Address:

Newlife Charity for Disabled Children, Newlife Centre, Hemlock Way, Cannock

Email:

info@newlifecharity.co.uk

Telephone number:

01543 462777

Purpose

Legal justification

Campaigning and Advocacy Team

Campaigning – to give children and families a voice. Newlife uses personal information from children we have helped, to demonstrate issues that families face every day.

Explicit Consent (special category) – to use children’s/family personal information, we will seek consent.

Working with local statutory bodies – We look to work with professionals and relevant health and local authorities when we believe that they have an obligation to

provide the child with the equipment that is

We share information with local statutory bodies based on pursuing legitimate interests. We believe this to be in the best interests of the child and family to get

equipment funded by the authority where

needed. In many cases, once an authority is aware of the child’s needs, they will fund the equipment needed and be aware of the wider needs of the child and family.

appropriate and possible, and allowing Newlife to help more children in need. In so far as the information includes special categories of data (health data), we share this on the basis that it is necessary for the provision of health or social care, and the processing is carried out under the

responsibility of health professionals.

Child and Family Team

Nurse Helpline – Callers can remain anonymous or choose to give their name/contact details. The purpose is to give information, support and care to families of disabled and terminally ill children through either phone calls, emails or nurse chat via our website.

Initially calls are answered by the Newlife Nurse reception team, which is operated by Connect Assist Limited, the UK’s only fully trained Call Centre working on behalf of charities and government contacts.  The Connect Assist advisors are trained by our Newlife Nurse team to answer the call and navigate the call according to the needs of the caller.  Full due diligence was completed on Connect Assist, trustee approval was sought, and a Data Protection Impact Assessment was completed prior to the launch of the service. 

Calls answered by the Newlife Admin reception team are recorded and this is acknowledged to the caller before the call is put through to the team.  The message states ‘Calls are recorded for training and quality purposes.’  The Newlife Nurse team listen to three random calls per month to ensure the quality of service from the reception team and if any complaints are made then (if possible) we may also listen to the call to understand fully and investigate the complaint.  All calls are retained for three months prior to being deleted.  Please note that once transferred to a nurse or in the case of a nurse call back, calls are not recorded at this point.

Explicit consent (special category) – we will verbally ask families, who pass on personal data, that they give permission for Newlife to store the data on a database that is viewed by internal team members and the Newlife Nurse reception team to give Newlife team members the ability to respond to the needs of a child quickly when they arise.

Legal Obligation – If a safeguarding issue is highlighted then we will pass on concerns to relevant authorities including social workers and child protection teams.

Equipment services – Newlife provides equipment either as a grant or a loan through its many unique services.

Equipment has the power to change children’s lives. To provide the equipment, Newlife needs to collect personal/health data to assess the child’s needs and to ensure that appropriate equipment is provided at the pace required. These services include:

·        Equipment Grant Service

·        Emergency Equipment Loan Service

·        Play Therapy Pod Service

Legitimate Interests – contact details including addresses are passed to third parties who deliver the equipment on behalf of Newlife to ensure that the families receive the approved equipment they applied for.

Consent – we seek consent for the following:

– for families to receive information about Newlife’s services

– for a photo of the child to be provided and used to help us demonstrate the impact of Newlife’s services through the media and to allow us to thank donors and show them the difference they have made.

– to ask families if they will allow a fundraiser to contact them regarding supporting the charity either through volunteering or fundraising.

Explicit consent (special category) – We seek explicit consent for the following:

-To allow Newlife to pass details to a member of the communications and marketing team to contact the family regarding writing an appeal to raise awareness and funds for the equipment required through the local and possibly national press.

– To allow Newlife to pass on personal and some health information to fundraising donors and supporters (anybody who has donated to Newlife) to demonstrate the impact of equipment provision.

– To give permission to pass details on to external partners of Newlife for conducting research relevant to Newlife’s services.

Legitimate Interest

–        We share information with professionals and local statutory bodies to ensure the right piece of equipment is provided and in the pursuit of legitimate interests. We believe that this is in the best interests of the child and family to get equipment funded by the authority.

All data provided will be stored on a secure database, with limited access internally and by our Newlife Nurse reception team.

We will only share this data with other people externally if we are legally obliged to do so, if we have consent, or to enable us to deliver the equipment requested.

Legitimate interest to seek feedback and understand impact of equipment provided.  We will contact families who have received equipment from us, to get feedback on the equipment and service provided.  We will also ask questions related to the difference the equipment has made.  This will help us to improve what we offer to families, raise additional funds to help more children and as such is in the interests of families of disabled children.

