Your privacy is important to us. It is No Limits’ policy to respect your privacy regarding any information we may collect from you across our domain, https://nolimitshelp.org.uk/, and other domains we own and operate.
We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.
We retain collected information for as long as necessary to provide you with your requested service. The data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
We don’t share any personally identifying information publicly or with third parties, except when required to by law.
The personal data we collect falls into 5 main categories:
- Data belonging to the young people who are our service users.
- Data belonging to other members of the public, requested in connection with providing support to our service users. This might be a parent/carer, a person acting as an emergency contact, or a person delegated by the young person to receive messages about the service we are providing.
- Data belonging to members of the public who have donated to No Limits, or who engage in fundraising activities on No Limits’ behalf.
- Data such as IP address and browser, used by visitors to the No Limits website or other websites we own and operate.
- Data belonging to members of the public using webforms on our website, to make enquiries or referrals.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites and cannot accept responsibility or liability for their respective privacy policies.
Your continued use of our website (as a visitor to the website, or as a user of a webform to submit an enquiry or referral) will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.
You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with the response you have requested.
To give you information that is clearer and more transparent, about how we process your personal data, we have divided our Privacy Notice into different sections. Within these sections, we describe what personal data we collect, how we use it and what your rights are.
This policy was last updated in October 2021 and replaces all previous versions.
We will regularly review and update this document. Changes will be notified either via email or through an announcement on our website.
No Limits uses any one of the following lawful bases for processing your personal information:
- You have consented to us processing your data
- There is a contractual relationship with you
- We are legally obliged to process your data
- We believe it’s in the legitimate interest, either of you as the data subject, or of us as the Charity, to process your data. Legitimate interest can be used where there is a reasonable purpose to process an individual’s data. For more information on legitimate interest, please see the ICO’s website or contact us.
- We believe it is in the public interest to process your data and this interest is supported by clear law eg safeguarding, equality.
It’s important that the personal information No Limits obtains is held, used, transferred and otherwise processed in accordance with the legislation.
The law sets out a couple of additional grounds over and above those listed above, but No Limits is only using these grounds. In the future, if the grounds for processing change, this notice will be updated to reflect the change. For more information about how the policy is changed please contact us.
No Limits gets its authority to process your personal information from the legal requirements set out in the following legislation (laws):
- Data Protection Act 2018 (incorporating the UK General Data Protection Regulation)
- Privacy and Electronic Communications Regulations.
Your personal information is processed and stored in accordance with the legal requirements in the corresponding laws. These legal requirements apply, regardless of which of the groups set out on page 1 you belong to.
Personal information is information that can be used to identify you. You can find examples of personal information in the four categories below.
Category 1: identification information
- date of birth
- email address
- landline number
- mobile number
- fax number
- postal address
Category 2: personal life information
- family and friend connections, such as parents and siblings
- job role
- type of organisation you work at
- activities of the charity that you may be interested in
No Limits doesn’t usually collect this type of information unless there’s a clear reason for doing so. An example of necessary information collection is when you are receiving a specific service from us and we need the information to ensure that we provide you with the appropriate support.
Category 3: special category (or sensitive information)
Information in this category is more sensitive than in the categories above and includes:
- health and medical information
- criminal convictions
- diversity monitoring information
No Limits may need to obtain this information from you in order to provide you with the service you have requested.
We will make it clear when and why we are collecting this information.
We collect information about you in the following ways:
- when you voluntarily give No Limits your personal information
- when you receive support from us
- when you refer yourself to us through our website
- when a relative provides your name and contact details as an emergency contact
- when you complete a satisfaction survey
- when you engage with a service we offer, either directly with No Limits, or through a third party we are working in partnership with to provide a service
We also collect some information about you in these circumstances:
- when you, or someone on your behalf, makes a donation to us
- when you engage in our social media or digital advertising
- when you subscribe to our charity publications or email newsletters
- when you read or download information from our website (this would be such information as IP address or operating system, rather than personal identifying information)
Where an event is organised by the Charity, we will ask you for consent to use any photographs taken where you are the focus of the image. Permission will be requested either prior to, during, or after the event.
