Privacy Notice

Who are VOLA and what do we do?

VOLA is a consortium of Voluntary Community and Social Enterprise Sector (VCSE) service providers operating in the Liverpool City Region.  

The consortium exists to provide a formal structure for supporting the VCSE sector in relation to learning, skills and employment support in the Liverpool City Region.

VOLA promotes, organises and facilitates cooperation and partnership working between VCSE organisations.

VOLA supports capacity building in the sector by providing VCSE organisations with support, information and services to enable them to deliver education and employment skills to people in their communities. 

VOLA also plays a prominent role in advancing the Digital Inclusion agenda within the city region, through convening partnerships to deliver Digital Inclusion services; distributing funding; undertaking research; and VCSE representation in strategic policy development.

At VOLA, we are committed to maintaining the trust and confidence of all organisations, staff, volunteers, learners and others that access our projects and services.  We respect your privacy and want you to remain in control of your personal information.  We will keep your personal information private and secure and will not supply your details to any organisation for marketing purposes.

What data do we collect and why?

Here at VOLA, we aim to provide you with the highest quality of service. To do this we keep relevant records about you and the service we have provided or plan to provide for you; and the work we undertake with our members and partners.

Our work involves engaging with community organisations, frontline staff, volunteers and the general public. This means we hold a range of personal data including:

  • Personal information (such as name, address, date of birth, telephone number, email address, images, audio recordings, IP addresses);
  • Characteristics information (such as gender, age, ethnicity, employment status);
  • Employment related information (such as who you work for, job role);
  • Contact we have had with you such as meetings, training courses, etc;
  • Information relating to staff and Trustees/ Directors of your organisation that we are required to obtain for due diligence purposes relating to contract or grant awards;
  • Monitoring information relating to staff employed by consortium members and/or other partners involved in delivering projects with us, as dictated by funders, e.g. job role, qualifications, salary information.

Much of the personal data we collect, particularly about members of the public that engage in our projects/ services, is dictated by funders for the purposes of providing evidence of participant eligibility for particular funding we receive, and to fulfil performance monitoring requirements.

In addition to the requirements of our funders, we also sometimes collect personal data for our legitimate business interests, to monitor the characteristics of people we provide services for (e.g. gender, age, ethnicity, residence, employment status and socio-economic indicators) and to support the ongoing improvement of those services.

Where necessary, project-specific Privacy Notices will be published providing ‘data subjects’ (you, the individual person that the information relates to) with detailed information on the types of personal data that will be collected, why, how, what we do with it, who it needs to be shared and why.

It is good practice for VOLA employees, volunteers and agents to:

  • Agree with you what they are going to record about you;
  • Agree with you what information they will collect from other (specified) people;
  • Show you what they have recorded about you, if you ask.

Confidential information

All personal information held by VOLA is kept safe. Everyone looking at your record, whether on paper or computer, is obliged to keep the information confidential. We will aim to share only as much information as people need to know to play their part in providing you with the services you have requested. We will never share your personal data with third parties for marketing purposes. Other information, that does not include your personal details, may be used for planning, training and research.

How do we collect your information?

VOLA collects your personal information from a range of contact points including paper-based forms, telephone, images, voice or video recordings and our website.

Normally information is collected directly from the ‘data subject’; however, in some cases we receive personal information about you as part of a referral from a partner agency, or from other organisations that are, or have previously been providing you with services.  Similarly, your employer may provide your personal information to us, with your consent.  Whatever the source, we are committed to holding your records in strict confidence.

We may collect your personal data in a number of ways, for example:

Individual learners/ participants (members of the public):

  • From the information you provide to us when you interact with us before accessing a service, for example when you express your interest in enrolling on a particular course or project;
  • From referral partners, who refer you to one of our courses or projects;
  • When you formally apply to enrol on a course or project, complete enrolment forms and when you complete other admissions processes and procedures;
  • When you communicate with us by telephone, email or via our website, for example in order to make enquiries or raise concerns;
  • In various other ways as you interact with us during your time as a participant on a course or project.

Employees, volunteers & Directors of organisations working with/ receiving funding from us:

  • When you register to attend an event or staff/ volunteer training provided by us – this may be on a physical booking form, over the telephone or on an online form;
  • From the information your organisation/ employer provides to us when they express an interest in working with us on a particular project, or apply for funding from us;
  • Monitoring information provided by your organisation/ employer in relation to their business with us;
  • When you communicate with us by telephone, email or via our website;
  • In various other ways as you interact with us in relation to you involvement as a VOLA Consortium member, or recipient of our services, or funding.

What do we do with your information?

The data we collect and how we use it depends on which of our services you have accessed:

Services for individual members of the public:

Depending on the type of service you access, we will collect information that will enable us to:

  • Assess your eligibility and suitability, and complete enrolment processes;
  • Contact you with information relating to the service you access and ensure that any individual needs are provided for;
  • Measure your progress and outcomes achieved;
  • Retain personal data contractually required by funders, and other data legitimately required by us;
  • Fulfil contractual monitoring obligations, as required by our funders;
  • Develop case studies (always only with your consent);
  • Analyse performance and improve future service delivery.

