top of page

Working Together

IMA-logo_text_-strapline.jpg
xAQS_logo_CMYK150dpi-print.jpg.pagespeed.ic.mE1AEDfEgj.jpg
thames_water_1[7744].png
oxford_council_0_1[7740].png

Privacy Statement

Introduction

This Privacy Statement sets out how we collect, use and store your personal information (this means any information that identifies or could identify you).

Protecting personal information and being transparent about how we use it is important to us. It is core to how we build and maintain trust in our work: the trust people place in us when they approach us for advice and support, and the trust placed in us by people involved in resourcing and delivering our work, including donors, volunteers, funders, partners, employees, suppliers and other stakeholders.

This statement explains how we gather and use personal information, depending on your relationship with OCWA and how the personal information is stored and transmitted. For more information on data protection and your rights as an individual, see https://ico.org.uk/

When you interact with OCWA, we will communicate how we collect and work with your personal information in various ways. Such communications are underpinned by this privacy statement. We want to make it easy for you to find out more, and for you to exercise your rights.

Please take the time to read this privacy statement: as an organisation that gives advice, we think it is important for people to understand how their personal information is used by organisations and what their rights are. If you are short of time, look first at the things that apply to all personal data collected and used by OCWA, and then at the sections that apply to your particular relationship(s) with OCWA.

Contact and Further Information


OCWA is a registered charity (no. 1049343) and a company limited by guarantee (no.1785651).  We are registered with the Information Commissioner’s Office (registration number Z7242012).  See https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/ for further details.

For all enquiries related to data protection and privacy, including your rights under data protection legislation, please contact: The Centre Manager either by email to sdarby@oxfordshirewelfarerights.org.uk or on 01865 744165 or by dropping into the Centre at Barton Neighbourhood Centre, Underhill Circus, Barton, OX3 during our opening hours (9.00am – 5pm Mon – Fri).

When exercising your rights, it may be necessary for us to verify your identity (e.g. security questions or photo ID) before we can respond: this is to protect your personal data and confidential information.

Who’s personal date do we collect and work with?

  • People getting advice, information and support from OCWA and those connected with them.

  • Supporters, donors and individuals involved in our fundraising, campaigning and policy work.

  • Our volunteers and trustees.

  • People representing partner organisations, funders and other stakeholders relevant to our work, including our suppliers.

  • Our employees and others working on our behalf.

  • People visiting our website.

Things that apply of all our processing of personal data

We collect and work with personal data.  Personal data is information that can be used to identify a living individual, such as names, addresses, phone numbers, e-mail addresses, postcodes, case and client files, details of enquiries, IP addresses, location data, online identifiers, pictures or other biometric data, service records, attendance lists, minutes of meetings, mailing lists, bank account details and other financial records.

We need to collect and use personal data to provide advice, information and support services, to fundraise and generate income for our work, to fulfil our charitable objectives, to run the organisation efficiently and effectively, to meet our legal obligations and to contract with individuals and organisations.  We give more detail for each group of people listed in the section above. However, the following points apply to all personal data processed by OCWA.

We only collect personal data that we need.  If we need your consent to collect or use your personal data, we will ensure that we have this consent from you.

We will do our best to keep personal information secure by taking appropriate technical and organisational measures. We will never sell personal information to third parties.

We will never give personal data to third parties, with the following exceptions:

  • Where you have given us your consent to share your personal data, for example to get help or advice related to your case or enquiry from another organisation.

  • To further the legitimate interests of those seeking advice, information and support from OCWA, for example sharing personal data of volunteers and employees with third parties in the normal course of giving advice, or processing the personal data of third parties involved in beneficiary cases and enquiries.

  • Where we use third party organisations to process your personal data on our behalf as set out in this privacy statement, for example organisations that provide us with cloud-based ICT services.  Such processing is governed by written agreements.

  • Where we have legal obligations, for example, our legal obligations to prevent terrorism and money laundering, or to provide personal data to HMRC.

  • In a life or death situation where we need to protect your vital interests or the vital interests of a third party, for example if you needed urgent medical assistance and were unable to give your consent to us seeking such assistance on your behalf.

  • Where we have reasonable grounds for believing that not sharing personal information will result in serious harm to you or a third party, in line with our confidentiality policy and legitimate charitable purposes.

  • Where we judge that sharing personal information is justified for the prevention of crime, in line with our confidentiality policy and legitimate charitable purposes.


