Home Privacy

Privacy Policy

Befriending Networks Personal Data and Privacy Policy (October 2023)

Who We Are

Befriending Networks Ltd is a Company Limited by Guarantee with Charitable Status. Our registered office is 5-7 Montgomery Street Lane, Edinburgh, EH7 5JT. Our telephone number is 0131 261 8799 and our organisational e-mail contact is info@befriending.co.uk

We have multiple privacy notices for different aspects of our services and operations:

  • Website and Newsletter
  • Membership
  • Training and Events
  • Quality Awards
  • Enquiries
  • Employees
  • Job Applicants
  • Directors and Volunteers

Befriending Networks utilises Office 365 and most data we handle will interface with our Office 365 account - typically through email and forms.

Website and Newsletter
What information do we collect?
How do we use this information?

Our website uses Essential Cookies; these are small text files that are placed on your computer by the website that you visit. We utilise these essential cookies for Stripe payments to prevent fraud; and the PHP cookie, PHPSESSID, without this cookie our website cannot function normally.

Newsletter subscription is available using our website, with a redirect to MailChimp. We collect personal identifiable information including name and email address for the purposes of distributing our monthly newsletter. There are options to opt-out and to set preferences on the type of content received.

Website payments, when using a card, are taken by a company called Stripe. When you make payments through Stripe they collect your transaction information.  The information they collect includes payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, and payment method. Different payment methods may require the collection of different categories of information. When conducting fraud monitoring, prevention, detection, and financial compliance activities they will receive personal data from you (and your device) and about you (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud.

Membership
What information do we collect?
How do we use this information?

When applying for, renewing, or within membership we will collect, process and store personal information related to contact names, email addresses, phone numbers and addresses associated with the member (typically an organisation, but may also be an individual).

We use the information that you submit as part of your application process to keep you informed about relevant events, policy updates and information relevant to befriending.  We use the information to maintain an accurate record of membership for the purpose of organisational governance.

We will normally email you about events/information but may on occasion use the telephone numbers supplied to call you. We will add your email address to our distribution lists for Membership or thematic emails sent out by our staff team as well as our monthly newsletter which is distributed via MailChimp.

Information is also shown in the member directory on our website, which is widely visible to the public.  At all times you are in control of this data and through your log in you can change and update this.  It is therefore your responsibility to ensure that this is maintained and only contains accurate contact details for your staff/organisation.  This information is stored on our website and on Salesforce (our Customer Record Management system). When interacting with individuals associated with membership (but not the primary contact) we will store data including name, email address, phone number and job title in Salesforce. This information may be collected through email, at events, or over the telephone. It is important that organisations notify us of any changes to contact details, such as when staff or primary contacts change or leave.

When we report to funders, produce publicity and evaluation materials and post content on our website or on social media we may include members’ first names and photographs if they have given consent in advance.

We keep expired member data on the back end of our website for up to 3 months after a membership has lapsed. In that time, we will make attempts to contact the organisation to support renewal or to understand reasons for leaving membership. Records are retained as it makes re-joining easier. Membership records in Salesforce are retained for 5 years for the purposes of reporting and monitoring data linked to membership, membership benefits and experience.

  
Training and Events
What information do we collect?
How do we use this information?

All training and events bookings are made via the website either by the delegate themselves or their organisation’s co-ordinator who has login details.  If being completed by an organisation’s coordinator they are asked to confirm they have permission to enter the delegate’s details.

The details we collect include name and contact details in order that we can ensure delegates receive information relevant to their upcoming training or for evaluation purposes. We invite delegates to provide relevant information which can enable us to make training and events inclusive and accessible, this may result in the collection of special category data related to dietary requirements, health, or disability, as examples; this is for the purpose of making reasonable adjustment and is lawful basis associated to health care.

Booking information is transferred to Salesforce. Email communication for delegates is generated using Salesforce. Attendance, non-attendance, and deferral of places is recorded on Salesforce.

Those undertaking online training have the email address they supplied, and their name entered onto the e-learning platform, My Skill Camp. They are sent details by email and are then asked to set their own password for this site. Names may be used to generate certificates of completion.

Online events take place using Zoom. Access to Zoom events is only available to those who have pre-booked and require a meeting password.

Delegate packs, including attendee lists, may be generated for events, these will include first name, last name, and organisation. These will be shared with other event participants. Photography and filming may take place at our events – this is used for publicity (social media, publications, presentations) or for documenting learning events to share with other interested persons. Your image and/or voice may be recorded in film or through recording of online sessions. Photography and filming permissions will be obtained at event booking.  

Training delegate records are stored for no more than 5 years, after which they are deleted. Participation data is retained for statistical and reporting purposes (non-identifiable).

 
Quality Awards
What information do we collect?
How do we use this information?

Members who apply to work towards the achievement of a Quality Award will have some personal data (name, email address) processed within Moodle for the purposes of uploading evidence submissions. On achievement of the Quality Award the user is deleted from Moodle, removing all personal data and associated files and records.

In the process of assessment of Quality Awards, in addition to data already provided from members, the organisation will be required to provide personal data to Befriending Networks of individuals who will be interviewed as part of the assessment process. Data required will include names and contact details - this is for the purpose of setting up interview times and conducting interviews.

It is the responsibility of the Member/Quality Award applicant to obtain the permission of the individual interviewee prior to sharing the required information with Befriending Networks. This data is stored within Office 365. This information will only be retained for the duration of the Quality Award assessment.

It is the responsibility of the Member/Quality Award applicant to redact personal information prior to uploading evidence, this should be done to a level where the person cannot be identified by the assessor. Applicants are informed that failure to redact is a data breach and they will be unable to attain a Quality Award.

A record of attainment of a Quality Award is retained within Salesforce and is associated to a Membership record.

Enquiries
What information do we collect?
How do we use this information?

Information obtained from enquiries may result in data such as name, organisation, phone number and email address being stored in Salesforce. This may occur in instances of enquiries related to membership, bespoke training, or consultancy. This information is retained for as long as necessary before it is transferred to membership or training and events, otherwise it will be deleted after 1 year.

Enquiries regarding befriending services are logged on Salesforce but include no identifiable data. Data, nature of enquiry, and region are recorded. This information is used to monitor enquiry levels and to inform future service design.

Job Applicants
What information do we collect?
How do we use this information?

If you are applying for a job, internship, or volunteering role with Befriending Networks we will collect and process data about you. This will likely include your name, contact information, and personal information contained in your CV such as your date of birth or national insurance number. If we ask for an application form to be completed this may include a request for additional specific information such as employment history, qualifications, work eligibility, national insurance number, and referee details. We may use a third-party recruitment site, such as Charity Jobs.

When undertaking pre-employment checks we may ask for contact details of references, your date of birth, your work eligibility, and vetting information such as for DBS/PVG membership. We may use a third party to assist us with work eligibility and DBS/PVG checks.

We will use the data you provide us with to manage our recruitment and selection process. This includes assessing suitability for the role, creating accounts for successful applicants, sending communications related to the outcome of the recruitment process, and fulfilling onboarding requirements.

We will retain application forms, CVs and other data related to vacancies and recruitment processes for 6 months from the vacancy closing date.

Directors
What information do we collect?
How do we use this information?

The name, date of birth, address, email and phone number of directors, date of appointment and date of termination will be maintained as a register. Directors (or nominees) may also be asked to provide declarations regarding criminal activity and bankruptcy and may be subject to vetting checks or references. In this case the job applicant privacy notice above will be followed for a volunteering role. Required information will be shared with Companies House for the purposes of effective governance. Director names will be listed within the Directors Annual Report/Statement of Financial Accounts. Director names will remain on Companies House filing history; director names will also appear on charity documents such as minutes of meetings and resolutions. These documents are retained indefinitely.

We will retain core director personal information (name, CV, image) for historical purposes; all other documentation related to directors will be retained for the duration of directorship plus 2 years.

 
Other Information 

Third Party Services
Befriending Networks Ltd uses the following third-party service provides to support the delivery of our activities:

  • Salesforce CRM
  • Office 365
  • Website: David Kelly Design Office
  • Canva
  • Stripe
  • MailChimp
  • Charity Jobs
  • SystemWise (Managed IT partner)
  • My Skill Camp
  • Zoom
  • Moodle
  • Facebook, Twitter (X), LinkedIn
  • Companies House
  • Social Pilot

International transfer of data
Our email communication provider MailChimp hosts data in the United States. They are subject to specific data protection contractual clauses and are participants in the US Data Privacy Framework.

Your Data Protection Rights
Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Requests can be made using the contact information above.

How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at Befriending Networks, the full process of which is set out in our Complaints and Feedback policy.

Email: susan@befriending.co.uk
Call: 07729 107 002

Susan Hunter
Befriending Networks
5-7 Montgomery Street Lane
EDINBURGH
EH7 5JT

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:        
Information Commissioner’s Office
Wycliffe House
Water Lane
WILMSLOW
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk