Privacy Policy

Compliance with UK GDPR

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation ( UK GDPR) and we have-written our privacy policy to ensure we follow best practice in protecting your privacy and to comply with this legislation.  Here you can find out about what data we collect, what we do with it and what you can ask us to do with your data.

We have always taken privacy and data security seriously. We use reputable cloud hosting service  to protect users against server-level data breaches, and we have been using default encrypted SSL-certificated https connections for many  years to protect user privacy. 

Who are we?

GDWG

Gatwick Detainees Welfare Group (GDWG) was set up in 1995 when the UK Immigration Service began to detain people at a small holding centre near Gatwick Airport. The following year, Tinsley House Detention Centre was built, and we became a registered charity (number 1124328) and later became a Company Limited by Guarantee registered in England and Wales (number 4911257). An additional detention facility at Gatwick, Brook House, opened in March 2009.  GDWG supports people held at both centres. We work to improve the welfare and well-being of people held in detention, by offering friendship and support and advocating for fair treatment.

We are non-party political and do not represent any vested interests. We use our own insight into the experiences of people held in detention to try to improve conditions, inform policy and challenge negative images of asylum seekers and other people held as part of their immigration process. We seek to achieve our strategic aims through our own work and by networking with other organisations who provide support, such as the Association for Visitors to Immigration Detainees (AVID), Detention Action and Bail for Immigration Detainees (BID). We are participating members of the Detention Monitoring Group and the Detention Forum.

Refugee Tales

Since 2015 GDWG has organised a large-scale walk every summer In solidarity with refugees, asylum seekers and people who have been held in immigration detention. Walkers have been met with hospitality every step of the way. Working in collaboration with migrants and those who have experienced the UK asylum system, and taking Chaucer’s great poem of journeying as a model, established writers and people with lived experience of detention have shared tales in evening events.

The Refugee Tales are published in four volumes by Comma Press. Through the sharing of tales, the project has gathered and communicated experiences of migration and has sought to show the reality of indefinite detention. As the project walks it creates a space in which the language of welcome is the prevailing discourse.

Refugee Tales hosts a self-advocacy project for people with lived experience of detention who share the tales with parliamentarians and people of influence and calls for change and an end to indefinite detention.

 How we work

GDWG has less than ten paid members of staff who work  to support volunteers and assist people held in detention, and to work with other NGOs in the sector. We maintain strict codes of confidentiality, and people, who are or have been detained, are entitled to access a copy of the information we keep on them.

Our Board of Trustees takes decisions which determine our strategic aims. The Trustees have ultimate responsibility for directing the affairs of GDWG and ensuring that it is solvent, well-run, and delivering the charitable outcomes for which it has been set up.

Trustees, volunteers and staff also work to raise awareness of the plight of people held in immigration detention, by writing articles, submissions to governmental and non-governmental bodies, and by giving talks to a wide range of organisations.

GDWG also makes use of some contractors. The staff and trustees receive training in UK GDPR compliance as do any volunteers who access and amend our user data. The website editor is also trained in UK GDPR compliance and has access to service user data. 

Contractors are contracted to comply with UK GDPR requirements.

Refugee Tales authors and supporters do not have access to service user data.

Who is the data controller?

GDWG is the data controller. 

Who are our data processors?

We use several services to handle and process user data. These are considered data processors:

·        Our volunteer and staff visitors collect and process detained people’s data to understand how we can help you.   

·        Mailchimp, a reputable email list provider service we use to manage most of our outgoing emails. Mailchimp stores and processes your email address, email preferences and name if you provide it (you do not have to).

·        Google, specifically Google Analytics. We use Google Analytics to assess how users find and then use our website so that we can improve our service. We also make some use of Google storage and other Google office applications (GSuite).

·         CAF a leading payment gateway which processes payment information. We use CAF to receive donations and membership subscriptions.  Unless a donation is made anonymously we receive your title, name, email address, billing address and telephone number if you provide it (you do not have to) as well as details of the amount of your donation.  We never see or store credit card information.

·        We use Microsoft Office 365 and accounting software to process documents and data.

·        Finally, we use third-party IT Providers to host, backup and maintain our networked PCs, CiviCRM database and file storage using Office 365 and Microsoft Azure.

·        All data is held in the Cloud by reputable providers is also separately backed up, again to the Cloud.

What data do we collect and why?

We collect data differently depending on how you interact with us:

Detainees and ex-detainees

To understand how we can help you, our staff and volunteers often ask you about your private situation. This can include asking about your health or if you have had any involvement with the criminal justice system. We may ask about many aspects of your personal circumstances and your history to support you and to see if there are other organisations that could help you.

We will keep all your information completely private. We will not disclose your information to anyone else unless you have agreed to this in advance or we think this is necessary for your safety.