Where the photograph does not focus on you as an individual, eg where you appear in the background of the photograph or as one of a number of people in a group shot, it is not normally necessary for us to ask your permission. We will ensure the terms and conditions of the event tell you if there will be photographers present.
If you do not want your photograph taken, please either tell the photographer at the time, if it is convenient to do so, or contact the Charity after the event. You can change your mind at any time, and we will refresh your consent on a regular basis.
Where the event is organised by a third party, we will use photography from the event under our legitimate interests. We will be clear in our terms and conditions of entry if this is the case. If you do not want your photograph taken, please either tell the photographer at the time, if it is convenient to do so, or contact the Charity after the event.
At some events there may be photographers present who represent the media or the event organiser and for whom the Charity is not responsible. Please review the terms and conditions issued by the event organiser for more information and inform the event organiser of your preferences and wishes in respect of photography taken.
Under the lawful basis of legal obligation for processing, we collect and use your information as follows:
- where the collection is required or authorised by law
- for training and quality purposes
- to investigate complaints
- to get feedback from you about our services
- to help us improve our services
Under the lawful basis of legitimate interest for processing, we collect and use your information as follows:
- to enable No Limits to provide advice and support for a service that you have requested.
- for internal record-keeping such as to manage feedback or respond to complaints.
- to administer and monitor grant funding.
- to provide you with information about the Charity’s work or activities that you have requested.
And in addition:
- the administration, organisation and management of events where you are taking part
- to process any donation(s) or gifts we may receive from you
- to send you marketing materials by post (unless you’ve asked us not to)
- to help us identify new supporters
Under the lawful basis of public interest for processing, we collect and use your information as follows:
- to ensure we comply with the Equality Act 2010
- to monitor and promote equal opportunities and treatment to you
You may seek advice, information and support from us in many ways: face to face, over the phone, by email or chat. Whichever way you approach us, our workers will log all your information, correspondence, and the record of the support we offer you, into our secure database. We have a ‘legitimate interest’ to do this under data protection law. This means it lets us carry out our aims and goals as an organisation.
Some of your information might also be kept within our secure email and IT systems.
We use this data to improve the advice we give you. We also use it to research the needs of our service users. Individuals are never identified in the results of such research. This helps us make sure people with different needs and in different communities can engage with our services.
We keep your information for 7 years after your last contact with us, or for 7 years after your 18th birthday, whichever is the later date. If there are safeguarding issues present in the recorded material, i.e. information indicating risk to your wellbeing or the wellbeing of other people who are vulnerable to the risk, we keep that information for 20 years.
Our secure database is hosted within the EEA and where possible in the UK.
Most of our trusted partners store their data securely within the European Economic Area (EEA) in line with data protection law.
Information recorded on paper is kept, where necessary, in locked cabinets and destroyed when no longer needed (in the same way as electronically stored information is kept and destroyed).
If you submit an enquiry or a referral using the forms on our website
Information recorded in the webforms on our website is not stored in the website itself. The information is passed to the relevant mailbox within our secure mail servers. Depending on its nature this information will either be recorded in our client information database or passed to the appropriate business team member for a response.
If you contact us for chat or email advice
Our online chat service is provided by our trusted partner Parker Software. Data is stored for up to 180 days, in their hosting. Emails are stored in our secure Microsoft Outlook mail servers.
Our chat system records anonymised statistics so we can track chat usage and performance. This data doesn’t contain your personal information.
The data in our chat system is stored securely within the UK in line with data protection law.
You can ask for a copy of your chat to be securely emailed to you. The sender of the email will be DPO@nolimitshelp.org.uk.
If you give us personal information about yourself during the chat session, we will record it, in our secure service user database. This is necessary in order for us to be able to offer you good quality and consistent support.
If you get advice over the phone
If you call us, and give us personal information about yourself, we will record it, if necessary to provide you with the support and service you have requested, in our secure service user database.
