"Partners" are individuals at social and other organisations who refer individuals to Beam, or who help Beam provide services to Members.
"Members" are individuals that Beam supports by providing you with a funding page and supporting you to through training and into employment amongst other things.
This Policy (and any other agreements that we have in place with you) explains how we will process any personal information that we collect about you, including information that you give to us. It also tells you our views and practices about your personal data and how we will treat it. Where we are seeking your consent in relation to certain things that we do with your personal information we will provide you with a separate consent form.
For the purpose of applicable data protection legislation (including but not limited to the Data Protection Act 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) and the UK General Data Protection Regulation), the data controller of your personal information is Beam Up Ltd of WeWork, Senna Building, Gorsuch Place, London E2 8JF.
WHAT INFORMATION DO WE COLLECT
Information collected directly from you
During the course of our relationship with you as a Member, we will collect certain personal information from you, including but not limited to:
- copy of proof to work in the UK;
- copy of driving licence;
- details of benefits being received;
- details of current and past housing;
- details of current and past problems with drug and alcohol use and treatment received for this;\
- details of current and past problems with mental health and treatment received for this;
- details of current and past problems with physical health and treatment received for this;
- details of current and past interactions with the criminal justice system;
- at least two references from previous employers or support workers;
- details relating to your training and work plan;
- case notes briefly summarising professional interactions with you;
- feedback on your experience of Beam;
- evidence of training completion (e.g. copy of the Beam-funded qualification gained);
- evidence of employment gained (e.g. copies of payslips); and
- short updates created by you for the website.
Where you work for one of our Partner organisations, we will collect certain limited personal information about you. Personal information collected in this context is usually (but may not exclusively be) limited to name, employer name, job title, phone, email and other business contact details.
Information we collect about you automatically
If you interact with our website, as is the case with most websites, we automatically get some technical details such as your chosen browser and unique IP address. As is common to all major websites, we also collect information about your visit, including information about how you are using the website including the movement of your mouse, what buttons you click, and any phone number you may phone us on with a customer service issue.
Information we receive from other sources - Members only
When you are referred to Beam by one of our Partner organisations, or are otherwise referred to Beam, we collect the following information about you from that referring third party:
- full name;
- phone number;
- date of birth;
- email address;
- national insurance number;
- current and historical levels of substance and alcohol abuse;
- medications related to substance and / or alcohol abuse and / or mental health;
- current and historical problems with gambling;
- level of spoken and written English;
- particular conditions which prevent them from pursuing specific kinds of employment;
- any relevant risk issues you may present to Beam; and
- whether you consider yourself to have a disability.
From time to time, we may also receive information about you from third parties (other than our Partner organisations). The nature of this information will depend upon the circumstances. Such third parties may include for example:
- Partner charities and support services;
- Mental and physical health services;
- Social services;
- Jobcentre Plus;
- Training centres
- Police; and
- Social services safeguarding team(s).
HOW WE USE YOUR INFORMATION
We use your personal information for a number of purposes, including:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- for verification checks and other safeguarding purposes;
- to help you find an appropriate training programme;
- to help you find employment if you successfully complete training programmes;
- to put you in contact with support services, such as mental and physical health services;
- to arrange mock interviews;
- to give you information about other services we offer that are similar to those that you have already been provided;
- to tell you about changes to our service;
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to create and manage a funding campaign;
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- so that you can use any interactive features of our service, when you choose to do so;
- as part of our efforts to keep our website safe and secure;
- to make suggestions and recommendations to you and other users of the website about goods or services that may interest you or them;
- to comply with legal and regulatory requirements; and
- in aggregate, anonymous form to help us track Beam's social impact.
We use your personal information for a number of purposes, including:
- to manage Member referrals;
- to manage your and our safeguarding obligations;
- to send you updates about Members;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information that you request from us;
- to tell you about changes to our service; and
- to comply with legal and regulatory requirements.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We work closely with a number of trusted partners with whom we might need to share personal information to help us run successful campaigns and support members. These may include:
- any current or future member of our group, which includes our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- third party service providers who perform functions on our behalf (including external consultants and professional advisers such as lawyers, auditors and accountants);
- third party IT providers where we have an appropriate data processing agreements (or similar protections) in place;
- tax, audit, or other authorities; Beam board members, trustees of The Beam Foundation, and advisers and their trusted third-party service providers and affiliates; advertisers and advertising networks that need the data to select and serve relevant adverts to you and others; and
- analytics and search engine providers that help us improve and optimise Beam.
