Privacy policy.

How We Handle Your Information

At The Love Tank CIC, we are committed to protecting your privacy and ensuring that your personal data is handled securely. We comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). Below, we outline how we collect, use, and safeguard the information you share with us, ensuring transparency and trust in our interactions.

 

What Personal Information We Collect and What We Do With It

We collect personal information to provide the services you request or are referred to, as well as to carry out research that helps us to improve our programmes and understand the needs of our communities.

Due to the nature of our work, some of the information we collect may be considered 'special category data' under data protection laws. This could include information related to your sexual, physical, or mental health, your sexual orientation, your ethnic background, or any criminal history. We only ever collect this information when it is directly relevant to the service or research you are participating in, or when we are legally required to do so.

For any involvement in research, participants will be provided with an information sheet and a consent form, which clearly outlines the details of the research and how their data will be used. These documents must be signed prior to participation to ensure informed consent.

We ask for this information to:

  • Provide you with the services you need.

  • Conduct research through focus groups, surveys, and other methods, which always follows both ethical research standards and data protection regulations (GDPR and DPA).

  • Meet our legal obligations in terms of safeguarding, health and safety, or mandatory reporting.

We only ever collect the data we need and will not ask for unnecessary information. Furthermore, we do not share your personal information unless you have asked us to, or when we are legally required to do so. This includes limiting access within The Love Tank, ensuring that only those who absolutely need to use your data have access to it.

 

Data Protection and Security

We take the security of your personal data very seriously. We have implemented various measures to ensure that your information, including data collected through research activities, is protected:

  • Technical safeguards: We use secure storage systems, encryption, and firewalls to protect against unauthorised access, including for any research data stored electronically.

  • Physical safeguards: We store paper records, including consent forms and research data, in secure locations with restricted access to authorised personnel only.

  • Organisational measures: All staff and volunteers involved in data handling, including research activities, receive regular training on data protection, research ethics, and data handling procedures.

We regularly review our data protection policies and conduct audits to ensure compliance with GDPR, DPA, and research standards.

 

How Long We Keep Your Information

We retain personal data, including research data, only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal and contractual obligations. The retention periods may vary based on the type of data.

For client records, we retain data for six years after an individual has ceased using our services. This duration aligns with our operational needs and legal requirements, allowing us to access historical information for any follow-up or compliance purposes.

Similarly, staff and volunteer records are kept for six years following the end of their engagement with The Love Tank. This retention period supports our human resources processes, including the management of pensions, insurance, and job references, which may be necessary long after a staff member or volunteer has left the organisation.

Application forms submitted by candidates are retained for six months after the closure of the vacancy. This period allows us to reconsider applicants for other potential roles and address any queries related to the recruitment process.

Research data is handled with particular care, retaining it for the duration of the research project and a limited period afterward. This period is determined by ethical research guidelines and specific consent agreements made with the participants (i.e. a consent form).

Once these periods have elapsed, we take steps to securely delete or anonymise personal data, thereby ensuring that privacy is maintained while allowing for statistical analysis and historical referencing where applicable. Our approach to data retention is designed to balance the need to retain information for operational and compliance purposes with our commitment to protect individuals' privacy rights.

 

Sharing Your Information

We will not share your personal data with any third parties without your consent, except when required by law or necessary for service delivery. For example:

  • Service providers: We may share your data with third parties like IT service providers who support our operations, always under strict confidentiality agreements.

  • Legal requirements: In cases of safeguarding, child protection, or when legally required, we may share your data with relevant authorities.

  • Research partnerships: If your data is collected as part of a joint research project with a third party, we may share it with the designated research partner. In such cases, you will be fully informed of who the data ‘controller’ is, who the data ‘processor’ is and how your data will be used. We will always ensure that any data sharing arrangements comply with GDPR and DPA, and that your data is handled with the utmost care and transparency.

We ensure that any third parties we work with, whether for service provision or research purposes, adhere to the same strict data protection standards and respect the privacy of your information.

 

Your Rights

You have certain rights regarding the personal data we hold about you:

  • Right to access: You can request a copy of the information we hold about you.

  • Right to rectification: You can ask us to correct any inaccurate or incomplete data.

  • Right to erasure: You can request the deletion of your personal data under certain circumstances.

  • Right to restrict processing: You can ask us to limit how we use your data.

  • Right to data portability: You can request that we transfer your data to another organisation.

  • Right to object: You can object to certain types of processing, such as for marketing.

 

Data Breaches

In the unlikely event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected individuals if there is a high risk to their rights and freedoms. We will take immediate steps to rectify any security issues and prevent further breaches​.

 

Cookies and Website Tracking

We use cookies on our website to enhance user experience and track site performance. You can manage your cookie preferences through your browser settings. Some third-party services, such as Google Analytics, may also collect data to help us monitor and improve our website.

How to Contact Us

For any questions about this privacy policy or how your data is handled, please contact:

The Love Tank CIC
244-254 Cambridge Heath Road
London, E2 9DA
Email: hello@thelovetank.info

You can also raise concerns with the Information Commissioner’s Office (ICO) via www.ico.org.uk.