If you engage with us as a donor or as a supporter
Our Fundraising team keeps your contact information in order to send you newsletters, unless you have indicated that you do not want to receive newsletters.
Cookie: a small text file that is placed on your computer or mobile device when you access our websites. This allows the website to recognise your device and store information about the preferences and actions indicated during your use of the website.
For all areas of our websites, which collect personal information, ie webforms about enquiries and referrals, we follow best practice for web and data security. Although we cannot 100% guarantee the security of any information you give us, we enforce strict procedures and security features to protect your information and prevent unauthorised access.
We keep this information anonymous so that it will not identify you as an individual visitor to our websites.
No Limits uses different types of Cookies to accomplish the tracking described above and these are summarised below.
These cookies are necessary for the website to function and cannot be switched off in our systems. You can set your browser to block or alert you about these cookies, but some parts of the site may not work properly if you do. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and can help us identify issues with the website. All information these cookies collect is aggregated and therefore anonymous.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.
Social Media Cookies
These cookies are set by a range of social media services that we have added to the site to enable us to measure the effectiveness of our social media advertising. They are capable of tracking your browser across other sites and building up a profile of you.
All but essential cookies require your consent to be placed on your device, and you will be asked if you would like to consent the first time you visit our website, and every 12 months thereafter through our cookie banner. You can change your preference at any time by clicking the button (below the browser information) to go to the Cookie Preference Centre.
You can disable Essential Cookies using your browser settings. Details of how to do this are listed below.
We don’t sell or swap your information with any third party for their marketing purposes.
However, we do share and/or receive information from the recipients set out below (as required and appropriate):
1) Our Data Processors are organisations who:
- contract us to provide a service, who require us to record service user information in their recording systems as well as or instead of in our systems
- act as a fundraiser for No Limits
- provide us with information and help us place marketing (subject to your communication preferences and our internal policies and procedures);
- help us keep our records up-to-date and accurate;
- help us investigate and respond to complaints and enquiries.
2) Volunteer Boards and committees who we share statistical or anonymised information with, where it is appropriate to do so, to enable us to accept donations or to pursue support.
3) No Limits, where appropriate, will accept information from, and share information with, key stakeholders.
4) Other third-parties with whom we are legally required to share information, and from whom we can receive information, including:
- the police
- contracted parties who enable us to enforce or apply our terms and conditions or rights under an agreement
- third-party organisations where there is a need and we have entered into an information sharing agreement
- to protect us, for example in the case of suspected fraud or defamation
- government bodies or regulatory bodies including the Charity Commission or Fundraising Regulator.
All our data processors are carefully selected and are trusted partners of No Limits. All our trusted partners are required to comply with data protection laws and our high standards and are only allowed to process your information in strict compliance with our instructions. We will always make sure appropriate contracts and controls are in place with our trusted partners and we regularly monitor all our partners to ensure their compliance.
If you would like more information about our trusted partners, please contact our Data Protection Officer.
We do not share your information for any other purpose.
We aim to ensure that all information we hold about you is accurate. In this we depend on what you tell us, or if you are referred to us by another organisation, we are dependent on what they tell us. If you believe any of the information we hold is inaccurate, or if your circumstances change, please advise us and we will ensure our records are updated as soon as possible.
For more information on how to tell us your preference regarding your personal data, or to update your personal data, please see the section Your Rights, below.
Storing your Information
No Limits maintains a secure back-up of its information. This enables us to ensure that in the event of an incident which disrupts normal business operations, we can restore these operations as quickly as possible, continuing to provide support in the meantime.
We aim to store all information within the UK.
In some situations, it is possible that your information may be transferred outside the UK either to a country within the EEA, or worldwide. This may occur where, for example, one of our trusted partners processing information on our behalf has servers located in a country outside the UK.
Information on the retention of personal information of service users is outlined in subsection 6 – Storing your data, above. No Limits keeps personal information about its donors and supporters in line with its Records Retention Policy and Records Retention Schedule, available on request to DPO@Nolimithelp.org.uk .
