VAMT Privacy Notice (July 2018)

Voluntary Action Merthyr Tydfil (VAMT), is committed to respecting and protecting the right of individuals to privacy.

This notice explains when and why we collect personal information about individuals, including those who visit the VAMT website, our service users, those people and organisations we work with to deliver our services, including our funders, and those who provide us with goods and services. It also tells you how and why we use this data, the conditions under which we may disclose it to others and how we keep it secure.

We may update this notice from time to time so please check this page occasionally to ensure that you're happy with any changes. By using our website, you're agreeing to be bound by this this notice.

Any questions regarding this notice and our privacy practices should be sent by email to Ian Davy or in writing to VAMT, Voluntary Action Centre, 89/90 Pontmorlais, Merthyr Tydfil CF47 8UH. Alternatively, you can (01685) 353900.

1 Who are we?

VAMT is the county voluntary council for Merthyr Tydfil. Our mission is;

  • to increase the extent, quality and impact of voluntary action in the County Borough of Merthyr Tydfil by supporting, representing and assisting Third Sector organisations and volunteering
  • to effect change by enhancing well-being of individuals, organisations and communities

We are one of 19 organisations who are partners in Third Sector Support Wales (TSSW), a national network of third sector infrastructure bodies across Wales working at a local, regional and national level to promote and support volunteering, support a sustainable and well governed third sector and facilitate the sectors engagement and influence.

2 What information do we collect about you, how and why, and who do we share it with?

Below are details of how we collect and use personal data in various circumstances.

For each category of individuals, we have set out the lawful purpose or purposes for which we process their information; we will not use the information to contact them for any other reason.

We will only retain personal information for as long as necessary to achieve the purpose for which it was collected. This will vary depending on the situation, but we will delete all personal information as soon as we no longer need it for that purpose.

2.1 Visitors to our website

When someone visits we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns, to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Where we do want to collect personally identifiable information through our websites, we are up front about this and the information will be provided by you. We make it clear when we are collecting personal information from you and explain what we intend to do with it. If we ask for your consent to use your information for a particular purpose we will clearly tell you how you can withdraw it.

2.2 Job applicants

All shortlisting for posts is carried out anonymously and we will only use your contact information once that process has been completed, to let you know whether or not you will be offered an interview and to let you know the outcome of an interview. A full privacy notice is included in all application packs.

2.3 If you want to complain or provide us with feedback

We will use the information provided by you to follow up a complaint or grievance in accordance with our Complaints Procedure. We also keep a record of all complaints received and the outcome of investigations, including whether or not the complaint has been upheld. This record includes the name of the complainant but not their contact details. The complaint documentation with contact details will be destroyed one year after the end of the investigation, including any appeal.

We use your feedback to improve our services and also to illustrate the difference that our services make. We do not attribute feedback unless you have given us your explicit consent to do so. We retain all feedback for one year after the end of the period to which it relates, so that we can use it for reporting purposes and to inform our planning for the following year.

2.4 Information

All TSSW contacts are stored on a Customer Relations Management system (CRM) and will have been contacted to find out what information they want to receive from us and how they want to receive it. This detailed in a Privacy Notice.

If you access our blogs, or other social media through the VAMT website you will not be required to provide any personal data.

2.5 Participation

We carry out various engagement activities so that individuals can make their views known to us on a range of local and national issues. We bring this feedback to the attention of the appropriate people, so that is can be used to help to improve both our own services and also the services that are delivered by statutory bodies, such as the local council and health board, and also the Welsh Government.

This feedback is usually anonymous and in any event no personal information will be forwarded to the various service providers with whom we share it. However, there are times when we will need to ask for contact details or other personal information, for instance where we ask for an email address so that we can get further details to enable us to follow up concerns that have been raised (see 'If you want to complain or provide us with feedback' above).

2.6 Community Coordinators

When clients are referred to or refer themselves to the Community Coordinator, we collect their name, address, telephone number and relevant information needed to deliver the service. This may include information about a client's health and wellbeing or personal circumstances, which we need to have to ensure that we are able to signpost or refer the client to the appropriate health and social care services, including those delivered by the third sector. We store all of this information securely in a database on a server. We share it with the system provider solely for the purposes of system administration and maintenance.

In order to provide our clients with the best possible service, we share relevant information with our partners in Cwm Taf University Health Board, Merthyr Tydfil County Borough Council, Interlink and the third sector, to make sure that they can access the services that matter to them. We only share the information that is necessary to provide the client with health and social care services or where we are required to do so by law.

In all cases, information is only used by authorised health and social care professionals, from the statutory and third sectors in the Cwm Taf region, who are involved in the client's direct care.

We will retain our clients' names, address, telephone number and relevant service information for 10 years, so that we can stay in touch with them. If we have not communicated with a client further during this time, we will delete the personal data we hold regarding them at the end of this period.

For further information on the way in which client information is processed by Merthyr Tydfil County Borough Council using the Wales Community Care Information System (WCCIS) please contact MTCBC.

3 People and organisations we work with to deliver our services, including volunteers and funders

As a member of Third Sector Support Wales(TSSW), we use a shared Customer Relationship Management (CRM) system to store details of those with whom we work in the third, statutory and private sectors as well as our volunteers and other individuals. This will include work email addresses, which are personal data, as well as some personal email addresses and details of the various interactions that we have with these individuals and, where relevant, the organisations for which they work.

We use this information to enable us to deliver our services effectively and efficiently. We regularly review the data on our CRM and update it or delete it as and when required. We will only send out direct marketing information to our contacts where we have their express consent to do so.

4 Those who provide us with goods and services or to whom we make expenses and subsistence payments

In order to process and make payments we have to use some or all of the details that have been given to us, including contact name and email, address and bank details. In some cases this will be personal information. Where this is the case, we will process the information lawfully and in a way that respects and protects individuals' right to privacy. We store all of this information securely in a database on a server. We share it with the system provider solely for the purposes of system administration and maintenance.

We will review our sales ledger annually and delete the details of anyone to whom we have not made a payment within the past two years.

5 How do we protect your information?

We have in place administrative, technical and physical measures, both on our website and internally, designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that we hold.

Where information is stored on servers, they are situated within the European Economic Area (EEA). Should this not be the case, we will ensure that European Commission approved standard contractual arrangements are in place.

6 Your rights

You have rights as an individual that you can exercise in relation to the personal information we hold about you. These are:-

  • a right of access to a copy of the information comprised in your personal data
  • a right to object to processing that is likely to cause or is causing damage or distress
  • a right to prevent processing for direct marketing
  • a right to object to decisions being taken by automated means
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
  • a right to claim compensation for damages caused by a breach of the Data Protection Act.

7 Cookies

For many visitors to our website we do not collect any personal information. However, when we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your device, such as your computer or mobile phone. These include small files known as cookies.

Our cookies contain no data specific to an individual, so that your privacy remains protected. They don't contain your email address, nor do they tell us who you are. We use cookies to monitor our website, its usage including visitor numbers and page views. We also use cookies to improve your user experience whilst on our website, including:

  • enabling a service to recognise your device so you don't have to give the same information during one task
  • recognising that you have already given a username and password so you don't need to enter it for every web page requested

8 Contact us

If you would like to get in touch to discuss this privacy notice or how we use your personal information, to exercise your rights or to provide feedback or make a complaint about use of your information, please contact:-

Ian Davy, Chief Officer, Voluntary Action Merthyr Tydfil Ian Davy

You can also contact the Information Commissioner's Office at for information, advice or to make a complaint.

9 Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.