We are committed to ensuring that suppliers who process personal data on OCWA’s behalf as ‘data processors’ treat your personal data carefully and in accordance with our written instructions and data protection legislation. We regularly review the written agreements we have with organisations and individuals that process personal data on our behalf. These include services such as postal delivery, e-mail communication, marketing support, market research, data analysis, payment processing, data storage and backup, payroll and other administrative and HR functions.  They have access to personal information needed to deliver the service, but may not use this personal information for other purposes.

What are my rights?

Under data protection legislation applying from May 25 2018, you have the rights listed below. Get in touch as described in the ‘Contact and further information’ section if you wish to exercise any of your rights. We will respond within one month, though in some circumstances we may need to extend the time for a full response for a further two months. You will not usually need to pay us for making the request.

For further, independent information and detail about your rights, see https://ico.org.uk/for-the-public/

  • The right to be informed – we inform you through this privacy statement and through other privacy-related communications, whether you interact with us in person, by telephone, by e-mail, online or using other channels.

  • The right of access – you have the right to ask us for confirmation that your data is being processed and to access this data (a ‘subject access request’).

  • The right to rectification – you have the right to have inaccurate or incomplete personal data corrected or completed.

  • The right to erasure – you have the right in some circumstances to ask us to erase your personal data (the ‘right to be forgotten’).  Sometimes, this right may not apply, for example when the personal data needs to be retained for insurance purposes, or in relation to legal claims.

  • The right to restrict processing – you have the right to ask us to limit how we collect and use your personal data, for example, to stop us deleting data that you might need in relation to a legal claim.

  • The right to data portability – you have the right in some circumstances to be given your personal data in a structured, commonly used and machine readable form. This only applies to personal data you have given directly to us, where processing is carried out by automated means, and where the personal data is being processed based on your consent or in relation to a contract.

  • The right to object – you have the right in some circumstances to object to processing of your personal data.  This includes your right to object to: processing that we justify as being based on our legitimate interests; direct marketing; and processing of personal data for research and statistical purposes.

  • Rights in relation to automated decision making and profiling – OCWA has not identified any processing of personal data that currently involves solely automated decision-making or profiling.

Security and measures to protect personal data, including secure disposal

We maintain appropriate levels of security in relation to the collection, storage and disclosure of your personal data and confidential information. Information is stored securely by OCWA in electronic files and databases on servers at our offices, off-site locations and in the cloud. We also store information in paper files and records.

We have security measures in place to protect against the loss, misuse and alteration of personal data under our control.  These include: limiting access to personal information to authorised individuals; encrypting information; protecting systems, drives, folders and files by password; physical security measures; and regular backups of information to protect against ransomware and systems failure.

While we cannot guarantee that loss, misuse or alteration of data will not occur while it is under our control, we take appropriate measures to try to prevent this.

Any sensitive or special categories of data collected and used by OCWA are only shared on a need-to-know basis.  In the course of providing our advice services, we may collect certain categories of sensitive data, including details of race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; and sexual orientation.  Such processing typically relates to our legitimate interests as an advice provider, employer and in some limited circumstances, enables us to comply with our duty of care to people who contribute to our work on a voluntary basis. In some situations, we will process such data with your consent, for example when providing it to third party organisations in connection with your advice and support needs.

Debit or Credit Card Payments

If you use your credit or debit card to donate to us, or pay online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. Find out more information about PCI DSS standards by visiting their website at www.pcisecuritystandards.org

Only those staff authorised to process payments will have access to card details. Once your transaction is completed, we do not store your full credit or debit card details.

We hold bank account details for the purpose of collecting direct debits in accordance with direct debit mandate rules.

Where your information is no longer required we will ensure that it is disposed of in a secure manner (e.g. physical destruction such as shredding and electronic deletion of information stored electronically).

How can I complain?

We want to improve the ways in which we work. Please tell us if something has gone wrong or not happened as it should. We will try to put things right if we can.  We also want to take every opportunity to learn from your comments and feedback, both positive and negative.  There is a feedback/complaints box in our office for general feedback or complaints.

If you wish to make a formal complaint you will find our Complaints Procedure form in our office, and on our website. Alternatively you can email sdarby@oxfordshirewelfarerights.org.uk.

You have the right to lodge a complaint with the Information Commissioner’s Office. For more information, visit https://ico.org.uk/

How can I complain?

We want to improve the ways in which we work. Please tell us if something has gone wrong or not happened as it should. We will try to put things right if we can.  We also want to take every opportunity to learn from your comments and feedback, both positive and negative.  There is a feedback/complaints box in our office for general feedback or complaints.

