Auriga Services Ltd (the company) is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Notice describes the personal information that we collect from or about you, how we use it and to whom we disclose that information.
What Personal Information Do We Collect?
For the purposes of this Privacy Notice, personal information is any information about an identifiable individual. Personal information does not include anonymous or non-personal information.
We collect and maintain different types of personal information in respect of those individuals who we offer support to, our customers, including the personal information contained in:
- Correspondence from government and local authority agencies;
- What you choose to tell us about yourself and your circumstances;
In addition to the examples listed above, the personal information we collect includes information such as your name, home address, telephone, personal email address, date of birth, marital status, financial situation including income, savings and expenditure, bank account details, and any other information necessary for us to be able to support you, which is voluntarily disclosed.
The above lists are non-exhaustive and is intended to provide an overview of the data we may process on you.
As a general rule, we collect personal information directly from you and the referring organisation. We will only process your personal information in accordance with our legitimate interests, where necessary for the performance of our contracts or where obligated by law.
Information provided by others
If, as a customer, you are referred to Auriga for assessment for assistance or welfare or debt advice, personal information that the referrer legitimately holds about you may be shared with us to enable that assessment or provision of advice to take place. Additionally, personal information that hospitals, doctors and other agencies hold may be shared with us for that same purpose.
Why Do We Collect Personal Information?
The personal information collected is used and disclosed strictly for our business purposes. Such uses include:
- Assessment of individuals for eligibility to receive assistance from Trust Funds, Charities, Companies and Councils;
- Debt, welfare benefits and income maximisation advice;
- General business administration;
All telephone calls, incoming and outgoing, are recorded for quality and training purposes and for the detection and prevention of fraud.
When Do We Disclose Your Personal Information?
We do not share any of your data except in the limited cases described here. If it is necessary for the fulfilment of the purposes described in this Policy, we may disclose your data to the following entities:
- We may disclose your personal information to the Trust Funds, Charities, Companies and Councils whose funds we administer for audit and occasionally for decision making. We may also disclose your data to the courts and legal counsel when representing you;
- As necessary to support you and your application/referral and for the performance of our contract with the referring agency;
- Public and government authorities: where we are under a legal duty to do so or in order to enforce or protect any of our rights, property or safety (or those of our customers);
- Service providers: like many businesses, we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as Information and Communication Technology (ICT) service providers;
- Other parties in connection with corporate transactions: we may also, from time to time, share your information to the purchaser (or prospective purchaser) of any business or asset we are contemplating selling to another company, or any reorganization, merger, joint venture;
Notification and Consent
Where your consent was obtained or required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Data Protection Officer via email to firstname.lastname@example.org.
How is Your Personal Information Protected?
We endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. This includes the use of firewalls and encryption as well as other information security requirements, systems and procedures. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.
We also use data sharing agreements and data processing agreements where it is disclosed to a third party or data processor.
How Long is Your Personal Information Retained?
For unsuccessful applications for support, we will generally destroy your data after 2 years.
For those individuals who we are able to support, except as otherwise permitted or required by applicable law or regulatory requirements, we will only retain your personal information for as long as we believe it is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any contractual, legal, accounting or other reporting and regulatory requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you. In most cases your data will be deleted 6 years (plus the current year) after our last contact with you or as otherwise set out in accordance with our data retention schedule and/or as required by law.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of us supporting you, please keep us informed of such changes.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact our Data Protection Officer email@example.com. Please note that we ask that any such communication be in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, and to assist us in searching for and provide you with the personal information that we hold about you. In specific circumstances, we may charge you a fee to access your personal information however we will advise you if this is the case and of any fee in advance.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal information where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal information. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations we may have;
- right to data portability – this is the right to have information provided in a structured, commonly used machine-readable format;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- rights related to automated decision making including profiling.
What if I have a complaint about how we process your information?
If you wish to make a complaint about how we use your personal information, please contact us at firstname.lastname@example.org and we will do our best to resolve your complaint. If you are still unhappy, you can contact the Information Commissioner’s Office via their website www.ico.org.uk
This Privacy Notice was last updated 28th September 2023.