Privacy Policy


This privacy notice tells you what we do with your personal information when you make contact with us or use one of our services. We’ll tell you:

Data Controller’s Contact Details

The Middleton Cheney Good Neighbours Scheme is the Data Controller for the personal information we process. You can contact us by:

How do we get personal information?

Most of the personal information we process is provided to us directly by you, by phone, email and in the case of volunteers, by completing our volunteer application form. We get your information for one of the following reasons:

Categories of personal information and who receives it

We process information where necessary to perform our services and to operate as a thriving organisation run entirely by volunteers:

Purposes of processing your personal information

As well as providing individually tailored services for our clients, performed by our volunteers, we engage in other activities that are vital for our successful functioning as an organisation. We may therefore process your personal information for our own legitimate interests provided those interests don’t override yours. We use your personal information for some or all of these:

Data Protection Principles and Lawful Basis

Personal data shall be processed fairly, lawfully and in a transparent manner

Our lawful basis under the GDPR for processing your personal data is that it is necessary for our legitimate interests. We can only provide our driving, befriending, shopping and practical help services appropriately, safely and effectively if we process personal information about our clients, volunteers and associated individuals. In circumstances where processing your information does not fall within our legitimate interests, we will seek your consent. In these cases,we make sure your consent is unambiguous, it is given by an affirmative action and it is recorded as the condition for processing.

Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

We process personal data for the purpose of providing our services appropriately, safely and effectively, in an individually tailored fashion. We need to be able to communicate with our clients, volunteers and associated individuals, as part of providing our services properly. We won’t process personal data for purposes incompatible with the original purpose it was collected for.

Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed

We collect personal data necessary for the relevant purposes and ensure it is not excessive. The information we process is necessary for and proportionate to our purposes. Where personal data is provided to us or obtained by us but is not relevant to our stated purposes, we will erase it.

Personal data shall be accurate and, where necessary, kept up to date

Where we become aware that personal data is inaccurate or out of date, having regard to the purpose for which it is being processed, we will take every reasonable step to ensure that data is erased or rectified without delay. If we decide not to either erase or rectify it, we will document our decision.

Personal data shall not be kept for longer than is necessary

We retain your data for six years after you last make contact with us. We keep it for six years so we can (i) ensure continuity of service, or continuity of our relationship, should you contact us during this period, and (ii) deal with legal or insurance claims. We will retain your data for longer than six years if there is an on-going legal claim, or if we are required by law to do so.

Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

Hard copy information that is subject to the GDPR is stored in our secure “portable office” with lockable hard-sided cases and a strict process followed by our Duty Officers to ensure maximum security. Electronic information is processed securely with appropriate access controls applied.The systems we use to process personal data allow us to erase or update personal data at any point in time.

Special Category Data (i.e. sensitive data) and Criminal Offence Data

In order to provide our services appropriately, safely and effectively for both our clients and our volunteers, we process special category data, and as part of our statutory duty we process criminal offence data.

Your Data Protection Rights

Your right of access

You have the right to ask us for copies of your personal information. As there are some exemptions, you may not always receive all the information we process. We may refuse your access request if your data includes information about another individual, except where the other individual has agreed to the disclosure, or it is reasonable to provide you with this information without the other individual’s consent. Subject to the proviso above about repetitive requests,you can request access more than once. You are also entitled to be told the following things:

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. If you ask us to correct data, we will take reasonable steps to investigate whether the data is accurate.We willconsider your arguments and any evidence you provide.We will then contact you and either (i)confirm we have corrected, deleted or added to the data, or (ii)inform you we will not correct the data, and explain why we believe the data is accurate.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. The right to erasure is not absolute.The right only applies in the following circumstances:

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.You can ask us to temporarily limit the use of your data when we are considering either (i) a challenge you have made to the accuracy of your data, or (ii) an objection you have made to the use of your data.You may also ask us to limit the use of your data rather than delete it if either (a) we have processed your data unlawfully but you do not want it deleted, or (b) we no longer need your data but you want us to keep it in order to create, exercise or defend legal claims. We will take appropriate steps to restrict the use of your data,including, if relevant:

Your right to object to processing

You have the right to object to us processing your data if you give us specific reasons based on your particular situation.If your objection is successful, we will stop processing your personal data for the use you have objected to. However, we may still be able to continue using your data legitimately for other purposes. We can refuse to comply with your objection if we can prove we have compelling legitimate grounds to continue processing your data that overrides your objection. We can also refuse if the processing of your data is for a legal claim.We will inform you of our decision and why.

Your right to data portability

This only applies to information you have given us, and if we are processing your information based on your consent or performance of a contract. As our processing is mainly based on legitimate interests, it is unlikely that this right will be relevant. If it does apply, you have the right to ask that we transfer the information you gave us to another organisation, or give it to you.


We try our hardest to get it right when it comes to processing your personal information. If you have queries or concerns, please contact us we’ll respond. If you remain dissatisfied, you can make a complaint about the way we process your personal information, to the Information Commissioner, by visiting or calling their helpline on 0303 123 1113.

Data Sharing

Where we provide links to websites of other organisations, this Privacy Notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Transfer of Data Abroad

We won’t transfer your personal data to countries or territories abroad, including outside the EEA (European Economic Area) unless we have an agreement with the relevant data processor giving equivalent protections and rights as under the UK Data Protection Act 2018. Please note: our website is accessible from overseas, so on occasion your personal data may appear on our website and be accessed from overseas, however we would seek your consent before putting your personal information on our website.