Privacy Notice

Read about what types of information we keep about you. This is commonly called a 'Privacy Notice'.

This includes:

➤ What we use or have

➤ How we use it

➤ When we use it

➤ Why we use (or keep) it

➤ Where it might go

In this document we sometimes use 'reasonable' to describe what we do. This means we work to do things in a good way, or use good ways of doing things.

This doesn't mean we spend millions to have the same level of security large multinationals or healthcare providers need.

It does mean we use things, like services and processes, which do a good job without spending all of our time and budgets on things which are 'excessive' and (likely) make your experience with us worse or excessively expensive.

If you ever want any extra work done or any changes to the way we do things, or need extra security around how we do things, speak with us.

1. Who this Privacy Notice is about and what it covers

Vulnerable Paths works to protect your privacy.

Where we mention ‘Vulnerable Paths’ this refers to the brand name of services provided by Matthew Radford.
When we refer to “our website” or “this website” we mean the webpages of www.vulnerablepaths.co.uk.

If you have any requests about information about you that we hold (including any requests to exercise your rights under applicable data protection law) or any questions about how we handle, store or protect your personal information, please contact:

Matt Radford

Matt@vulnerablepaths.co.uk

07496001701

This Privacy Notice gives information about how we collect, handle, store and protect information about you when you visit and use our Website or interact with us over the phone, in person, on paper or through another medium, for example by email.

This information should be read with our Cookies Notice.

It also gives information about when we share your personal information with other parties (for example with third parties we work with, such as event organisers). 'Parties' is a word used to describe (for example) other groups, organisations or people.

In this Privacy Notice, we may sometimes describe handling, collecting, protecting and storing your personal information as “processing” those types of information ('processing' is usually describing doing all 4).

Our website may contain links to other websites that are not managed/operated by us, or that we don't control. These websites are not covered by this Privacy Notice and if you access them using the links provided, the operators of these websites(for example, the people who run or manage them) may collect information about you.

We encourage you to read and check the 'privacy notice' on each of these websites (which may be different from ours) before disclosing any personal information.

2. What information we collect

We collect information about you when you give it to us.

For example:

you make an inquiry;
book or register for an event or course;
purchase services;
tell us your story;
provide feedback; or
If you otherwise provide us with personal information such as:
- in person
- over the phone
- on paper
- by SMS
- by email
- Through social platforms

We sometimes also collect information about you because other people legitimately provide that information to us (for example, they legally give us that information for a good reason).

Examples:

sometimes when you train with us, your information will be collected by an organisation working for us. This could be through a sign up form.
we also receive information about you from independent event organisers where they have legal permission to share your information with us (for example, you have consented to this).

We can and do collect personal information from you because we observe or infer that information about you from the way you interact with us.

Example:

using cookies and web beacons on our Website to automatically collect information about your visit. This information will help to improve your experience when you use this Website and help us check it is functioning correctly. Please see our Cookies Notice for more details.

The information about you which we collect or obtain typically includes the following details about you:

name

date of birth
age
gender
email address
postal address
telephone numbers
country of residence
employment details (for example, the organisation you work for and your job title)
financial-related information (for example information relating to your means);
information on why you chose to work with Vulnerable Paths
your postings on any blogs, personal story pages and any other social media applications and services we provide.

This information can be collected through face-to-face communications, offline registration forms, online forms or through third party providers working on our behalf.

If you visit our Website, we can also gather information about you based on the way in which you access and use our Website.

We gather information about which pages on our Website users visit most often.
We may track popular links on Vulnerable Path’s emails and collect information on individuals’ IP address
browser and device type
device settings
language
access times and durations
websites you visited before and after our Website
details of how you like to interact with us and similar information

We use this information to personalise the way our Website is used to improve the service we provide to you. Wherever possible we use aggregated or anonymous information which does not identify individuals.

Where you receive electronic communications from us (such as emails or social media platform messages), we can also collect information about your use of that communication.

This includes information on when you open the communication and what links you click on within it.

If you unsubscribe to a communication from us, we will also update your preferences and retain a record of this so that we don't contact you inappropriately.

Important:

In some cases we also collect sensitive personal information, such as details relating to your health, dietary requirements, ethnicity and/or race.

This is possible when attending some of our courses, and would be kept to support safeguarding or for health and safety or because you voluntary provide sensitive information to us for specific purposes.

None of the information that we request from you is mandatory; however, if you choose that you don't want to give us some (or all) of the information that we ask for/request from you, we may be unable to provide you with the services or support that you want from Vulnerable Paths (or this might be more difficult or take longer to give you).