Delivery of Play Therapy Pods

To deliver Play Therapy Pods to families with disabled children, the child and family team/Newlife transport team arrange deliveries with external couriers.  These deliveries are recorded on the courier’s database, and they retain personal information for only as long as is necessary.

 Legitimate Interests – to enable Newlife to     

 provide the service requested by the family we

 need to share personal data with third party

 couriers to deliver the equipment.

Communications and Marketing Team

Website – to demonstrate Newlife’s purpose and impact to supporters, families, donors, stakeholders, volunteers etc.

Applications to charitable services – most applications to all our charitable services are made via an online web form. This will be temporarily stored on Newlife’s website database which is hosted by WP engine.  The application is then imported to our internal Child and family database which is hosted in Microsoft Azure.

Explicit consent (special category) – to use children and families personal and health data to demonstrate need (when appealing for fundraising support) and to demonstrate impact.

We seek separate permission from any data subject who is featured on the website.

Legitimate Interest – this enables us to process any application that is submitted by our beneficiaries.  The application and all accompanying documentation (e.g. supporting letters) are only stored on our website platform for a short period of time until the application is imported, and it is then automatically deleted from the website. 

Social media – to communicate privately and publicly as required. To provide up-to date information to demonstrate Newlife’s impact and purpose.

Legitimate Interests – Newlife requires personal information (including contact details) to respond to any enquiries/requests etc. We will ensure that private messages sent to us via social media are responded to in private.

Explicit Consent – we will seek consent if we want to post on social media regarding any data subject’s personal/health data.

Marketing emails – where individuals have expressed an interest in receiving information about the work of the charity, its services and how to support Newlife, as well as Newlife stores or online shopping, we will email them electronic newsletters and updates where applicable.

We use an external platform, Mailchimp, to store data including names and email addresses of individuals who have signed up to receive marketing emails onto relevant mailing lists, and to send emails to these mailing lists. The lists are automatically cleaned by Mailchimp every six months, and manually monitored annually.

Consent – we will only email individuals who have given opt-in consent to allow us to send information and updates. Each team will seek verbal or written consent prior to any action taken.

Legitimate Interest – in the case of professionals who provide their names and email addresses via our application forms, these are added to our Professionals mailing list under legitimate interest. There is an opt-out option on every email sent.

Use of Cookies

For both the charity website and our Newlife online site, we store your cookie preferences.  This will identify your online preferences to provide relevant advertisements to you.

Consent – you will receive a cookie notification when you open either website page.  If you click yes/agree this is a lifetime agreement, however you can at any point log-in and manage your cookies to change this agreement if you so wish.

Contacting data subjects – we do ask those    who benefit from our services, including families of disabled children whether they would be happy to speak to a member of our communications and marketing team.

We can also ask other data subjects affiliated with Newlife if they are willing to speak to the communications and marketing team, including volunteers, fundraisers, customers, stock donors and team members.

Newlife will work with third parties including  

experienced PR agencies to assist with

securing national and local PR coverage when

the data subject has given consent for Newlife

 to process their data for media purposes. 

 Newlife will inform the data subject if their data

 will be transferred to any agency that Newlife is

 working with and obtain their consent for

 this.

Customer style card – a customer is given the option of signing for a Newlife style card when they make a purchase at our tills.  Once signed up they will receive two to three emails per week with general updates, offers, invitations to specials events.

Consent/Explicit consent – our communications and marketing team will not contact data subjects regarding potential press activity without the consent of the data subject. This will be sought by the department that the data subject has given data to.

Consent/Explicit consent: –

–    that the family agree for a member of the communications and marketing team to contact them about a PR opportunity.

 – for each PR campaign, Newlife will obtain 

    consent to work with the family and that the

    family/data subject agrees to give consent  

    for their data to be processed through

    local/national appeals/interviews/radio or  

    regional/national/local coverage etc.

Consent – customers give their consent at the tills for Newlife to send these updates and opt- out is available with every email sent.

To share personal details with press

Explicit Consent – we will not share personal details with press for a media story or other purpose without the consent

  of the data subject.

CSR Support Team

Managing stock donor relationships – We receive stock from hundreds of stock donors including high street stores, manufacturers, supermarkets, designer labels etc. We co-ordinate stock donations, arrange collection through external transport companies and manage the relationships with the donors sending them updates and we are legally obliged to send them annually a ‘duty of care’ letter.