GDWG does not agree with the use of long-term administrative detention because of a person’s immigration status. This means as well as offering practical help to individuals in detention, we are an organisation which calls for an end to indefinite immigration detention. To support this work we gather information about the use and effects of immigration detention.

We may include your anonymised information in statistical and/or anonymised research. We are careful to ensure that no such information is published in a way that could identify you. We will not use any information that could identify you in any way, for any purpose, without your express permission in advance except where we have serious Safeguarding concerns.  In that instance only we will disclose the minimum information necessary to the appropriate authority to seek to safeguard your welfare

We try to keep our information about you up to date and accurate so please contact us if you think we have misunderstood or made a mistake when dealing with your information. We will keep your information for six years since your last contact with our staff. After this date, your information will be erased.

Trustees, Employees Visitors & Volunteers

We collect personal data concerning our own trustees, employees, visitors and volunteers and agents as part of the administration, management and operation of our charitable activities. We do not collect information about you from other sources, such as public records or bodies, or other private organisations other than the Disclosure and Barring Service (DBS) when necessary.

DBS Records

The only record of a DBS check will be whether this is satisfactory or unsatisfactory, together with copies of supporting ID information checked at the time the DBS check is requested.

Friends (paying supporters)

Payment

We collect and store the information you provide when you sign up as a friend.  This information may be shared with us by fundraising sites such as Charities Aid Foundation or Just Giving or by independent events organisers such as the University of Kent.  These independent third parties will only share data with us when you have indicated that you wish to support the GDWG and that you are happy for your details to be passed to us.  You should check their Privacy Policy when you provide your information to understand fully how they will process your data.  We do not receive, or ever hold, your payment card details.  Only your name, contact details and amount of donation may be passed to us. We store receipt details made to us for seven years to comply fully with HMRC requirements.

All website visitors

Like most website operators, we collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Our purpose in collecting non-personally identifying information is to understand better how our visitors use our website so that we can better meet user needs and expectations.

We regularly look at internal reports on what people are reading on our website so we know what is popular and how people then use the website once they arrive.

Our websites do not include any advertising services that would be able to profile you, perform behavioural analysis or use your visit to our sites to deliver targeted advertising, however, we do include Facebook, Twitter and other third-party social networking tools that may set their own cookies to remember who you are and what you’ve been doing. These services cannot access any of the personal details you have stored with us.

Use of our websites does not require the acceptance of cookies and you will be able to read and view all the information we have if you choose to reject them.  

If you interact with our website and services further we will collect more information from you, but only with your consent. 

Email newsletter subscribers and Social Media

From our analytics reports, we know that email is our main form of communication with our service users and supporters. 

We store your email address and may also track which of our emails you open and what links you click in our emails. We give you some choices about what type of emails and newsletters to receive from us and we store your preferences. The data is securely stored on our behalf by Mailchimp.

We get analytical data from our Social Media Platforms – Twitter, Facebook, YouTube and others.  This data can be quite detailed but is generally anonymised.  It does contain information such as IP addresses which might be identifiable to you or your organisation. We do not keep this information and only report anonymous statistics such as ‘this post achieved x hundred or thousand views’. 

How do we store your data?

We store your personal data in up to six ways:

·        Firstly, on our website servers. These are secure, resilient servers and your data is sent to us securely via SSL encryption.

·        Secondly on our accounts held with MailChimp and Eventbright or operated on our behalf for instance by Kent University.  These organisations operate their own Privacy Policies but offer an opt-in option to pass your basic contact details to us to allow us to send you our email newsletter or invite you to other events or campaigns. Thirdly, on our dedicated instance of a CiviCRM database and file servers.  These are securely hosted for GDWG  in the Cloud by third-party specialist hosting companies and separately backed up to another Cloud location.

·        Fourthly, we store financial information, including basic personal details, on the Treasurer’s PC – this information is backed up from time to time to our office PC which is, in turn, backed up to a secure Cloud location .

·        Fifthly, we store some data such as customer and email subscriber lists locally on personal computers. These computers are encrypted and password protected to prevent data theft if the computers themselves were stolen.

·        Sixthly, and finally, we keep some trustee, employee and volunteer data on paper in secure filing cabinets within our offices. 

We delete  backups when they are replaced by a newer version on a rolling basis.

Security

We take the security of all the data we hold very seriously.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure.  Unfortunately, the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data whilst in transit to us by email or to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features designed to try to prevent unauthorised access.

How you can request a copy of your data

You can email us at info@gdwg.org.uk to request a copy of your personal data.

How you can request that we delete your data

You can email us at info@gdwg.org.uk to request data deletion.  We will delete as much of your data as we are permitted to: if you are a Gift Aid donor we cannot delete all of your personal data for a period of up to seven years because we are obliged by law to retain payment information for that period