Privacy Policy

1. Introduction

1.1. Reach Community Projects (REACH) aims to help people who are struggling with poverty, debt and crisis to rise above it and get their lives back on track. We do this through providing for emergency needs (e.g. food, utility top ups, aid via partner charity Acts 435), and through working with clients to help them address the underlying issues (e.g. through debt advice, budgeting advice, help with applying for benefits and help with applying for jobs). We may also refer clients to third party organisations for support with other issues affecting their situation, e.g. mental health, bereavement, housing, domestic abuse, addiction, tax and legal issues.

1.2. REACH has a legal duty to protect your personal information and advise you on the rights that you have. This privacy policy explains how we use any personal information we collect about you.

1.3. We will keep our Privacy Policy under review and any updates will be placed on our website at

2. How to contact us

2.1. Please contact us if you any questions about our privacy policy or information we hold about you:

  • By email –
  • By phone – on 01440 712950
  • By post – Data Controller, Reach Community Projects, Room 1, Wisdom Facilities Centre, 42 Hollands Road, Haverhill, Suffolk CB9 8SA
3. When do we collect personal information about you?

3.1. We collect information about you when you enquire about using any of our services, as part of us providing you with our service(s), or when you register an interest in supporting us or working with us.

3.2. Website information is collected using cookies.

3.3. We will normally process your personal information on the basis that we have your consent to do so. We may also process some of your personal information on the basis that we believe there is a legitimate interest for us to do so.

4. Clients
4.1. What information do we collect and why?

4.1.1. If you are a client of REACH, we will hold personal data about you which may include the following, depending on the support we are providing to you and your family:

  • Name
  • Demographic detail including date of birth, gender, ethnicity
  • Contact details, including address
  • Any relevant health needs e.g. disability or special educational needs, registered illnesses such as mental health issues or wellbeing needs such as allergies
  • Case notes (all interactions between us and you will be recorded on our case management system)
  • Other data specifically required of us as part of our contract or agreement with funders. We will notify you of these where they are not covered above.
  • To contact you with information about other services that may be suitable for you
  • Invite you to take part in research and provide feedback in relation to our services
  • For clients needing help with debt, we will use your financial information to advise you about how to deal with your debt and we may contact your creditors to make payment arrangements with them

4.1.2. The only people who can access personal data are those REACH staff members or volunteers who can’t do their jobs without it. These people are all trained in data protection and sign a confidentiality agreement.

4.2. How do we collect data?

4.2.1. We will collect data through a combination of the following routes, depending on the service you are using:

  • A referral form completed by another service or provider. This service should talk with you about this before sharing this data. This data will be limited to requesting a suitable service, an outline of what is needed, contact details and outline demographics including some sensitive data.
  • Service registers or signing-in sheets. Data from these relates to attendance and service usage.
  • Completion of a registration form with the service, or a self-referral.
  • Notes taken from conversations with you.
  • Information provided by other agencies (where relevant).


4.3. How do we use personal information?

4.3.1. We will only use your data for the reasons outlined below:

  • Personalisation of service to enable us to best meet your needs
  • To contact you and invite you to relevant meetings
  • Internal monitoring and evaluation
  • Legal obligations (e.g. safeguarding of children and/or vulnerable adults)
  • Meeting internal audit and any monitoring requirements


4.4. Why do we collect information & the legal basis for processing your personal data?

4.4.1. To fulfil the delivery of the service being provided, REACH may need to collect data about you that falls under special category data, this includes health related data, race & religion, ethnicity, sexual orientation, in such instances, Reach will seek explicit consent from you during the initial collection and will process this data as contractually defined by the commissioning body.

4.4.2. On occasion, we may have a legal basis under social protection laws, to hold your data where this is in the interest of protecting you or others from immediate harm.

