Privacy Statement

Dosh Ltd
Privacy statement for our customers

Purpose of this statement
Dosh is committed to protecting your privacy. We think it is very important to keep any personal information we have about you secure and confidential.
This statement tells you:
• what information we may collect about you;
• how we store your personal information;
• what we use your personal information for, and
• who (if anyone) we pass it on to and how they use it.

Definition of ‘Customer’
The person with a learning disability who is supported by Dosh (either directly or through their local authority contract).

Information we may collect from you
We may collect some or all of the following personal information about you:
Getting to know you
• Your name
• Your age and date of birth.
• Your gender.
• Your address.
• Your contact telephone numbers.
• Your email address.
• Details of your next of kin, and how we can contact them.
• Your National Insurance number.
• Any reference number which your local authority has given to you.
• Any other information you give to us on the referral form, financial profile or individual agreement.
• Mental capacity assessments and best interest decisions relating to your finances and referral to Dosh.

Supporting you
• Detailed information about the support that you need with your finances and any requirements you have for that support.
• Details of your health, where this is relevant to the way we support you or a benefits application. This may include:
o your current health;
o your medical history;
o details of any medicines you take; and
o details of your doctor.
• Information about you (where this is relevant to the way we support you or for the protection of our staff). This may include:
o your likes and dislikes;
o your life history;
o your dreams and aspirations;
o how you respond to different people and situations; and
o any relevant convictions that you may have.
• Information about your bills, personal spending and other expenses, including utility suppliers, all bills, cash sheets / personal money records and bank statements.
• Information about your income and finances where this is relevant to the way we support you. This may include any benefit entitlements and payments.
• Details of your last appointee, deputy, guardian or power of attorney.
• Details of anyone else who supports you, including family, friends and neighbours.
• Information about your support including support plans, risk assessments and care needs assessments where these are relevant to a benefits application, your personal budget management or the support we provide.

Other information about you
• You can give us details of friends, relatives or neighbours who you trust to contact us on your behalf.
• You can give us details of anyone who has a Power of Attorney, Appointeeship, Deputyship or Guardianship to contact us on your behalf
• Your bank details so that we can receive payment from you for the support that we provide.
• Details about your credit history.
• If our safeguarding policy requires that we conduct any searches with the Disclosure and Barring Service or Disclosure Scotland, the outcome of those searches and our correspondence about the outcomes.
• Voice and video recordings for safety, crime reduction and quality management.
• Details of any complaints that you may make to us and how we have dealt with that complaint.
• You may also choose to give us other information about you as part of the support that we give to you. Where this information is relevant to the support that we provide, or if you ask us to, we will also keep a record of this information.

We may get this information from (only some of these may apply):
• You.
• Anyone you ask to give this information to us on your behalf (such as your family or friends, circle of support or next of kin).
• Anyone who has authority to act on your behalf, such as an appointee, deputy, guardian or power of attorney.
• The local authority or NHS body responsible for paying for your support and/or assessing your needs.
• People who support you now or who last supported you, including:
o your current or last support provider;
o your social worker(s);
o your advocates;
o your medical staff;
o your financial advisors;
o your accountants;
o your broker;
o Local Authority departments;
o NHS continuing healthcare
o DWP and other benefit agencies;
o members of a multi-disciplinary team involved in your support
• Your care and support plan, if you already have one
• Shop4Support Limited (if you have used the website to get your support from us).
• The Disclosure and Barring Service and Disclosure Scotland
• Credit reference agencies.

We may also produce the following information about you as part of the services that we carry out (only some of the following information may apply, depending on the services you receive from Dosh):
• Our Individual Agreement with you
• A Financial Profile setting out the support you want from Dosh
• A Self-Directed Support Budget Plan if you receive account management
• A Money Plan
• A Money Check report
• An Annual Review form and/or survey
• Best interest decision and supported decision-making forms
• Observations made by our staff when supporting you (such as your likes, dislikes, behaviours, routines and needs) so that we can support you better.
• Information we and our staff record as part of the support we provide to you and all the tasks we carry out on your behalf.
• Risk assessments related to the support we give to you.
• Management records of factual information whenever you contact us or use our services, and of other action we take, so we have a record of what happened.
• Financial records of your payments to us for the support that we provide, including any amounts which remain unpaid.
• Financial records of payments we make on your behalf from your managed Dosh Limited Client Account
• Notes or records of any conversations that we may have with you.
• Copies of letters that we send to you.

