Privacy notice

About us

SafeLives is a charity registered in England and Wales with Charity No. 1106864 and our registered address is: Suite 2a, Whitefriars, Lewins Mead, Bristol BS1 2NT. SafeLives is the ‘data controller’ for the purposes of the UK GDPR and the Data Protection Act 2018.

About this Privacy Notice

This Privacy Notice explains how we will process any personal data that we collect from you, or that you provide to us via this website. When we refer to “personal data” in this notice it means any information that relates to you from which you can be identified either directly or indirectly.

We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this notice, we explain how we collect, use and protect your personal data.

We also explain your rights regarding your personal data and how you can exercise those rights.

What personal data are we collecting and why?

We may collect and process the following personal data about you:

Information you give us: This is information you give us about you for example when you fill in a form or create an account on the website, or subscribe to any newsletters or services provided via the website. It includes information you provide when you correspond with us by phone or email, participate in a survey, discussion boards, share your Marac performance data, share data via our social media functions, enter a competition or promotion, give us feedback or when you report a problem with the website. The information you give us may include your name, address, e-mail address and phone number or your username.

Information we collect about you: When you use the website, we will automatically collect the following information: technical information about how you access the website, including the type of mobile, tablet or computer (‘Device’) you use, a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, the mobile phone number used by the Device), your IP address, mobile network information, Internet Service Provider, your operating system and platform, the version and type of browser/platform you use, your browser plug-in type and version, and your time zone setting; technical information about your use of the website, including page views, the length of your visit to the website or to certain pages, the resources that you access on the website, download errors, page response times, page interaction information (such as scrolling, clicks and mouse-overs), the full URL and clickstream to, through and from our site (including date and time), referral source/exit pages and methods used to browse away from the website.

What is the lawful basis?

These are the lawful basis which we will use to process your data via our website:

Consent: the individual has given clear consent to process their personal data for a specific purpose.
Legal obligation: the processing is necessary for you to comply with the law.
Legitimate interests: the processing is necessary for legitimate interests or the legitimate interests of a third party

Disclosure of your personal data

We may share your data to the following third parties for the following purposes:

To selected third parties who act on our behalf to support our operations, for example our IT and web hosting providers, Moodle (our Learner management platform), Mailchimp (email marketing), Fat Beehive (our digital agency), Microsoft (for inbound email queries), Gravity Forms, Microsoft Forms, SurveyMonkey and Snap Surveys (for any surveys).
To law enforcement or regulatory agencies if we are under a legal or regulatory obligation to do so.
To an acquirer if we, or substantially all of our assets, are acquired.
To other companies and organisations for the purposes of fraud protection and credit risk reduction, or to protect the rights, property, or safety of SafeLives, our website users, suppliers, contractors, or others.

Storage of personal data

The website is hosted by Platform.sh and data is stored on located in the UK. However, the personal data that we collect from you may be processed by organisations operating outside the European Economic Area (“EEA”). Certain countries outside the EEA do not provide the same legal standards for protection of your personal data that you have in the United Kingdom or the EEA. By submitting your personal data, you agree to the transfer and processing of your personal data outside the EEA for the purposes set out in this Privacy Notice.

How long will we store your data?

The length of time that we will store your data will depend on the ‘Legal Basis’ for processing your data, and is detailed below:

Where we use/store your data because you have given us your consent: We will use/store your data until you ask us to stop.

Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject: We will use/store your data for as long as it is necessary for us to comply with our legal obligations.

Where we use/store your data because it is necessary for our legitimate business interests: We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data until we no longer have a legitimate interest in using/storing your data.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Please ask us if you would like more information about how long we retain your information for.

Cookies

What are cookies?

As is common practice this website uses cookies, these are tiny files that are downloaded to your computer to improve your experience. This section describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the website’s functionality.

CIVIC Cookie Control

CIVIC Cookie Control is a tool that helps SafeLives manage user preferences and compliance related to cookies. It collects user consent for the use of cookies on this website, ensuring users are informed and agree to the types of cookies being used, and ensuring we meet the legal requirements related to cookie usage and data privacy.