- partner charities and support services;
- mental and physical health services;
- social services;
- your probation officer and the National Probation Service;
- your Jobcentre plus work coach;
- potential employers or training providers;
- organisations who may have referred you to Beam and their trusted third-party service providers and affiliates; and
- in anonymous form to funders or potential funders of Beam.
We may also have to share your personal information with the police, or social services safeguarding team(s) where there is a safeguarding requirement. More information about this type of information sharing can be found in the Member Privacy and Consent form.
We may also disclose your personal information in the following circumstances:
- if we sell or buy any business or assets, we may transfer your personal information to the potential seller or buyer of such business or assets;
- if Beam or substantially all of its assets are acquired by a third party, personal information held by it about its customers will be one of the transferred assets; and
HOW WE PROTECT YOUR PERSONAL DATA
All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password to access certain parts of the website, you are responsible for keeping this password confidential. Please do not share your password with anyone. Unfortunately, the sending information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data sent to the website and so if you send information you do so at your own risk. Once we hold your information, we will use strict procedures and security features to try to stop unauthorised access to it.
WHERE WE TRANSFER YOUR PERSONAL INFORMATION
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and applicable legal requirements, for example by entering into data transfer agreements which incorporate the current standard contractual clauses adopted by the UK Information Commissioner for transfers of personal data.
KEEPING YOUR RECORDS
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for your information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use of disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal requirements.
As a general rule unless you instruct us otherwise, we will delete your data (other than limited contact information) 2 years after you are no longer active within the Beam community. For Members, this will be 2 years from the date that your case is closed, and for Partners, this will be 2 years from the date that you cease to be a Beam partner. However, in certain exceptional cases we may be required to retain your data for longer. We will only do this where we are required to do so by law or where we need to establish, exercise or defend legal claims (for example if we are in a dispute with you). In such circumstances, we will keep your data only for the period required by law or until the conclusion of our legal claim, and whatever the circumstances, we will not keep your data for longer than necessary. Please note that we will retain limited contact information (name, gender, email, phone number, date of birth) for a period of 7 years to help identify you if you get back in touch with Beam.
If requested, we will also keep your campaign page open until you ask us to delete it up to a maximum period of 7 years after your case has been closed.
Access to your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email us at [email protected]. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
- because it is in our legitimate interests to do so (for further information please see below);
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials; or
- for scientific, historical, research, or statistical purposes.
Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
- the data is no longer necessary;
- you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- the data has been processed unlawfully;
- it is necessary for the data to be erased in order for us to comply with our obligations under law; or
- you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability
If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
Right to complain
You have the right to lodge a complaint and can contact us at [email protected]. You also have the right to make a complaint to your local supervisory authority which is the Information Commissioner's Office. You can contact them in the following ways:
- Phone: 0303 123 1113
- Email: [email protected]
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
LEGAL CONDITIONS FOR USING YOUR PERSONAL DATA
There are a number of different ways that we are lawfully able to process your personal information. We have set these out below.
Where using your data is in our legitimate interests
We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
We believe that our use of your personal information is within a number of our legitimate interests, including but not limited to:
- to fulfil our objective of helping people train up and get into work;
- to manage funding campaigns;
- to process campaign and other donations to the Beam cause;
- to provide our donors and other interested third parties with information and marketing materials about our organisation, our campaigns and other information and similar products and services that we may make available;
- to help us satisfy our legal obligations;
- to help us understand the people that use our services better and provide better, more relevant services to them;
- to ensure that our website runs smoothly; and
- to help us keep our systems secure and prevent unauthorized access or cyber attacks;
- to identify you if you get in contact with Beam.
Where you give us your consent to use your personal data
We are allowed to use your data where you have specifically consented. In order for your consent to be valid:
- it has to be given freely, without us putting you under any type of pressure;
- you have to know what you are consenting to - so we'll make sure we give you enough information;
- you should only be asked to consent to one thing at a time - we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and
- you need to take positive and affirmative action in giving us your consent - we're likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
We seek consent from our Members for various processing activities. Details of these are set out on our Member consent and privacy form. We also keep campaign pages up on the website when Members ask Beam to do so.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this above.
Where using your personal data is necessary for us to carry out our obligations under our contract with you
We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you. For example, we require certain personal information about you in order to process and manage your funding campaign and journey through training and into work.
Where processing is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.
Any changes we make to this Policy in the future will be posted on this page and we may email you to tell you about any changes. Please check back regularly to see any updates or changes to this Policy.
If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, send us an email via [email protected]. The contact details of the Data Protection Compliance Manager are as follows: Alexander Stephany who can be contacted on [email protected]. If you have any questions about this Policy, or want to complain about how we handle your personal information, Alexander Stephany would be happy to help.