What information is being collected?
Information falls into these groups:
1/ Standard sign up information, including your name, email address, post code
2/ Data required to complete volunteer DBS checks. This will include proof of identify, registered address for the last 5 years, and permission to run background checks. This information is provided to Capita, our DBS check provider, we do not touch or keep a record of this data.
3/Data required to complete ID verification checks including a scan of a photo ID. This data is provided to Onfido, our ID verification provider, we do not touch or keep a record of this data.
4/Data on mobility and lifestyle gathered collected through a questionnaire that will be carried out over the phone with the service user.
5/ Messages between users which we will store and which you can retrieve at any time.
6/ Cookies to collect information to help us understand how you use our website or mobile application - you can opt out of this using your browser settings.
7/ Results from the third party identification providers that we have specified
Who is collecting it?
We will be asking you for data such as your name and contact details (email, postal addresses and phone number).
For volunteers: If you are a volunteer you will be asked to complete a DBS check. We use Capita who are a government DBS umbrella company to run these checks. We don’t actually store the data you provide for DBS clearance ourselves.
Capita’s data protection policy can be found here https://disclosure.capitarvs.co.uk/cheqs/resources/files/Data%20Protection%20Act.pdf
For relatives and clients: We ask you to verify your ID via Onfido found. This means scanning a photo ID into their service where they run a background check from lenders and other publicly available databases. Their policy can be found here: https://onfido.com/privacy/
For service users: A member of the onHand team will call you to conduct a basic risk assessment around your mobility and lifestyle.
For all users: We will be holding data relevant to tasks including how many requests you have had, how many bookings you have completed and a history of your in-app messages and payments. This data will be stored on Firebase and Intercom. Their privacy policies can be viewed here:
We will also be working with a payment provider in the future and when we add this functionality will update this policy with information about this service provider.
How is it collected?
The vast majority of data is collected in our mobile app. Some minimal data may be collected through a webform. Risk assessments with service users are carried out by a member of our team over the phone, the data is gathered verbally and inputted into our secure database. We run in person DBS checks and verifications, this data is gathered verbally in a meeting and we input it directly into the Capita service (therefore not storing it ourselves).
Why is it being collected?
There are two main reasons we need to collect your data:
1/ Safety and Security: we are matching volunteers to go into older people's homes. We must use everything at our disposal to protect all our users. This means conducting DBS checks on volunteers, ID checking of relatives and elderly people and risk assessments of service users (older people). We will from time to time read message threads to ensure we can spot the early signals of anything untoward and intervene to protect our users.
2/ Service Improvement: we will look at data on aggregate to understand if our app is working as well as it can, or if we need to change features or redesign the user experience to make it work better.
How will it be used?
Data will be used to protect our users, optimise our service, to deal with your enquiries & requests, to comply with your legal obligations, to cooperate with regulators and law enforcement if required, to contact you with marketing content and to personalise the marketing content you receive.
We don’t sell data. We don’t analyse data to find commercial uses including advertising or upselling of goods or services. We might use software to scan messages for signs of abuse.
The data we collect, store and use is entirely to facilitate the outcomes of onHand as a service that connects volunteers, elderly people and their relatives to lend a helping hand, and in so doing raises donations for charity.
What are our legal grounds for using your data?
We must have a legal ground to process your data, in most cases this will be one of the following:
1/ to fulfil our contractual obligations to you
2/ to comply with our legal obligations
3/ to meet our legitimate interests - in order to operate and improve our services and keep you updated with our work
Where your data is stored
Your data might be transferred to a country that's not operating within the latest European Data Protection regulation, in the case of this happening we have put in place appropriate safeguards in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information please contact us at email@example.com
Retaining your data
We keep your data for as long as we have a relationship with you, once it has come to an end we retain it for a period of time which enables us to:
1/ maintain our business records
2/ comply with legal obligations
3/ defend or bring any existing or potential legal claims
4/ deal with any complaints about the service
We delete your data when it is no longer required for these purposes
You have certain rights regarding your data, these include rights in certain circumstances to:
1/ access your data
2/ correct any inaccurate data
3/ delete your data
4/ restrict how we use your data
5/ object to our use of your data
6/ receive your data in a readable digital format
7/ to lodge a complaint with the ICO if you're not happy with how we use your data
If you'd like to discuss or exercise any of these rights then contact us here firstname.lastname@example.org
Who will it be shared with?
Other than the third party providers listed we won’t share your data with anyone. Under such circumstances we will follow legal advice to ensure we are fully compliant. We have chosen industry best in class service providers with privacy and security front of mind. We won’t sell your data. The only time we will share your data is under a court order in the event our T&C’s, Safeguarding or other policies have been breached
How can an individual access/delete the data you hold on them?
If you notify onHand that you would like to leave the service we will immediately delete your accounts and remove you from marketing lists and third party services including Intercom and Mailchimp.
How can an individual complain?
You can reach out to us at anytime at email@example.com to complain or raise queries or concerns about this policy.