We respect the use of personal information and we keep the data subject’s needs in mind at all times. This Policy is our explanation of how we approach data. We hope it is clear but if you have any questions please ask us:
CCS – Concord Conflict Solutions
Data Subject – the individual whose information is held
Data/personal information – items of knowledge which can identify an individual
Third Parties – those outside CCS who use or provide data from/to CCS for defined tasks
Data Breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
How do we collect information?
We may collect information directly when we interact with you including in person, by phone, by email, via our website.
We also receive information from Third Parties including employers, schools, word of mouth.
Why do we collect information?
We collect information in order to carry out our business purposes. We will always have a lawful purpose for any information we collect and we will let you know that purpose at the time of collection or shortly afterwards.
What information do we collect?
The information we collect may include:
- email address
- telephone number
- social media contact data
- bank account details (e.g. from payments)
- credit card details (e.g. from payments)
- age/gender/date of birth (e.g. from service users)
- allergies/dietary details (e.g. for the purpose of catering requirements)
How do we use your information?
Your information is used to:
- provide services to you
- inform you about our services and activities
- process payments received from you
- for administrative purposes (including for events)
- enable record keeping (including feedback, surveys)
- comply with a legal requirement
We may contact you with service updates and/or marketing content, via your preferred means of communication. Our aim is to avoid sending you unwanted communications.
Do we share your information with Third Parties?
We will never sell your information.
We sometimes share your information with selected Third Parties (eg. associate Mediators), who work with us to deliver our business purposes. In our contracts with these Third Parties we require them to comply with data protection laws.
If required by law, we would share your information with the appropriate persons.
How do we store and protect your information?
We keep most information digitally using appropriate software.
Some information (eg. paper-based) is kept in secure physical storage.
Other information, such as phone messages, are converted to another format for storage.
The management of our organisation is designed to enable and ensure compliance with the Data Protection laws currently in force.
When do we stop using your information?
We keep your information while we need it for our business purposes or until you request removal.
Generally we review our databases every 6-12 months to remove expired data.
Some information is required to be kept for longer, such as financial records.
What happens if something goes wrong?
- We keep aware of the process to be followed if a Breach occurs (including reporting and rectifying).
- If you are unhappy about our handling of your data we will do our best to improve the matter for you.
- You have the option, if our actions seem insufficient, to contact: Information Commissioner’s Office, online at ICO.org.uk or tel 0303 123 1113
How can you update, change or remove your information?
Please contact us to make your request:
Where reasonably possible we will acknowledge your request within 2 working days and progress it within 15 working days.
Overall our aims are to ensure that you:
- know what data we hold
- understand why we hold that data
- know how long we will hold the data
- can change or remove that data on request (subject to requirement of law)
- can see a clear path for help if you feel it is necessary