Privacy Policy

This privacy notice updated March 2021 replaces our previous documents and is in line with GDPR and to reflects our new website which launched March 2019.  This policy is accessible from our website.

Befriending networks is a Data Controller under the General Data Protection Regulation.

If you wish to discuss anything relating to privacy and data protection, please contact:

Sarah Van Putten, Befriending Networks, 63-65 Shandwick Place, Edinburgh, EH2 4SD or sarah@befriending.co.uk  0131 261 8799 or 07955251807.

1. Members and Training delegates

We collect limited personal information from:

Member Organisations (including work contact details, including email addresses etc.)
Training delegates member’s employees (including work contact details, including email addresses etc.)
Training delegates member’s volunteers (name and contact email address only)

Member Organisations

We use the information that you submit as part of your application process to keep you informed about relevant events, policy updates and information relevant to befriending.  We will normally email you about events/information but may on occasion use the telephone numbers supplied to call you. 

This information is also shown in the member directory on our website, which is widely visible to the public.  At all times you are in control of this data and through your log in you can change and update this.  It is therefore your responsibility to ensure that this maintained and only contains accurate contact details for your staff/organisation.  This information is only stored on our website, used excel sheets and in our emails to you. 

When we report to funders, produce publicity and evaluation materials and post content on our website or on social media we may include members’ and training delegates’ first names and photographs, if they have given consent in advance.

We keep ex member data on the back end of our website for up to 2 years after a member leaves, but at any time members have the right to see their information and have it corrected or removed.  We will not contact ex members their records are only retained as it makes re-joining easier.

Training delegates (member’s employees /volunteers)

All training bookings are made via the website either by the delegate themselves or their organisations co-ordinator who has log in details.  If being completed by an organisations coordinator they are asked to confirm they have permission to enter the delegates details. The only details we gather are name and contact details in order that we can ensure delegates receive information relevant to their upcoming training or for evaluation purposes. 

Those undertaking online training have the email address they supplied and their name entered onto the learning moodle (run by E-learn design, which is GDPR compliant), they are sent details by email and are then asked to set their own password for this site.

Training delegate records are stored for no more than 3 years after, which they are deleted. We do not contact volunteers once their training is completed or use their data, it is held only for statistical purposes.

2. Our Website

Our website is a way of reaching potential befrienders or befriendees, befriending organisations, the media and anyone who wants to find out more about befriending in the UK. It also gives funders and potential funders easy access to our evaluation material and enables existing members to access resources and information as well as to advertise their projects on the directory. 

We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out such things as the number of visitors to the various parts of the site.  This information is only processed in a way that does not identify anyone.  We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Where we do collect personal data through the website this is obvious and upfront.  How we use this information is covered in detail in this policy.

Cookies are small text files that are placed on your computer by websites that visit.  They are widely used in order to make the site work more effectively, as well us to provide us information via Google Analytics.  We use this information to compile reports and help us improve the website and also the resources and information it contains.  The cookies collect information in an anonymous form, including the numbers of visitors to the website, where visitors have come from and the pages they visited and download data.

3. Website Payment Options

Our website provides you two payment options if you choose from:

  • If you request an invoice/Bacs payment you will be automatically sent an invoice directly from the website giving you payment details. 
  • If you choose to by card then we use the services of payment company called Stripe.  When you make payments through Stripe they collect your transaction information.  The information they collect includes payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, and payment method. Different payment methods may require the collection of different categories of information. When conducting fraud monitoring, prevention, detection, and financial compliance activities they will receive Personal Data from you (and your device) and about you (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud. Our fraud monitoring, detection and prevention services may collect Personal Data about you and use technology to help us assess the risk associated with an attempted transaction by you with a Stripe User. Their privacy policy can be found here: https://stripe.com/gb/privacy#personal-data-definition

4. Third Parties

Personal data may be shared with third parties (such as OSCR, Companies House, HMRC) if:

  • Sharing the personal data is compatible with the privacy notice provided to the data subject and, if required, the data subject's consent has been obtained.
  • They have a need to know the information for the purposes of providing their service.
  • They have provided us with a privacy policy which describes how they will use the personal data and satisfies the General Data Protection Regulation and the Data Protection Act 2018. 

5. Subject Access Requests

You have the right to see what personal information we hold about you. You are entitled to be given confirmation as to whether we hold or process your personal information, and if so you are entitled to access all your personal information as well as details of:

  • The purposes for which we process your personal data.
  • The categories of your personal data we process.
  • The recipients, or categories or recipient to whom personal data has been or will be disclosed.
  • How long we expect to store your data.
  • Where you did not give us the personal data, the source from which we collected the personal data; and
  • Whether we use any automated decision making in relation to the processing of your personal data.

You are entitled to have any mistakes in your personal data rectified, and to have the data deleted if you would no longer like us to store or process your personal data, or to request restriction of our processing of your personal data.

Subject access requests should be made by email to sarah@befriending.co.uk and will be processed within 20 working days. If you have a complaint about our use of your information (or any other aspect of our service), please contact us using the details given on this policy.