Jewish Blind & Disabled (JBD) is a company registered in England and Wales (number 00959535) and registered with the Charity Commission (number 259480). Our registered address is 35 Langstone Way, Mill Hill East, London, NW7 1GT.
References in this Privacy Notice to ‘JBD’, ‘we’, ‘us’ or ‘our’ mean ‘Jewish Blind & Disabled’.
JBD transforms the lives of Jewish adults, aged 18 upwards, who have a physical disability and/ or vision impairment through independent living and support. This is provided through our specially adapted mobility apartments located in one of our unique, supportive developments or within their own home.
Detailed information about our company and our services can be found on our website.
JBD is a ‘data controller’ for the purposes of the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (‘UK GDPR’): we are registered with the Information Commissioner’s Office (ICO), registration number ZA567644.
Our Data Protection Officer (DPO) can be contacted via: firstname.lastname@example.org
We are committed to respecting and protecting your privacy. Please read this Privacy Notice carefully to understand our practices regarding the processing of your personal data.
In this Privacy Notice, the term “personal data”, means information relating to you that allows us to identify you either directly, or in combination with other information we hold.
When you contact us by email, telephone or via our website, we may collect your personal data including your name, address, telephone number and date of birth (where relevant).
Special Categories of Personal Data
The UK GDPR defines special categories of personal data as information about a person’s race and ethnicity, religious or philosophical beliefs, trade union memberships, political opinions, genetic data, biometric and health data, and information concerning a natural person’s sex life or sexual orientation.
Criminal Offence data
Criminal offence data is data relating to criminal convictions and allegations of criminal activity. This includes information disclosed by the Disclosure and Barring Service (DBS) under the Government’s employment vetting scheme.
The following sections will answer any questions you have but if not, please contact us using any of the methods shown in the section below entitled “How Do I contact you?”.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is processed by us:
We rely on the following conditions (as appropriate) under Article 9 of the UK GDPR to process special categories of personal data:
We aim to collect the least amount of special category data as possible for our processing purposes.
The processing of special category data is covered by relevant policies and procedures and all processing activities involving the processing of special categories of personal are listed in our ‘Record of Processing Activity’.
Further legal controls are applied to the processing of criminal offence data. Such data is processed under the substantial public interest conditions listed in Schedule 1, DPA 2018.
The law requires us to:
We collect your information when you complete our forms, email us, or contact us via our website or social media. This includes information provided by you at the time of registering with us to become a member of staff, entering into a contract for our services, supporting or subscribing to our services, requesting materials or to request further services, responding to a survey or visit our website, and/or when you report a problem with any of our communication channels or services.
We may collect personal information from you in the following ways:
The information we may collect in relation to the foregoing includes but is not limited to:
We also collect any other information that you provide to us when you submit an application for tenancy, such as health information including details of disability and Safeguarding necessities or other circumstantial details.
We collect personal data in order to manage our functions across our many activities and locations including, but limited to, the following:
Examples of when we will collect your personal data include, but are not limited to:
We will only use your personal data for the purpose it was collected. The data we collect could be in an electronic or paper format. If we believe your data is no longer needed for this purpose, we will not process your data any further.
When we interact with you, we may also collect notes from our conversations with you, and the details of any complaints or comments you make.
We may also collect your social media username if you interact with us through those channels so that we can respond to your comments or questions and provide feedback. Data privacy laws allow this as part of our legitimate interest in understanding our audience.
We may send you relevant and personalised communications by post. We will do this on the basis of our legitimate interest but only after certain risk assessments have been undertaken. You are free to opt out of hearing from us by any channels at any time.
We collect personal data on our employees as part of the administration, management, and promotion of our business activities.
Where an individual is applying to work for us, personal data is collected through the application process. Data is often collected through the application form or CV that is submitted to us.
There are several purposes that personal data for applicants are collected.
Personal data collected from applicants is held only for as long as necessary to fulfil the purpose for which it was collected, or for a maximum of two years thereafter where the purpose has been fulfilled and retention is no longer necessary.
Our staff handbook further explains how we process the personal data we collect from our staff and partners.
To comply with Covid-19 regulations, staff may be asked for their vaccination / testing status.
Sometimes we are required to inform you about certain changes. These service messages will not include any fundraising or marketing content and do not require prior consent when sent by email. This ensures that we are compliant with our legal obligations.
We may use your data to send you a survey and feedback requests to help improve the way we communicate. These messages will not include any fundraising requests or marketing and they do not require prior consent when sent by email. It is in our legitimate interest to send these messages as doing so this helps to improve our services and make them more relevant to you. Of course, you are free to opt out of receiving any of these communications at any time.
Surveys help us to improve our services and make them more relevant to you. They are sent using the lawful basis of legitimate interest and you can opt out of receiving survey requests if you do not wish to participate.
Service messages or messages relating to you will not include any marketing or fundraising requests. You do not have to respond to either form of contact.
