Privacy Policy

Last Updated: 8th January 2024

At Fresh Futures we are committed to protecting the privacy and security of our service users and site visitors. The team here at the Fresh Futures fully understand the importance of keeping your data secure and private.

This privacy notice therefore aims to be completely transparent about how we handle and use your personal data. We’ve tried to keep this policy as jargon free as possible, but if you are unsure of any terminology or have any questions or suggestions, please contact our Data Protection Officer using the contact details below.

“Fresh Futures” (referred to in this policy as “we”, “us” or “our) is a trading name of:
Fresh Futures (NCC)
Brian Jackson House
New North Parade
Huddersfield
HD1 5JP

Registered Charity Number: 288125
Company number: 1763241
ICO Registration Number: Z5459259

We have appointed a Data Protection Officer, who can be contacted in the following ways should you have any questions, complaints or feedback about your privacy:

Data Protection Officer

FAO Shaista Ahmed and Bruce & Butler Limited
Fresh Futures
Brian Jackson House
New North Parade
Huddersfield
HD1 5JP

Email: [email protected]

Tel: 01484 519988

We collect your personal data in the following ways:

Data you give to us:

Self-referral form; and
Participation entry form; and
Newsletter subscription

Data we collect when you use our services:

Service assessment information;
Service user progress information;
Service user exit forms;
Surveys;
CCTV;
Attendance sheets;
Photographs;
Schedules of work;
Invoices (room bookings);
Card payments; and
Accident/Incident records.

Data we are provided with:

Referrals from a variety of organisations for current and potential service users such as, but not limited to:

Police;
Individuals;
NHS; and
Local Authorities.

We will collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity data – Title, name, date of birth, gender, national insurance number, reference number, criminal conviction data, image data, registration number.
Contact data – Current address, email address, telephone number(s).
Emergency contact data – Title, name, relationship to service user, current address, telephone number(s).
Transaction data – Details of the services you are paying for, including date and time of paying in relation to that transaction. We also process your card number, expiry date and CVV number.
Technical Data – Visual footage collected via CCTV.

We collect special categories of personal data about you, and these will be processed under our
requirement for the management of health or social care systems. This includes details about race
or ethnicity, religious or philosophical beliefs, sex life, sexual orientation and information about
your health.

We also collect information relating to criminal convictions that are currently being served or are
outstanding and we have official authority to do this.

We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal data which we collect from you, how we use it, and the legal ground on which we rely when we use the
personal data.

To maximise the protection of your identity, for certain processing activities, Fresh Futures will
pseudonymise your personal information. Pseudonymisation is a technique to remove information that directly identifies an individual and replaces it with a reference point i.e., replacing a service
user’s name with an identification number.

In some circumstances we can use your personal data if it is in our legitimate interest to do so,
provided that we have told you what that legitimate interest is. A legitimate interest is when we
have a business or commercial reason to use your information which, when balanced against
your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the
table below. We will not use your personal data for activities where our interests are overridden by
the impact on you (unless we have your consent or are otherwise required or permitted to by law).

What We Use Your Personal Information For	What Personal Information We Collect	Our Legal Grounds For Processing	Our Legitimate Interests (If Applicable)
Newsletter subscriptions	Identity data & Contact data	Consent	N/A
Administering cookies onto the website user’s device	Technical Data	Consent	N/A
To sign you up to use our service	Identity data, Contact data & Professional data	Performance of a contract with you & Legal obligation	N/A
Service assessments	Identity data, Contact data, Professional data, Emergency contact data, Special category & personal data	Performance of a contract with you	N/A
Recording your progression	Identity data	Performance of a contract with you	N/A
Termination of our services	Identity data	Performance of a contract with you	N/A
Surveys	Identity data & Contact data	Legitimate interests	To help improve our service.
CCTV	Identity Data	Legitimate interests	To ensure the safety and security of assets, employees and service users
Attendance sheet	Identity data & Contact data	Legal obligation	N/A
Photographs	Identity Data	Legitimate interest	To show the work of our services in our marketing pieces for the website, magazines and articles.
Publication of case studies through social media, online, leaflets and the press	Identity data & Special category data	Legitimate interests	To offer a first-hand insight into the benefits of services that Fresh Futures has to offer
Mobile application (pseudonymised)	Identity data	Legitimate interest	To improve the current service and help ensure we meet our safeguarding requirements
Video calling	Identity data & Contact data	Performance of a contract with you	N/A
Schedules of work	Identity data, Contact data & Professional data	Performance of a contract with you	N/A
Invoices (room bookings)	Identity data, Contact data	Performance of a contract with you & Legal obligation	N/A
Card payments	Identity data & Transaction data	Performance of a contract with you	N/A
Accident/Incident records	Identity data & Contact data	Legal obligation	N/A
Referrals from various organisations for current and potential service users	Identity data & Contact data	Legal obligation	N/A