Legal – we are legally obliged to process data that enables us to send the ‘duty of care’ letter annually to report on how we have used the stock they have donated. We store company data on our stock relationship database.

Contract – we contact and store data that relates to the collection and management of stock in line with the donor requirements.

Consent – we will seek consent if we are publicising the relationship with the donor in any external publication, website, and

 correspondence.

Facilities and Health & Safety Team

Health & Safety & Risk assessments – When a member of the public, team member or a volunteer is involved in an accident we will complete an accident form (or near miss form if applicable) to collect relevant data. We will also complete risk assessments for the above categories when required (e.g. pregnancy, health issues raised through doctors fit-note/return to work etc.)

Legal – we are required to complete an accident form/near miss form when an incident occurs. We are required if the incident is serious to contact the Health Safety Executive (HSE) and RIDDOR.

Explicit Consent – we will seek consent from the individual to obtain a fit note where appropriate and to facilitate the right working conditions and/or return to work.

This data will only be processed by the people team, the Health & Safety team and the relevant manager.

Driving for Work Purposes

All team members and volunteers who either use a company car or claim business mileage, Newlife needs to see driver’s license and insurance documentation.

Forklift and Van drivers

We keep copies of our driver’s license prior to use.

Legal – we are duty bound to check that all team members and volunteers have a valid driving license before they can drive on behalf of Newlife.

CCTV – We have CCTV for security, health and safety, assessment & improvement and compliance purposes within our stores and warehouses. Signs are up within all premises/estates explaining their purpose.

Legal – we only store CCTV images for 30 days. We share these with the police when requested to do so or if a criminal act has

occurred on any of our premises.

Contracts – We set up several service contracts to provide services to Newlife including cleaning, gas/electric, post, waste disposal, gardening/window cleaning services, deliveries of stock and supplies.

We have a designated contact for each and

set-up a contract to manage what is expected.

Legitimate Interest – It is in Newlife’s and the contractors’ best interests to have direct contact with each contractor. We will add in conditions to the contracts to ensure that all contractors are GDPR compliant where they are processing data as part of the contract in line with our data protection policy.

Finance and Audit Team

Banking and tracking of income – We bank and track all income that is donated or raised on behalf of Newlife.

This includes online giving, giving through

third parties (such as Just Giving) and all donations received either by hand, by post, or direct to our bank account. We track all donations received via internal spreadsheets and ensure all restricted income is used for the purpose intended.

We input all donors onto SAGE database and if relevant onto Raisers Edge, a fundraising relationship database.

Legal – we have a duty to ensure all financial records are available for audit purposes annually. We are also legally

obliged to retain all financial records for at least six years in case of inspection by HMRC.

Managing expenditure and invoices – We track all expenditure that is spent on behalf of Newlife. We have an internal control system (including use of purchase orders) to authorise payment. We also have a ‘four eyes’ approach for senior management to authorise BACS online payments. All expenditure is logged on

SAGE database.

Legal – we have a duty to ensure all financial records are available for audit purposes annually. We are also legally obliged to retain all financial records for at least six years in case of inspection by HMRC.

Payroll and Any Other Expenditure (AOEs)

While it is the People Team who co- ordinate payroll with an external payroll facilitator, on the amount to be paid, the finance and audit team are securely emailed the report from the facilitator and then upload this for online payment which is signed off by leadership team members.

Legal – we have a duty to ensure all financial records are available for audit purposes annually. We are also legally obliged to retain all financial records for at least six years in case of inspection by HMRC.

Fundraising Team

 Newlife will obtain personal contact information  

 from you when you enquire or register for one

 of our activities or events, subscribe to receive

 a digital or postal communication, make a

 donation to us or otherwise provide us with

 personal information. You may receive follow

 up information from us that is relevant to this

 activity, including how your support is helping.

What information do we collect? This

 information consists of (but is not limited to)   

 name, postal address, email address,

 telephone or mobile number, bank account

 details, debit or credit card details and whether

 or not you are a taxpayer so that we can claim

 gift aid on your donations.

 Where it is appropriate we may also ask for:

-Information relating to your health (for example if you are taking part in a challenge style event)
– Date of Birth
– Why you have decided to donate to us. We will never make this question mandatory, and only want to know the answer if you are comfortable telling us.
– Newlife may also use publicly available information to identify people who may be interested in a high-profile public association with us. This information may include newspaper or other media coverage, open postings on social media sites such as LinkedIn and Twitter and data from Companies’ House.