If you wish to make a formal complaint you will find our Complaints Procedure form in our office, and on our website. Alternatively you can email sdarby@oxfordshirewelfarerights.org.uk.

You have the right to lodge a complaint with the Information Commissioner’s Office. For more information, visit https://ico.org.uk/

What about personal date transferred to other countries?

OCWA makes use of cloud-based services where personal data is not transferred outside the EEA.

We use cloud-based client and case management services where data is stored in secure data centres within the UK or other EEA countries. 

OCWA also makes use of cloud-based services where personal data may be transferred outside the European Economic Area (EEA). For Office 365, Monkey Survey for example, this involves transfers to the United States of America. More information can be found on the European Commission’s website. We only use data processors that are part of the Privacy Shield framework. These data processors may provide us with the following services:

  • Calendar and appointment management

  • Electronic survey and online form processing services

  • Event management services

  • File backup and storage

  • E-mail services

  • Website management and hosting

  • Online platforms for processing payments and donations

People getting advice, casework and support from OCWA and those connected to them


Why do we collect and use personal data?

We do this to give advice, information and support. We also gather some personal data to help us understand how to improve our services, to resource our work and to promote our legitimate interests as a charity.

How do we justify this according to data protection legislation?

Our lawful bases for processing this data include: our legitimate interests as a charity providing advice, information and support services and the legitimate interests of our beneficiaries; the contracts and funding agreements we have with bodies to provide advice; our legal obligations, including those related to social security regulations and social welfare law, terrorism and money laundering; and your consent to process personal data for particular purposes.

What kinds of personal data do we collect and use and where we do get them from?

We gather your personal information and the personal information of others involved in your case or enquiry when you visit us in person, use our websites, complete printed paper forms, speak to us on the telephone, complete surveys or questionnaires or communicate with us by post, e-mail, online or other channels. Information is recorded in paper files, electronic files and cloud-based case management systems. In line with the advice we give, some of this personal data is sensitive, relating to health, finances, social welfare, employment, protected characteristics and other circumstances.

We use some of this sensitive information to generate anonymised reports and undertake statistical analysis to identify and evidence the needs and issues faced by our beneficiaries and resource our work. This could for example include the proportions or numbers of people experiencing a particular type of problem, or with a given personal characteristic (such as health condition or ethnicity). 

We collect and use your personal data for administrative purposes, for example getting your feedback, telling you about changes to our service and responding to complaints or concerns.

Who might your personal data be shared with?

We will only share the personal data of our beneficiaries with third parties when we have explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’.

We may also process the personal data of other people involved in the cases or enquiries of OCWA’s beneficiaries, for example, personal data relating to family members, friends, carers or support workers.

Personal data may be passed to OCWA by our partner organisations and other stakeholders involved in our work, for example in situations where you have given your consent for information to be shared directly with us through referral.  When you provide your personal data to other organisations, you should check their privacy policies carefully.

How long do we keep personal data for?

We keep personal data related to beneficiary cases and enquiries for at least 6 full years after case closure or last contact with OCWA. This enables us to protect both beneficiary interests and the interests of OCWA in regard to legal claims that may arise in relation to work carried out.  For some personal data, we may retain information for longer periods depending on our legal obligations, client instructions and any limitation periods that may apply to the case files concerned.

If you continue using OCWA’s services over a period of time, for example in relation to a number of separate issues over a period of years, we will not erase personal data in past case files which are over 7 years old whilst other more recent personal data is being retained.  This is to ensure continuity of service and avoid loss of information that may be relevant.

Donors, Supporters and individuals involved in our social policy and campaigning work


Why do we collect and use personal data?

We do this to process donations we may receive from you, to claim Gift Aid on these donations and to update you on how your donations are being used. We collect and use your personal data when processing event bookings and setting up direct debits or standing orders.  We use your personal data to engage with you as a supporter of our work, for example to provide you with information about our activities, to tell you about how you can support our work and to record the contacts that we have with you. We collect and use your personal data so that you can participate in our policy and campaigning work, including surveys or research activities.

We collect and use your personal data when you sign up for newsletters or other direct marketing communications, including e-mail newsletters. We may also collect and use your personal data for administrative purposes, for example responding to complaints or concerns.

How do we justify this according to data protection legislation?

