Privacy Notice

Lancaster Nightline Privacy Notice

Date privacy & confidentiality notice was updated: 13/04/2023

Our organisational details:

Name: Lancaster Nightline

Phone Number: 01524 594 444

Email: nladm@lancaster.ac.uk

Our governing body’s details:

Name: Lancaster University Students’ Union

Phone Number: 01524 593765

Email: help@lancastersu.co.uk

Useful Definitions

‘Personal data’ is information that is personally identifiable, i.e. you can use the data to find out who it is about. This could be a name, date of birth or location data.

‘Special category data’ is more sensitive information, for example, health or genetic information.

‘Processing’ is the action that Lancaster Nightline or a trusted third party takes when collecting, updating, storing, or sharing an individual’s personal data.

‘We’ or ‘Nightline’ refers to Lancaster Nightline.

Why we collect your data

We aim to minimise as much as possible the amount of personal data we process. We may process personal data where the law requires us to do so, in order to safeguard vulnerable individuals, to protect our volunteers’ wellbeing and to continuously improve and develop the services we provide.

All of our practices comply with UK GDPR. We have lawful bases for processing your personal data and special category data. The main lawful bases we rely upon are:

• We have a legal obligation
• Protecting vital interests
• Our legitimate interests as an organisation

How we protect your data

At Nightline, we only collect the data we need and we only share it on a need-to-know basis.

We do not share personal data externally with the exception of the circumstances outlined in this policy. In this situation, we will always make you aware of how your personal data might be affected and will always check that the organisation’s systems comply with privacy laws and have robust privacy and security practices.

We store our data on the Microsoft Office 365 workspace. It is secured and supported by Microsoft and has been security assessed by independent organisations (including the National Cyber Security Centre: https://www.ncsc.gov.uk/collection/saas-security/product-evaluations/office-365).

We store some volunteer data on Three Rings database. It is a registered data processor and complies with the Data Protection Act 2018 (DPA), General Data Protection Regulation (GDPR) and other relevant legislation. Further information can be found here: https://www.threerings.org.uk/privacy-policy/.

How we process your data

Nightline Service Users

As a general rule, Nightline does not store personal data of service users in call records. We keep call logs, but these are limited to primarily statistical information and no identifying information is recorded. Call statistics are used to improve our service and shared with stakeholders whom support and fund us, such as the Lancaster University Students Union.

On some occasions, in order to detect and prevent abuse to Nightline services, we do collect data about calls we believe to be non-genuine, in order to prevent such calls taking place again in the future. This information includes the phone number, details of the caller and the topics discussed on the call.

Some personal data (IP addresses, email addresses, etc.) and messages are stored in the databases of our anonymous instant messaging software, and our anonymised email software, which is provided to Nightline by our umbrella organisation, the Nightline Association. This information is deleted from the Nightline Association database after 30 days. Volunteers at Nightline cannot access any personal data and the Nightline Association does not access the databases (unless requested by us as outlined below), or in exceptional circumstances where system administrators must undertake system maintenance. Our email service is anonymised to remove the sender’s name and email address, so that Lancaster Nightline volunteers does not have access to this information, however if the sender includes an email signature with their name, or if they include any other personal information in the email, this will not be removed.

In certain circumstances, Nightline may share personal data with a third party:

• Terrorism
  Any information relating to an act or potential act of terrorism will be reported to the police in order to comply with our legal obligation under the Terrorism Act 2000
• Safeguarding
  Any calls where there is a threat to either a child or an adult at risk may require us to make a report to the police or to the local authority. This is done to meet our responsibilities to protect vulnerable individuals.
• Suicide
  Where we receive a call where there is a serious risk of harm to the caller we may pass personal data onto the emergency services in order to protect the vital interests of the caller
• Court Order
  Personal data may be disclosed to the police if requested under a court order. This is in order to meet our legal obligation to cooperate.
• Abuses of the Service
  Where a caller acts in an abusive or threatening manner towards our volunteers, we may disclose personal data of that caller to appropriate third parties. These parties include the police, other Nightlines, the Nightline Association and other authorities with responsibility for the welfare of our volunteers such as Lancaster University and Lancaster University Student’s Union. This is done in order to serve our legitimate interest to protect our volunteers from harm and to keep the service available for genuine users.
• Grievous Harm
  Any calls where there is a threat to physically or mentally harm another person may require us to make a report to the police or to the local authority. This is done so that we can protect the wellbeing of volunteers by ensuring they are empowered to pass on information that may protect others to the appropriate third parties.

Call Monitoring

For the purposes of training and support, there may be more than one volunteer present during your call. This is so that we can protect volunteer wellbeing and ensure a continued high standard of service for callers. This applies to all three listening services: Phone Calls, Instant Messages and Emails. By using our service, your consent for call monitoring is implied.