 We use the information we receive to:

–        Administer your donation(s) or your sign up to our events, lottery draws and/or raffles. In addition, we may use your information to claim gift aid.
– Keep a record of your relationship with us.
– Enable us to record how you’d like to hear from us.
– Understand how we can keep improving our fundraising products, services and information.
– Ensure we are being compliant with various laws.
– Occasionally invite you to participate in surveys from Newlife so we can continually improve what we do.

Prospective Donor Research

Before contacting potential major donors, high net worth individuals, and philanthropists we may want to undertake research to better understand their engagement with Newlife and their potential interest in supporting our major projects. This research helps us to understand more about individuals so we can focus conversations we have about fundraising and volunteering in the most effective way and ensure that we provide an appropriate experience. This research will help us target communications in a more focused, efficient, and cost-effective way and help us to understand what type of charitable project prospective donors may find interesting, the level of support that would be appropriate, and how to personalise our initial contact.

In researching potential major donors, high net worth individuals, and philanthropists we may consider business and family networks, publicly available information relating to: residential location, wealth and assets, career, donations to other organisations, along with their hobbies and interests. The purpose of this research is to help identify new supporters, create a profile of their interests and financial capacity, and to evaluate their ability to support our major projects.

To aid us in this research we may use information the donor has already provided and combine it with additional information from publicly available sources such as Google, newspaper and magazines articles, Companies House records, charities, and any other information they have chosen to make public, for example on LinkedIn, public social media profiles, or corporate websites. We may also use additional information such as geographical information for measures of affluence where available. To do this efficiently, we may also use trusted third-party specialist companies that collate and analyse information from public registers alongside statistical social-economic data to automate some of this research work.

 Consent – we use marketing communications  

 to keep you up to date with what we’re doing,  

 how you can get involved, and news and

 features about the charity which we feel will be

 of interest to you. This may include newsletters,

 surveys, direct mail appeals, fundraising

 opportunities or updates about Newlife. We use

 a variety of methods to send marketing to you.    We include an opt-out opportunity within all marketing communication.

 Consent – electronic marketing includes the use

 of email and text messages. We’ll always ask

 your permission before we send you electronic

 marketing. You can choose any combination of

 these methods and you can always tell us, at

 any time, if you no longer want to receive these

 communications.

 Post – this is where you receive information

 about the charity through your letter box. Postal marketing enables us to contact a wide

 range of individuals and is an easy way to keep

 you updated. It allows you to donate and get

 involved in your own time and in a way which

 isn’t intrusive for you.  For this reason, and after      careful consideration, we use our legitimate interests to send marketing in this way. You can always tell us if you no longer want to receive post from us.

 Telephone

 Where it is appropriate and relevant, and you

 have provided us with a telephone number, we

 will occasionally call you to tell you about ways

 to give or raise money for us, to campaign for

 us and to volunteer for us. We do this as we

 consider it is a legitimate interest to

 communicate with you about ways you can support us. We will not contact you by phone for marketing purposes if your number is registered with the Telephone Preference Service, unless you have agreed to receive calls from us.

 Changing your marketing preferences

 You can stop receiving marketing

 communications altogether or change your

 preferences at any time either by following the

 instructions in the communication you have

 received or by contacting our Supporter

 Services Team.

 We won’t use your information for marketing

 purposes if you have asked us not to.

 Post Donation communication – Legitimate Interest – so that we can let you know how your kind support has made a real difference and changed children’s lives.  We may need to share limited information with our service providers who help us to prepare and issue our communications or process your donations and other responses. However, we will not allow these organisations to use your data for their own purposes and will take care to ensure that they keep your data secure.

We conduct this research on the legal basis of Legitimate Interest. If you would prefer us not to use your data in this way, please email us at dataprotectionteam@newlifecharity.co.uk or call us on 01543 462777

Governance and Compliance Team

Incoming/outgoing post – We receive and send out mail daily. Mail sent in is opened securely within an open office environment and date stamped before being processed and sent to the relevant individual/department.

Legitimate Interests – we process the mail that is sent to us, and it is opened securely and is then forwarded to the intended recipient only.

All sent mail, is collected directly by Royal Mail.

Trustees personal details – We receive, process and store personal details of our trustees including contact details and biographical information so that we can contact where appropriate and share information when it is pertinent to do so.

Legitimate Interests – we need to process details of all mentioned to arrange meetings, send papers/information and contact when required.

Consent – we will not share personal data with others without the consent of the data subject unless there is a legal obligation or

duty.

Correspondence from any data subject including complaints, requests, or any matter related to a data subject’s rights.

