This Privacy Notice describes Auriga’s policies and practices regarding its collection and use of your personal data and sets out your privacy rights.
Auriga Services Ltd was formed in 2004 as a not-for-profit trading subsidiary of Severn Trent Trust Fund (established in 1997). We manage the funds and assistance schemes of NHS, Local Authorities, other small organisations and charities and assess applications for financial assistance from those schemes, social tariffs as well as providing welfare and debt advice.
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously.
We recognize that information privacy is an ongoing responsibility and so from time to time we will update this Privacy Notice to reflect the latest view of what we do with your information as we undertake new personal data practices or adopt new privacy policies. You should therefore check our Site frequently to see if any changes have been made by the date it was last updated.
We may change this document to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated.
This Notice covers how we collect and use your personal information e.g.
Refer to the sections below for more details on how and why we use your personal information:
References to Auriga in this policy are to Auriga Services Limited which is a non-profit making company limited by guarantee. Registered in England No. 05093179 at Emmanuel Court, 12-14 Mill Street, Sutton Coldfield, West Midlands, B72 1TJ
Depending on who you are (e.g. customer, client, supplier, employee, etc.) and how you interact with us (e.g. online, offline, over the phone, etc.) we may process different data about you. For example, we may collect your data, when you are employed by us; use our services, our website and social media channels; when you subscribe to our newsletter; contact us with an enquiry or otherwise interact with us.
Below you will find an overview of the categories of data we may collect, store and use:
|Categories of data||Examples of types of data|
|Personal identification information||Name, surname, title, date of birth, National Insurance number|
|Contact information||Address, email, phone number|
|Images from which you may be identified||Photograph|
|Financial information||Bank details, benefits, debts|
|Health information||Doctors/hospital, occupational therapy assessment|
|Qualifications||Education and professional qualification|
|Any other information you have voluntarily shared with us||CV, feedback, opinions|
If, as a customer or client, you are referred to Auriga for assessment for assistance or welfare or debt advice, personal information that the referrer legitimately holds about you may be shared with us to enable that assessment or provision of advice to take place. Additionally, personal information that hospitals, doctors and other agencies hold may be shared with us for that same purpose.
When you visit or use our website, subscribe to our newsletter or otherwise interact with us through our digital channels, in addition to the information you provide to us directly, we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:
|Categories of data||Examples of types of data|
|Device information||IP address, operating system version|
|Log information||Time and duration of your use of our digital channel|
|Other information about your use of our digital channels||Length of visit, number of page views|
To the extent permitted by applicable law, in addition to our website and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties that have obtained your permission to share your information. For example, depending on your social media settings, if you choose to connect your social media ours, certain data from your social media account will be shared with us, which may include data that is part of your profile.
We may use your data for different legitimate reasons and business purposes. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
Below you will find an overview of the purposes for which we may process your data:
|Eligibility assessment||Assessment of individuals for eligibility to receive assistance from Trust Funds and Charities|
|Provision of advice||Debt advice|
|Providing requested communications||Emailing our newsletter to you, sending you a copy of our help booklet or responding to your queries and complaints|
|Recruitment||Reviewing applications, CVs shortlisting, interviews and offers of employment.|
|Employment||Employment contract, salary, pension, tax, leave, sickness, performance|
|Administration of the business||Send statements and invoices to you, and collect payments from you, make payments to you|
|Security and protection of our interests/assets||Deploying and maintaining technical and organizational security measures, conducting internal audits and investigations|
|Compliance with legal obligations||Disclosing data to government organisations or supervisory authorities as applicable, such as tax and national insurance deductions, record-keeping and reporting obligations, and other requests from government or other public authorities, responding to legal process, pursuing legal rights and remedies, and managing any internal complaints or claims|
|Defence of legal claims||Establishment, exercise or defence of legal claims to which we are or may be subject|
In order to be able to process your data, we may rely on different legal bases, including:
We do not share any of your data except in the limited cases described here.
If it is necessary for the fulfilment of the purposes described in this Policy, we may disclose your data to the following entities:
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). Some countries outside the EEA are recognized by the European Commission as providing an adequate level of protection. If we transfer your information to other countries that are not are recognized by the European Commission as providing an adequate level of protection, we will put in place adequate organisational and legal measures to protect your data.
To protect your information, we will take appropriate measures that are consistent with applicable data protection and data security laws and regulations, including requiring our service providers to use appropriate measures to protect the confidentiality and security of your data. Depending on the ‘state of the art’, the costs of implementation and the nature of the information to be protected, we put in place technical and organizational measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. We use Transport Layer Security (TLS) to encrypt and protect email traffic however, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We keep your data for the period necessary to fulfil the purposes for which it has been collected (for details on these purposes, see above section “How do we use your data?”), and in accordance with our Retention Policy. Please keep in mind that in certain cases a longer retention period may be required or permitted by law. The criteria used to determine our retention periods include:
We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the data you provide to us, is accurate, complete and up-to-date. Please let us know if the personal information which we hold about you needs to be corrected or updated.
If you share with other people’s information with us, it is your responsibility to collect such data in compliance with data protection and privacy legislation. For instance, you should inform such other people, whose data you provide to us, about the content of this Notice and obtain their consent.
Under the Data Protection Act 1998, and the GDPR from 25th May 2018, you have rights as an individual which you can exercise in relation to the information we hold about you. A good explanation of them is available on the website of the Information Commissioner’s Office.
If you wish to confirm that Auriga is processing your personal data or receive a copy of the personal data that Auriga may have about you, please contact us at firstname.lastname@example.org. You may also ask us how long your information will be stored and ask us any other questions related to the protection of your information that we process.
You have a right to:
For all of the above, please email email@example.com.
You also have the right to lodge a complaint with the ICO if you have concerns about how Auriga processes your information.
If you wish to make a complaint about how we use your information, please contact us at firstname.lastname@example.org and we will do our best to resolve your complaint. If you are still unhappy, you can contact the Information Commissioner’s Office via their website.
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites, however below are links to the Privacy Statements of the social media channels we use which are linked from our website:
This privacy notice was last updated on 17 May 2018.