This Privacy Notice describes Auriga’s policies and practices regarding its collection and use of your personal data and sets out your privacy rights.
Auriga Services Ltd was formed in 2004 as a not-for-profit trading subsidiary of Severn Trent Trust Fund (established in 1997). We manage the funds and assistance schemes of NHS, Local Authorities, other small organisations and charities and assess applications for financial assistance from those schemes, social tariffs as well as providing welfare and debt advice.
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously.
We recognize that information privacy is an ongoing responsibility and so from time to time we will update this Privacy Notice to reflect the latest view of what we do with your information as we undertake new personal data practices or adopt new privacy policies. You should therefore check our Site frequently to see if any changes have been made by the date it was last updated.
We may change this document to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated.
When does this policy apply?
This Notice covers how we collect and use your personal information e.g.
- When you visit or use our website, or social media channels.
- When you use our services.
- When you subscribe to our newsletter.
- When you provide to us your goods or services.
- When you contact us.
- When you interact with us a customer, client, supplier or other person with a business relationship with us.
Refer to the sections below for more details on how and why we use your personal information:
- Who are we?
- What information do we collect, store and use about you and where does it come from?
- How do we use your information?
- On what legal basis do we use your information?
- When do we share your information?
- Do we transfer your data abroad?
- How do we protect your information?
- How long do we keep your information?
- What are your responsibilities?
- What are your rights?
- What if I have a complaint about how we process your information?
- What about links to other websites?
- Our details
Who are we?
References to Auriga in this policy are to Auriga Services Limited which is a non-profit making company limited by guarantee. Registered in England No. 05093179 at Emmanuel Court, 12-14 Mill Street, Sutton Coldfield, West Midlands, B72 1TJ
What information do we collect, store and use about you and where does it come from?
Depending on who you are (e.g. customer, client, supplier, employee, etc.) and how you interact with us (e.g. online, offline, over the phone, etc.) we may process different data about you. For example, we may collect your data, when you are employed by us; use our services, our website and social media channels; when you subscribe to our newsletter; contact us with an enquiry or otherwise interact with us.
Below you will find an overview of the categories of data we may collect, store and use:
Information you provide to us directly
|Categories of data||Examples of types of data|
|Personal identification information||Name, surname, title, date of birth, National Insurance number|
|Contact information||Address, email, phone number|
|Images from which you may be identified||Photograph|
|Financial information||Bank details, benefits, debts|
|Health information||Doctors/hospital, occupational therapy assessment|
|Qualifications||Education and professional qualification|
|Any other information you have voluntarily shared with us||CV, feedback, opinions|
Information provided by others
If, as a customer or client, you are referred to Auriga for assessment for assistance or welfare or debt advice, personal information that the referrer legitimately holds about you may be shared with us to enable that assessment or provision of advice to take place. Additionally, personal information that hospitals, doctors and other agencies hold may be shared with us for that same purpose.
Information we collect automatically
When you visit or use our website, subscribe to our newsletter or otherwise interact with us through our digital channels, in addition to the information you provide to us directly, we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:
|Categories of data||Examples of types of data|
|Device information||IP address, operating system version|
|Log information||Time and duration of your use of our digital channel|
|Other information about your use of our digital channels||Length of visit, number of page views|
Information we may collect from other sources
To the extent permitted by applicable law, in addition to our website and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties that have obtained your permission to share your information. For example, depending on your social media settings, if you choose to connect your social media ours, certain data from your social media account will be shared with us, which may include data that is part of your profile.
How do we use your information?
We may use your data for different legitimate reasons and business purposes. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
Below you will find an overview of the purposes for which we may process your data:
|Eligibility assessment||Assessment of individuals for eligibility to receive assistance from Trust Funds and Charities|
|Provision of advice||Debt advice|
|Providing requested communications||Emailing our newsletter to you, sending you a copy of our help booklet or responding to your queries and complaints|
|Recruitment||Reviewing applications, CVs shortlisting, interviews and offers of employment.|
|Employment||Employment contract, salary, pension, tax, leave, sickness, performance|
|Administration of the business||Send statements and invoices to you, and collect payments from you, make payments to you|
|Security and protection of our interests/assets||Deploying and maintaining technical and organizational security measures, conducting internal audits and investigations|
|Compliance with legal obligations||Disclosing data to government organisations or supervisory authorities as applicable, such as tax and national insurance deductions, record-keeping and reporting obligations, and other requests from government or other public authorities, responding to legal process, pursuing legal rights and remedies, and managing any internal complaints or claims|
|Defence of legal claims||Establishment, exercise or defence of legal claims to which we are or may be subject|
On what legal basis do we use your information?
