteering at Cyrenians, and bank details for paying expenses, should you prefer electronic reimbursement.

We may ask you to prove you have the right to work in the United Kingdom and seek assurance as to your trustworthiness, integrity and reliability. If this is the case you may be asked to provide:

  • Proof of your identity
  • A criminal records declaration to declare any unspent convictions.
  • Details of 2 people who can give you a reference

Depending on the volunteer role, we may contact you to complete an application for a PVG Certificate (Protection of Vulnerable Groups) via Disclosure Scotland, through Volunteer Scotland Disclosure Services. This process requires sight of your ID and proof of address by a staff signatory within Cyrenians.

We will contact your referees directly, using the details you provide in your application or further to email exchange, to obtain references.

We will keep this data for three years after you stop volunteering for us.

If you volunteer with us, your personal records will be held on secure cloud-based applications called Lamplight.

Here is a link to Lamplight’s GDPR Security page:

http://www.lamplightdb.co.uk/the-system/gdpr/system-security/

Supporters

Cyrenians is the data controller for the information you provide during the process unless otherwise stated.

If you support us, for example by signing up to an event, donating, signing up to Gift Aid, or signing up to a campaign, we will usually collect your name, contact details, and whether you would like to be contacted, and how we would do so. We collect this data so we can keep you up to date with information and services you have requested, or may be interested in, and to ask for more support, in the way that you have chosen; to run our events; and to fulfill our legal responsibilities for financial and Gift Aid reporting.

We will keep this data for three years after you stop interacting with us.

Your personal records will be held on a secure cloud based application e-Tapestry which is a Donor Management system.

Here is a link to their Privacy Notice:

https://www.blackbaud.com/privacy-policy.aspx

Use of data processors

Data processors are third parties who provide elements of our fundraising service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

We do use third-party organisations to help us collect donations such as Givergy, Good Thyngs, JustGiving, SmartDebit, Stripe, Facebook Payments International Limited and WorldPay. We use ResDiary for bookings at Arnotdale House, your contact details are shared via a secure web portal, stored securely and disposed of in line with our retention schedule.

We will keep your data only for as long as necessary. If you have kindly donated to us, we are required to keep this data for seven years. If you have not donated to us, we will only keep your data for three years.

Employees (Job applicants, current and former Cyrenians employees)

Cyrenians is the data controller for the information you provide during the process unless otherwise stated.

We will collect your personal information, banking details and contact details and preferences, to process your job application, pay your salary and leave administration and HMRC PAYE taxation.

This information will only be used for the purposes of the service and not shared with the rest of Cyrenians unless you give us permission to do so.

We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. You will therefore be required to provide:

Proof of your identity – you will be asked to attend our office with original documents, we will take copies.

Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.

You will be asked to complete a criminal records declaration to declare any unspent convictions.

Depending on your role, we may contact you to complete an application for a PVG Certificate (Protection of Vulnerable Groups) via Disclosure Scotland, which will verify your ability to work with such groups and individuals.

We will contact your referees, using the details you provide in your application, directly to obtain references

Your personal details and records will be held on a secure cloud based application i-Trent which is a Human Resource Management system.

Here is a link to their Privacy Notice:

https://www.mhr.co.uk/privacy-policy/

Use of data processors

Data processors are third parties who provide elements of our employee-related services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

We use a third-party organisation Scottish Council for Voluntary Organisations (SCVO) to process the Cyrenians Payroll, and data is transferred securely and encrypted. Personal data is sent and received using a secure web portal to the following employee benefit administrators: Lothian Pension Fund, Standard Life and Canada Life.

We will keep the data for up to 7 years, in line with contracts and government regulations.

Complaints

Should you wish to register a complaint we will collect your name, contact details and details about the complaint to enable us to respond, monitor and improve our charity.

We will hold this data for three years.

Visitors to our websites

When someone visits www.cyrenians.scot we use a third party service, (Google Analytics), to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Search engine

Our website search and decision notice search is powered by TicToc. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Cyrenians or any third party.

Your data and this web site

Certain pages on our web site ask you for personal information - such as contact forms that ask for your name and e-mail address, or application forms that could go into far greater detail.

By supplying these details, you enable us to be more specific in responding to your needs: or to put it simply - 'you are helping us to help you'.

We act in accordance with current legislation and current Internet 'best practice' guidelines:

We collect our information fairly, lawfully and for specific requested purposes only

Information is only for use within Cyrenians - it will not be released to others without your consent unless we are obliged or permitted by law to disclose it

If you send or post offensive (or in any other way inappropriate) material to us, or otherwise engage in disruptive behaviour we can use whatever information is available about you to stop the behaviour. This may involve contacting relevant third parties.

All personal information supplied is held securely - in accordance with the GDPR.

How your data gets to us

Pages which ask for personal information from you are protected using SSL encryption.  You can check this by looking for the closed padlock icon in the toolbar or status bar of your browser.  Encryption prevents anyone from looking at data sent between your computer and our servers.

Third Parties that host our Website

We use a third party service, TicToc, to publish and host our website. We use the standard Google Analytics service to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.

https://www.tictocdigital.co.uk/privacy-policy

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government requirements. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Your rights

Under the GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you.

We will only collect the data that we need to carry out the purposes you have contacted us for, or given us permission to use it for.

To enable us to carry out the purposes you have contacted us for, there will be occasions when we will make some data collection mandatory i.e. your name and address to claim gift aid, or your email address to access our services. If you don’t provide this data, we cannot carry out the purposes you have contacted us for.

We will always tell you why these fields are mandatory.

 At any time that you wish you can:

  • gain access to your personal information,
  • object to the processing of your personal information,
  • object to the use of automated decision-making and profiling,
  • restrict the processing of your personal information,
  • ask for a copy of your personal data (known as data portability),
  • rectify or correct your personal information, and
  • have your personal information removed (known as Erasure or the ‘right to be forgotten’).

Where you have provided consent to be contacted or to receive a service, you will be entitled to withdraw that consent at any time.

If you are at any point unhappy with the way that we handled your personal data, you can make a complaint to the Information Commissioner’s Office.

To make changes to how we contact you, or for any other requests, please contact the Data Protection representative at: compliance@cyrenians.scot.

Cookies

Our site uses cookies. By continuing to browse, you are agreeing to our use of cookies.

To update your cookies preference so no marketing cookies are used when you browse our site, please click this link:

Access to personal information

Cyrenians tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to Cyrenians for any personal information we may hold of you, you need to put the request in writing addressing it to our Corporate Services department, or writing to the address provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Corporate Services department.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 03/08/2023

How to contact us

If you want to request information about our privacy policy you can:

Email us at admin@cyrenians.scot

or write to:

Corporate Services dept
Cyrenians
Norton Park
57 Albion Road
Edinburgh
EH7 5QY