All periods set in the Records Retention Schedule reflect the minimum retention period and take into consideration any legal requirements and Safeguarding rules. Documentation is reviewed prior to any decision being made about its destruction. With appropriate justification, documentation can be retained for longer than the suggested retention period but will be regularly reviewed thereafter and destroyed as soon as it is no longer required. When we no longer need to retain your information, we will ensure it is securely disposed of.
You have a right to ask us to delete personal information we hold about you in some circumstances. Our practice is to redact data rather than to delete it, as we may have an obligation within service contracts to be able to continue to report volumes of data recorded even if individual identification has been removed. Redaction involves making the information anonymous by removing such data items as name, date of birth and contact details, so that what remains cannot be linked to you, or to any other individual in any way.
No Limits provides general information, advice and support services to young people between the ages of 11 and 25. Basic information about the individual is gathered every time we do so, and this information is saved as data in our secure service user database and used to ensure that we are delivering a good quality service, and also to report anonymised statistics to the organisations who commission and fund our services.
Some services we provide are considered to be therapeutic, or to be interventions – for these areas of service delivery the consent of parents/carers will be sought, to hold and process your data, if you are under 16. Caselaw exists (Fraser guidelines 1982) saying that a person aged 13 or over can give their own consent to receive services, and therefore for their data to be held or processed, if the provider of the service can ascertain that the person is competent to do so, in terms of having a full understanding of what is involved, and that their wellbeing will suffer if they do not receive the service without obtaining parent/carer consent.
No Limits will seek parent/carer consent for young people aged between 13 and 15 unless it is clearly not in the interests of the young person to do so. No Limits cannot deliver such services to young people aged 12 and under without parent/carer consent.
When it comes to delivering therapeutic or intervention-based services to young people aged 16 and over who are vulnerable (that is, young people who may not understand what is being offered, or who may be under pressure against their best interests), No Limits will proceed in the same way as when engaging with a young person aged under 16. We will not however seek parent/carer consent for these young people without their knowledge and agreement.
For all donors and supporters who are aged under 18, No Limits will seek parent/carer consent to hold and process their personal data (for instance, to send newsletters).
You have a number of rights available to you and these are set out below.
Right to be Informed
Right to Rectify Inaccurate Information
You have a right to ask No Limits to correct any data we hold and process that is no longer correct. You can also ask us to complete information that is incomplete.
Right to Restrict Processing
As a donor or supporter, you have a right to choose what personal information held about you is processed and limit the information that you no longer want us to process.
As a service user, we have a lawful basis to hold and process your personal information, in order to be able to provide you with the service you’ve requested – see subsection 1 above.,
Right to Portability
You have a right to ask No Limits to send a copy of the information we hold about you to another organisation.
Right of Access
You have a right to ask us whether we are processing your personal information and to request to access this information. Where this is the case, you can ask us to supply you with the information and we will review your request.
Right to Erasure
You have a right to ask No limits to delete the information we hold on you, unless there is a safeguarding concern (see above) where:
- it is no longer required for processing
- you no longer consent to the processing
- where you object to processing.
Right to Object to Processing
You have the right to object to the processing of your information where:
- this is carried out by us under the basis of public interest or legitimate interests
- this is processed for direct marketing purposes (although please note that No Limits does not engage in direct marketing)
- this is processed for scientific or historical research purposes, or statistical purposes.
You can exercise any of these rights at any time by contacting the No Limits Data Protection Officer.
If you are unhappy with the way your information is being processed, you may lodge a complaint with the UK’s Supervisory Authority, the Information Commissioner. They can be contacted on 0303 123 1113 or via their website: www.ico.org.uk.
If you have any questions or queries about this Privacy Notice, please contact our Data Protection Officer:
Address: FAO Data Protection Officer (DPO), 35 The Avenue, Southampton, SO17 1XN
This policy was last updated in October 2021 and replaces all previous versions.
We will regularly review and update this document. Changes will be notified either via e-mail or through an announcement on our website.