County Durham drug and alcohol recovery services
Menu

Privacy notice

This privacy notice is for people supported by County Durham Drug and Alcohol Recovery Services. County Durham is a service Humankind provides in County Durham. We are funded by Durham County Council to provide this service.

Humankind adheres to the Data Protection Act 2018 in relation to how we collect and process information that identifies you as an individual. This type of information is called personal data.

Humankind is a company registered in England, Registered Company No. 182 0492 and a Registered Charity No. 515 755, VAT No 334 6763 43, Registered Social Landlord (RSL) 4713.

Our registered office is: Head Office Humankind, Inspiration House, Unit 22, Bowburn, North Industrial Estate, DH6 5PF

The purpose of our privacy notice

Personal data is information about a living, identifiable individual and includes any information that can be attributed to you personally, including your name and contact information.

There are more sensitive types of personal data which are known as ‘special categories’ which includes information about your health. Criminal offence data is also considered more sensitive.

You can find out more about categories of personal data on the Information Commissioner’s Office website.

Humankind is committed to ensuring that your privacy is protected. Humankind offers a range of services which include substance use, clinical, employment training and education, housing services, housing support and health, young people and families services.

Our responsibilities

A Data Controller is a term used in the Data Protection Act 2018 to describe an organisation that has the most responsibility for protecting personal data.

Humankind is a Data Controller for some of its services but not for all. For other services, Humankind is a Data Processor. A Data Processor acts upon the instructions of another Data Controller and is not accountable for privacy information.

Each service where Humankind is the Data Controller, has its own Humankind privacy notice. We offer a layered approach to providing privacy information in these services. This means that when we first make contact with you, we usually read you a short privacy script, then, when we hold our first meeting with you, we give you an A4 privacy factsheet and some other information. We have two different factsheets with two different privacy videos (see below). One factsheet is for services that support adults and the other factsheet is for services that support children and young people. The factsheets also signpost to the service’s Full Version Privacy Notice so that you are aware that there is a long notice with more detail in it. Our privacy information is only relevant when we are a Data Controller.

Our privacy videos

Your data rights

You have data rights, but these rights vary depending upon which lawful reason the Data Controller has applied to the use of your data.

Our privacy information explains what your rights are and how you can use them and we have provided an overview of the Data Subject Rights below. Please note that when the word “processing” used, this means any use of your personal information (for example, collection, storage, sharing, updating etc). You can find out more about these terms and about your rights at www.ico.org.uk

  • Your right of access: You have the right to ask for a copy of your information or to know what information a Data Controller has about you. This right always applies. There are some exemptions, which means you may not always receive all the information.
  • Your right to rectification: You have the right to ask that your information is rectified if you think it is inaccurate. You also have the right to ask the Data Controller to complete information you think is incomplete. This right always applies.
  • Your right to erasure: You have the right to ask the Data Controller to erase/delete your personal information in certain circumstances. This is also known as the right to be forgotten.
  • Your right to restriction of processing: You have the right to ask the Data Controller to restrict/pause the processing of your information in certain circumstances.
  • Your right to object to processing: You have the right to object to processing if the Data Controller is processing your information as part of their public tasks, or is in their legitimate interests.
  • Your right to data portability: This only applies to information you have given the Data Controller. You have the right to ask the Data Controller to transfer the information you gave them from one organisation to another, or give it to you. The right only applies if your information is used based on your consent or under (or in talks about entering into) a contract and the processing is automated/done by machine.
  • Your right to withdraw consent: This only applies to information the Data Controller is using based upon your consent. Consent is just one of six lawful reasons (legally called “bases”) upon which a Data Controller can rely on. How data is used is only your choice if the data use was consent-based and this is not always the case. The Data Controller is the organisation that decides what the lawful basis should be, not the data subject.

You are not required to pay any charge for exercising your rights. Data Controllers have one month to respond to you, but this in some cases can lawfully be extended.

