This privacy notice explains how and why we process your personal information (data) when you make contact with us or use one of our services.
Thirtyone:eight is the data controller (organisation which determines the purposes and means of the processing of personal data) for the personal data we process, unless otherwise stated. We keep this Privacy Notice under regular review and any updates will be noted here on our website. If we make any significant changes, we will make reasonable efforts to notify you. If you want to contact us in relation to this you can do so using the contact details at the bottom of this page.
Personal data is any information relating to a living person who can be directly or indirectly identified by that data such as a name, email address, photograph, video etc.
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the GDPR) and the Data Protection Act 2018 and other legislation relating to personal data and rights such as the Human Rights Act 1998.
We aim to provide information and guidance on all safeguarding matters to everyone who wishes it. We need to process your personal data so we can make this as relevant and helpful as possible. We process personal data for communication and marketing purposes and in the delivery of all our services including to notify users about updates to our website. We may occasionally be legally required to disclose your personal data at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing our website and applicable laws, or to protect against misuse or unauthorized use of our website.
We process personal data such as names, contact details e.g. email addresses, telephone numbers, addresses, and where this is relevant to the services we provide, or where you have provided them to us, demographic information such as gender, date of birth, nationality etc.
Most of the data we process is provided by you for one of the following reasons:
- You are a member with us
- You have made an enquiry about one of our services
- You have purchased and/or attended one of our training courses
- You carry out your DBS checks through us and may have called our Disclosure helpline
- You have contacted our Safeguarding helpline
- You have used our consultancy services e.g. safeguarding audit, risk assessment etc
- You subscribe to our email updates
- You have made a complaint to us about one of our services
- You have applied for a job with us
- You have completed a survey which we use for research and evaluation purposes
Some of the personal data we process may include special category data. (For more information see section on special category data).
Right of Access
You have the right to ask us for copies of your personal data. There are some exemptions which means you may not always receive all the information we process, see here for further information. If we are unable to provide you with your personal data, we will always provide a reason for this. To submit a right of access request to us, email your request to the Data Protection Officer at [email protected]
Right to rectification
You have the right to ask us to correct any information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Further information can be found here.
Right to erasure
You have the right to ask us to delete your personal information in certain circumstances. Further information can be found here
Right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances e.g. if there is a dispute about the accuracy of your personal data. Further information can be found here
Right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. Further information can be found here
If you no longer wish to receive email communications from us, you can unsubscribe from these at any time using the link contained in each email we send and you will be taken off our distribution list. Alternatively you can contact our office on 0303 003 1111.
Right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into, a contract and the processing is automated. Further information can be found here.
If we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the separate special category data policy here.
Right to complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.
You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
In order to process your personal data, we are required to have a reason (lawful basis) for doing so. This may include:
- Consent, where you have agreed for us to use your data in a specific way for example to send you our monthly update email;
- Contract, where you have an agreement with us for example membership or consultancy services;
- Legal obligation, where we are required by law to share or process your data for example with our Disclosure and Safeguarding Helpline Services.
- Vital interests, where there is an immediate risk to your health for example at one of our events or courses;
- Public task, where information is processed in relation to concerns raised via our Safeguarding helpline;
- Legitimate interests, where we aim to engage with and inform our members and supporters on topical safeguarding matters or to promote services which we believe you may have an interest in, to conduct research to better understand your needs and improve our services, the use of CCTV at our headquarters in Swanley for monitoring and security purposes, handling any comments or complaints in line with our policy.
Personal data is processed in accordance with our retention policy and subject to statutory and legal responsibilities. We will only keep personal data as long as we need it. Further information is available on request using the contact details at the bottom of this page.
We will not rent or sell your personal data to any other organisation.
Where we use an external service provider to act on our behalf, we will disclose only the personal data necessary to deliver the service and will have a contract in place that requires the provider to comply with our data protection and information security requirements.
We do not carry out any automated decision-making or profiling.
Since leaving the EU, the UK has formally adopted GDPR and it is now known as the UK GDPR.
