Quick Exit Hide Your Tracks




Last review: January 2021

Next review due: January 2022


Who we are

Nottinghamshire Sexual Violence Support Services (Notts SVSS) is a not-for-profit specialist sexual violence service provider operational for nearly 40 years. Our core function is to deliver specialist services to anyone aged 13+ living in Nottingham City and Nottinghamshire who has experienced any form of recent or non-recent sexual violence and abuse.  We are registered as a data controller with the Information Commissioners Office. Our registration number is ZA018306.

We want everyone who supports us or who comes to us for support, to feel confident and comfortable with how any personal information you share with us will be looked after. This Privacy Policy sets out how we collect, use and store your personal information (this means any information that identifies or could identify you) and through your use of our website http://www.nottsvss.org.co.uk


Data Controller

Our Data Protection Manager is Yulia Penhale and our contact details are:

Notts Sexual Violence Support Services, 30 Chaucer Street, Nottingham, NG1 5LP

Tel: 0115 9470064


General Privacy Principles

We will look after any personal information that you share with us. This is central to our values as an organisation. We want everyone who supports us, or who comes to us for support, to feel confident about how any personal information they share will be looked after or used. “Notts SVSS will ensure that the data we hold about you is:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept and destroyed securely, including ensuring that appropriate technical and security measures are in place to protect your personal data from loss, misuse, unauthorised access and disclosure.”


  • We will never release your information to organisations outside Notts SVSS for their marketing purposes.
  • We will be especially careful and sensitive when engaging with vulnerable people or those we have reason to believe might be vulnerable.
  • We take all reasonable care to safeguard your personal information through security policies and secure business processes.
  • We will always provide easy ways for you to contact us.


Legal obligations

Under the GDPR, we must always have a lawful basis for using your personal data. We process your personal information so that we can comply with various legal obligations. This includes complying with legislation relating to health and social care.

Personal data and special categories of personal data Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. In order for us to provide you with a service we need to collect personal data including health information which is a special category of personal data. We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary.


How we collect personal information about you and why

We may collect personal information from you when you interact with Notts SVSS. There are many occasions when this could happen, for example if you:

  • request or engage with our services
  • enquire about our services
  • make a donation to us
  • apply for a job or volunteering opportunity,
  • chose to provide some optional feedback or otherwise provide us with personal information.

This may be when you telephone us, go onto our website, email us, through the post, or in person.


What information do we collect and hold?

The personal information we collect might include:

  • Identity data such as your first name and last name, and date of birth,
  • Contact data such as email address, postal address, telephone number
  • Information you provide in any correspondence between us.
  • Information if you tell us about your experience or the experiences of a friend or relative;
  • The information supplied by you at first contact and in your assessment session; with additional information from professionals where applicable.
  • Clinical assessments and plans relating to your treatment.
  • Summaries of the content of therapy sessions.
  • Copies of any letters or emails sent to you or received from you.
  • Details of any telephone conversations with you.


Visitors to our websites

Like most sites, when someone visits nottssvss.org.uk we use a third party service, Google Analytics (GA), to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site, use of our web pages and journeys through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor. GA makes use of cookies, details of which can be found on Google’s developer guides. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website. We also gather general information such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in Notts SVSS emails. We may use this information to personalise the way our websites are presented when users visit them, to make improvements to our websites and to ensure we provide the best service for users.


How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


Making Referrals

If you wish to make a referral through our website, either for yourself or as a professional referring your client, we have put measures in place to ensure that your data is kept safe. Our website is secure and any information that is sent through the referral forms is encrypted between the website and our email. Our website database is turned off, this means that any information you submit through our referral form is not stored on our website.


Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


People who contact us via social media

We use a specialist social media agency, Shake Social, to manage our social media communications. Whilst they have had some training on the subject of sexual violence, they are not trained counsellors and we do not take referrals over social media. We also have a designated member of staff at Notts SVSS who also accesses and posts onto our social media accounts as required. If you send us a private or direct message via social media, the message will be stored on our account for 6 months before being deleted. This enables us to refer back to messages where there is a query and enables us to capture statistical data for our reports. Information given to us on social media will not be shared with other organisations, except where there is a current risk of serious harm to yourself or others. For more information, please see our Confidentiality Policy.


Job applicants

Notts SVSS is the data controller for the information you provide during the process unless otherwise stated.   With regard to recruitment and our employees, we process information under Article 6 (1) (b) of the GDPR – ‘Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract’.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t. We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information. You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you.