How we use cookies

We use cookies for a variety of reasons which we will detail below. In most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to the website. It is recommended that you leave on all cookies if you are not sure whether you need them or not, as they may provide a service that you use.

Disabling cookies

You can prevent the download of cookies by adjusting the settings on your web browser (see your browser ‘Help’ for how to do this). Please be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this website. It is recommended that you do not disable cookies.

What Cookies Do We Use?

Essential

These cookies are necessary for the website to function properly and enable you to use its features. They do not collect or store any personal information.

Non-essential

These cookies collect information to help us understand how the site is being used. This information assists us in informing our audience about site demand and planning future developments to enhance user experience.

Google Analytics

Google Analytics cookies collect data to help us understand how people interact with the site, which informs our planning for improvements. We share some of these statistics with funders, without including personal data. For instance, we might report, “Last year, there were ___ visits to the Reach In page.”

Google Analytics processes some location data at the city or region level but not precise enough to pinpoint an address or street. It does not log or store IP addresses. The data collected includes device/browser information, such as “___% of visits used a mobile device,” and on-site activities like which pages people visit and where they click. Google also uses an identifier cookie to track ad views, measure ad effectiveness, and remember user preferences like language, number of search results per page, and SafeSearch filter settings. This cookie expires six months after its last use.

Microsoft

Microsoft Forms uses cookies to enable form functionality on our website. These cookies are GDPR compliant, with all data encrypted at rest and in transit.

Microsoft cookies track your interaction with Microsoft products and gather usage statistics for advertising and analytics, recognizing how you interact across different Microsoft domains.

YouTube

YouTube cookies enable embedded videos to play, track views, remember user video preferences, and keep track of previously watched videos. These cookies also measure your internet speed to determine whether to use the old or new interface for YouTube videos.

Updates and further information

We may update this Cookie Policy periodically to reflect changes in the cookies we use, so please visit this page regularly to stay informed. The date at the bottom of this Policy indicates when it was last updated.

For further information, please email us at info@safelives.org.uk.

Security measures

The personal data that you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password or log-in which enables you to access certain restricted parts of our website, you are responsible for doing everything you reasonably can to keep these details secure. Do not share your password or log-in details with anyone else and if you suspect your account has been compromised, please change your password immediately.

We have physical, electronic, and managerial procedures to safeguard and secure the information we collect. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

Your rights as a data subject

The right to be informed. As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.
The right of access. You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

1. The purposes of the processing.
2. The categories of personal data concerned.
3. The recipients to whom the personal data has been disclosed.
4. The retention period or envisioned retention period for that personal data.
5. When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or unreasonable expense (which you may have to meet), we will inform you.

The right to rectification. If you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure (the ‘right to be forgotten’). Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
The right to restrict processing. You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:

1. The accuracy of the personal data is contested.
2. Processing of the personal data is unlawful.
3. We no longer need the personal data for processing, but the personal data is required for part of a legal process.
4. The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

The right to data portability. You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
The right to object. You have the right to object to our processing of your data under one of the following conditions:

1. Processing is based on legitimate interest.
2. Processing is for the purpose of direct marketing.
3. Processing is for the purposes of scientific or historic research.
4. Processing involves automated decision-making and profiling.

Data Breaches

We will report any unlawful data breaches to any and all relevant persons and authorities within 72 hours (or sooner if it is required under applicable privacy laws) of the breach when such breach is likely to result in a high risk to the rights and freedoms of data subjects. SafeLives’ obligation to report or respond to a personal data breach or security incident will not be construed as an acknowledgement by SafeLives’ of any fault or liability with respect to the personal data breach or security incident. Should you have any complaint about a breach, or the way in which we will handle a breach, please contact us.

Contact Us

If you have questions about how we process personal data, or would like to exercise your data subject rights, please email info@safelives.org.uk or write to SafeLives, Suite 2A, Whitefriars, Lewins Mead, Bristol, BS1 2NT and the request will be passed on to our Data Protection Officer.

Complaints

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the EU. For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/.

Last reviewed: June 2024