3. How we use your information

We (typically) use your personal information:

To provide you with products and services that you have requested (the services we provide include vulnerability training, courses, workshops, coaching and consultancy).
To improve our products and services (for example, collecting information on or uses our courses in order to monitor how well our services meet the needs of different types of professionals across the UK and internationally).
To manage and improve our Website (including products and services provided via our Website).
To help us learn more about you, the products and services that you receive from Vulnerable Paths, and other products and services that may be of interest to you (including building profiles of individuals to help us ensure that our communications are directed to individuals that might be interested in them.
To share your experiences of Vulnerability, where you permit us to do so.
To deal with your enquiries and requests.
To offer opportunities to get involved with Vulnerable Paths or attend one of our events or courses.
To invite you to attend events, arrange logistics and update you with relevant details around these courses and events.

As part of the uses above, we use your personal information as part of communications about products or services you asked for from us or information you provided to us. These communications may be with you, our service providers or (competent) authorities.

If you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form, we may also contact you to see if we can help with any problems you may be experiencing with the form or our Website.

Sometimes we use your personal information for (the purposes of), or connected with:

Applicable legal or regulatory requirements.
Requests and communications from competent authorities.
Financial accounting, invoicing and risk analysis purposes.
Prudent operational management (including credit and risk management, insurance, audit, training and similar administrative purposes).
Customer relationship purposes, which typically involve: (i) contacting you (including by telephone, e-mail, SMS and by post) to receive feedback on our products and services; and (ii) contacting you for other marketing, market research or general research purposes.
Services we receive from our professional advisors, such as lawyers, accountants and consultants; to further our charitable aims including to fundraise.

We combine your information with information available from external data sources including Royal Mail’s post office address file (PAF) and change of address file, Mortascreen and Experian.

This is known as data- or tele-appending and enables us to ensure that the information (including contact details) that we hold about you are accurate and up-to-date.

The external sources we use for this purpose include:

(a) third party service providers that are permitted to share information about you with us;

(b) information available publicly in places such as Companies House, Charity Commission and other charity registers, Who’s Who and Debrett’s guides, Electoral Roll, and information published in articles/newspapers; and

(c) depending on your settings and applicable legal terms, social media platforms like Facebook, Twitter, Instagram, LinkedIn and other professional networking sites.

We will do this data appending for the above reasons unless you let us know that you don't want us to – you can do this at any time via the process indicated below.

We may use your personal data for online advertising to match to your account on Facebook or other social media sites to be able to show you Vulnerable Path’s content while you are using these sites.

If you have opted out from our Marketing Communication, you may still be able to see Vulnerable Path’s content based on your social media account’s settings.

We may also use personal data to link to Facebook or other social media sites to be able to identify other users of these sites whom the social media platform believe would be interested in Vulnerable Path’s (‘Look-alike’/ ‘Similar audiences’).

When doing this we send a list of hashed email addresses to the online platform, which will match the audience accordingly. Hashing is a security measure whereby the information is transformed into a code. The hashed data is deleted after a short period of time and not used for any other purpose. For more information, please refer to the social media platform’s privacy policy.

We sometimes use ‘Saved audiences’ to remember which supporters on Facebook are most likely to engage with our adverts.

We only send you marketing materials according to the preferences you gave us – either via our Website or another way.

Where you have indicated to us that you do not want to receive any marketing materials from us, or you do not wish us to build profiles of you, we respect your preference.

If you would like to update your preferences at any point, please contact us at:

Matt Radford

Matt@vulnerablepaths.co.uk

07496001701

4. What laws we use

We are legally required in this privacy notice to give the 'legal grounds' we use to process your personal information.

We generally use your personal information for the purposes outlined above because:

(a) it is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms (see below);

(b) it is necessary for legal and/or regulatory obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;

(d) in some cases, we have obtained your prior consent

Examples of the ‘legitimate interests’ referenced above are:

(i) The effective operation of our services, including analysing and gaining insights into the performance and effectiveness of our products and programme activities;

(ii) To benefit from cost-effective services (for example, it being cheaper to use an external printer to print our letters instead of print them ourselves);

(iii) To assess and verify any application that you submit through the Website to work with us;

(iv) To prevent fraud or criminal activity, misuses of our products and services, as well as the security of our IT systems, architecture and networks;

(v) To exercise our rights under Article17 of the Charter of Fundamental Rights, including our right to property; and

(vi) To conduct market research to better understand our users, along with their expectations and perceptions of Vulnerable Path’s and it’s services.

To the extent that we process any sensitive personal information relating to you for any of the purposes outlined above, we will do so because either:

(a) you have given us your explicit consent to process such information;

(b) the processing is necessary for reasons of substantial public interest on the basis of applicable law (for example, where we are required to process personal information to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations);

(d) the processing is necessary to carry out our obligations under employment, social security or social protection law; or

(e) the processing is necessary for the establishment, exercise or defence of legal claims. The legal grounds for processing sensitive personal information outlined above at (a) to (e) appear at Articles 9(2)(a), 9(2)(g), 9(2)(h) 9(2)(b) and 9(2)(f) of the EU’s General Data Protection Regulation respectively.

5. How we keep your data safe

We work to have (reasonable) technical controls in place designed to protect your personal information.

Examples:

Our data and hardware is housed (stored) in the cloud and encrypted both in transit and at rest.
We do regular reviews of who has access to information that we hold so your information is only accessible by appropriately trained staff, volunteers and contractors.

Sometimes we use the services of partners or other reputable companies to collect or process personal information for us.

Before we give permissions to a company or partner to do this, we have a written agreement with them about this (with appropriate controls) to secure your personal information.

We use (reasonable) security measures once we have received your personal information, but the transmission of data over the internet (including by email) is never completely secure.

We try to protect personal information but we cannot guarantee the security of data transmitted to us or by us.

6. What locations your information may be shared

Section 8 below describes the third parties that we generally provide with information about you.

Some of them may be based outside the European Union (EU), including United States, Philippines, India, China and Japan. Although they may not be subject to the same data protection laws as companies based in the UK, we take steps to make sure that they provide an adequate level of protection to your personal information in accordance with our obligations under UK data protection law.

These steps might include Vulnerable Paths entering into a data transfer agreement with the relevant third party based on standard contractual clauses approved by the ICO.

Further details of the transfers of your personal information outside of the UK and the adequate safeguards used by Vulnerable Paths in respect of such transfers (including copies of relevant agreements) are also available from us by contacting:

Matt Radford

Matt@VulnerablePaths.co.uk

0749 600 1701

7. How we keep your information up to date

We may use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations (as described in Section 3 above).

We also use external data lists to check the accuracy of the telephone numbers we hold for our users.

We really appreciate it if you let us know if your contact details change.

8. Who we share your information with

In connection with one or more of the purposes outlined in the Section 3 above, we may share your information with:

Third parties that provide services to us or on our behalf. This includes third parties such as those delivering postal mail, print agencies, making calls to our users, sending emails, analysing or collecting data, processing credit card payments. If you use a special discount code to register for a Vulnerable Path’s event or course, we may share that you have used this code with a third party. In some cases, we also provide information to third parties, who assist with programmes we run to provide support for our events or courses.
Our third party partners that run events in partnership with us whereby we share registrant’s email addresses with the event organiser so that they can get in contact with the registrant directly.
Regulators, other competent authorities (including courts, tribunals and regulatory and law enforcement authorities) and other parties to whom we are required to disclose your personal information to by law.
Solicitors working with Vulnerable Paths.
Our professional advisors, including lawyers, accountants and consultants.

9. Your data rights

You have various rights in relation to your personal information.

In particular, you have a right to:

ask us to delete, or stop processing, your personal information.
ask for a copy of the information we hold about you.
ask that we correct or update any discrepancies or inaccuracies in the information we hold about you.
withdraw consent to our processing of your personal information (to the extent such processing is based on consent)
object to our processing of your personal information.

If you want to exercise any of your rights, or if you have any other questions about our use of your personal information, please contact us at:

Matt Radford

Matt@vulnerablepaths.co.uk

In certain circumstances we may need to seek further information about your identity before complying with your request.

Further information and guidance on subject access requests is also available from the Information Commissioner's Office here:

https://ico.org.uk/for-the-public/personal-information/

If we have been unable to deal satisfactorily with any concerns you may have over how we have processed your personal information, you have the right to make a complaint to the UK’s Information Commissioner’s Office or to any other data protection regulator in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.

A list of the national data protection authorities can be found here:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

10. About our Direct Marketing (e.g. advertising)

Where your marketing preferences allow us to do so, we will contact you to let you know about the work we are doing or send you updates about Vulnerability.

Where we are permitted to do so, we may include information from organisations we work with in these marketing communications.

Please note if you decide to turn off or disable cookies this may affect the level of service we can provide you as described in the .

We aim to make it easy for you to tell us how you want us to communicate in a way that suits you.

Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing communications.

If you don’t want to hear from us, please do let us know.

You can do this when you provide your data or by contacting us:

Matt Radford

matt@vulnerablepaths.co.uk.

0749 600 1701

11. How long we keep your information

We will hold your personal information on our systems for as long as is necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.

Although there may be some limited exceptions, your personal data is kept for up to 10 years after you:

(i) Stop receiving communications from Vulnerable Paths

(ii) Stop receiving services from us

(iii) Stop attending our events

(iv) Last visited our website

We believe it is reasonable to keep information and contact individual supporters up to 10 years after the above for the purposes defined in section 3 (How we use your personal information).

For example, this is because:

The information we hold about you ensures we are able to speak to you as efficiently as possible and in the way you find easiest.
This allows us to do things such as tailor our courses, events and communications to you in ways you find most useful.

Limited exceptions where we may keep information for longer than the above, may include:

Financial information for auditing or legal purposes

12. Changes and updates

We may change this Privacy Notice from time to time.

Any future changes or additions to the processing of your personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.

Alternatively, please visit this page from time to time in order to keep up to date with the changes in our Policy.

Last updated - 16 December 2022

(Version 1.0)

Page updated

Report abuse