Some of the personal data we process may include special category data, which is personal data that needs more protection because it is sensitive. This could include information about your health, race, ethnic origin, sexual orientation, sex life, politics and religion. The categories of data we may process include health, race, ethnic origin, sexual orientation, sex life and religion.
Our lawful basis for processing special category data, according to Article 6 of the GDPR, may be for one of the following reasons:
- Consent – where you have given us your consent to process this data e.g. becoming a member with us and including details of the church or faith organisation you attend or where you have contacted our Safeguarding helpline and discussed a safeguarding concern around someone’s sex life or sexual orientation (*see section on helpline below).
- Contract – where we are undertaking consultancy work for your organisation and we need to process this data in order to fulfil our obligation under the contract.
- Compliance with legal obligation – where we have been appointed as an umbrella body for the DBS to carry out criminal records checks.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller - where we act as an umbrella body for the DBS Service in carrying out DBS checks.
- Processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child – where we use your personal data for statistical analysis to improve the services we provide, for example in our training offerings or with our Disclosure or Safeguarding helplines to develop relevant training courses.
The conditions we use for processing special category data are as follows, as per Article 9 of the GDPR:
Consent – where you have provided the information to us for one or more specified purposes, for example becoming a member with us and providing information about the church or faith organisation to which you belong or where you have contacted our Safeguarding helpline to discuss a safeguarding concern.
Reasons of substantial public interest (with a basis in law)
- Statutory and government process – where we are a registered umbrella body with the DBS to carry out criminal records checks
- Preventing or detecting unlawful acts – (see section on our Safeguarding helpline)
- Protecting the public – (see section on our Safeguarding helpline)
- Regulatory requirements – see point above on Statutory and government process
- Safeguarding of children and individuals at risk – where we are protecting an individual from neglect or physical, mental or emotional harm, or protecting the physical, mental or emotional well-being of an individual
Due to the nature of the information collected by our Safeguarding helpline, all data is retained indefinitely and stored securely. With the exception of where we are legally required to do so for the purposes of a criminal investigation, we will only share information with third parties where there is an Information Sharing Agreement (ISA) or Service Agreement in place with the organisation to which the caller belongs, or where the caller has given their consent. We cannot treat confidentially any information which suggests that an identifiable individual poses a risk of serious harm to another person, in particular a child, or in relation to a child or adult who is exposed to such risk. Where we have been given such details and the caller fails to take appropriate action, our duty will be to ensure that necessary steps are taken to protect a person from harm.
Whilst all our services are provided in good faith, we are unable to accept legal responsibility for that advice, however, all our advice is quality controlled which means it is reviewed by another member of our staff team to ensure consistency and means you may be contacted further to clarify a situation or to give additional information. People calling our Safeguarding helpline can choose to remain anonymous or be known by a referral number although that may limit the help we can provide.
A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use 'session' cookies on the website. We will use these to keep track of you whilst you navigate the website. Session cookies will be deleted from your computer when you close your browser.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. For example, in Microsoft Edge you can refuse all cookies by clicking “Settings”, “”, “Privacy and Security”, and selecting “Block all cookies” using the drop down list. Blocking all cookies will, however, prevent event booking and access to the thirtyone:eight portal and member specific content.
From time to time, we may use collected information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change, we will post the updates to our website and provide you with the ability to opt out of these new uses. We will only use data collected from the time of the policy changes for any new purposes.
Our website will always have the most up to date privacy notice on it if you have any concerns. If you would prefer not to have your information used for these new purposes, please contact us using the details at the bottom of this page.
We take security very seriously and do all we can to protect your personal data. We store all data securely, both physically and electronically, in accordance with our policies and comply with our obligations under GDPR and the DPA by minimising personal data, keeping it up to date, storing and destroying it securely and in a timely way, not collecting or retaining excessive amounts of personal data, protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organisational measures are in place to protect it.
In addition to standard Microsoft security measures, we also have Cyber Essentials accreditation (UK government cyber security standard) which helps us to guard against the most common cyber threats and demonstrates our commitment to protect against the loss, misuse or alteration of personal data that we process.