In order to provide you with our services and meet our legal obligations, we only share your data
with third parties, in the following circumstances:

To fulfil a service;
To authorise debit/credit card payments;
To improve our services;
To meet legal obligations, for example, for the purposes of national security, taxation and
criminal investigations; and
If the Fresh Futures are acquired by a third party, personal data held by it,
about its service users, will be one of the transferred assets.

If you use our Befriending Service, we may share your information with Age UK and Royal
Voluntary Service (RVS). This is to ensure that we can fulfil the demand for the service within the befriending partnership. If your data is shared with Age UK or RVS and you would like to know more about how they process your personal information, please visit their website to access their privacy notice.

We’ll never make your personal data available to anyone outside the Fresh Futures group for them to use for their own marketing purposes without your prior consent.

The EEA is the European Economic Area, which consists of the EU Members States, Iceland,
Liechtenstein and Norway. If we transfer your personal data outside the EEA, we have to tell you.

Limited personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal information will only be transferred on one of the following bases:

The country that we send the data is approved by the Information Commissioners Office as providing an adequate level of protection for personal data; or
The recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal data; or
The recipient has agreed Binding Corporate Rules (BCR’s) approved by the European Commission, obliging the recipient to safeguard personal data; or

Purpose of Processing	3rd Party	Location	Safeguard
To process card payments	Stripe	USA	Standard Contractual Clauses

To find out more about how your personal information is protected when it is transferred outside
the EEA, please contact our Data Protection Officer using the details above. Before sharing any
information with a third party, we will ensure that there is a data processing agreement in place
requiring that the third party protects personal data according to the UK General Data Protection
Regulation (UK GDPR).

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take
into consideration:

Any statutory or legal obligations;
The requirements of the business;
The purposes for which we originally collected the personal data;
The lawful grounds on which we based our processing;
The types of personal data we have collected;
The amount and categories of your personal data; and
Whether the purpose of the processing could reasonably be fulfilled by other means.

After such time, we will securely delete or destroy your personal data. In most instances the personal data processed by us this will be securely destroyed 6 years from when you cease to be a service user.

For email newsletters, we will retain email addresses for 2 years. After that, we will seek to reobtain consent from individuals that have been inactive. If they do not re-consent, they will be securely deleted from the marketing database.

Right to be Informed

We will always be transparent in the way we use your personal data. You will be fully informed about the processing through relevant privacy notices.

Right to Access

You have a right to request access to the personal data that we hold about you and this should be provided to you, under the UK GDPR and the Data Protection Act 2018, within 1 month. If you would like to request a copy of your personal data, please contact us using the details at the top of this policy.

Right to rectification

We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.

Right to erasure

You have the right to have your data ‘erased’ in the following situations:

Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed.
When you withdraw consent.
When you object to the processing and there is no overriding legitimate interest for continuing the processing.
When the personal data was unlawfully processed.
When the personal data has to be erased in order to comply with a legal obligation.

If you would like to request erasure of your personal data, please contact us using the details at the top of this policy. Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data, it may not be erased.

Right to restrict processing

You have the right to restrict processing in certain situations such as:

Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
When processing is unlawful, and you oppose erasure and request restriction instead.
Where we no longer need the personal data, but you require the data to establish, exercise or defend a legal claim.

Right to data portability

You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact us. This only applies:

To personal data that you have provided to us;
Where the processing is based on your consent or for the performance of a contract; and
When processing is carried out by automated means.

Right to object

You have the right to object to the Fresh Futures processing your data in these circumstances:

Where the processing is for direct marketing. Remember you can opt out of email communication at any time via the unsubscribe feature on our emails;
Where the processing is based on legitimate interests; or
Where the processing is for purposes of scientific/historical research and statistics

Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Officer (details can be found at the top of this policy).

You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.