When you visit our website, we may collect your IP Address, page visited, web browser, any search criteria entered, previous web page visited and other technical information. This information is used solely for web server monitoring and to deliver the best visitor experience.
If, at any time, you do not wish to receive further information about us or our services, contact us at: email@example.com
Our website may also contain links to other websites of interest. Any third-party websites are not covered by this Privacy Notice, and we encourage our users to refer to the privacy policies on the third-party website.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we must comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for social care, education, or professional development. It also includes sharing your personal information with Ashton Maund Associates Limited (trading as Capacity Marketing for Charities) for the purposes of offering you a free will writing service.
As a registered charity, Jewish Blind & Disabled undertakes in-house research and from time to time we engage specialist agencies, such as Prospecting for Gold, to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as LinkedIn, political and property registers, and news archives.
We may also carry out wealth screening to fast track the research using our trusted third-party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations.
This research helps us to understand more about you as an individual so we can focus the conversations we have with you about your support to Jewish Blind & Disabled and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you. If you would prefer us not to use your data in this way, please email us at: firstname.lastname@example.org
We retain your personal data in a live environment for as long as necessary to fulfil the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 7+ years).
We may keep your data for longer to establish, exercise, or defend our legal rights and yours. Where there is a need, personal data is securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
We are required to keep details of financial transactions, including donations, for seven years to meet accountancy and HMRC requirements. We will anonymise or delete personal data if, after a period of seven years, we have not had any contact or communication from you (this will be measured on a rolling seven-year period).
We maintain a data retention criterion to help implement this. This takes account of our legal and accounting obligations, balancing this with what would be considered reasonable.
We may anonymise your personal data (so that you can no longer be identified) for research and analysis purposes in which case we may use this information indefinitely without further notice to you.
We take the privacy and security of your personal data very seriously. Accordingly, in accordance with the Data Protection Act 2018 and UK GDPR, we have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
These measures include having clear internal policies and procedures and maintaining the physical security to our premises and IT security technologies to prevent the unauthorised access, damage, and loss of your data.
Additionally, we put in place appropriate security procedures and access controls to ensure the confidentiality of the special categories of personal data that we process. For instance, information relating to the religious beliefs of our staff & tenants.
It should be noted that the transmission of information via the Internet is not completely secure, and while we will do our best to protect your personal data, we cannot guarantee the security of any personal data transmitted to our site; any such transmission is at your own risk.
The data we collect from you is processed on our servers located in the UK. We will ensure that your personal data is provided with adequate protection if it becomes necessary to transfer your personal data to a country that has not been granted a finding of adequacy by the European Commission (EC).
Transfers of personal data outside of the European Economic Area (EEA), to a country that has not been granted a finding of adequacy by the EC, will be carried out using ‘appropriate safeguards’ i.e. Binding Corporate Rules (BCR), Standard Contract Clauses (SCC) (also known as Model Contract Clauses) or in accordance with any approved Codes of Conduct. Alternatively, we will seek your consent (where appropriate), on a case-by -case basis.
We support your data subject rights in relation to the processing of your information under the Data Protection Act 2018 and the UK GDPR, including your:
You can exercise any of these rights, including your right to request a copy of the information we hold about you (otherwise referred to as a Subject Access request (SAR)), by contacting us using any of the methods shown in the ‘How do I contact you?’ section (see below).
We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
To protect the confidentiality of your information, and in our interests, may sometimes ask you to verify your identity before proceeding with any request for information. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.
You may choose to correct, update, or delete your personal data by contacting us at any time using any of the methods shown in the ‘How do I contact you?’ section (see below).
If you have opted-in to receiving communications form us, your preferences will remain in effect until you tell us that you want to opt-out of receiving any further communications.
You can change your mind at any time by contacting using any of the methods shown below in the ‘How do I contact you?’ section.
Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us using any of the methods shown in the ‘How do I contact you?’ section (see below).
We hope you’ll never have the need to do so, but if you do want to complain about our use of your personal data, or our facilitation of your data subject rights requests, you can contact us using any of the methods shown in the ‘How do I contact you?’ section (see below).
Our Data Protection Officer will investigate your complaint and provide you with an appropriate response as quickly as possible.
You can lodge a complaint with the Information Commissioner at any time. For instance, if you are unhappy with the way in which we are processing your information, or we have failed to facilitate your data subject rights.
The Information Commissioner can be contacted as follows:
Information Commissioner’s Office
By phone: 0844 496 4636 (local rate)
Further information about your data subject rights and how to complain to the ICO can be found here: ICO Make a Complaint
You may contact us using any of the following methods:
By post: Data Protection Officer
Jewish Blind & Disabled
35 Langstone Way
Mill Hill East
By phone: 0208 3716611
By email: email@example.com
We continuously review the content of our Privacy Notice to ensure it accurately reflects what we do with your information.
This Privacy Notice was last updated in August 2022.