Our lawful bases for processing this data include: your consent to collect and use your personal data, including your consent to receive direct marketing communications; our legitimate interests as a charity, including monitoring who we deal with to protect OCWA against fraud, money laundering and other risks; the contracts we may have with you that relate to paid-for events; and our legal obligations, for example, meeting statutory requirements when processing Gift Aid payments.

What kinds of personal data do we collect and use and where we do get them from?

We collect your personal information when you visit us in person, use our websites, complete printed paper forms, speak to us on the telephone, make donations, attend events, complete surveys or questionnaires or communicate with us by post, e-mail or another online channel.  Information is recorded in paper files, electronic files and cloud-based databases.  The personal data we collect will include financial information when you donate, set up a direct debit or standing order, or leave us a legacy in your will.

We may receive information about you from third parties, for example from a friend who wants to send you information about our work or book an event on your behalf.

Who might your personal data be shared with?

We will only share your personal data with third parties with your explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’. Such sharing of personal data with your consent might include sharing your personal details with another named organisation if we run an event or activity in collaboration with them.

How long do we keep personal data for?

We keep personal data that relates to financial records, for at least 6 years from the end of the last financial year they relate to for OCWA accounting purposes. Some financial information may be kept for longer, for example information related to legacy gifts.

We will retain other personal data related to your support for and engagement with OCWA for a period of at least 6 years since the date of your last engagement with OCWA. We will ensure that you can simply and easily withdraw your consent to be sent information about our work and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.

Volunteers, Trustees and Patrons

Why do we collect and use personal data?

To engage with you as a volunteer, trustee or patron, including your recruitment, induction, training and the activities you undertake in your role.  We collect and use personal data for management and administrative purposes and for internal record keeping, such as the management and facilitation of volunteer activity, safeguarding, conflicts of interest, seeking your feedback, dealing with complaints and to further the charitable aims of OCWA, including the legitimate interests of those we support.

How do we justify this according to data protection legislation?

Our lawful bases for processing this data include our legitimate interests as a charity and the legitimate interests of our beneficiaries, including: supporting you effectively in your role and fulfilling our duty of care to you; ensuring that OCWA operates effectively and efficiently; and monitoring those who volunteer on OCWA’s behalf to protect the organisation against fraud, money laundering, conflicts of interest and other risks. We process personal data on the basis of our legal obligations, for example complying with our reporting requirements as a registered charity and company limited by guarantee. We also process your personal data based on your consent, including your consent to receive direct marketing communications.

What kinds of personal data do we collect and use and where we do get them from?

We collect and use your personal information when you express an interest in volunteering or acting as a trustee or patron and when you undertake such roles and activities.  We collect and use your personal data when you visit us in person, use OCWA’s computer and communication systems and cloud-based services, websites, complete printed paper forms, speak to us on the telephone, complete surveys or questionnaires or communicate with us by post, e-mail, online or other channels. Information is recorded in paper files, electronic files and cloud-based databases. The personal data we collect will include information to assess your suitability to undertake the role in question, and may include processing of sensitive data and personal data relating to criminal offences and convictions, including data processed in relation to the safeguarding of children and vulnerable adults. We will also process data to enable us to fulfil our duty of care to you, for example, information about any particular health, access or communication needs. We may process your personal data to further the legitimate interests of our beneficiaries, for example providing your contact details to partner organisations. We may process your personal data to reimburse expenses incurred in undertaking your role for OCWA.

We may receive information about you from third parties, for example from a friend who thinks you might be interested in volunteering, or someone who provides you with a reference when you apply to volunteer with us. We may make use of personal data that is publicly available to communicate with you about voluntary opportunities at OCWA.

Who might your personal data be shared with?

We may take up references for any trustee or volunteer undertaking activities for OCWA. We will take up such references during your recruitment. We may also need to share your personal data, for example as part of safeguarding checks, to enable you to undertake particular activities for OCWA. This will be done in line with the written hopes and expectations associated with the role to which you have been recruited and in consultation with the person responsible for your recruitment, supervision and support. Personal data of trustees and directors will be shared with the Charity Commission and Companies House in line with our legal obligations.

How long do we keep personal data for?

We keep application forms and interview notes for unsuccessful volunteer and trustee applications for 12 months. Records of successful applicants will be transferred to the appropriate volunteer or trustee record. We keep personal data that relates to financial records, including reimbursement of expenses, for at least 6 years from the end of the last financial year they relate to for OCWA accounting purposes.

We will retain other personal data related to your activities as a trustee, volunteer or patron for OCWA for a period of at least 6 years since the date you last undertook activity on our behalf. Some data, for example minutes of trustee meetings, or records of people volunteering for OCWA listed in our annual report will be kept permanently for historical and archiving purposes.

