Service users Expand Service users What Personal Information we collect? Please see the below table for the type of information we may keep about you. Type Why Lawful Basis Your personal details (Name, Age, gender, address, next of kin, contact details, emergency contacts, etc) To allow us to identify you and make appropriate decisions when it comes to providing you with a service. To provide you with the services, products, or information you asked for and to understand how we can improve our services. To respond to or fulfil any requests, complaints or queries you make to us; Legitimate Interest OR Required by Contract OR We have your Consent Information you have shared with us You may share information with us to support your circumstances or so that Hestia can support you better when providing you a service. Legitimate Interest OR Required by Contract OR We have your Consent Information received from other agencies We will generally receive your information from other agencies when you are referred to Hestia Legitimate Interest OR Required by Contract OR We have your Consent Records relating to the services Hestia may provide you To allow us to keep documented evidence and supporting material in relation to the service Hestia provides you. We will use this information for improving our services to you and to ensure we have an up to date record of the services you have received. Legitimate Interest OR Required by Contract Housing Information We may use this information to assess your housing needs when Hestia is providing you with housing services. Legitimate Interest OR Required by Contract OR We have your Consent Health information We collect Health information only when we need to in order to support or provide our services to you. Legitimate Interest OR Required by Contract OR We have your Consent Photograph We may collect a photograph of you in order to help identify you or we may process a photo of you as part of confirming your identity. Legitimate Interest OR Required by Contract OR We have your Consent Financial Information We may collect financial information when providing services to you to support your financial needs. Legitimate Interest OR Required by Contract Employment Information We may collect this information to understand your circumstances when providing you with our services. Legitimate Interest OR Required by Contract OR We have your Consent Special Category / Sensitive personal data The services that Hestia provide require us to regularly process sensitive personal information / special category information. Depending on your relationship to Hestia, we may process information such as health details, ethnicity, genetic data, sexual orientation, political beliefs and trade union membership. Legitimate Interest OR Required by Contract OR We have your Consent OR We have a vital interest CCTV Hestia offices have CCTV installed to protect and identify against any illegal activity. Legitimate interest How we process your information Processing Activity Basis Collecting your data The information Hestia collects on you will depend on your relationship to Hestia and the types of services we are providing you. We will collect your information in one of the following ways: - You were referred to Hestia by another service - We receive your information from a third party as part of a providing service under contract - We collect your information directly from you We collect information about you from third parties. How we store your data Your information is stored securely within the EEA in accordance with data protection law, either in our UK offices or within our IT systems that are supported and provided by our third party IT provider. We will never transfer your information outside of the UK/EEA without a clear basis for doing so and not without strict controls and agreements in place that protect your information. We will always notify you if we are required to store or transfer your information outside of the UK. How we share your data We will only share your data with third parties where required and under one of the following legal basis: - Required by law - Required by Contract - We have your consent A list of third parties Hestia may share your information with can be found within the “Hestia third parties we may share your information with” section. How long we keep your data How long we keep your information will depend on your relationship to Hestia and the contracts the Hestia process your information under. We will only keep information for as long as we need to in accordance with legal requirements and regulations.
Candidates Expand Candidates What Personal Information we collect? Please see the below table for the type of information we may keep about you. Your personal details (Name, Age, gender, address, contact details, When you contact us, we may keep certain information regarding your contact. We will do this to ensure we can respond or follow up to your query. When you apply at Hestia we will process this information to ensure we are able to identify you. To respond to or fulfil any requests, complaints or queries you make to us; Legitimate interest OR We have your consent Your employment details To understand your experienced and suitability for the role. Legitimate interest OR We have your consent Information you have shared with us You may share information with us as part of your application Legitimate interest OR We have your consent Information received from other references We may obtain references from your previous employers to assist with our decisions or validate your experience. Legitimate interest OR We have your consent Background Checks or Health Checks We may ask for specific information relating to your health or history where you are applying for a role that requires you to pass a background check. Legitimate interest OR We have your consent Marketing / Communications information We may contact you about future roles or opportunities. Legitimate interest OR We have your consent CCTV Hestia offices have CCTV installed to protect and identify against any illegal activity. Legitimate interest How we process your information Processing Activity Basis Collecting your data We will collect your information from you directly when you apply to Hestia. We may also collect information from references you have provided. How we store your data Your information is stored securely within the EEA in accordance with data protection law, either in our UK offices or within our IT systems that are supported and provided by our third party IT provider. We will never transfer your information outside of the UK/EEA without a clear basis for doing so and not without strict controls and agreements in place that protect your information. We will always notify you if we are required to store or transfer your information outside of the UK. How we share your data As a candidate we may share your information with our suppliers and third parties who assist us in providing recruitment services. This can include our third party IT provider where we may store your information on our IT. We may also share your information with suppliers that carry out background checks on behalf of Hestia. We will only share your data with third parties where required and under one of the following legal basis: - Required by law - Required by Contract - We have your consent A list of third parties Hestia may share your information with can be found within the “Hestia third parties we may share your information with” section. How long we keep your data How long we keep your information will depend on how long you remain a candidate at Hestia. We will only keep information for as long as we need to in accordance with legal requirements and regulations.
