1.          Introduction & Background
1.1        We want everyone who supports us, or who comes to us for support, to feel confident and comfortable with how any personal information you share with us will be looked after or used. This Privacy and Cookies Policy sets out how we collect, use, store and look after your personal information (this means any information that identifies or could identify you) and tells you about your privacy rights and how the law protects you.
1.2        It is important that you read this Privacy and Cookies Policy, together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we
are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

1.3        Norfolk and Waveney Mind may review and change this statement so please remember to check back from time to time, this version was last updated March 2022. Where we have made any changes to this Privacy and Cookies Policy, we will make this clear on our website or contact you about any changes.
2.         Our Privacy Principles
2.1        We will look after any personal information that you share with us. This is central to our values as an organisation. We want everyone who supports us, or who comes to us for support, to feel confident about how any personal information they share will be looked after or used.
2.2       You can be confident that:

  • We only use personal information in the ways we need to and that is expected of us.
  • We will keep you up to date with our work, including how we are campaigning to improve services, raising awareness, promoting understanding as well as our fundraising activities.
  • But, we only use your personal information to do this if you have previously told us that’s OK.
  • We will make it easy for you to tell us how you want us to communicate with you, including how to opt out from future communications - and we promise your request will respected straight away.
  • We will never release your information to organisations outside Norfolk and Waveney Mind for their marketing purposes.
  • We will be especially careful and sensitive when engaging with vulnerable people or those we have reason to believe might be vulnerable
  • We take all reasonable care to safeguard your personal information through security policies and secure business processes.
  • We will always provide easy ways for you to contact us.
Our Data Protection Officer is happy to answer any queries you have, at any time.
3.         Who we are
3.1        Norfolk and Waveney Mind are committed to protecting your personal information and making every effort to ensure that your personal information is processed in a fair, open and transparent manner.
3.2       We are a "data controller" for the purposes of the Data Protection Act 2018 and the retained EU law version of the General Data Protection Regulation 2016/679 ("UK GDPR"). This means that we are responsible for, and control the processing of, your personal information.
3.3       For further information about our privacy practices, please contact our Data Protection Officer by:
  • Writing to: Data Protection Officer, Norfolk and Waveney Mind, 50 Sale Road, Norwich, Norfolk NR7 9TP
  • Calling us on 01603 432457
  • Emailing: DPO@norfolkandwaveneymind.org.uk
4.         How we collect information about you

4.1       Everything we do, we do to ensure that we can help people experiencing a mental health problem get both support and respect. We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We want to make sure you receive the best attention at all times.
4.2       We collect information from you in the following ways:
4.2.1    When you interact with us directly: This could be if you ask us about our activities, register with us for training or an event, make a donation to us, ask a question about mental health, purchase something, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, make a purchase from our shop, or get in touch through the post, or in person.
4.2.2    When you interact with us through partners or suppliers working on our behalf: This could be if you access a service such as the Norfolk Wellbeing Service which is delivered in partnership with other trusted organisations.
4.2.3    When you interact with us through third parties: This could be if you provide a donation through a third party such as Just Giving or one of the other third parties that we work with and provide your consent for your personal information to be shared with us.
4.2.4   When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use "cookies" to help our site run effectively (see section 13 on 'Cookies' below for further information).
4.2.5    We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.
5.         Information we collect and why we use it
5.1        Personal Information 
5.1.1     Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and financial details (if you are making a purchase or donation), as well as information you provide in any communications between us. You will have given us this information whilst making a donation, registering for an event, placing an order on our website or any of the other ways to interact with us.
5.1.2     We will mainly use this information:
  • To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
  • To provide the services or goods that you have requested.
  • To update you with important administrative messages about your donation, an event or services or goods you have requested.
  • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
  • To keep a record of your relationship with us.
  • Where you volunteer with us, to administer the volunteering arrangement.
5.1.3     If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide goods and services you have requested.
5.1.4    We may also use your personal information:
  • To contact you about our work and how you can support Norfolk and Waveney Mind (see section 7 on 'Marketing' below for further information).
  • To invite you to participate in surveys or research.
5.2       Sensitive Personal Information
5.2.1     If you share your personal experience or the experiences of a friend or relative, we may also collect this health information. If you provide us with any Sensitive Personal Information by telephone, email or by other means, we will treat that information with extra care and confidentiality and always in accordance with this Privacy Policy.
5.2.2    You can of course decide if you want to remain anonymous, if you are happy to share your personal details with staff members or if you would like us to share your story with the media or other parties as part of our work telling people’s personal stories about mental health (for example, on our social media accounts).
5.2.3    A special note about the Sensitive Personal Information we hold:
The UK GDPR recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
If you contact us at Norfolk and Waveney Mind, either in person, over the telephone, via email or via post, you may choose to provide details of a sensitive nature.
We will only use this information:
For the purposes of dealing with your enquiry, as part of the recruitment process, training, and quality monitoring or evaluating the services we provide.
We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
Where you have given us your express consent that you are happy for us to share your story, then we may publish it on our blog or in other media.
6.         Legal basis for using your information
6.1        In some cases, we will only use your personal information where we have your consent or because we need to use it in order to fulfil a contract with you.
6.2       However, there are other lawful reasons that allow us to process your personal information and one of those is called 'legitimate interests'. This means that the reason that we are processing information is because there is a legitimate interest for Norfolk and Waveney Mind to process your information to help us to achieve our vision of ensuring that everyone experiencing a Mental Health problem gets both support and respect.
6.3       Whenever we process your Personal Information under the ‘legitimate interest' lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
6.4       Some examples of where we have a legitimate interest to process your Personal information are where we contact you about our work via post, use your personal information for data analytics, conducting research to better understand who our supporters are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission.
7.         Marketing

7.1        We will only contact you about our work and how you can support Norfolk and Waveney Mind by phone, email or text message, if you have agreed for us to contact you in this manner.
7.2       However, if you have provided us with your postal address we may send you information about our work and how you can support Norfolk and Waveney Mind by mail unless you have told us that you would prefer not to hear from us in that way.
7.3       You can update your choices or stop us sending you these communications at any time by contacting DPO@norfolkandwaveneymind.org.uk or clicking the unsubscribe link at the bottom of the relevant communication.
8.         Sharing your information and international transfers
8.1        The personal information we collect about you will mainly be used by our staff (and students and volunteers) at Norfolk and Waveney Mind so that they can support you.
8.2       We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
8.3       Norfolk and Waveney Mind may however share your information with our trusted partners and suppliers who work with us on or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes. An example of where we may share your information is with our contracted delivery partners or referrers who help to deliver services.
8.4       We enter into contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
8.5       Legal disclosure
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.

8.6        International transfers
We do not generally transfer your personal data outside of the UK. However, if we are required to make an international transfer (for example, because a service provider we are using is located outside of the UK), we ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
9.         Keeping your information safe
9.1        We take looking after your information very seriously. We've implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
9.2       Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.
9.3       Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.

9.4        Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
10.       How long we hold your information for
10.1      We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).
11.        Your rights
11.1       You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at Norfolk and Waveney Mind; 50 Sale Road, Norwich, Norfolk NR7 9TP, by email at DPO@norfolkandwaveneymind.org.uk and by phone on 01603 432457. You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office: ico.org.uk
11.2      Accesss to your personal information:
You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing to our Data Protection Officer as noted above, and provide us with evidence of your identity which clearly shows your name, date of birth and current address. We can accept a photocopy or a scanned image of one of the following as proof of identity: passport or photo identification such as a driver's license, national identification number card, or birth or adoption certificate. If you have changed your name, please provide the relevant documents evidencing the change.

11.2.1        We may request additional information from you to help confirm your identity and your right to access, and to provide you with the personal data we hold about you.

11.2.2       To help us process your request quickly and efficiently, please provide as much detail as possible about the personal data you are requesting access to. Please include time frames, dates, names, types of documents, file numbers, or any other information to help us locate your personal data.

11.2.3      We will contact you for additional information if the scope of your request is unclear or does not provide sufficient information for us to conduct a search (for example, if you request "all information about me"). We will begin processing your access request as soon as we have verified your identity and have all the information we need to locate your personal data.

11.2.4       If the information you request reveals personal data about a third party, we will either seek that individual's consent before responding to your request, or we will redact that individual's personal data before responding. If we are unable to provide you with access to your personal data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.

11.2.5      Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
11.3      Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
11.4      Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
11.5      Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
11.6      Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
11.7       Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
11.8      Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
11.9      No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
11.10     Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
12.        Recruitment use of personal data.

12.1      Please Note when applying for an advertised role:
Not all our vacancies are advertised and there may well be a role within our organisation for which you are equally or better suited.
12.2     By sending your CV to Norfolk and Waveney Mind for an advertised role, the following will happen to your personal data:
  • That personal data includes your name, contact details, work history, employment preferences, references and the usual information contained on a CV.
  • We will receive and keep copies of your CV and, where appropriate, proof of your eligibility to work, in accordance with our legal obligations, this will be stored on our recruitment database for a period of not more than 3 years.
  • Your CV will be visible to all our hiring managers for the purposes of matching to suitable roles, either at the time of sending or at any time up to 3 years.
  • We may also share your personal data with external Mental Health Providers, where we are engaged to recruit on their behalf, if this is needed you will be contacted, in advance, for permission.
  • If Norfolk and Waveney Mind employ you, we will also ask you to provide us with the information needed to ensure that you are paid appropriately. (This may happen prior to engagement)
  • Where we are legally required to do so, we may also ask you for details of any criminal offences and seek an up to date criminal records check. (This may happen prior to engagement)
At all times, you retain control over your personal data and may instruct us to stop looking for work for you within our organisation at any time.
When instructed by you, we will remove your records from our database unless we are required to keep it for legal reasons.
If wish to alter in anyway how we will store or use your data sent to us for a recruitment activity please email our Data Protection Officer - DPO@norfolkandwaveneymind.org.uk  quoting the job reference you applied for.
13.        Cookies
13.1      'Cookie' is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website.
13.2     They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can't be used to identify you.
13.3     How do we use cookies?
We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you come to our website and also allows us to improve the user experience.
13.4     The cookies we use
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide. We use three categories of cookies:
  • Strictly necessary cookies are essential for you to move around our website and to use its features.
  • Performance cookies collect anonymous information about how you use our site, like which pages are visited most.
  • Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.

13.5     No cookies, please
You can opt out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser. But, if you choose to refuse all cookies, our website may not function for you as we would like it to.
If you have any questions about how we use cookies, please contact us as noted above.
14.       Monitoring
Your communications with our teams (including by telephone or email) may be monitored and/or recorded for training, quality control and compliance purposes to ensure that we continuously improve our customer service standards.
To find out more about this statement and how we look after your personal information, contact us at DPO@norfolkandwaveneymind.org.uk or on 0300 330 5488.


Head Office

50 Sale Road
Tel: 0300 330 5488

© 2023 Norfolk and Waveney Mind
We're a part of Mind
We're a registered charity (no. 1118449) and a registered company (no. 05729028) in England

Privacy & Cookies Policy
Powered by Empresa.
Designed by DACS Design & Print Consultancy