Privacy Policy

Privacy notice for employees, volunteers and users

Version: 3
Date: March 2025

PURPOSE

ANDYSMANCLUB LTD. (“the Organisation”) is committed to protecting the privacy and security of your personal information.

This privacy notice outlines how we collect, use, store, and protect personal information about you during and after your working relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

ANDYSMANCLUB LTD. is a “data controller.” This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice applies to current and former employees, volunteers, organisations and users. It does not form part of any contract of employment or any other contract for services. We may update this notice periodically and will notify you of any material changes as soon as reasonably practicable.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so you understand how and why we are using your data and your rights under data protection legislation.

SCOPE

This notice applies to all employees, volunteers, and users of ANDYSMANCLUB LTD.

PRINCIPLES OF DATA PROTECTION

We adhere to data protection law, which states that personal information must be:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and kept up to date.
  • Retained only for as long as necessary.
  • Processed securely.

TYPES OF INFORMATION WE COLLECT

Employees & Trustees

We may collect, store, and use the following personal information about employees:

  • Personal contact details (name, title, address, telephone number, email address)
  • Date of birth, gender, marital status, and dependents
  • Emergency contact information
  • National Insurance number and tax status information
  • Salary, pension, and benefits information
  • Employment records (job title, work history, training, performance information)
  • Bank details for payroll purposes
  • Right to work documentation
  • CCTV footage (where applicable)
  • Disciplinary and grievance information
  • Data from IT systems monitoring
  • Special categories of data such as health information, race/ethnicity, and trade union membership (only where necessary and lawful)
  • Criminal record checks (DBS) where legally required

Volunteers and Users

We may collect, store, and use the following personal information:

  • Name, address, phone number, email address (for volunteers)
  • Name, email, and general location (for users)
  • We take no data off any individual that attends and uses our support services
  • Criminal record checks (DBS) where legally required

HOW PERSONAL INFORMATION IS COLLECTED

We collect personal information through:

  • Application and recruitment processes
  • Directly from you (e.g., forms and online registration)
  • Third-party references (e.g., former employers, background check providers)
  • HR and payroll management systems
  • Track and trace records where applicable (data deleted after 21 days if no consent is given for retention)

HOW WE USE PERSONAL INFORMATION

We process personal data under the following lawful bases:

  • Contractual necessity – fulfilling obligations under an employment or service contract.
  • Legal obligations – compliance with regulatory or legal requirements.
  • Legitimate interests – where necessary for operational purposes and does not override individual rights.
  • Consent – where specific consent has been given, such as for marketing or voluntary communications.

Processing activities include:

  • Recruitment, onboarding, and employment administration
  • Payroll and pension management
  • Performance and training evaluations
  • Security, health, and safety compliance
  • Equal opportunity monitoring
  • Legal and regulatory compliance (e.g., HMRC reporting, safeguarding, and fraud prevention)

DATA SHARING

We may share data with:

  • Third-party service providers for HR, payroll, pension administration, and IT services
  • Regulatory bodies such as HMRC, pension schemes, and law enforcement where required
  • Auditors and legal advisors where necessary for compliance and legal proceedings

All third-party processors must comply with security obligations and contractual confidentiality agreements.

DATA SECURITY

We have implemented appropriate security measures to:

  • Protect data from accidental loss, unauthorised access, or disclosure.
  • Limit data access to those with a business need.
  • Ensure secure data transmission and storage.

We also have procedures in place for handling suspected data breaches and will notify individuals and the ICO where legally required.

DATA RETENTION

We will only retain personal data for as long as necessary to fulfill processing purposes, including legal, regulatory, and operational requirements. Retention periods are outlined in our Data Protection Policy.

In some cases, anonymised data may be retained for statistical and research purposes beyond the initial retention period.

YOUR RIGHTS

Under data protection law, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data under specific circumstances.
  • Restrict processing where applicable.
  • Object to certain types of processing.
  • Request data portability where applicable.

To exercise these rights, contact info@andysmanclub.co.uk. We may require identification to process requests.

WITHDRAWING CONSENT

Where processing is based on consent, you can withdraw consent at any time by contacting info@andysmanclub.co.uk.

AUTOMATED DECISION-MAKING

We do not conduct automated decision-making that has a significant effect on individuals. If this changes, affected individuals will be notified.

DATA PROTECTION CONTACT

For questions or complaints about this privacy notice or data protection practices, contact the General Manager at sabrina.mullins@andysmanclub.co.uk.

You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.

MONITORING AND REVIEW

This policy will be reviewed regularly to ensure compliance with legislative changes.

Next Review Date: March 2027

EQUALITY IMPACT ASSESSMENT

This policy has been reviewed to ensure compliance with equality legislation and fairness in data handling practices.

PUBLICATION

This Privacy Notice is available to employees, volunteers, and users via Internal communications (staff intranet) and The ANDYSMANCLUB website.

#ItsOkayToTalk

We Meet Mondays at 7pm (Except bank holidays)

ANDYSMANCLUB is a peer-led charity. We cannot provide immediate support.

Find a Group Urgent Help

© ANDYSMANCLUB, 2025. All rights reserved. Privacy Policy. Complaints
A registered charity in England & Wales (1179647) Scotland (SCO51485) and a Company Limited by Guarantee, registered in England and Wales (11118153).
Site by DCA.

ANDYSMANCLUB

Find a Group Help

Urgent Help Needed?

ANDYSMANCLUB is a peer-led charity, so we are not professional mental health support workers. If you need urgent help, please contact one of these excellent groups.

Samaritans

If you need to contact someone urgently for a confidential, you can call The Samaritans free any time, from any phone, on 116 123.

Calm

Calm run a free and confidential helpline and webchat – 7 hours a day, 7 days a week for anyone who needs to talk about life’s problems. Visit the helpline now.

Call 111

You can now call 111 free of charge and select option 2 to be connected to a mental health professional.

If someone’s life is at immediate at risk, please contact 999.

Find a Group