4.5. When do we share personal data?

4.5.1. We may share your data with people who need to see it in order to provide you with a Service either within REACH or to an external organisation, such as an agency for legal reasons i.e. court order for example. We will treat your personal data confidentially and will only disclose or share it when:

  • Working in partnership with another organisation to provide you with the service. These organisations will be our data processors and will have agreements with us as to how we expect them to handle your data.
  • You make a request to us to see the data we hold about you
  • You or another person is at risk of immediate harm
  • Another agency which may be able to provide more specific support to you. We will ask your prior consent to share your data if this arrangement is required

4.5.2. We may ask your permission to share your case publicly in order to secure funding for the charity so we can help more people; but if we do, we will change your name and minor details and avoid using a photo that could identify you or your dependents, unless you give us express permission otherwise.

5. Supporters

5.1. We will use the information we collect from you to tell you more about our work including news and stories; to process donations and Gift Aid and to thank you for your support; to invite you to events (including fundraising events), and periodically invite you to increase or extend your support, e.g. volunteering, prayer, donating food, making or increasing a regular gift.

5.2. We will also keep records of your relationship with us such as information you have requested.

5.3. We will process your information on the basis of our legitimate interest to improve our supporter strategies, profile supporters into categories and help provide a personal service to you through our communications with you and on our website.

5.4.  We will undertake wealth research by researching data that is available in the public domain such as the internet, ie. Google, Companies House, Zoopla etc…

5.5. We will always do this in compliance with the rules in relation to direct marketing, including those set out by the Fundraising Regulator.

6. Job applicants

6.1. We will use the information we collect from you to process and consider your application for a role at Reach Community Projects. Your information will only be shared with those involved in the recruitment process. We will only request a reference or DBS check with your prior consent.

7. Current and former employees, volunteers and trustees

7.1. REACH collects and processes personal data relating to its staff, volunteers and trustees.

7.2. What information do we collect?

7.2.1. REACH collects and processes a range of information about you that is appropriate to the role you perform. This will vary depending on whether you are an employed member of staff, casual worker, volunteer, contractor, agency worker or student and may include:

  • Your name, address and contact details, including email address and telephone number, date of birth and gender.
  • Your image if you work in an office where CCTV is in operation; or displayed on notice boards / website to provide information to service users. Where staff photos, including name and role is displayed on a notice board or website, REACH will seek consent.
  • The terms and conditions relating to your employment contract.
  • Details on your qualifications, skills, experience and employment history, including start and end dates with previous employers.
  • Information about your salary, including entitlement to benefits such as pensions or death in service insurance cover.
  • Details of your bank account and national insurance number.
  • Information about your marital status, next of kin, dependents and emergency contacts.
  • Information about your nationality and entitlement to work in the UK.
  • Information regarding any criminal record.
  • Relevant information if you drive your own vehicle for business purposes.
  • Details of your schedule (days of work and working hours) and attendance.
  • Details of periods of leave taken by you, including holiday, sickness absence, family leave and extended leave, and the reasons for any leave.
  • Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you.
  • Assessments of your performance, including appraisals, performance reviews, training you have participated in, performance improvement plans and any correspondence sent to you.
  • Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments.
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.


7.3. How do we collect personal data?

7.3.1. Your personal information is collected in a variety of ways. This includes:

  • An application form or CV
  • Passport details or other identity documents from forms completed by you during the recruitment process
  • Through interviews, meetings or other assessments and feedback questionnaires

7.3.2. We may also collect information about you from third parties, such as recruitment agencies, references supplied by former employers, and information provided from any criminal records checks as permitted by law.

8. Website

8.1. Our website may record some of your personal information, for example, by logging your IP address or the location of your computer or network. It may also record information about you that you enter into online forms. Other data may be collected anonymously about your use of our site from cookies. Cookies are small text files that are placed on your computer by websites that you visit. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit We may use cookies:

  • To establish the needs of visitors and customise the content of our website
  • To process any forms, requests or applications you send
  • For internal administration and analysis

8.2. Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.


9.1. We operate CCTV cameras at the Reach Resource Centre for the purpose of safeguarding the safety of our staff, visitors and property. We use these images on the basis of a legitimate interest in the prevention, investigation and detection of crime and for the prosecution of any offenders.