We will ensure that you can simply and easily withdraw your consent to being sent information about voluntary activities and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.

Partners, funders and other stakeholders relevant to our work including suppliers.


Why do we collect and use personal data?

We collect and use your personal data to engage with you as a OCWA partner, funder, supplier or stakeholder. We collect and use personal data to network and undertake joint activities where we have common interests, to manage our existing income, to purchase and use services and products for OCWA purposes, and to publicise and promote our work.  This includes telling you about changes to our activities and services and work to analyse and improve the services we offer.  We may also collect and use personal data when undertaking work on behalf of individual beneficiaries of OCWA.

How do we justify this according to data protection legislation?

Our lawful bases for processing this data include our legitimate interests as a charity and the legitimate interests of our beneficiaries, including: working with other organisations and individuals in line with our charitable objectives; ensuring that OCWA operates effectively and efficiently; and monitoring OCWA activities to protect the organisation against fraud, money laundering, conflicts of interest and other risks. We process personal data on the basis of our legal obligations, for example complying with accounting requirements and reporting requirements as a registered charity and company limited by guarantee. We process personal data on the basis of the contracts that we may have with you that relate to provision of services or products. We also process your personal data based on your consent, including your consent to receive direct marketing communications.

What kinds of personal data do we collect and use and where we do get them from?

Your information may be shared with us by other organisations, individuals, OCWA’s beneficiaries, employees and volunteers, for example when developing joint projects or undertaking networking activities, or when you have been involved in a beneficiary’s case. We may receive updated contact information from third parties so that we can correct our records and engage with you more easily.

We may combine information you provide to us with information available from public sources or records in order to gain a better understanding of organisations and individuals who may be interested in engaging with OCWA. This helps us to generate new income to support our work and deliver our services more effectively.

Who might your personal data be shared with?

We may share personal data with third parties to further our legitimate interests as a charity and the legitimate interests of our beneficiaries. This might include details of your work in relation to OCWA’s beneficiaries, or other personal data as set out in our contractual terms and conditions. We may also share your personal data with third parties with your explicit consent, subject to the general exceptions listed in ‘Things that apply to all our processing of personal data’.

How long do we keep personal data for?

We keep personal data that relates to financial records, including provision of services or products, for at least 6 years from the end of the last financial year they relate to for OCWA accounting purposes.

We will retain other personal data related to your engagement with OCWA for a period of at least 6 years since the date of your last engagement with us. We will ensure that you can simply and easily withdraw your consent to be sent information about our services and to indicate your preference for receiving communications in a particular format. If you withdraw your consent or change your preferences, we may retain a record of your withdrawal of consent or change of preferences for a period of 6 years from the date you notified us: this helps us maintain accurate records and ensure that information is not sent to you in error when you have withdrawn consent.

Our employees and others undertaking paid work on our behalf

Why do we collect and use personal data?

We collect and use personal data to engage with you as an employee, worker, self-employed person or contractor in relation to the work you undertake in these roles, including associated recruitment and selection processes. We collect and use personal data to fulfil our responsibilities as an employer, and for management and administrative purposes including personnel and HR functions, the supervision and monitoring of work, safeguarding, conflicts of interest, seeking your feedback, dealing with complaints, to further the charitable aims of OCWA and the legitimate interests of those we support.

How do we justify this according to data protection legislation?

Our lawful bases for processing this data include our legitimate interests as an employer and charity and the legitimate interests of our beneficiaries.  These legitimate interests include: ensuring that OCWA operates effectively and efficiently; monitoring OCWA activities to protect the organisation against fraud, money laundering, conflicts of interest and other risks. We also process personal data on the basis of our legal obligations, for example complying with accounting and reporting requirements as an employer, a registered charity and company limited by guarantee. We process some personal data on the basis of the contracts OCWA has with you that relate to your employment or work at OCWA. We also process some personal data based on your consent, including your consent to receive direct marketing communications.

What kinds of personal data do we collect and use and where we do get them from?

We collect and use personal data during the course of your work for OCWA, including: recruitment and selection records; use of OCWA computer and communication systems and cloud-based services; time recording; personnel and HR records, including those related to disability, health, performance and supervision; and other personal data required in order to contract with you, including personal data related to your right to work in the UK and financial details to enable us to make payments to you. Some of your personal data may be sourced from recruitment agencies and publicly-available sources during recruitment and selection processes. We collect sensitive personal data, in some cases including personal data relating to criminal offences and convictions, and personal data processed in relation to the safeguarding of children and vulnerable adults. We will also process data to enable us to fulfil our duty of care to you as an employee, worker, self-employed person or contractor, for example, information about any particular health, access or communication needs.

