VISS Sign Language Interpreting Service (Shropshire) Ltd Privacy Policy
VISS Sign Language Interpreting Service (Shropshire) Ltd was founded in 2006 as an independent service initially being a part of Shropshire Disability Consortium since 1994 and is not-for-profit business Registered in England and Wales under company number 05663145.
VISS specialises in supplying Communication Professionals registered with the National Registers of Communication Professionals working with Deaf and Deafblind People (NRCPD) in a range of private, public and voluntary settings. The company has its registered office address at The Lantern, Meadow farm Drive, Shrewsbury SY1 4NG.
GDPR principles
The following principles are complied with when processing personal data:
Data is processed fairly and lawfully
Data is processed only for specified and lawful purposes
Processed data is adequate, relevant and not excessive
Processed data is accurate and, where necessary, kept up to date
Data is not kept longer than necessary
Data is processed in accordance with an individual’s consent and rights
Data is kept secure
Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection
Lawful basis of processing data
The lawful basis of processing data will always be determined prior to any data being processed. The laws for processing personal data under the GDPR are as follows:
Consent – the individual has given their Consent to the processing of their personal data
Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for VISS to take pre-contractual steps at the request of the individual
Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which VISS is subject
Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of VISS or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights
Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority
Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual
VISS processes personal data under one, or more, of the following Lawful Bases:
Consent
Contractual
Legal Obligation
Legitimate Interest
Type of personal data being processed may include:
Name
Address
Email Address
Job Title
Telephone Number
Business Name
Demographic information such as address and postcode
How personal data is collected
Personal data is obtained from one or more of the following:
Appointment letters
Service providers requesting communication services
Individuals giving VISS their personal data
Why personal data is collected
Personal data is collected to provide legitimate business services which include:
For us to review and reply to your enquiry
To provide an opinion for a service you have requested
To meet our statutory monitoring and reporting responsibilities
To handle and communicate bookings, billings and payment, delivery of services
To improve VISS’s services
Where indicated, however, some of the information is optional and you can choose not to complete.
How personal data is used
Personal data may be used to:
Process bookings, process a request for further information, to maintain records
Pass to freelance Communication Professionals/service providers/service users to supply and receive communication services
Carry out our obligations arising from any contracts entered into by you and us
Comply with legal requirements
Seek your views or comments on the services we provide
Notify you of changes to our services/bookings
Send you communications which you have requested and that may be of interest to you. These may include information about service updates, events etc.
Process a job applications
Where personal data is stored
Information collected is stored on the Company’s database which is secure and password, protected physical data is contained within secure and locked cabinets.
How long personal data is stored
We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Sensitive Personal Data
Certain kinds of personal data are categorised as sensitive. This means we have extra obligations on how we process this data. Data will fall under this category if the content is regarding: Race; ethnicity; physical or mental health; religious beliefs; and/or criminal offences. VISS will only ask for this when necessary.
We collect sensitive data in the following scenarios:
DBS contains information on criminal convictions. This is viewed once and not stored.
Health related data. This is used solely for the purpose of processing appointments and booking Communication Professionals.
By providing any sensitive personal data, you explicitly agree that we may collect it and use it to provide services to you.
Who has access to personal data
Only VISS employees are granted access to customer/client information on a need to know basis only, security is ensured by the use of strict operational processes and procedures…..
Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the VISS security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer/client/freelance information is protected.
All IT systems are kept in a secure environment with appropriate access control.
Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Third-party service providers working on our behalf:
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our
behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure.
Third-party service providers we work in association with:
We work with various third-party service providers to bring a range of quality and reliable services. When receiving enquires about one or more of these services, the relevant third-party provider may use your details to provide you with information and carry out their obligations. In some cases, they will be acting as a data controller of your information and, therefore, we advise you to read their Privacy Policy. These third-party service providers may share your information with us which we will use in accordance with this Privacy Policy.
We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Individuals’ rights
Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:
The right to be informed how personal data is processed
The right of access to their personal data
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting . You can request that your data is updated and/or deleted at any time, unless VISS can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.
Links to other websites/from other websites
VISS’s website may contain links to other websites run by other organisations. VISS’s Privacy Policy only applies to VISS’s website and you are encouraged to read the Privacy Statements on the third party websites that you visit such as Google. VISS is not responsible for the Privacy Policies and practices of other websites even if they were accessed via the VISS website. Equally, if you link to VISS’s website from a third-party site, VISS is not responsible for the Privacy Policies and practices of that third-party site.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Review of this Policy
This Policy is regularly reviewed. It was last updated 20 May 2018.