Privacy Policy

Welcome to Positive Help’s Privacy Statement. When you use our services, you’re trusting us with your information. This Privacy Statement will inform you as to how we will look after your personal data when you use our services. We understand this is a big responsibility and we work hard to protect your personal data in line the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We’ll refer to these as ‘the Data Protection Laws’.

Data Protection Laws require us to have a lawful basis for using your information.

The Data Protection Laws also give you rights which you can use to manage your information. If you are not happy with the way we have handled your information you can complain to the Information Commissioner’s Office (ICO).

Who we are and what we do

We’re Positive Help. We’re a registered Scottish Charity (Reg No. SC008382) based in Edinburgh. We provide a range of person centred, practical support services to enhance the wellbeing of adults, children and their families with HIV and Hepatitis C.   

Your personal data and our commitment to you

Your personal data is very important to us. When you use our website and/or our services, these are our commitments to you: 

  • We’ll keep your personal data secure, using the best possible technology, people and processes.

  • We’ll be very clear about the personal data we use, how we use it and, most importantly, why we need it. 

  • We’ll only use your personal data for the purposes for which we collect it.

  • We’ll only share your personal data with someone else, with your consent, and we’ll make sure that the reason for sharing it is compatible with the original purpose, unless we have a clear obligation or function to do so set out in law.  

We’ve explained in more detail below how and why we collect your personal data to help you understand the reasons.

How We Collect Your Personal Data

We collect personal data through various methods:

  • Directly from you via assessments of need and applications or referrals for support

  • Communications such as emails, phone calls, or online inquiries

  • Feedback forms, surveys, and evaluations

Why We Collect Your Personal Data

We collect personal data for various reasons to help us deliver our health and social care services appropriately and effectively. This includes:

  • Processing a referral and assessing your needs.

  • Managing your care plans

  • Communicating with you regarding your care arrangements

  • Ensuring we compliance with regulatory and safeguarding requirements

  • Ensuring our records and information we hold are up to date

  • Evaluating and improving our services

4. How We Use Your Personal Data

We will use your personal data only for legitimate purposes, including:

  • Delivering health and social care support that is tailored to your needs

  • Ensuring your safety, well-being and rights 

  • Coordinating your care with other relevant healthcare and social services or specialist providers

  • Meeting our legal and regulatory obligations

  • Conducting feedback surveys to enhance service quality

We will not use your personal data for marketing purposes without your explicit consent or pass it to anyone not involved in your care, support plan or employment.

5. Sharing Your Personal Data

We do not sell or rent personal data. We may share information on a need-to-know basis with:

  • Health and social care professionals and other relevant service providers involved in your care

  • Regulatory bodies and authorities only if required by law 

  • Third-party service providers (e.g., Welfare Rights Services) under strict data protection agreements

  • Partner organisations where necessary to deliver our services, with appropriate safeguards in place.

Where required, we will seek your consent before sharing your data, unless we have a legal obligation or safeguarding concern that necessitates disclosure.

6. Your Rights

Under UK GDPR, you have the following rights:

  • Right to Access – You can request a copy of the data we hold about you.

  • Right to Rectification – You can request corrections to inaccurate or incomplete data.

  • Right to Erasure – You can request deletion of your data where there is no legal obligation for us to retain it.

  • Right to Restriction – You can request that we limit how we process your data.

  • Right to Data Portability – You can ask for your data in a commonly used format.

  • Right to Object – You can object to how we process your data, particularly for direct marketing.

  • Right to Withdraw Consent – Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, you can email us at admin@positivehelpedinburgh.co.uk

Keeping Your Data Secure

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Secure storage systems and encrypted files

  • Access controls and staff training on data protection and confidentiality

  • Regular audits and reviews of data handling practices

We will retain your personal data only for as long as necessary to fulfil our obligations or as required by law.

Data Breaches

In the event of a data breach, we will assess the impact and notify affected individuals and the Information Commissioner’s Office (ICO) where required by law. If necessary, we will also inform relevant healthcare and social care organisations.

Changes to This Policy

We may update this policy from time to time to reflect changes in legal requirements or organisational practices. Updates will be published on our website and communicated where necessary.

Contact Information

For any questions or concerns regarding your personal data, please contact:Positive Help: Tel: 0131 225 4766 or admin@positivehelpedinburgh.co.uk

If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.