Where we store your personal information
We are committed to holding your personal information securely. This means only those of our staff and contractors that need to see it have access.

Where personal information is held electronically, it is held on a computer system that is either owned and controlled by Dosh, or owned by another party and provided to Dosh under contract as a service. Your information can only be accessed by Dosh.

Sometimes we have to keep information about you on paper as well. Paper copies are held by us locally, at our offices. Sometimes we will make electronic copies of paper documents or type up information from them. These documents or information are then stored on our computer system and, in some instances, we shred or archive the paper originals.
We do also use computers (including laptops and tablets) outside our offices if they are secure and under our control.

Sometimes we also use computers which are owned or managed by our suppliers, if the computers are secure and under our control.
If you have used the website to get your support from us, some of this information may be stored by Shop 4 Support Limited. Shop 4 Support Limited is not part of Dosh. Shop 4 Support Limited have their own policies about how they store, use and keep your information.

Data Protection Policy
Dosh has adopted a Data Protection policy.
The aims of the Policy are to:
• Set out the approach adopted by Dosh to protect the rights and privacy of living individuals in accordance with the Data Protection Act 1998 and the guidelines issued by the Information Commissioners Office.
• Ensure that Dosh complies with the requirements of the Data Protection Act in safe handling, use, storage, retention and disposal of information.
• Give guidance to Managers in collecting and using information fairly, storing it safely and securely and not disclosing it to any third party unlawfully.

We may need to transfer your information to countries which do not provide the same level of data protection as the UK. If the Company does make a transfer of your information to countries which do not have the same level of data protection as the UK, it will ensure that reasonable measures are put in place in order that all information is protected, in accordance with the Data Protection Act 1998.

Types of data – All automated and computerised personal data are covered by the policy. It also covers personal data put onto paper or microfiche and held in any ‘relevant’ filing system. Information recorded with the intention that it will be put in a relevant filing system or held on computer is also covered.

The Board, Managing Director, Financial Advocacy Manager, Personal Assistant to MD, Financial Advocates, finance and office staff are all involved in making sure the policy and procedures are followed. The Managing Director is responsible for day to day protection matters and for developing specific guidance notes on data protection issues for relevant managers. In addition, all staff members will be made aware of the Policy as part of their Learning and Development programme.

‘Sensitive Personal Data’ – can only be processed under specific circumstances. For further information relating to the following, please contact Dosh for a copy of the full policy and procedures:
• Requests for access to personal data
• Disclosure of third party references
• Disclosure of data
• Consent
• Security of data
• Disposal of records
• Retention of people supported data
• Retention periods

What we use your personal information for
• providing our services to you, including telling our staff and contractors where necessary, as set out in this statement and in general support
• meeting your support needs and requirements
• managing payments from you and on your behalf, and for accounting purposes.
• contacting you and your family/circle of support to get your views.
• keeping in touch with you, understanding your needs and preferences, and offering and booking appointments with you.
• telling you about changes to our organisation and the services we offer to you.
• preventing, detecting and prosecuting crime
• quality management
• informing our staff, contractors or others who work for us (as appropriate) about past incidents e.g. anti-social behaviour, for their protection, in line with our policies.
• meeting our legal requirements including to our funders or regulators
• exercising our legal rights, including under our agreement with you
• passing your information on to those people and organisations mentioned in this statement.
• preparing newsletters and other marketing material which we send either within Dosh, or to third parties. If we do this, we will make sure that you cannot be identified from the information that we send, unless you have given separate consent.
We may want to use your information for other reasons. If we do this, we will make sure that you cannot be identified from the information that we use.

Who else we may pass your information onto (only some of the following points may apply to you)
We may share limited information with our central services (provided by Thera Trust), in order for them to provide us support. When we do this, we shall ensure that all information shared is shared in a way that is secure and can only be seen by those people who need to see the information. These central services are:
human resources; learning and development; payroll; finance; administrative support; public relations, marketing and fundraising; insurance; information technology; company secretarial and governance; safeguarding and compliance; external audit; internal audit; contract support; health and safety support; development; quality assurance and facilities management.
We will only allow them to use your information if necessary to provide the services to us and not for any other reason without our agreement.