In order to be able to process your data, we may rely on different legal bases, including:
- Your consent (only when legally required or permitted). If we rely on your consent as a legal basis for processing your data, you may withdraw your consent at any time.
- The necessity to establish a contractual relationship with you and to perform our obligations under a contract.
- The necessity for us to comply with legal obligations and to establish, exercise, or defend our self from legal claims.
- The necessity to pursue our legitimate interests – please read our Legitimate Interests Statement [insert link to statement], including:
- To administer and generally conduct business within the Company.
- To prevent or investigate suspected or actual violations of law, breaches of a business customer contract, or non-compliance Auriga policies.
- The necessity to respond to your requests.
- The necessity to protect the vital interests of any person.
- Any other legal basis permitted by law.
When do we share your information?
We do not share any of your data except in the limited cases described here.
If it is necessary for the fulfilment of the purposes described in this Policy, we may disclose your data to the following entities:
- Customers: we may disclose your personal information to the Trust Funds and Charities whose funds we administer for audit and occasionally for decision making. We may also disclose your data to the courts and legal council when representing you.
- Public and government authorities: where we are under a legal duty to do so (e.g. HMRC for employee taxation), or in order to enforce or protect any of our rights, property or safety (or those of our customers/clients).
- Service providers: like many businesses, we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers.
- Other parties in connection with corporate transactions: we may also, from time to time, share your information to the purchaser (or prospective purchaser of any business or asset we are contemplating selling to another company, or any reorganization, merger, joint venture.
Do we transfer your data abroad?
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). Some countries outside the EEA are recognized by the European Commission as providing an adequate level of protection. If we transfer your information to other countries that are not are recognized by the European Commission as providing an adequate level of protection, we will put in place adequate organisational and legal measures to protect your data.
How do we protect your information?
To protect your information, we will take appropriate measures that are consistent with applicable data protection and data security laws and regulations, including requiring our service providers to use appropriate measures to protect the confidentiality and security of your data. Depending on the ‘state of the art’, the costs of implementation and the nature of the information to be protected, we put in place technical and organizational measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. We use Transport Layer Security (TLS) to encrypt and protect email traffic however, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
How long do we keep your information?
We keep your data for the period necessary to fulfil the purposes for which it has been collected (for details on these purposes, see above section “How do we use your data?”), and in accordance with our Retention Policy. Please keep in mind that in certain cases a longer retention period may be required or permitted by law. The criteria used to determine our retention periods include:
- How long is the data needed to provide you with our services or to operate our business?
- Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.
What are your responsibilities?
We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the data you provide to us, is accurate, complete and up-to-date. Please let us know if the personal information which we hold about you needs to be corrected or updated.
If you share with other people’s information with us, it is your responsibility to collect such data in compliance with data protection and privacy legislation. For instance, you should inform such other people, whose data you provide to us, about the content of this Notice and obtain their consent.
What are your rights?
Under the Data Protection Act 1998, and the GDPR from 25th May 2018, you have rights as an individual which you can exercise in relation to the information we hold about you. A good explanation of them is available on the website of the Information Commissioner’s Office.
If you wish to confirm that Auriga is processing your personal data or receive a copy of the personal data that Auriga may have about you, please contact us at firstname.lastname@example.org. You may also ask us how long your information will be stored and ask us any other questions related to the protection of your information that we process.
You have a right to:
- Correct (rectify) the record of your personal data maintained by Auriga if it is inaccurate.
- Request that Auriga erase that data or cease processing it, subject to certain exceptions.
- You may instruct us not to process your personal data for marketing purposes by email to email@example.com at any time. In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.
- Request that Auriga stop using your data for direct marketing purposes.
- When technically feasible, at your request, have your personal data provided to you or transmit it directly to another data controller (portability).
For all of the above, please email firstname.lastname@example.org.
You also have the right to lodge a complaint with the ICO if you have concerns about how Auriga processes your information.
What if I have a complaint about how we process your information
If you wish to make a complaint about how we use your information, please contact us at email@example.com and we will do our best to resolve your complaint. If you are still unhappy, you can contact the Information Commissioner’s Office via their website.
What about links to other websites?
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites, however below are links to the Privacy Statements of the social media channels we use which are linked from our website:
This privacy notice was last updated on 17 May 2018.