10. Market research and demographic data

10.1. We have a legitimate interest in ensuring we continue to improve, and we may use your contact details to contact you to ask for your comments and opinions on how we might improve and develop our services. We may also use your information to study and better understand the composition of our client and supporter base.

11. Organisational communications

11.1. We have a legitimate interest in building strong relationships with external companies, churches, grantmakers and other organisations. We may store and use details of contacts at these organisations to send regular communications. Any regular e-mail communications sent will include an unsubscribe link, and we will remove other contact details on request.

12. When will we share your information?

12.1. If you are a client, we may obtain your consent to share your information with third parties so that we can provide you with our service – for example, by sharing debt help clients information with their creditors. W

12.2. We will not normally share any information we hold about you to others without your prior consent, unless one of the following exceptions apply:

  • If it is necessary for law enforcement or similar purposes
  • For the legitimate interest of reviewing the quality of our services – for example, we are part of the Community Money Advice network and the Trussell Trust network and audited annually by them. The Financial Conduct Authority, which regulates Reach Money Advice, our debt advice service, also has the right to inspect our files. This includes information we hold about you, to ensure we are complying with their rules
  • As a necessary part of providing you with our service(s) or contacting you as a supporter – for example, by using a third party mailing house to process our communications
  • As a necessary part of ensuring we comply with our legal obligations as a data controller – for example, by using a third party to migrate data or ensure it is accurate and up-to-date
  • We may collect information that you make available on, for example, Twitter, Facebook, LinkedIn or similar organisations. You may wish to check their privacy policy to find our more information on how they will process your data
13. How we store your information

13.1. We will take all reasonable steps to ensure that the information we hold about you is kept secure.

13.2. Our IT platforms which may store your data are located in a G-Cloud approved Data Centre/Cloud Provider that complies to ISO 27001 standards.

13.3. Some platforms, such as our website and social media may contain links. We cannot guarantee the security of any personal data you post to any public area of the website or social media platforms. Posting to these areas can result in information being read, collected or used by others. Reach Community Projects will not be held responsible for any breach of data individuals post to these areas.

14. How long we hold your information for

14.1. We will only hold your personal data for as long as it is required as outlined below.

14.2. Deleting your information may involve either the removal of the data or (in the case of clients) its anonymisation, meaning that it no longer continues to be personal data that will identify you.

14.3. The following table sets out some of the main retention periods we have in place for the data we hold:

Type of Data    Retention Period Reason for retaining information
Debt help client    Up to 6 years from date case was closed To allow for the defence of legal claims in line with the Limitation Act 1980
Other client information 3 years from date of last interaction To allow us to analyse our client outcomes
Supporter information 6 years from date of last interaction HMRC requirements in relation to Gift Aid records; 
To allow us to keep supporters informed of our work
Phone call recordings 2 years from date call recorded Training and monitoring
Job application forms 1 year Recommended practice by CIPD

14.4. Please contact us using the details in section 2 if you need further details about our retention policy, or to request that your data be deleted.

15. Your data protection rights

15.1. Under data protection law, you have the following rights:

  • You can ask what personal information we hold about you and can request a copy. There is no cost, unless the request is manifestly unfounded or excessive
  • You can ask us to correct information we hold about you if it is inaccurate, or to complete information that you think is incomplete
  • You can ask us to restrict the processing of your personal information or to erase it in some circumstances
  • You can object to the processing of your personal information in certain circumstances
  • You may withdraw consent where we are using your information on the basis of consent

15.2. Our contact details are in section 2 of this document.

15.3. We will deal with your request within one month, unless it is particularly complex, in which case we will contact you within one month to let you know that we may need a further two months to comply.

16. How to make a complaint

16.1. If you have any concerns about our use of your personal information, you can make a complaint to us:

Data Controller
Reach Community Projects
Room 1
Wisdom Facilities Centre
42 Hollands Road
Suffolk CB9 8SA

Phone – 01440 712950
E-mail –

16.2. You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data:

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

ICO Helpline number – 0303 123 1113
ICO website: