Juniper Lodge Privacy Notice

Juniper Lodge is a Sexual Assault Referral Centre (SARC) which operates a confidential service to clients.  The service offer of Juniper Lodge is unique in that it provides a holistic support service to both males and females who have suffered a sexual assault; this support is offered for both recent and historic incidents of sexual assault, and the support offer is not dependent on the individual making a formal report to the Police.

This Privacy Notice aims to make it clear who is holding your data and who this may be shared with as part of the support services offered. 

Who are ‘Juniper Lodge’ and the SARC?

Juniper Lodge is a collaborative initiative that is co-funded by the Office of the Police and Crime Commissioner, Leicestershire Police and NHS England – there are also several other organisations that work within the premises to provide the wide range of support services the SARC offers.

 Who holds my data?

Should you wish to make a report to one of the Crisis Workers at the SARC, a ‘Referral Log’ will be recorded.  These details are collected for the purposes of recording your initial account and to identify the appropriate support for you.

This information is initially retained (in paper form) and held securely at Juniper Lodge.  This information will then be electronically recorded onto a system called MODUS and the original paperwork is shredded for confidentiality purposes.  Although MODUS is a Leicestershire Police owned system, the data collected and held by the SARC on the system can only be accessed by SARC staff – it cannot be accessed by the wider Force and will not be processed for Law Enforcement purposes.  This data also cannot be accessed by the support organisations based at the SARC.

The information you disclose for the purposes of the Referral Log is not shared with any other organisation or the wider Force without your explicit consent – this means:

  • You will not be made to make a formal report to the Police if you do not want to;
  • You can decide which organisations, if any, you choose to receive support from;
  • You can withdraw your consent at any point so that no further data will be shared (you would need to contact the other organisations to advise them of your wishes also, e.g. request for erasure); and
  • Should you wish to obtain a copy of your data, this should be done by making contact directly with the SARC Manager at Juniper Lodge or the Data Protection Officer.

The Data Controller of this information is the Chief Constable of Leicestershire Police.

– Leicestershire Police HQ, St Johns, Enderby, Leicester.  LE19 2BX

The Controller’s Representative is Millie Gant (Manager of Juniper Lodge)

– Juniper Lodge, New Parks, Leicester.  LE3 6RJ

The Data Protection Officer for Leicestershire Police is Steven Morris.

– Leicestershire Police HQ, St Johns, Enderby, Leicester.  LE19 2BX

data.protection@leicestershire.pnn.police.uk

What is the purpose for the processing and what is the legal basis?

The purpose of the processing is to provide a wide-range of support to clients at the point of need – this includes emotional and practical support, as well as access to medical care.  The Referral Log also provides an initial account of the sexual assault should the individual wish to make a formal report to the Police at a later date.

The SARC may make contact with clients for the purposes of service improvement, either during or after their engagement with the SARC, e.g. service improvement questionnaires.  This contact will only be made where the service user has given their explicit consent to this type of contact, and this can be freely withdrawn at any time.

The processing of personal data by the SARC is therefore under the General Data Protection Regulation (GDPR) 2016/679 and Part 2 of the Data Protection Act (2018).

The lawful basis for processing personal data[1] for the purpose of the SARC is:

Article 6 (1) (a) – the data subject has given consent to the processing of his or her personal data for one of more specified purposes

The lawful basis for processing special categories of personal data[2] for the purpose of the SARC is:

Article 9 (2) (a) – the data subject has given explicit consent to the processing of those personal data for one or more specified purposes

Who will my information be shared with?

The information you provide to the SARC in the Referral Log will not be shared with anyone without your (explicit) consent.

To provide you with support, we may (only with your consent) share your information with:

  • MITIE – providers of forensic examinations
  • Freeva – emotional, practical support and ISVA/CHISVA services for victims of domestic abuse or sexual violence
  • LPT Pathfinder – providers of mental health referrals

Once information is passed to an organisation for the purposes of providing specialist support, this organisation becomes the Controller for that information, and as such they are responsible for the ongoing protection of that data and all other associated obligations.

The sole exception to the above are instances in which the there is a statutory or common law obligation that requires the organisation to share the information.  Wherever possible, we will seek to advise you of this and will explain the purpose for sharing information outside of the SARC.

However, in situations where consent is not appropriate, cannot be obtained or to gain permission would frustrate the purpose of the sharing, it may be necessary to share without consent.  This will predominantly be in situations such as:

  • A serious and urgent safeguarding issues which highlights a risk (or potential risk) of harm to an individual (which may be yourself) or a child (individual under the age of 18 years);
  • Where the named suspect holds a position of trust or his/her job involves access to or working with vulnerable people;
  • If the member of staff becomes aware that of any (potential) involvement in terrorism
  • If any disclosures indicate that they may influence an ongoing Police investigation, or CPS prosecution.

No information provided to the SARC for the purposes of the Referral Log will be transferred to a third country.

How long will my data be held for?

Juniper Lodge will retain a copy of the Referral Logs.  These Referral Logs will initially be paper (manual) records, however they will be scanned and retained on MODUS shortly afterwards (within 3 months) – these electronic records will be subject to review after a period of 10 years, whereupon it will be reviewed (considering whether the data is still accurate, adequate, and relevant for a policing purpose), the retention period may then be extended depending upon the specific circumstances.  A set of retention guidelines have been established to ensure that this applied in a way that is lawful, objective and fair.  A record will be made as to the rationale for ongoing retention – the key factor being that individuals may wish to make a formal complaint to the Police at any given point in the future, and the information held in this initial account may be crucial to ensuring that this is possible. 

What are my rights in relation to the information held by the SARC and how can I exercise them?

Under the data protection legislation, you have a number of rights that you can exercise in relation to the processing of personal data about you.  As a general rule, you do not have to pay to exercise your rights (other than a reasonable fee which may be charged if a request for access is clearly unfounded or excessive, but which we agree to fulfil anyway – in this event we would communicate fully with our intentions and rationale).

We will need to confirm you identity in order to ensure that we have the appropriate authority to exercise the rights.

Right of Access: You can request access to the personal data we hold about you free of charge.  Normally we will provide it within one month of receipt of your request unless an exemption applies.  You can request access to the personal data we hold about you using the contact details in this privacy notice.

Right to be Informed: You are entitled to be told how we obtain your personal information, how we use, retain, and store it, and also who we share it with.  This privacy notice gives you that information, as well as telling you what your rights are under the relevant laws.

Right to Rectification: If we hold personal data about you that is inaccurate or incomplete you have the right to ask us to correct it.  You can ask us to correct your personal data using the contact details in this privacy notice. We will reply to you within one month unless the request is complex.

Right to Request Erasure: Under certain circumstances you have the right to ask us to delete your personal data to prevent its continued processing where there is no justification for us to retain it.  The circumstances most likely to apply are:

  • Where holding your personal data is no longer necessary in relation to the purpose for which we originally collected and processed it; or
  • Where you withdraw your consent to us holding your personal data if we are relying on your consent to hold it.

The right of erasure does not apply if we are processing your personal data:

  • To comply with a legal obligation;
  • For the performance of a task carried out in the public interest or in the exercise of official authority;
  • For the establishment, exercise or defence of legal claims;
  • To exercise the right of freedom of expression and information;
  • For archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to make it impossible to carry out or seriously impair that processing; or
  • If you want to ask us to delete your personal data you can do so using the contact details in this privacy notice. We will respond to you within one month unless the request is complex.

Right to Restrict Processing: Under certain circumstances you have the right to ask us to restrict the processing of your personal data. This may be in cases where:

  • You are contesting the accuracy your personal data while we are verifying the accuracy;
  • Your information has been unlawfully processed and you oppose its erasure and have requested a restriction instead; or
  • Where we no longer require your personal data but you need it to establish, exercise or defend a legal claim and do not want us to delete it.

You can ask us to restrict the processing of your personal data using the contact details in this privacy notice.

Right to Data Portability: You have the right to obtain and reuse your personal information for your own purposes, transferring it from one environment to another.  This right only applies to personal data provided by an individual, where the processing is based on their consent or for the performance of a contract and when that processing is carried out by automated means.  If you wish to discuss this right, you can do so using the contact details in this privacy notice.

Right to Object: You have the right to object to:

  • Processing based on legitimate interests or performance of a task in the public interest and or exercise of official authority;
  • Processing of your information for scientific and historical research and statistics; and/or
  • Direct marketing.

Any objection must be on grounds relating to your particular situation.  If you want to exercise your right to object you can do so using the contact details in this privacy notice.

Rights related to automated decision making and profiling: You have the right not to be subject to a decision when it is based on solely automated processing (including profiling) and which produces a legal effect or similar significant effect on you.  This right does not apply if the decision is authorised by law, is necessary for entering into or performance of a contract, or is based on your consent.  We are unlikely to carry out automated decision making because our processes involve some type of human interaction and decision-making.  Profiling is any form of automated processing of personal data intended to evaluate certain personal aspects about you to predict things about you such as your behaviour, interests, movements or performance at work.  We do not currently carry out automated profiling.  If you have any questions about automated decision-making or automated profiling you can raise them using the contact details in this privacy notice.

Can I change my mind?  Can I withdraw my consent?

You are able to withdraw your consent at any time – this does not affect the processing that has taken place prior to the withdrawal.  You can still use any of the support services you have been referred to.  Should you wish to withdraw consent from their processing of your data, you would need to make contact with the organisations directly to request this.

Withdrawal of consent for processing by the SARC can be achieved by contacting the SARC Manager or Data Protection Officer to advise of your request.  Your data (paper records and electronic) would then be deleted or securely destroyed.

Who can I make a complaint to?

The SARC team are committed to providing the highest possible standard of support to its clients; a key part of this commitment is ensuring that the data of its clients is handled sensitively and with the utmost confidentiality and security.  If there is an instance in which the SARC falls short of your expectations with regard to the processing of your personal data, we would ask that this is first raised with the SARC Manager or the Data Protection Officer who will endeavour to resolve this for you.

In the event that this cannot be resolved, or you do not want to complain directly to the SARC or Data Protection Officer, you can also make a complaint to the Supervisory Authority.  The Information Commissioner’s Office (ICO) regulates the processing of personal data, and you can complain to the ICO if you are unhappy with the way in which the SARC have processed your personal data.

The Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF

Helpline number: 0303 123 1113          Website: www.ico.org.uk

[1] ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

[2]Special categories of personal data’ is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation

Website
Liability

Juniper Lodge will use all reasonable efforts to ensure that the information contained on this website is up-to-date and accurate. However it makes no representations, warranties or assurances, express or implied, as to the accuracy, currency or completeness of the information provided.

Juniper Lodge will not be liable for any claims by a third party for any damages or injury arising from reliance on information contained on the site, or inability to access the site, or in respect of any error or omission.

Third Party Sites
This website provides links and references to other sites over which Juniper Lodge has no control. Juniper Lodge assumes no responsibility for the content of these sites and will not be liable for any claims by a third party for any damages or injury arising from reliance on any information contained on these sites, or inability to access sites, or in respect of any error or omission.