Privacy Policy

At Citizens Advice we collect and use your personal information to help solve your problems, improve our services and tackle wider issues in society that affect people’s lives. We only ask for the information we need. We always let you decide what you’re comfortable telling us, explain why we need it and treat it as confidential.

When we record and use your information we:

  • only access it when we have a good reason
  • only share what is necessary and relevant
  • don’t sell it to anyone

We collect and use the details you give us so we can help you. We have a ‘legitimate interest’ to do this under data protection law. This means it lets us carry out our aims and goals as an organisation. We’ll always explain how we use your information.

At times we might use or share your information without your permission. If we do, we’ll always make sure there’s a legal basis for it. This could include situations where we have to use or share your information:

  • to comply with the law – for example, if a court orders us to share information. This is called ‘legal obligation’
  • to protect someone’s life – for example, sharing information with a paramedic if a client was unwell at our office. This is called ‘vital interests’
  • to carry out our legitimate aims and goals as a charity – for example, to create statistics for our national research. This is called ‘legitimate interests’
  • for us to carry out a task where we’re meeting the aims of a public body in the public interest – for example, delivering a government or local authority service. This is called ‘public task’
  • to carry out a contract we have with you – for example, if you’re an employee we might need to store your bank details so we can pay you. This is called ‘contract’
  • to defend our legal rights – for example, sharing information with our legal advisors if there was a complaint that we gave the wrong advice

We handle and store your personal information in line with the law – including the UK General Data Protection Regulation and the Data Protection Act 2018.

You can check our main Citizens Advice policy for how we handle most of your personal information.

This page covers how we, as your local charity, handle your information locally in our offices.

How Citizens Advice Esher & District collect your data

The main Citizens Advice policy sets out how we handle most of your personal information.

In addition at our office we collect personal data in the following ways:

When you use our website

When you use our website, we collect your information in a number of ways.

We use data called ‘cookies’ to get information about how you’re using our website – for example, what pages you click on and what device you’re using. See our Cookie Policy for how we collect and use cookies when you browse our website.

If you use the web-form on our site to contact us for advice, we will ask you for your name, address, email and telephone number. By using the web-form you are giving your consent for us to process and use this personal information. The information is sent direct to our email system. No data is stored on the website.

If you make an online donation you will be transferred to the CAF (Charities Aid Foundation) website for your donation to be processed securely. The CAF Privacy policy can be found here. We do not store your debit or credit card details at all.

When you email us

By emailing us for advice you are giving us your consent to process and use your personal information unless you indicate clearly otherwise.  When you email us for advice your emails are stored within our secure office email system. Transcripts of your message and our response are copied into the secure case management system.  The emails are deleted once we have dealt with them, and by no later than six months. All staff and volunteers who access your data have had data protection training to make sure your information is handled sensitively and securely.

When you call us

If you call us for advice, our advisers will explain how we use your details and ask for your consent to record and store your personal information.

When you text us

If you use our dedicated SMS number to text us a short message, a transcript of your message will be copied into the secure case management system and the text will then be deleted.

When you attend our Financial Advice Clinic

When you are given an appointment at our monthly Financial Advice Clinic, we will ask for your permission to share your information securely with our independent financial adviser and, in addition, ask you to complete a detailed financial questionnaire for the independent financial adviser. This is to help the adviser provide you with comprehensive generic financial advice during your appointment. Our independent financial adviser has had data protection training to make sure your information is handled sensitively and securely. A record of your problem will be kept on our secure case management system.

When you support us

If you support us by becoming a Member of our charity (‘Bureau Member’) or by joining our 200 Club to make regular donations, we will usually collect:

  • Your name
  • Your contact details
  • Your bank details

We will use your data to:

  • Administer your membership
  • Process your donation
  • Where appropriate, process your Gift Aid
  • Keep a record of your relationship with us

In these cases, we are using our ‘legitimate interest’ basis as a charity to use your personal data. Your information will be stored securely in our office and our internal IT system. Your details will be deleted securely when your membership ends. Gift Aid records will be shared with HMRC and held securely in our office for six years.

We will only contact you with news about our campaigns and fundraising events by post, phone, email or text message, if you have agreed for us to contact you in this manner.

You can update your choices or stop us sending you these communications at any time by contacting us at the address at the end of this privacy policy.

Job & volunteer applicants

If you apply to work or volunteer with us, we collect your personal information through your application form, interview or references so we can process your application.

We share your data with third parties in order to obtain references and, for certain roles, to obtain background checks from third-party providers or necessary criminal records checks from the Disclosure and Barring Service.

Other than for background checks for certain roles, we don’t share your information with external organisations – it’s only shared internally so that we can review your application.