Accessing our privacy information

  • Don’t worry if you lost the factsheet we gave you, as you can ask for another copy of the privacy information provided by a project, by asking the project staff directly or you can email caldicott.guardian@humankindcharity.org.uk
  • For transparency, each project (where Humankind is the Data Controller) has a custom-made Full Version Privacy Notice and our A4 factsheets summarise key elements. Every A4 factsheet reminds you that there is a Full Version Privacy Notice and you should read the Full Version Privacy Notice so that you are aware of all of the details which are specific to how we use your personal information in the service you are using.
  • Each project where Humankind is the Data Controller, has a Full Version Privacy Notice. This is available to you at any time. You can see it on the project’s individual webpage. You search for each service’s individual webpage on our website’s homepage. You can ask the project directly or you can email caldicott.guardian@humankindcharity.org.uk
  • If there is no privacy notice on the services webpage this is because we are a Data Processor, so please phone or speak to staff in that particular service for more information. Where we are a Data Processor we will provide the privacy information that belongs to the Data Controller and in some services, we may need to signpost you to the Data Controller.
  • Every project has a manager who can inform you and you can also email caldicott.guardian@humankindcharity.org.uk
  • You do not have to read any of the information we provide to you, but we have a legal obligation to make sure we have provided you with it.

Privacy notice review period

This notice was last reviewed August 2023 and will next be reviewed August 2025 unless there are significant changes to how we use your personal information.

Subject access request statement

In compliance with the UK General Data Protection Regulation (UKGDPR) Humankind (where we are the Data Controller) is obliged, upon request, to disclose any information we hold about you. This is called your Right Of Access.

This includes people who have accessed our services or support, staff, volunteers, students, placements apprentices, temporary staff and any other person working on behalf of Humankind.

We have one month to respond to your request, although this can be extended in certain circumstances. There are rules for what we can and cannot disclose, so all requests require a rigorous redaction process by our information governance team.

If you would like to view the records we hold about you please contact us at caldicott.guardian@humankindcharity.org.uk or call us on 01325 731 160.

We also have a Staff Privacy Notice and Volunteer Privacy Notice which you can access by clicking on the links below:

Please note that if we are a Data Processor for your data, we will sign post you to the Data Controller who will manage your request.

What we collect

When someone visits our website we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting. We will not associate any data gathered from this site with any personally identifying information from any source.

We only collect personal data through our webforms and should you choose to share your data with us, you can be sure that we will only use it for the purpose which is specified through the form. 

Lawful basis

The lawful bases for processing are set out in General Data Protection Regulation (GDPR). 

We mainly process your data using consent as the lawful basis for processing.  This means you have given clear consent for us to process your personal data for a specific purpose.  

You can find out more about the lawful bases on the Information Commissioner’s Office website.  

What we do with the information we gather

Your data is emailed to a secure email address and is only accessible by Humankind staff who require access to process your data on the basis of the consent you have given. 

How we keep your information safe

The website is protected with standard security measures such as a firewall (this is part of a computer system or network which is designed to block unauthorised access). 

We use a third party service to help maintain the security and performance of the Humankind website. To deliver this service it processes the IP addresses of visitors to the website.

The IP address (Internet Protocol address) is a numerical label that computers, tablets, smartphones, and other computing devices, use to identify themselves and communicate with other devices.

We also use Hypertext Transfer Protocol Secure (HTTPS) which provides a reasonable level of assurance of protection against computer hackers.

How long do we keep your data for

The data you send us through our webforms and emails are retained in line with our Records and Retention Policy.

Withdrawing your consent

You can withdraw consent for us to hold the data that we have collected from you by sending a signed letter stating your name and the information you wish us to erase to:  

Consent Withdrawal, Caldicott Guardian, Head Office Humankind, Inspiration House, Unit 22 Bowburn North Industrial Estate DH6 5PF.  

You can email us at caldicott.guardian@humankindcharity.org.uk with your full name in block capitals in the subject line or complete our online contact form 

How to complain 

If you are unhappy about an issue relating to your data you can complain to us through the service you attend or if you would feel more comfortable, you can contact Humankind Caldicott Guardian at:     

Caldicot Guardian, Head Office Humankind, Inspiration House, Bowburn North Industrial Estate, Durham, DH6 5PF   

caldicott.guardian@humankindcharity.org.uk           

01325 731 160   

Please see our complaints and feedback section for more information.

To make a formal complaint about the way we have processed your data you can take this to the UK’s independent body set up to uphold information rights:   

Information Commissioner’s Officer (ICO)  

0303 123 1113

What personal data we collect on this website and why we collect it

Analytics

We use a company called Google to collect and analyse information about the use of our website. This information helps us to measure understand how visitors use our website. If you have an account with Google, manage your advertising settings, otherwise you can manage these settings through your web browser.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.