A data subject has rights in relation to how we process and store their personal data. Any requests or complaints in reference to the above will be processed in line with Newlife’s data protection policy.

We also receive complaints or requests for information that do not relate to the processing of data, but our day-to-day activity as a charitable incorporated

organisation.  All complaints will receive an outcome within 30 days unless an extension is required. In this case the complainant will be informed

Legal – we have a duty to ensure that the rights of a data subject are met and to ensure that we are in all cases fairly and lawfully processing data. We also have a legal duty to investigate all complaints that relate to unlawful activity.

Legitimate Interests – if we receive requests for information or a complaint we

will look to either meet the request or investigate the complaint in line with our complaint’s procedure. This is in the interests of the data subject

Surveys – To ensure that Newlife is providing an exceptional service and that we continue to meet the needs of the disabled children, their families and all beneficiaries. We look to contact families, volunteers and professionals via phone or email once the service has been provided to get feedback and ask questions related to their experiences and views on issues they face.

Legitimate interest to seek feedback and understand impact of equipment provided.  We will contact families who have received equipment from us, to get feedback on the equipment and service provided.  We will also ask questions related to the difference the equipment has made.  This will help us to improve what we offer to families, raise additional funds to help more children and as such is in the interests of families of disabled children.

  I.T

Emails – While emails are assigned to personal individual users, the I.T team has access to all accounts. They routinely check to ensure these have not been compromised/hacked and to maintain

where necessary.

Contract – Employees are required to ensure I.T can access and service email accounts as and when required.

Infrastructure – To facilitate and support the day to day running of the organisation, the I.T team can access information relating to all processing of data referred to within this privacy notice.

Legal obligation/duty under data protection legislation to ensure security and to ensure that data is not hacked or accidentally or deliberately lost/deleted/misused. The I.T team support the processing of all data.

Newlife’s infrastructure is monitored by an offsite security team, who manage the firewalls and traffic to our internal network.  They are signed up to a contract and performance is monitored regularly.

The People Team

Candidates/Employees/ex-employees –

We receive applications for vacant posts within the charity.  These are scored against a matrix and interviewed before a decision is made on the successful candidate. The employee’s personal data is then processed and stored within a secure database. Any unsuccessful candidate’s personal data is deleted after six months of a decision being made, unless we need to process this data for legal reasons.   We also work with agencies where necessary for temporary recruitment within our production and retail teams.  We only hold information that is necessary in these circumstances while they are working onsite.

Applicants are asked to provide sight of their Rights to work evidence at interview and a copy is retained. Unsuccessful candidates’ evidence is then disposed of once the decision has been given.

We use an external application tracking system (ATS) called Hireful to store and process all applications for job opportunities at Newlife.  Data includes name, contact details, C.Vs, employment history  – we don’t collect any health data via Hireful.  This is password and 2FA protected.

BambooHR – we use an external HRIS (Human Resource Information System) to process and store employee data and to manage timesheets, holidays and absence. Personal data includes contact details and emergency contact details for each employee – we don’t currently hold any health details on BambooHR.

The People Team will send emails to personal email addresses with important updates as and when required.  The Communications team will send out a monthly newsletter to inform team members of updates about the charity, any special store offers, and any other communication of interest.

Contract – For candidates/employees, we need to collect personal data to facilitate decision making, to contact the candidate or employee and to ensure a level of service is provided (e.g. all medical requirements are met).

Legitimate interest – Under UK employment law, employers are required to confirm Rights to Work prior to an employee commencing work.

Legitimate interest – This helps us to store and process job applications and is used during both the application scoring process and interview.  Applications are stored on Hireful for 6 months. 

Legitimate interest/contract – this enables us to store pertinent information and process timesheets and absence effectively. 

Legitimate Interests –

As this is in the team members’ best interests to receive updates regarding the work of the charity and special offers.

Payroll –

Newlife uses a third-party payroll specialist to manage our payroll. All timesheets are inputted onto a secure database and sent securely uploaded to our payroll provider sharefile. After they have completed payroll, the details are returned securely via the sharefile and downloaded by our People Team and our Finance team administer payment via BACs once checked and authorised.

Contract – To ensure that team members are paid in line with their contract, we need personal data on where payment should be directed to.

Legitimate Interests – we share data with our third-party payroll provider to ensure an efficient process for all our team members.

Legal – we have a duty to ensure all financial records are available for audit purposes. We are also legally obliged to retain all financial records for at least six years in case of inspection by HMRC. We will not process data outside of this

requirement.

Pension –

Newlife uses a third-party pension provider to manage pensions for team members in line with auto-enrolment legislation.  This is done by our payroll provider directly

Legal – we are legally required to opt all eligible team members into a qualifying pension scheme. To do so we must share personal data with our chosen pension provider.

Pension Information is securely shared with the Newlife People team from our payroll provider. This data is processed and stored in Newlife’s pension file on our server and then uploaded to our external pension provider, Peoples Pension.

Team members can choose to opt out of the pension scheme should they wish. The team member must do this directly with the pension provider.

Medical cash plan –

Newlife provides a health cash benefit through a medical cash plan to selected team member based on banding and long service. 

Employees sign to confirm that they wish to join and then details are shared with the third party.

Consent – Team members give their consent for us to enroll them into the scheme and thus share relevant data. Where they wish to upgrade their policy, team members complete a form, and the information provided is emailed by the People team to Medicash.

Once enrolled any claims are managed by Medicash. The employee will liaise directly with them.

Attachment of Earnings (AOEs) –

Newlife is approached by external organisations such as councils and housing associations to deduct unpaid monies directly from an individual’s salary due to a court order.

These are sent on to our Payroll provider for processing the deductions and shared with the Finance team so they can process the payments

Legal – as these deductions are subject to a court order, we are legally obliged to make the deductions where earnings meet the threshold. Team members will be aware of any deductions as they will be subject to the court order.

Retail Team

Customer membership –

Customer membership is voluntary in all stores. We require some personal data to set-up a new membership and the new member is given a card which they present when they purchase items at the till.

Consent – The customer presents their Style Card at the tills every time they want to make a purchase. If customers want to be informed about special events being held then they give consent verbally when becoming a member and this is recorded on the EPOS database. This allows the Newlife Marketing team to contact them. Members can unsubscribe from emails and change preferences if they wish.

Volunteer Support Team

Volunteers –

We receive application forms for volunteer posts within the charity. These are reviewed and interviews are done by the volunteer recruitment and support officer before an appointment is made.

Volunteer’s personal data is stored on a secure database.

Legitimate Interests – Newlife requires personal details to facilitate volunteering. Volunteering for Newlife is beneficial for those who agree to volunteer, and it helps Newlife too.

Consent – we will not share volunteer stories on our website or with local/national press without the consent of the volunteer.

Data

Source

We receive personal data and Health data

from Professionals who support equipment grant or loan applications.

This comes in via our equipment grant and

loan application forms or via phone calls with professionals to facilitate the application process.

Equipment suppliers and professionals assess the specific piece of equipment

needed and provide Newlife with a quote.

This comes in via email, phone or by the post to facilitate the application process

Attachment of Earnings (AoE’s) from local councils etc.…

Newlife is approached by external organisations such as councils and housing associations to deduct mortgage or rent payments directly from an individual’s salary. We only do this with the consent of

the individual.

Recipients

Personal data we may share

Pay Academy

Pay Academy are our third party pay providers. They process our payroll for us so receive financial data, names and contact details. They ensure that a smooth and efficient process occurs for our team members.

Medicash – Medical cash plans.

Newlife offers a benefit to employees in the form of a medical cash plan. Initial employee contact details are provided, and the employee then registers and provides personal data with our provider.

People’s Pension – Newlife uses a third-party pension specialist to manage pensions for team members who have opted in.

People’s Pension are our third-party pension providers. We share financial data, contact details of the individual to facilitate

an efficient service

EPOS – systems provide the equipment and

back systems for our customer membership and tills within all stores

The Names and contact details provided by

our customers are stored on the EPOS systems.

Bamboo HR

Newlife’s HRIS, which contains employee contact and emergency contact details, timesheets, annual leave and absence reporting.

Connect Assist

Connect Assist operates the Newlife Nurse helpline reception team, transferring calls to the Newlife nurse team and arranging nurse call backs when appropriate.  They have access to relevant sections of our child and family database, and process personal and special category data that is disclosed. 

MS Azure

Newlife uses MS Azure for cloud-based infrastructure

Wavenet

Wavenet manages Newlife’s firewalls for incoming traffic.

  Mailchimp

Newlife uses Mailchimp, a third-party platform, to store data including names and email addresses provided by individuals who have opted to receive marketing emails. These are organised into mailing lists, and individuals will only be added to the mailing list they have opted to sign up to, receiving marketing information which is tailored to specific lists. Each email sent also offers the option to opt out of further communications.

Specialist Disability Equipment providers.

We look to work with professionals and relevant health and local authorities when we believe that they have an obligation to

provide the child with the equipment that is needed.

Newlife uses specialist equipment providers to provide the equipment needed by disabled and terminally ill children. These providers receive personal data sent by a family to Newlife, so they can ensure the child receives the right piece of equipment and then delivers the equipment. They require contact details, health information

and addresses to provide this service. We can share information with local statutory bodies based on pursuing legitimate interests. We believe this to be

in the best interests of the child and family to get equipment funded by their authority.

Play equipment

we use transport couriers such as APC and DPD to transport our Play therapy pods to and from family addresses for their 12-week loan.

RIDDOR/HSE

If a serious accident occurs on any sites

which we operate in, we have a legal duty to report this.

Cross Products – Newlife uses a third party to create and manage our internal databases which hold personal data.

Our provider accesses, repairs and develops our databases when required. Personal data is only viewed when required

to facilitate the above.

Department

Name of Document

Medium

Maximum Retention

Period

Notes

Child and Family

Nurse Service contact form

Electronic/paper

7 years

Industry guidelines recommend that all data

related to Health records should be kept for 7

years

Nurse Helpline Triage form

Electronic/paper

7 years

Equipment Grant application form

Electronic/paper

7 years

Photo

Electronic/paper

7 years

Equipment Grant

assessment and scoring form

Electronic/paper

7 years

Equipment Grant

Offer Letter

Electronic/paper

7 years

Supplier Ordering

form

Electronic/paper

7 years

Emergency

Equipment Loan application form

Electronic/paper

7 years

Emergency Equipment Loan

Interview sheet

Electronic/paper

7 years

Emergency Equipment Loan

verbal agreement

Electronic/paper

7 years

Emergency Equipment Loan

Authorisation form

Electronic/paper

7 years

Emergency Equipment Loan Equipment

agreement form

Electronic/paper

7 years

Emergency Equipment Loan Order Confirmation form

Electronic/paper

7 years

Play Therapy Pod

Application form

Electronic/paper

7 years

Play Therapy Pod

Offer Letter

Electronic/paper

7 years

Play Therapy Pod Authorisation form

Electronic/paper

7 years

Campaigning and Advocacy

Letters/Briefings to MP’s/Clinical Commissioning Groups/Local Authorities and

schools

Electronic/paper

7 years

Industry guidelines recommend that all data related to health records should be kept for 7 years

Confidential Intervention records

Electronic/paper

7 years

Multi Agency

Safeguarding Hub referrals

Electronic/paper

7 years

Fundraising

Direct Donation forms (cash/cheque)

Electronic/paper

7 years

We are legally obliged to keep financial records/VAT forms for at least

6 years

Retrospective Donation forms (via bank)

Electronic/paper

7 years

We are legally obliged to keep financial records/VAT forms for at least

6 years

Online Donation forms

Electronic/paper

7 years

We are legally obliged to keep financial records/VAT forms for at least

6 years

Donor Stewardship

letters

Electronic/paper

7 years

Grand draw raffle tickets

Electronic/paper

7 years

We are legally obliged to keep financial records/VAT forms for at least

6 years

Sponsor forms

Electronic/paper

7 years

We are legally obliged to keep financial records/VAT forms for at least

6 years

Material order

forms

Electronic/paper

7 years

Online express emails

Electronic

7 years

‘Don’t be a

stranger’ Opt- in forms

Electronic/paper

7 years

Donor records on Raisers Edge relationship database

Electronic

7 years

We are legally obliged to keep financial records/VAT forms for at least

6 years

Consent forms for events and

volunteering

Electronic/paper

7 years

Communication

and Marketing

Customer Surveys

Electronic/paper

3 years

Team member images

Electronic

Length of

employment

Marketing data on those who opt-in to regular contact

Electronic

Consent is given by individual and retained for length of period agreed by data

subject

Images and data for website

Electronic

Consent is given by individual and retained for length of period agreed by data

subject

Facilities

Drivers

licence/passport information of team member

Electronic/paper

Length of employment

CCTV images

Electronic

30 days

Accident and Investigation forms

Electronic/paper

7 years

Industry guidelines recommend that all data

related to Health records should be kept for 7 years

Remedial Risk Assessment forms

Electronic/paper

7 years

Near-miss and

dangerous incident forms

Electronic/paper

7 years

Any RIDDOR/HSE

referrals

Electronic/paper

7 years

DSE Assessments

Paper

7 years

Finance

Direct Donation forms (cash/cheque)

Electronic/paper

7 years

We are legally obliged to keep financial records/VAT forms for at least 6 years

Retrospective Donation forms (via

bank)

Electronic/paper

7 years

Online Donation

forms

Electronic

7 years

Expense forms

Electronic/paper

7 years

Business mile

claim forms

Electronic/paper

7 years

Private mile

declaration forms

Electronic/paper

7 years

BACS request and

Electronic

7 years

confirmation forms

New supplier forms

Electronic/paper

7 years

Monthly Credit

Card Statements

Electronic/paper

7 years

Audit reports and minutes

Electronic/paper

10 years

Meetings and resolutions involving board of directors/trustees should be kept

for 10 years

Governance &

Administration

Complaints log

Electronic/paper

3 years

Medical Directors

Contract

Electronic/paper

3 years

Family Surveys

Electronic/paper

3 years

Medical Panel

details

Electronic

Updated

annually

Trustee information

Electronic

Length of

trustee service

All Data subject

request forms

Electronic/paper

3 years

Visitor logs and non-disclosure

forms

Electronic/paper

3 years

Post books

Paper

3 years

Trustee minutes

Electronic/paper

10 years

Meetings and resolutions involving board of directors/trustees should be kept

for 10 years

Media

Photos of disabled children/families

Electronic/paper

Consent is given by individual and retained for length of period agreed by data

subject

Press releases with family stories sent to journalists

Electronic/paper

Consent is given by individual and retained for length of period agreed by data

subject

Family stories to feed into donor reports

Electronic/paper

Consent is given by individual and retained for

length of period

agreed by data

subject

Feature articles sent to Journalists

Electronic/paper

Consent is given by individual and retained for length of period agreed by data

subject

People Team

CVs/Application forms for successful applicant, employees and volunteers

CVs/ Applications for unsuccessful applicants

Electronic/paper

6 years of leaving

6 months

Legally obliged to keep employment contracts for 6 years after

leaving

Interview notes

Electronic/paper

6 years for successful candidates 6 Months if not

successful

New Starter forms

Electronic/paper

6 years of

leaving

P45 forms

Electronic/paper

6 years of

leaving

Induction

paperwork

Electronic/paper

6 years of

leaving

Required

information forms

Electronic/paper

6 years of

leaving

Pension Opt-in

forms/letters

Electronic/paper

6 years of

leaving

Car permits

Electronic/paper

6 years of

leaving

Offer of

employment letters

Electronic/paper

6 years of

leaving

Photocopy of

Rights To Work evidence

Electronic/paper

6 years of

leaving

Team member I.D photo

Electronic/paper

6 years of

leaving

Medicash benefit

forms

Electronic/paper

6 years of

leaving

Policy agreement

forms

Electronic/paper

6 years of

leaving

Probation reviews

Electronic/paper

6 years of

leaving

Absence request

forms

Electronic/paper

6 years of

leaving

Training request and verification

forms

Electronic/paper

6 years of leaving

Personal Development Review Forms

(PDR’s)

Electronic/paper

6 years of leaving

Disciplinary actions

Electronic/paper

Upon expiry

Investigations, file

notes and Grievances

Electronic/paper

6 years of leaving

Personality

Profiling results

Electronic/paper

6 years of

leaving

References

Electronic/paper

6 years of leaving

Doctors notes

Electronic/paper

6 years of

leaving

Change of details forms for team members &

volunteers

Electronic/paper

6 years of leaving

General

correspondence

Electronic/paper

6 years of

leaving

Certificates and

awards

Electronic/paper

6 years of

leaving

Volunteer enquiry

forms

Electronic/paper

6 years of

leaving

Volunteer

agreements

Electronic/paper

6 years of

leaving

People Team

database entries

Electronic/paper

6 years of

leaving

Corporate

Services

Duty of Care

statements

Electronic/paper

3 years

Duty of Care

Letters

Electronic/paper

3 years

Interim reports

Electronic/paper

3 years

Thank you letters

Electronic/paper

3 years

Confidential Corporate Contact

forms

Electronic/paper

3 years

Supplier Control Database

Electronic/paper

3 years of no longer supporting

Newlife

Contact details of donors and potential donors

Electronic/paper

Consent is given by individual and retained for length of period agreed by data

subject

Sales

Customer details including contact information. This only applies to style card members.

Electronic/paper

Consent is given by individual and retained for length of period agreed by data

subject

EBay customer

information

Electronic/paper

7 years

We are legally

obliged to keep financial records/VAT forms for at least

6 years

Volunteers

Volunteer personal details

Electronic/paper

3 years of no longer volunteering for Newlife