Volunteers & Donors Expand What Personal Information we collect? Please see the below table for the type of information we may keep about you. Type Why Lawful Basis Your personal details (Name, Age, gender, address, contact details, When you contact us, we may keep certain information regarding your call. We will do this to ensure we can respond or follow up to your query. When you volunteer at Hestia we will process this information to ensure we are able to identify you and contact you should we need to. We will also use this information to assist with our decision making in relation to the services you are volunteering for. When donating we will process this information to confirm your details and payment. We will also use this information to protect against fraud. To allow us to identify you and make appropriate decisions when it comes to providing you with a service. To provide you with the services, products, or information you asked for and to understand how we can improve our services. To respond to or fulfil any requests, complaints or queries you make to us; Legitimate Interest OR Required by Contract OR We have a Legal Requirement OR We have your consent Payment information To support your donation or payment to Hestia Legitimate interest OR We have a Legal Requirement Your employment details If you are a donor we will process this to support your status as UK tax payer if you add Gift Aid to your donation If you are a volunteer we may process this information as part of our background checks and contractual requirements. Legal requirement OR Required by Contract OR We have your consent Social media We use information we collect and receive from social media to produce aggregate data relating to items such as video views, demographics and location data. Sources of this data may include. YouTube, Instagram, Facebook, Twitter (X) or LinkedIn. We do this so that we can learn about the type of people who are interested in Hestia so that we can reach and market to new audiences. Legitimate interest Information you have shared with us You may share information with us during your interactions with Hestia. Legitimate interest OR Required by Contract OR We have your consent Information received from other agencies If you are a donor we may receive your information from other agencies that carry out marketing campaigns. If you are a volunteer we may receive your information from volunteering agencies Legitimate interest OR Required by Contract Records relating to the services Hestia may provide you We will use this information for improving our services to you and to ensure we have an up to date record of the interactions you have had with Hestia. Legitimate interest OR Required by Contract Background Checks or Health Checks Where you volunteer, some services Hestia provide require us under contract to carry out background checks on all employees. Required by a contract OR We have your consent Marketing / Communications information We will collect information about you as part of our marketing campaigns. We will also collect information about your communications preferences. Legitimate interest OR We have your consent. Research We may use certain information to carry out research on our marketing campaigns and donor campaigns. Legitimate interest CCTV Hestia offices have CCTV installed to protect and identify against any illegal activity. Legitimate interest How we process your information Processing Activity Basis Collecting your data The information Hestia collects on you will depend on your relationship to Hestia and the types of services we are providing you. We collect information about you when you visit our website, donate to us, engage with our social media or visit us. When you donate we are required to record certain information. For instance, if you add Gift Aid to your donation we must make a record of your status as a UK taxpayer and keep this for 7 years from the date of your donation as required by HMRC. We will also collect information about you when you volunteer at Hestia. How we store your data Your information is stored securely within the EEA in accordance with data protection law, either in our UK offices or within our IT systems that are supported and provided by our third party IT provider. We will never transfer your information outside of the UK/EEA without a clear basis for doing so and not without strict controls and agreements in place that protect your information. We will always notify you if we are required to store or transfer your information outside of the UK. How we share your data We will only share your data with third parties where required and under one of the following legal basis: - Required by law - Required by Contract - We have your consent As a donor we may share your information with third parties and suppliers who manage our donorship campaigns and platforms. As a volunteer we may share your information with our suppliers and third parties who assist us in providing services to our service users. A list of third parties Hestia may share your information with can be found within the “Hestia third parties we may share your information with” section. How long we keep your data How long we keep your information will depend on your relationship to Hestia. We will only keep information for as long as we need to in accordance with legal requirements and regulations.
Hestia third parties that we share information with Expand Organization What we share Why Wanstor (Third party IT provider) We may inadvertently share information about you with our third party provider when your information is hosted on our IT systems. Information about you that you may request in a Subject Access Request. Wanstor support and manage our IT systems. Equipment that forms our IT systems and infrastructure will be owned by Wanstor and as such your information may be stored on Wanstor equipment on behalf of Hestia. Wanstor provides Hestia with security consultancy and data protection services. Wanstor consultants may have access to information you request in a SAR in order to carry out our obligations under UK GDPR The Government and Regulators Where we have a contract with the government, we will share information specifically required by the contract. This will often be anonymized data. To support the requirements of the contract. To provide statistics on the services we are providing. Local Authorities Information relevant to the contract. Hestia have various contracts with local authorities that require us to share certain information with them. NHS Information about you that is relevant to the services we are providing you. Hestia may have a contract with the NHS where we are providing services on their behalf, we may share information regarding you as required by this contract. We may also share information about you with the NHS to help provide you with support as part of a referral where we have a legal basis or your consent for doing so. Hestia partners / other care or support providers Information about your needs or circumstances Hestia work closely with it’s partners and other organizations that provide similar services to Hestia. We may share your information with them to help provide you with services and support your needs. We only do this where we have a legal basis or your consent for doing so. Legal Supplier Information relevant to you exercising your data subject rights under UK GDPR. Information relating to your complaints We may share your information with our legal suppliers where Hestia require legal support to make decisions about you. Charities Information about your needs or circumstances To help refer you to suitable charities that can assist you where we have a legal basis or your consent for doing so. Other Suppliers Information about you relevant to the services the supplier is providing for Hestia We may need to share specific information about you with our suppliers who support us in providing a service to you. Payment Providers We will share transaction data with our payment services providers for the purposes of processing your payments, refunding and dealing with complaints and queries relating to payments and refunds. You can find information about the payment services providers' privacy policies and practices at: - Stripe https://stripe.com/gb/privacy - GoCardless https://gocardless.com/legal/privacy/ - Paypal https://www.paypal.com/ie/webapps/mpp/ua/privacy-full To complete your payment. To comply with legal requirements. Auditors Information about the services Hestia provide you Where Hestia contracts require us to be audited or where we are required by a regulator, we may share information specific to the audit. Emergency services / safeguarding teams Information specifically relating to the incident or that is relevant in order to address a risk to you or others. If we believe you or another person is at risk we may share your information with another organization or third party to help keep you or others safe.