Who might your personal data be shared with?

We will share your data with other organisations and individuals to comply with our legal obligations. We will also share your data with organisations that undertake data processing on our behalf, including HR and personnel functions such as payroll administration.  In some circumstances we may need to share your personal data to further the legitimate interests of OCWA and OCWA’s beneficiaries, for example in situations where you are representing a client at tribunal or where you are undertaking work that requires interaction with third party organisations.



How long do we keep personal data for?

We keep the following types of personal data for at least six years since the date of the last record: accident books and records; accounting records; income tax and National Insurance returns, correspondence with HMRC; records of notifiable events in relation to retirement benefit schemes; maternity pay records; wage and salary records; and working time records.

Certain types of record will be kept for longer periods, including records related to pension schemes and pensioners, which will be kept for 12 years from the date pension benefits cease, and records related to parental leave, which will be kept for 18 years from the birth of the child. If records involve the control of lead, asbestos, other hazardous substances or ionising radiation, special rules apply and records will be kept for periods in excess of 40 years, see https://www.cipd.co.uk/knowledge/fundamentals/people/hr/keeping-records-factsheet.

Certain types of records will be kept permanently, including: health and safety assessments and consultations; and senior executive records.

We keep application forms and interview notes for unsuccessful job applicants for 12 months. Records of successful job applicants will be transferred to their personnel file.

People visiting our website and interacting with us on social media


Why do we collect and use personal data?

We collect and use personal data to analyse the use of our websites and ensure their content is presented in the most effective manner for you and your device (see also our cookies policy). We use Google Analytics and other services to collect information about how our websites are used. These help us to know how often users visit our websites, what pages they visit when they do so, and how they use our content online.

Our website contains links to other websites belonging to third parties and we sometimes choose to participate in social networking websites including, but not limited to, YouTube, Facebook, Twitter, Pinterest and Instagram.

Some areas are designed to allow you to submit personal data, for example to contact us for help or to offer support as a volunteer or donor.  We take your privacy very seriously and data gathered via this channel is collected using a secure connection. 

How do we justify this according to data protection legislation?

You don’t have to disclose any of this information to browse our websites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.  When submitting personal data using online forms, the way we use that data subsequently is determined by your relationship(s) to us as described elsewhere in this privacy statement.

What kinds of personal data do we collect and use and where we do get them from?

Website usage information is collected using cookies. This helps us to see how many people use our websites, how many people visit on a regular basis, and how popular individual pages are. Cookies are also essential to our websites running correctly and delivering services to website visitors. For more information, please see our cookies policy.

Otherwise, this is determined by your relationship(s) to us as described elsewhere in this privacy statement.

Who might your personal data be shared with?

Your personal data may be recorded by the company who hosts the OCWA website. If you use social media services such as Facebook, Twitter, Pinterest, Instagram or YouTube, you should be aware of their privacy policies and practices.

Otherwise, this is determined by your relationship(s) to us as described elsewhere in this privacy statement.

How long do we keep personal data for?

This is determined by your relationship(s) to us as described elsewhere in this privacy statement.

Children and young people


If you are aged under 18, we take particular care of your personal information.  Please just ask us if you have any questions.

If we get information from you directly, we will tell you why and how we are going to use your personal information.

Sometimes, we use your personal information to help your parent or someone caring for you.  This might be, for example, to help your family sort out problems with money, housing or work. 

If you are under 18, OCWA will not normally advise or support you directly.

Children aged 13 upwards may give their own consent in relation to any initial advice or information offered by OCWA, which will typically involve referral to services that specialise in working with young people.

If you are aged 16 or under and would like to participate in an event, donate or get involved with supporting our work, please make sure that you have the permission of your parent, guardian or person with parental responsibility.

You need to have this before giving us your personal information.  You also need to make sure that you have the permission of the card holder if donating by card.  If we find out that you do not have permission, we will ask you to get permission.

Changes to this privacy statement and our privacy policy

We keep our privacy policy under regular review.  Any significant changes will be reflected in this Privacy Statement, which will be available via our website and through other channels.

Date last updated: Dec 2018, Dec 2019 September 2020

Dates of next review: September 2021

bottom of page