Our Privacy Policy
Centre for Domestic Abuse is committed to protecting your personal data and respecting your privacy. This statement outlines how we collect, use, and share your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
In accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), this Data & Privacy Notice explains, in detail, the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how our organisation uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
UK GDPR and European Union (Withdrawal) Act 2018
As a result of the European Union (Withdrawal) Act 2018, the GDPR forms part of the EU law kept as UK domestic law. This can now be referred to as the UK GDPR.
Conditions for processing data
We are only entitled to hold and process your data where the law allows us to. The current law on data protection sets out a number of different reasons for which an orgaisation may collect and process your personal data. These include:
Contractual Obligations
The main purpose for our holding your data is to provide you with legal services under the agreement we have with you. This agreement is a contract between us and the law allows us to process your data for the purposes of performing a contract (or for the steps necessary to enter into a contract). We may also need to process your data to meet our contractual obligations to the legal partners where you receive legal advice and support.
Legitimate Interests
In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our organisation and which does not materially impact your rights, freedom, or interests. This may include satisfying our external Regulators.
Legal Compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity.
Consent
In some situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary for connection with a particular service.
When do we collect your data?
We normally collect your data when you provide it to us or when it is provided to us by others (your support worker for example) during your case. You may give us your data by email; through an online web form; over the telephone; face to face; or by post.
What sort of data do we collect?
We collect your name and contact details. This may include asking for and keeping a copy of your passport/driving license and proof of address.
We may gather details of your age; ethnicity; gender, etc. if required to do so by the legal partner where you are in receipt of Legal Aid. Where you have Legal Aid, we may also gather financial information from you.
We also collect and hold information about your case or legal problem.
Further we gather details relating to your experience of domestic abuse, which may include sensitive data such as information relating to physical, sexual, or emotional abuse, mental health, and any related financial or social circumstances.
We also gather any information required to prepare witness statements or other court-related documents. This may include police reports, medical records, or financial statements.
How do we use your data?
We only use your data for the purposes of providing you with legal assistance, to prepare witness statements and other legal documents. To facilitate connections with legal professionals who can offer guidance on legal processes and representation.
Communications: To contact you regarding your case, updates, or services you’ve requested.
Compliance and Legal Obligations: To comply with legal requirements and ensure proper documentation for court proceedings.
Improving Services: To enhance the quality and accessibility of our services. For example, we may use anonymised data to analyse trends, identify service gaps, and inform the development of new support programs.
How do we protect your data?
We take protecting your data very seriously. The data you give us may be subject to Legal Professional Privilege and is often extremely sensitive and confidential.
With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place (along with Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our Quality Standards and compliance processes.
We protect our IT system from Cyberattacks. Access to your personal data is password-protected, and sensitive data is secured by encryption.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
How long will we keep your data?
We only keep your data for as long as is necessary for the purpose(s) for which it was provided. Normally this is for 2 month after your case or matter ends (inquiries, where we do not take on your case, are kept for only 6 weeks).
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. We only do this where it is necessary for providing you legal services.
For example, we may share your data with barristers; experts; translators; legal partners; process servers; secure file storage and destruction companies; auditors; the company that securely hosts our off-site cloud storage servers.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
Legal Professionals and Court Authorities: To effectively represent you, we may share your information with solicitors, barristers, and court officials involved in your case. We may also share data to comply with court orders or legal obligations.
Third-Party Service Providers: We use data processors to support our services. This includes Aktivdigital, and Brandcrowd for IT support, Monday.com for secure document storage. These providers are contractually obligated to handle your data securely and in accordance with data protection laws.
Funding and Advocacy Support: We may share limited information with organisations
that provide funding for legal aid services. This is necessary to assess eligibility for financial assistance and ensure we can continue to provide support.
Statutory Authorities: In situations where we have a legal duty to report concerns, such as safeguarding vulnerable individuals or children, we may share information with agencies like the local authority social services or the police.
We will never sell your data to third parties.
Where is your data processed?
Your data is stored and processed within the EEA. If we ever have to share your personal data with third parties and suppliers outside the European Economic Area (EEA) we will seek your specific consent to do so.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein, and Norway.
The legal bases we rely on for processing your personal data include:
Consent (Article 6(1)(a) UK GDPR): For processing sensitive data with your explicit agreement. You can withdraw your consent at any time by contacting our Data Protection Officer.
Contractual Necessity (Article 6(1)(b)): To fulfil services you have requested.
Legal Obligation (Article 6(1)(c)): To comply with applicable laws or court directives.
Legitimate Interests (Article 6(1)(f)): To provide efficient and effective services, such as ensuring the effective operation of our services and protecting the vital interests of individuals, balanced against your rights.
What are your rights?
You have rights under the General Data Protection Regulation and these include the right to be informed of what information we hold about you. In particular, you have the right to request:
You also have the right to request a copy of any information about you that we hold at any time.
If we choose not to action your request, we will explain to you the reasons for our refusal.
Contact Details
For information on how your information is used, how we maintain the security of our information, and to exercise your rights to access the information we hold on you, please contact us. Similarly, if you believe that the information we hold is wrong or out of date, please let us know and we will update it. The person in this organisation responsible for data protection is our Data Protection Officer, Mohammed Abdul and inquiries and requests can be sent to him by emailing Yaibur@centrefordomesticabuse.co.uk or in writing to Centre for Domestic Abuse, 729 Capability Green, Luton, Bedfordshire, LU1 3LU.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
“If we enter into a contract with you and/or you become a client of our organisation by electronic means (such as by e-mail or online) then, in addition to any rights of redress you may have. You may be entitled to use an EU online dispute resolution platform to assist with any complaint or dispute you may have about our services. This online platform can be found at http://ec.europa.eu/odr. We do have an e-mail address you may contact in this regard and that is Info@centrefordomesticabuse.co.uk
Information Commissioner’s Office
We are registered with the Information Commissioner. Further information regarding data protection and privacy is available from the Information Commissioner’s Office website.
If you have any concerns about our use of your personal information, you can make a complaint to us at Office@centrefordomesticabuse.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ICO website: https://www.ico.org.uk
Last Updated: 30/01/25
Copyright © 2025 Centre for Domestic Abuse - All Rights Reserved.
Registered Office: 729 Capability Green, Luton, Bedfordshire, LU1 3LU
Telephone: 01582 250 273