020 8770 0172
Mon, Tues, Thurs & Fri
10:00am - 2:30pm
The Website is brought to you by Sutton Mental Health Foundation. SMHF believes it is important to protect your Personal Data (as defined in the Data Protection Act 1998 and the GDPR) and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect Personal Data about you. It also explains some of the security measures we take to protect your Personal Data, and tells you certain things we will do and will not do.
When we first obtain Personal Data from you, or when you take a new service or product from us, we will give you the opportunity to tell us if you do want to receive information from us about other services or products (as applicable). It will be presumed you do not want further details from us and you will be asked to “opt in”. You may change your mind at any time by emailing us at the address below.
We never sell your personal data to any third party. We only share your data with third parties where it is required to do so by law and or to deliver the information and or services you have requested from us. This would also only be done with respect to the laws of England and Wales and the EU’s General Data Protection Regulation.
The GDPR gives you important rights over your data which are outlined in this document.
We may process the following kinds of data:
(a) technical / statistical information about the type device you use to visit our website e.g. mobile, iPad or laptop, and about your visits to this website and how you use it. We may look at sites you may have visited prior to our site e.g. where you came from, Google search engine or a link from another site. We may also process technical or statistical data about the computer being used like IP addresses (dynamic or static), where you are, the type of browser you are using, how long you are here and the pages you viewed. This information is generally considered to be anonymous.
(b) personal data (information) you provide to us – you may submit personal data through our website, for example, when you subscribe to an email newsletter or ask us to contact you about our services or vacancies. This data may include things like your name, email address, telephone number, postal address and or details on a CV;
(c) data relating to any discussions or transactions carried out between you and us submitted through the website or subsequent email exchanges;
(d) any other data you send to us.
We keep this data when submitted in email form and details are added to a cloud-based and encrypted database. Sometimes we may need to ask for your explicit consent to process personal data, and when this is required we will make that request clear on relevant forms or submissions.
The information collected by the cookies is sent back to the web server each time the browser requests a page from the server. This enables the web server to identify and track how the web browser is using our website.
The cookies we use allow us to understand things such as which pages a visitor views, for how long and how a visitor came to the website (from which source e.g. Google, Twitter, Facebook). They cannot identify a specific person’s identity. They only collect anonymous data about how a person is using our website.
If you are concerned about allowing cookies to be stored on your browser, even temporarily, most browsers now recognise when a cookie is offered and will permit you to refuse or accept them.
You can, by default, set your browser to permanently block cookies from any website from being placed on your browser, but doing this may cause some functionality to be lost and the website may not look as intended in your browser.
You can find out more about how to control cookies in some of the most popular browsers here:
We may also use anonymous cookie data for remarketing purposes. This means, you may see our promotions and advertisements on other websites that you visit. It’s not something we do currently and are not likely to do in the future, but just in case!
You might also wish to visit the Information Commissioner’s website to find out more about cookies.
We use Google Analytics to help us understand how our website is being used so that we can improve how it functions and our services. Google Analytics generates statistical and other information about how websites are used by using cookies.
With respect to Article 13 of the EU’s GDPR, this website processes personal data on the basis of:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
We may also use anonymous or personal data to:
(a) administer the website;
(b) improve your browsing experience by personalising the website;
(c) enable your use of the services available on the website;
(d) send to you downloads purchased via the website;
(e) send information to you about our services, statements and or invoices, and collect payments from you;
(f) send you non-marketing communications e.g. updates about the status of your purchase or relating to your enquiry;
(g) contact you via email, phone and or post with information you have knowingly requested or that we think you may want to know or need to know e.g. for business or legal reasons;
(h) send to you our newsletter and other relevant marketing communications which we think may be of importance or interest to you by phone, post, email or similar technologies;
(i) provide third parties e.g. Google with statistical information about our website visitors. This information will not identify any specific individual; and
(j) deal with enquiries and complaints made by or about you relating to the website.
(a) to the extent that we are required to do so by the laws of England and Wales and the EU’s GDPR;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
(d) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
Depending on the nature of your enquiry and relationship with us, personal information that you consent to provide to us may be processed in the UK and or in locations outside the UK in order to deliver our service to you.
For instance, if you are based in the United States and submit information to us via email, from an email account hosted in the US, your email hosting provider will have processed the data you sent. If we reply to that email address, even though we are in the UK, we may be transmitting your data across international boundaries.
Anonymous website analytic data that is collected from your use of our website may also be transferred, processed and stored, for example, on Google’s servers outside the UK and EU.
We have taken reasonable technical and procedural precautions to prevent the loss, misuse or inadvertent alteration of your personal data. We will store all the personal data you provide in secure servers or systems.
However, we cannot guarantee the security of any data you choose to send to us over the internet. Our website does however use an SSL certificate to help ensure that any information sent to us through it, is more secure than it otherwise would be.
If you look in the address bar of your browser, when visiting our site, you will see the letters https. The S stands for secure and means that information sent to us through our site is sent to us through an encrypted channel.
The GDPR gives you important rights over your data. This means you can:
You can submit what’s called a Subject Access Request to us – at any time – in relation to your rights above by contacting us. We comply with these requests within one month (unless there are mitigating circumstances e.g. legal reasons not to.)
In certain circumstances, we may need to have your consent to process your data.
You may instruct us at any time to confirm or port (transfer) any of the personal data we process about you. Please tell us the following:
We will endeavour to carry out your instructions within 30 days of receiving your request, but this is subject to your having provided us with all the detail above along with any other relevant information that is necessary to be able to carry out the work.
Also, if you would like us to port (transfer) your personal data, please be aware that if we don’t think your chosen medium and format will be secure, or put your personal data at risk, we will tell you and discuss alternatives with you.
You may also instruct us to purge (delete) any and all information we hold about you at any time.
We will endeavor to do this with respect to your wishes and compliance with the applicable laws of England and Wales and or EU laws and regulations i.e. GDPR.
We will endeavour to delete all the information we hold about you in the time frame you request, but depending on the nature of your request, and any third parties involved, this may not be possible.
This is because of our legal obligation to retain certain types of customer information for certain time periods e.g. for tax and or accounting purposes, we may need to keep your contact details on file for longer periods if they appear on an invoice or receipt for example.
In any and all cases, we only ever keep information on file for as long as it is needed with respect to the services you have enquired about and or that we have agreed to provide you, or to meet a legal requirement.
You can and should instruct us to correct or update any personal information we hold about you e.g. if you change your name or address for instance.
You can find out more about your rights according to GDPR by visiting the Information Commissioner’s website (UK).
You should check this page occasionally to ensure you are happy with any changes. If you have any questions about this policy, please contact us as soon as possible and we will endeavour to answer your question as quickly and clearly as we can.
The website of the Information Commissioner’s Office (UK) also has to more detail about data protection and your rights.
This policy was updated on September 5, 2019