We only ask for information which is relevant to the role you’re applying for. We’ll collect personal details such as name, address, telephone number and email address, previous job history and experience, qualifications, and any support needs you may have.

We’ll also ask for diversity information like your gender, ethnicity and sexual orientation. You don’t have to tell us this – if you do, it’s always anonymised.

We might collect other information depending on whether you’ve applied for a staff or volunteer role.

We’ll use the information you give us to decide whether or not you’ve got the right skills for the role – this is our ‘legitimate interest’ under data protection law. We’ll use the demographic information to make sure we’re employing a diverse workforce and volunteer community.

We keep your information securely on our internal systems and will only be seen by staff involved in the recruitment process and who have had information protection training to make sure your information is handled sensitively and securely.

If you are recruited we will retain your contact information in order to involve and support you.  We will also collect additional information, such as next of kin details, and over time records of training, support meetings and where relevant, appraisals.  Again, it will be kept securely, and only those people who need to see your information in order to involve you will have access to it.

If your application is unsuccessful, your information will be securely destroyed twelve months from the date of the job advertisement.

If you make a complaint about our service

If you make a complaint, we collect personal information from you so we can help deal with your complaint.

We have a ‘legitimate interest’ to collect your information under data protection law.  This means it lets us carry out our aims and goals as an organisation.  We’ll always ask your permission before using your information to deal with the complaint.

We collect your information from you via phone, email, online form or letter – depending on how you complain.

If someone contacts us on your behalf about a complaint we’ll get your permission before we log any of your information.

So that we can help you with your complaint, we need to know:

  • Your name
  • One way we can get in touch with you – email, phone or address
  • Details of the complaint

You don’t have to tell us, but we’ll also ask you about your:

  • Address
  • Phone number
  • Email
  • Problem – for example, whether you wanted help with debt or housing

If you tell us you’ve a disability or support need, we’ll also make a note of that so we can help you access our services.

If your complaint is about advice you received, we might need to look at the information we’ve recorded about your problem.

We use the information you give us to deal with your complaint. We’ll only access your information for other reasons if we really need to – for example:

  • For training and quality purposes
  • To include anonymised complaint statistics in internal reports

All staff accessing data have done data protection training to make sure your information is handled sensitively and securely.

If you escalate your complaint to an external independent adjudicator, we’ll share your complaint information with them.

If your complaint involves an insurance claim, we might share details of your complaint with our insurance representative, ADS.

We’ll store your information securely on our internal systems. We keep your data for 6 years. If your complaint is serious or involves an insurance claim or other dispute we keep the data for 16 years.

What Citizens Advice Esher & District ask for

To find out what information we ask for, see our national Citizens Advice privacy policy

How Citizens Advice Esher & District use your information

To find out how we use your information, see our national Citizens Advice privacy policy

Working on your behalf

When you give us authority to act on your behalf, for example to help you with a Universal Credit claim, we’ll need to share information with that third party.

Organisations we commonly share information with include Elmbridge Borough Council, Surrey County Council, PA Housing, Crown Simmons Housing and government departments including the DWP and HMRC.

How Citizens Advice Esher & District store your information

Outside of the national Citizens Advice secure case management system, other information is kept on our secure internal IT and email systems.  All staff and volunteers who access your data have had data protection training to make sure your information is handled sensitively and securely.

How Citizens Advice Esher & District share your information

Where we share your information with other organisations as part of casework we will always ask for your authority to do so and will use the most secure means possible. Organisations we share your data with must store and use it in line with data protection law.

Sometimes our funders ask us to share statistics and example case studies to demonstrate how we are meeting our aims and goals as a charity, or as a funding requirement. In these instances, all personal information will be anonymised.

Contact Citizens Advice Esher & District about your information

If you have any questions about how your information is collected or used, you can contact our office.

Citizens Advice Esher & District
Civic Centre
High Street
Esher
KT10 9SD

Telephone: 01372 464770

You can contact us to:

  • find out what personal information we hold about you
  • correct your information if it’s wrong, out of date or incomplete
  • request we delete your information
  • ask us to limit what we do with your data – for example, ask us not to share it if you haven’t asked us already
  • ask us to give you a copy of the data we hold in a format you can use to transfer it to another service
  • ask us stop using your information

Who’s responsible for looking after your personal information

The national Citizens Advice charity and your local Citizens Advice operate a system called Casebook to keep your personal information safe. This means they’re a ‘joint data controller’ for your personal information that’s stored in our Casebook system.

Each local Citizens Advice is an independent charity, and a member of the national Citizens Advice charity. The Citizens Advice membership agreement also requires that the use of your information complies with data protection law.

You can find out more about your data rights on the Information Commissioner’s website.

Translate »