
We are Stepping Stone Projects, a company limited by guarantee incorporated in England and Wales (registered number: 2647645) and registered with the Charity Commission for England and Wales (charity registration number: 1004375). We are a homelessness charity providing services and accommodation to individuals in housing need.
We are a data controller for the purposes of the General Data Protection Regulation (GDPR). This means that we are responsible for deciding how we retain and use the personal information we hold about individuals.
Personal data is any information relating directly or indirectly to an identifiable living person. We hold personal information about our customers, employees, trustees and volunteers to allow us to provide our services effectively.
We are registered as a Data Controller with the Information Commissioner’s Office (ICO). Our registration number is: Z5859520
We will only collect information from you that is relevant to our work. In particular, we may collect the following information from you, which is defined as “personal data”:
We may also collect special category personal data, such as:
We will only collect this information either:
We have set out in the table below a description of all the ways in which we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out – as in the table below.
Purpose / Activity | Type of Data | Lawful basis for processing including basis of legitimate interest |
To assist in delivering our services through the keeping of information on customers | a) Identity b) Contact |
Necessary for our legitimate interests in ensuring that we can operate our services in a safe and effective manner |
To process donations, including the administration of gift aid declarations; retaining that information as required | a) Identity b) Contact c) Financial |
a) Necessary for our legitimate interests in ensuring that the organisation is adequately funded and accountable for the funds raised b) Necessary in order to comply with a legal obligation |
To promote our activities and services through e-mail communications | a) Identity b) Contact c) Marketing and communications |
Consent – which may be withdrawn at any time via this email address or tel 01706 353000 |
To promote our activities and services through postal communications | a) Identity b) Contact c) Marketing and communications |
Necessary for our legitimate interests to develop and raise the profile of Stepping Stone Projects |
To support and manage our employees, trustees and volunteers, including where necessary sharing information with payroll providers and public authorities (e.g. HMRC) | a) Identity b) Contact c) Financial |
a) Necessary in order to comply with a legal obligation b) Performance of a contract with you c) Necessary for our legitimate interests in ensuring staff are paid and managed effectively |
To maintain a record of donors and supporters of the organisation | a) Identity b) Contact c) Financial d) Marketing and communications |
Necessary for our legitimate interests in establishing marketing strategy and keeping in contact with our supporters. |
We will only share your personal data in limited circumstances. This may include:
We will keep your data in line with our retention policy, a copy of which is available on request. Some examples of how long we retain your personal data for are as follows:
We take the security of your personal data very seriously. We will ensure that all of the information provided to us is kept secure using appropriate technical and organisational measures and we have procedures in place to minimise the effects of any data breach. In the event of a data breach we will liaise with you and the ICO as necessary.
This website will deploy a single Session Cookie named Wire. This cookie is created by the CMS (Content Management System) and has the sole purpose of carrying out the transmission of a communication over an electronic communications network. This cookie does not need consent from the subscriber or from the user.
Session cookies do not collect information from the user's computer; they typically store information in the form of a session identification that does not personally identify the user. A transient cookie is not stored on your hard drive but is only stored in temporary memory that is erased when the browser is closed.
Our website does not use website tracking tools, i.e. we do not use 3rd party tools such as Google Analytics.
Our website contains links to other websites. This privacy notice does not apply to those websites and you should familiarise yourself with the other organisation’s privacy notice in the first instance.
You have several rights under the GDPR, which can be exercised in certain circumstances, including:
If you have any queries in respect of any rights, please do not hesitate to contact us. Further information is also available at the Information Commissioner's Office.
We will continually review and update this privacy notice to reflect changes in our services and to comply with changes in the law. When such changes occur we will update this privacy notice accordingly; the last update was in May 2021.
If you have any queries or concerns about this privacy notice or how we handle the personal information referred to in it, please contact us on 01706 353000 or by e-mail DataRepresentative@stepping-stone.org.uk. If you have any complaints about the processing of personal data referred to in this privacy notice, you have the right to make a formal complaint to the Information Commissioner’s Office (ICO) (further information can be found at www.ico.org.uk).