Volunteer recommendations – ‘Nudge’ forms

It is in the interest of Nightline to recruit volunteers so that we can continue to deliver our service. As such, we utilise ‘Nudge’ forms, which allow individuals to recommend others as listening volunteers for our organization. The data collected includes the following:

• Name of the recommended individual
• Email address of the recommended individual

This data is used to send a one-off email to the recommended individual. This email explains why they are receiving the email, information on volunteering with Nightline, and a link to the application form. The data is permanently deleted at the end of the recruitment cycle.

Individuals can opt-out of future nudges by emailing nladm@lancaster.ac.uk. Opt-out email addresses will be stored for 3 years.

Volunteers and Potential Volunteers

During the process of recruiting new volunteers, we collect some information from everyone who registers their interest in volunteering. The data collected includes the following:

• Name
• Date of birth
• Email address
• Pronouns
• Course of study
• Year of study
• Criminal convictions

Once the recruiting procedure is over, we retain the information of unsuccessful applicants for 1 month. The information is not shared with anyone outside of Nightline before, during or after the recruitment drive.

For our volunteers, we store this data, along with other relevant information such as the number of shifts you complete and ongoing training sessions you attend for as long as you are a volunteer.

We collect this information in order to administer the recruitment process and effectively run the service.

After a volunteer leaves Lancaster Nightline, we retain data for 3 years for the purpose of completing references on request of the volunteer. The data (“past volunteer data”) includes the following:

• Name
• Number/hours of completed shifts
• Dates the volunteer was active
• Roles and responsibilities
• Training session attendance

We collect this information in order to support past volunteers with references for job applications. Volunteers and past volunteers have the option to opt-out of the storage of their past volunteer data storage by contacting nladm@lancaster.ac.uk .

Website Visitors

When you visit the Lancaster Nightline website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

Lancaster Nightline uses “cookies” to collect information. You can opt-out of cookies but you are required to do this proactively by changing the setting in your browser – unfortunately, we cannot control this on your behalf. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

Anonymised data from visitors to our website will be collected, including your interaction with our website and cookies to track with pages you visit. This helps us to analyse how our website is being used and how we can improve.

Social Media

Lancaster Nightline may choose to use sponsored advertising on our social media platforms. In this case cookies enable the advertiser to offer customised suggestions to you and to understand the information we receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in.

To show adverts that are relevant to you, the advertiser uses information about what you do on social media and on third-party sites and apps you use. For example, you might see ads based on the people you follow and things you like on Instagram, your information and interests on Facebook, and the websites and apps you visit.

To know more about the information collected by Facebook, for example, please check the following link: https://www.facebook.com/about/privacy. 

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by using the links below:

• Facebook: https://www.facebook.com/settings/?tab=ads 
• Google: https://www.google.com/settings/ads/anonymous 
• Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads 

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info

Data Retention Periods

We only keep your information for as long as is necessary for the relevant purpose. We use a number of criteria for determining the retention period, including obligations under law, our legitimate interests, and consideration of the original purpose we collected it for.

Your rights

The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and rights. This is why we are providing you with the information in this policy. If you have any additional questions, you can contact us using the contact details at the end of this policy.

The right to object

You always have the right to object to certain types of processing, including the option to stop receiving information from us across all of our communication channels (which is known as processing for direct marketing). This is at your discretion and we will respect your choice. However, for us to enact this we encourage you to notify us. You can use unsubscribe links on emails or contact us using the contact details at the end of this policy.

The right to access a copy of the personal data we hold.

You, or an organisation with legal purpose, can request a copy of your personal data for legitimate purposes. This is known as a ‘Subject Access Request’. To request this, contact us using the contact details at the end of this policy. Please note that proof of identity may be required and providing the reason for your request will allow Lancaster Nightline to respond most appropriately. We may ask for further details if needed.

The right to erasure

This is where you can request that Lancaster Nightline delete the data that we hold on you. Please note that this will not apply if there is lawful basis for us to continue to use the data we hold about you. To request this, contact us using the contact details at the end of this policy.

The right to rectify inaccurate data

As detailed above you can make corrections to the data we hold about you. To request this, contact us using the contact details at the end of this policy.

The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

The right to data portability

You have rights to obtain and re-use your personal data for your own purposes across different services.

The right to lodge a complaint

You can lodge a complaint about the way we handle or process your personal data with us or your national data protection regulator.

Contact nladm@lancaster.ac.uk . We will respond to your complaint within 48 hours.

The national data protection regulator for the UK is the Information Commissioner’s Office (ICO) and they can be contacted here: https://ico.org.uk/global/contact-us/.