Any information you do provide, will be used only to produce and monitor equal opportunities statistics. We might ask you to complete tests and/or to attend an interview. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by Notts SVSS. If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise. Retention of data (all unsuccessful candidates) – all personal data will be destroyed after six months.


What will we do with the information you provide to us during the job application process?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.


Use of data processors

Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.


How do we use your personal information?

We may use your personal information to:

  • Provide you with the important information and support you’ve asked us for, whether this be over our helpline, through our information or other important services;
  • Provide or administer activities relating to all our services: updating you with important administrative messages, to help us identify you when you contact us, and help us to properly maintain our records;
  • Improve your experience with us. We may use your information to enhance the service that our staff provide, to improve our information and communications, or to personalise the website to better suit your needs;
  • Analyse the personal information we collect about you so that we can better understand our supporters, their preferences and needs and important trends. This information will be anonymised prior to analysis taking place.
  • We will not pass on your details to anyone else without your express permission. However, there are times when information, legally, has to be given even without your consent.  These would include; child protection/safeguarding matters, prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism, or a Court Order.
  • You can of course ask us at any time to change how we contact you.

If you provide us with any Sensitive Personal Data by telephone, email or by other means, we will treat that information with extra care and always in accordance with this Privacy Policy (and as outlined under Legal Obligations above).

Your personal information and details of the enquiries received are stored on a secure database for no longer than is necessary for the purposes of its use. We carry out periodic deletion of data whose retention period has expired and/or when the need to continue holding such data is no longer necessary.


Who sees your personal information?

The personal information we collect about you will be used by our staff (and volunteers) at Notts SVSS so that they can support you; and possibly to legal and regulatory authorities if required to by law. We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.

There may be times where Notts SVSS needs to share relevant information with other agencies and professionals who are also involved in your health care to ensure an effective and joined up approach is adopted to meeting your needs. We will only share information that is relevant to your care and support needs and with your consent (unless we have a legal responsibility to share the information without your consent as highlighted above and below).


Your information security and storage

We take the security of your personal information extremely seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

We only keep your information for as long as is reasonable and necessary, which may be to fulfil statutory and legal obligations. The policy of Notts SVSS for retention of personal information is 6 years.  After 6 years, all information held will be deleted/erased.  This is in accordance with our Document Control Retention Policy.


Controlling your personal information

Notts SVSS operates a confidential service. We only break confidentiality under exceptional circumstances – these would include a risk of harm to yourself or others, child protection/safeguarding matters, prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism or a Court Order.


Email Newsletter

If you choose to join our email newsletter, the email address that you submit to us will be forwarded to our MailChimp account. We consider MailChimp to be a third party data processor. Your email address will remain within MailChimp’s database for as long as we continue to use this service for our newsletter or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by emailing us directly at admin@nottssvss.org.uk. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.


Data Rights – How to update or access your personal information

Under the GDPR (the EU General Data Protection Regulation), you have a number of specific rights with regards to your personal information:

  1. Right of access – if you want to know if we are storing or processing any personal data about you, you can contact us to find out.
  2. Right to correction – if you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any information found to be incorrect.
  3. Right to erasure – if you want to remove your personal data from our records, you can request this by contacting us. We will remove the data as far as it is practically within our power, and where we are not legally obliged to retain it.
  4. Right to object – if you no longer want us to process your data you can request this by contacting us.
  5. Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  6. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  7. Right of portability – you have the right to have the data we hold about you transferred to another organisation.

You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk.


To update any details or request a copy of your personal information we hold

You can contact us by:

Writing:                Notts SVSS, 30 Chaucer Street, Nottingham, NG1 5LP

Email:                    admin@nottssvss.org.uk

Tel:                         0115 9470064


Changes to our Privacy Policy

Our Privacy Policy is reviewed regularly to ensure that it reflects how we use your information. Any changes will be notified to you by updating this policy so please check this Policy to see if any changes have been made that are important to you.


Making a complaint about our Privacy Policy

In the event that you wish to make a complaint about how your personal information is being processed by Notts SVSS, you can contact the Data Protection Manager using the contact details above. If you are not satisfied with how your complaint has been, or is being, handled, you have the right to lodge a complaint directly with the Information Commissioners Office who is the identified supervisory body: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF [Tel: 0330 8303 0338 and Website: www.ico.org.uk].

We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.  Our ICO registration number is ZA018306.