Training & events (staff and volunteers)

Depending on the type of event, we will collect information that will enable us to contact you with information relating to the event and ensure that any individual needs are provided for. This may include your name, address, email address, phone number, employer (/ organisation you volunteer with), job role, access or mobility issues, dietary requirements, or any other relevant information relating to the event/ course required to enable us to meet your needs.

Data will be used to communicate with you about the event you are booking on to only. This will include sending confirmations, joining instructions and post event feedback requests. Your details may be shared in advance with the trainer/ facilitator of the event or training course to ensure the best possible delivery.

We also produce statistical reports relating to our training and events using feedback and evaluation forms that may be shared with key funders and partners. Your personal details will not be shared with anybody else for marketing or promotional purposes without your prior consent.

Any hard copy booking forms are securely disposed of once data has been transferred onto our database, unless funding requirements dictate that they need to be retained, in which case they will be stored securely until the data retention deadline set by funders. Otherwise, personal data relating to our training and events is kept for 12 months to enable event administration and completion of annual reports.

Research and Monitoring

We will use the information you provide to:

  • Analyse statistical data so we can plan how we provide services;
  • Create anonymised data to help improve services and to publish in various reports that may also be publicly available;
  • Create anonymised reports and case studies for our funders and commissioners to demonstrate effective delivery and to enable us to continue service delivery. We will always seek your direct consent to be used as a named case study.

By anonymising data that is used in this way means that it will not contain any personal information. So, you, your family or any individual person cannot be identified from this information.

If we ever want to use your identity and personal information in a case study, we will always obtain your explicit consent before doing so.

Photography & Audio / Video (AV) Recordings

VOLA recognises that a photograph or AV recording where an individual is uniquely identifiable is categorised as a “special category of personal data”. Consent is collected during both event registration and event sign-in processes. We also have processes in place to ensure your photograph is not taken if you object / don’t want it to.

Photographs/ recordings taken and any reproductions may be used by VOLA for any advertising purposes, or for the purposes of illustrating wording. Photographs/ recording may be used in promotional material including, but not limited to, promotional flyers, website, posters, social media and display boards, with any reasonable retouching or alteration.

If you wish to withdraw your consent, you may do so at any time by contacting VOLA on (0151) 920 0726 x213 or emailing info@volamerseyside.org.uk.

Photographs are removed from portable devices as soon as practicable and stored on our IT servers/ systems, and access is restricted to only relevant staff and volunteers.

Mailing Lists & E-bulletins

VOLA operates a number of thematic mailing lists e.g. consortium membership lists, project-specific lists (in which you may be involved as a delivery partner or a learner/ participant of the project), survey respondents, etc.

Some of these are sent to organisations as part of our services, whilst others are also sent to individuals. Where mailings are to VOLA members and other organisations then this information is considered by VOLA to be Business Contacts and not personal information. However, we are committed to ensuring your data is treated with the same processes, security and confidentiality as we do personal information.

Our mailing lists are never shared or sold with any third party and we make sure that everything we send is relevant to our work, including our support offer to organisations and individual learners /participants. If you no longer wish to receive a specific mailing please contact stuart.mcgrory@volamerseyside.org.uk.

Texting & Telephone Communications

Where service users have provided VOLA with a phone number, we may use this to contact them about the service which they have signed up to. For example, we may text them a reminder about an event or course they have signed up for. This will only be done where they have explicitly consented to this, and they can opt-out of this communication at any time.

Lawful Processing

Data protection law requires us to rely on one or more lawful grounds to process your personal information; these will change, depending on the service you are accessing and the body that has funded that service. We consider the following grounds to be relevant:

  • Specific Consent: where you have provided specific consent to us using your personal information in a certain way, such as to send you email or newsletter;
  • Performance of a contract: to enable us to provide products or services to you, such as training, employment support, or receiving another service;
  • Legal obligation: where necessary, so that we can comply with a legal or regulatory obligation to which we are subject;
  • Vital interests: where it is necessary to protect life or health (e.g. in the case of medical emergency suffered by an individual at one of our activities or events), or a safeguarding issue that requires us to share your information with the emergency services or relevant authorities;
  • Legitimate interests: Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights). Examples of this include:
    • Sending you specific related information e.g. about other training opportunities or events;
    • Letting you know about research we are conducting to help us improve our services or the lives of people in the area we serve.

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.

We will not use your personal information where our own interests are overridden by the impact on you, e.g., where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law). When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route that is lawfully available (e.g. if we need to process it for social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).

Who do we share your information with?

VOLA will only share information with those that need to know it. We do share anonymised statistical information and case studies with our funders and commissioners – no personal individual can be identified from this data.

Personal information will only be shared with those that need to know it in order to deliver our service to you.

