Sharing your personal information


Why we ask for and keep your information

When you ask Crisis for help and join us as a member we will ask you for some personal information. This information is really important to us. It helps us work with you to give you the support you need to successfully find a home.

We also use your information to make sure our services are effective (working well).

Another way we use your information is to help our work to change policies and reduce homelessness in the future. When we use your information in this way you will not be identified as an individual

You don’t have to give us information if you are uncomfortable in telling us certain things. But there will be some information you will need to give us if you want to use all of our services.

When you become a Crisis member you enter into an arrangement with us. We provide help and advice to support you to leave homelessness for good. In return, you provide us the information we need to provide you with the right help.

This arrangement, where you provide us information and we offer you support and assistance can be considered a “contract”. You can tell us when you no longer want to continue with this arrangement.

Under the law, Crisis must have a lawful basis to collect and process information about you and other members. We believe that the lawful basis includes our need for information so that we can do our job properly as an organisation, including helping change policy and make our services better. This is known technically as “legitimate interest”.

Our “contract” arrangement also provides a lawful basis for us to collect and process your information.

Finally, it is also important for us to collect some information to help us keep people safe. This is known as “vital interests”.

How we keep your information safe

The information you give us – your ‘data’ - is kept safe and secure whether it is on paper or on our computer systems. Your information is used carefully by members of our Crisis team to support the work they do for you.

We may share some information about you with other organisations if they are better placed to support your needs, but we always tell you if we are going to do this where your consent is not explicitly needed. Under UK law we cannot share your sensitive information (for example, your health and other information listed in the next section) with anyone or any organisation outside Crisis without asking you first, except in the following situations:

  • We have to share information to protect the safety and well-being of someone (including you) we believe to be at risk of harm.
  • We have to share information if the police ask us to support a serious criminal investigation, or if we are directed to hand over information through a court order.

We cannot add certain information about you to our databases without your consent. This
information includes:

  • your racial or ethnic origin
  • your health information
  • your religious and philosophical beliefs
  • your sexual orientation
  • biometric data (although we currently do not collect this sort of information which
    includes things like finger prints)

We will always ask for your consent to add this type of information to our databases.

We will always ask your consent to use it, except where the law says we don’t have to, or to protect your health in an emergency.

If we need to use any of your data for a different reason than why we collected it we will let you know why and how it will be used. For example, if we wanted to use your information in our research or policy work in a way that might identify you, we would always ask you and secure your consent first.

When you visit a Skylight or Crisis café, you may be recorded on CCTV. We use CCTV to protect the health and safety of those people who work or visit us, and also for the prevention and detection of any criminal activity that takes place on our premises. We will always tell you if we are doing this (through signs in our buildings).

When we collect your information

The information you give us will be collected and updated on our computer databases during your time with us.

The stages for information collection are usually:

  • when you join us for the first time and as we continue to work with you
  • when you take courses with us or use our services
  • when you have found a secure home of your own
  • when you decide you no longer want our support
  • after you have moved on from our services and you agree to share your information so that we can update our records about you to check you don’t need further support

How we collect your information

You will give us most of the information we hold. But the Crisis staff you work with – for example, your Lead Worker – may also add information about you to our databases.

Organisations you have been involved with outside Crisis, such as another charity or hostel provider, advice centres, local authorities, or agencies within the criminal justice system e.g.probation services could give us information about you too. This information will only be shared by them with your consent and agreement, unless the information is shared to keep you or someone else safe from possible harm, or the agency has a statutory duty to share.

The type of information we keep about you

The type of information we keep could include:

  • your contact details (address, phone and email)
  • information about the sorts of help you want from us – and the reasons
  • information about your physical and mental health – this may be needed to comply with our health and safety and safeguarding obligations
  • correspondence with or about you – for example this could be letters to you about your entitlement to grants
  • information to support any expenses you need to claim
  • your eligibility to receive state benefits
  • your next of kin and emergency contact details
  • information on your nationality
  • information about your previous employment, including qualifications and training records
  • information in relation to unspent criminal offences or where you have been the victim of a crime
  • documents and emails produced by the Crisis staff who support you

How long we keep your information

We will keep most of your personal data for up to two years after you have stopped using our services. Sometimes we may have to keep it longer. This is unusual, but if an external organisation helps with funding the services you use they may ask us to keep details for longer.

When the two-year period has expired, we will anonymise your personal information, and retain it in this non-identifiable format to enable us to continue our research and analysis into the causes of homelessness, and the impact we have on helping people out of it.

Your rights and your information

You have rights and control about how your information (data) is used. The laws that help you do this are the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

These laws mean:

  • you can ask us to show you all of the information we have about you
  • you can ask us to correct anything that you think is wrong
  • you can ask us to erase your personal data from our systems – however, there may be times where we are unable to do this however for example, where we may have refunded travel expenses to you, we must legally keep the details of payments we have made to you
  • you can tell us you are not happy about our reasons for collecting and processing your data
  • where it is possible (and in limited circumstances) you can ask for your information to be transferred to another provider of a similar service
  • you can change your mind – you have given us permission to process and keep your information, you can withdraw this permission in some circumstances
  • you can complain if you think we have broken the GDPR or DPA 2018 laws.

How to complain

Complaints about data protection can be handled by the government’s Information Commissioners’ Office. You can contact them at https://ico.org.uk/concerns/handling/

However, we would always like to try to help you first. So if you are unhappy about the way you think your information is being dealt with at Crisis, please speak to the Director at your Skylight centre for support first.

Our data protection officer Beverley Adams-Reynolds can also help. Beverley is based at our London Head Office. Her email is: data.protection@crisis.org.uk

Legal notice: Crisis is a data controller of data for the purposes of the DPA 2018 and UK GDPR.

Information for members who speak other languages

Sharing your personal information with Crisis - Tigrinya

Sharing your personal information with Crisis - Amharic

Sharing your personal information with Crisis - Polish

Sharing your personal information with Crisis - Romanian

Sharing your personal information with Crisis - Arabic