We sometimes share information with external people or organisations. We may do this in the following circumstances:
• As part of the support we provide to you, we may need to share your information with other people who also support you. We will only do this in line with the instructions you have given to us. These people may include:
o your social worker;
o your advocate;
o your medical staff;
o your financial advisor;
o your accountants;
o DWP and other benefit agencies;
o Local Authorities
o your family;
o your broker;
o your appointee;
o your Power of Attorney, Deputy, Guardian (Scotland) or other representative;
o members of multi-disciplinary team involved in your support;
o police

• There is a wide range of the type of support we can provide for you. As part of this support, there may be other people, companies or organisations we need to share information with. We will only share this information where necessary and within the scope of your instructions to us.
• Where you have given us your permission, we may share your information with your chosen friends, relatives or next of kin.
• If a local authority or other organisation pays for your support, we may need to report back to them about the services we have provided to you as part of the contract that we have with that organisation.
• There may be matters which need to be reported to our board of Directors. To do this we may need to include some of your information in our report. If we do this, we will make sure that you cannot be identified from the information that we give.
• Sometimes we may want to tell other organisations (including local authorities) about the support we give to you as an example of the services we offer. If we do this, we will make sure that you cannot be identified from the information that we give.

Normally, we will be the only people who are able to access your personal information. However there may be times when we need to give your details to others, such as:
• IT providers who provide support to us to manage the computers, phones, systems or software that we use, including:
o EACS (who run our IT systems);
o Northgate (who maintain our HR and Payroll systems); and
o Net Support Limited (who assist us with Business Continuity and Disaster Recovery).
• Shop4Support Limited (if you have used the website to get services from us).
• Banks e.g. to carry out payments through a secure system.
• Consultants, agency staff and recruitment agencies (where these are needed to help with additional staff needs).
• Our professional advisors and providers of financial services.
• Our insurers (at the point at which we need to tell them about a claim or a potential claim).
• Public Relations companies and other organisations that help us, on occasion, in printing and sending out our newsletters and marketing material. In the main, however, this service would be provided by our internal Marketing department.
• Companies who help us to monitor our premises and internal systems, including premises security and CCTV.
• Our other suppliers who enable us to provide our services to you, or who provide services on our behalf (including Royal Mail and other carriers).
• Public registers, such as the Disclosure and Barring Service or Disclosure Scotland.
• Your trustees, deputies, attorneys and other legally recognised appointees
• If another company or organisation takes over the support that we give to you, we will give them any information that we have to give to meet our legal requirements. We will only give them more information if you agreed that we can.
• To refer you to third party companies or other organisations such as:
o Organisations who can provide other support to you (for example to do with debt or domestic abuse) providing that you have agreed to the referral.
o Local authorities and Government departments who provide relevant services for you
o The Police, fire services, health authorities or medical staff who provide services for you.
o Landlords.
o Others who may request information from us for their own purposes:
o Utility companies.
o Debt collection agencies acting for others.
o For crime prevention or detection, risk assessment, resolution of complaints or other issues.

We may sometimes be required to disclose your personal data by law such as by a regulator with appropriate power (for example the Care Quality Commission or the Recruitment and Employment Confederation), or court order.

We do not give anyone else access to your information, in return for payment, for their marketing or commercial purposes.

We will usually retain your bank details for your Dosh Limited Client Account and any personal account if relevant to your support.

We will not share your personal information with anyone who claims to represent you unless we are satisfied that you have appointed them or they act in some recognised official capacity. There may be a delay to us dealing with requests whilst we confirm the caller’s identity, or check that we have your approval to deal with them.

Your rights
You have the right to ask us not to process your personal information; however we may be unable to provide our services to you if we are unable to record and process certain details.

Accessing the information we have about you
You have a legal right to access information that we hold about you. If you ask us, we may charge a fee of up to £10 to meet our costs. You can write to our Data Protection Officer at our registered office address.

We will respond to your request within 40 days. We may not be able to provide you with your request if your personal information contains details about another person and we do not have their permission to give it to you.

You can download a version of our privacy statement here

Changes to our Privacy Statement
This Statement may change. We will display the new Statement.
We will also send you a copy of this Statement, or any new Statement, if you ask us.

If you have any questions about this Privacy Statement, please contact us on:
0300 303 1288 [email protected]
Dosh, The West House, Alpha Court, Swingbridge Road, Grantham, NG31 7XT
Purpose: Telling you how we protect your data For information alongside Individual Agreement
Version 1.1 April 2017 Dosh is a company limited by guarantee, no. 6337548
Widgit Literacy Symbols © 2017 Dosh Ltd is part of the Thera Group of companies
Registered Office – 134 Edmund Street, Birmingham, B3 2ES