Often, our funders, particularly central or local Government bodies or departments, require us to collect and report to them personal information relating to the services they have funded us to deliver.

Where your information is being shared with any person or body outside of VOLA, it will be clearly stated at the point of collection, whether that be via a paper-based form, online, or by email.

If you have any queries regarding whether your data is shared and the sharing processes we undertake, please speak to the member of staff you are working with, or alternatively contact Stuart McGrory by email: Stuart.McGrory@volamerseyside.org.uk

Additional Information sharing

Your information may also be shared with other people and organisations where the organisations are required by law to do so, or with appropriate justification under the Data Protection Act (2018), e.g. where the disclosure is necessary to a public body or another organisation to exercise its statutory functions. An example of this includes where we have a duty of care such as a safeguarding concern.

Changing how we use your information

At any time, you may request that we change how we use your information and withdraw your consent. We will make every effort to comply with your request as soon and as fully as possible. How we do this will depend on several factors such as what information we hold; what it is currently being used for; and ensuring that we comply with our legal obligations.

Detection and prevention of fraud or crime

By law we are required to protect public funds that we are responsible for. This means we may also use any of the information you provide to prevent and detect fraud. This may involve sharing this information with organisations responsible for auditing or administering public funds including central or local the Government bodies or departments. When necessary and appropriate, information held will be shared with organisations such as the police to prevent or detect crime, apprehend or prosecute offenders, or prevent the risk of harm to an individual e.g. safeguarding.

What do we do to make sure your information is secure?

We take our obligations to look after your data very seriously.  The information you provide will be subject to rigorous measures and procedures to make sure it cannot be seen, accessed or disclosed to anyone who should not see it.  All staff who can see your information will have undergone specific training around how to handle information properly and have to comply with Information Technology and data protection policies and procedures.

Relevant paper-based information is processed only by VOLA and kept securely within our offices.  Additionally, we have self-assessed our IT systems, which meet current good practice requirements.  Access to your information is also password protected to unique staff accounts and access is limited by the role of the person. This means that if they are not the appropriate person they will not be able to see your information.

Transfer of data outside of the European Union

VOLA’s main database is hosted in the UK, and our main technical support contract is provided by a UK-based organisation. We may, on occasion, utilise contractors that are based outside of the European Union for technical support, but we guarantee not to move your data out of the EU.

How long will you hold onto my information?

Information has to be kept for different lengths of time that is often dictated either by law or funding terms and conditions. This can vary from a few months up to several years. Your information will be held for the minimum length of time that these various laws and legal regulations state they must be held for.

All decisions that are not based on legal/funding requirements have to be explained. Due to the many different types of information that are used by VOLA, it would not be practical for us to list all of them and the periods they will be held for here. However, if you wish to know the length of time particular information regarding yourself or your organisation is held for, please contact VOLA for further information.

Your Data Protection rights under Data Protection law:

The rights available to you depend on our reason for processing your information. These rights are:

  • Your right of access
  • Your right to data portability
  • Your right to rectification
  • Your right to erasure
  • Your right to restriction of processing
  • Your right to object to processing
  • Your right of access or data portability

You have the right to ask for access to any of the personal information that VOLA holds about you. This is called the right of access and is commonly known as making a subject access request or SAR. For more information see here: https://ico.org.uk/for-the-public/your-right-to-get-copies-of-your-data/  

You also have the right to ask that we transfer your data directly to another organisation. You can read more about this right here: https://ico.org.uk/for-the-public/your-right-to-data-portability/

Your right to rectification, erasure or restriction of processing. If you believe that the information we hold on you is incomplete, incorrect or inaccurate, you have the right to ask us to amend this.  See: https://ico.org.uk/for-the-public/your-right-to-get-your-data-corrected/

In certain circumstances you may ask that your data be deleted – otherwise known as the “right to be forgotten”. For more information please visit https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/ 

You have the right to ask us to restrict the processing of your information, meaning how we use your data. For more information, please visit: https://ico.org.uk/for-the-public/your-right-to-limit-how-organisations-use-your-data/  

To exercise any of these rights, please contact VOLA’s data protection lead – Stuart McGrory by email: stuart.mcgrory@volamerseyside.org.uk

Your right to object / complain You have the right to complain if you feel your information is not being used in the right way. To begin with, it may be better to speak with the member of staff that is working with you to talk through your concerns. If you do not want to do this, details of our complaints procedure are available on request. Alternatively, you can contact our data protection lead: stuart.mcgrory@volamerseyside.org.uk, 0151 920 0726 ext. 213.

If you are still not satisfied with your response from VOLA you also have the right to raise a complaint with the Information Commissioner’s Office. For further details on this and your information rights please visit the Information Commissioner’s Office website here.

Changes to policy

Bi-Annual Review: To ensure its continued relevance and compliance with changes in legislation or organisational requirements, this Policy will be reviewed by the Board of Directors/ Trustees every two years, or as a result of changes to relevant statutes.  Any necessary updates or amendments will be made accordingly in a timely manner.