Privacy policy

Data privacy

Merton Voluntary Service Council (MVSC) (‘we’) deals with many individuals (‘you’).

We take the protection of the privacy of your personal information seriously.

This policy sets out how we:

  1. Collect information from you in a transparent manner
  2. Use it fairly
  3. Store it securely
  4. Delete it when required
  5. Handle any complaints.  

It also explains your rights over any of your personal information we hold about you.

Data processing

We process two kinds of personal information:

  1. General personal information
  2. Special category personal information.

These are explained below.

General personal information

This is general information about you and your participation in our services.  This may include your name, organisation’s name, address, website, social media account, telephone number and email address, and any feedback you give to us, including by phone, email, post, or social media.

If we need to make a payment to you, we will need your bank account details.

We process personal information on the basis of what the law calls ‘legitimate interests’.  This means it helps us achieve our mission and objectives, including: ‘A thriving Merton community where people’s lives are enriched by voluntary and community action’ by ‘inspiring and developing an excellent voluntary and community sector’.  Our services and projects contribute to these aims.

Ordinarily, these are aims you would share as you are engaging with us.  However, your rights and interests, and wider social interests, carry equal weight.  So we will not process information if this puts your interests or rights at risk.

Special category information

Sometimes, we ask for sensitive information (known as ‘special category information’ in the law).  This may include age, race and disability.  This information is used to monitor our services, and ensure they comply with law on equality and diversity and that they tackle discrimination, disadvantage and inequality.  We do not collect and process this type of information without your prior consent.  Ordinarily, this consent must be in writing.  In certain defined circumstances, such as where we are discussing this type of information with you on the telephone, consent will be oral.

What we do with your information

Some examples of why we process information about you are to:

  1. Help us understand more about you, your service users if applicable, and to provide the services you have requested
  2. Help us improve our services and better fulfil our mission and objectives
  3. Provide anonymised information to our funders on the performance of our services
  4. Ensure our services provide equality and diversity and tackle discrimination, disadvantage and inequality
  5. Ensure efficient and accurate administration of any requests you have
  6. Process any payments you are entitled to from us
  7. Take any payments that we are entitled from you
  8. Manage any complaint you may have
  9. Prevent and tackle fraud and ensure all our volunteers and partner organisations are legitimate
  10. Conduct market research, either ourselves or through reputable agencies
  11. Send you communications you wish to receive and invite you to meetings
  12. Fulfil legal duties: for example, complying with Charity Commission regulations
  13. Carry out anonymous statistical analysis which enables us to provide better services to the wider community, and support funding applications.

We will keep your personal information only as long as is required in law, by our funders or to serve you.  We will destroy it securely after a pre-determined period.

If you do not wish to provide personal information, please let us know.  In some cases, we may not be able to process your request and we will tell you this at the time.

How we will ensure your information is kept safe

We take security measures to protect your information including:

  1. Limiting access to our building to those entitled to be there (by use of receptionist and locks on all doors)
  2. Implementing access controls to our information technology, such as firewalls, individual IDs and passwords, and logical segmentation and/or physical separation of our systems and information
  3. Sending personal information only in password-protected formats
  4. Not permitting sharing of passwords
  5. Transferring paper-based records to secure IT systems as soon as possible and then destroying the paper record
  6. Limiting access to paper-based information to only those who need to see it.

Who do we share information with?

We share information with organisations that commission us to work for them, suppliers that deliver services on our behalf and trusted partners.

When partners deliver services for us, the processing of personal information is carried out under our instruction.  When we enter into contracts with service providers, we require them to comply with data protection laws and ensure that they have appropriate controls in place to secure personal information.

How we use cookies

To improve your browsing experience when you visit our website, we use cookies.

A cookie is information downloaded onto your computer when you visit a website. Cookies are widely used by websites and can do a number of things: eg, remembering your preferences, recording what you have put in a shopping basket, and counting the number of people looking at a website.

We use Google Analytics to analyse the use of this website.  Google Analytics generates statistical and other information about website use by means of cookies, which are on users' computers.  The information collected by Google Analytics about usage of our website is not personally identifiable.  The data is collected anonymously, stored by Google and used by us to create reports about website usage.  Here is Google's privacy policy.

You can delete cookies or refuse to accept them by specifying this in your browser settings.  Details of how to do this are on the website.

Other websites

This privacy policy relates specifically to our website.  Our website contains links to other websites.  When you click on a link to another website, you should read the privacy policy of its owner.

Access to your information and correction

You have the right to a copy of the information that we hold about you, and to ask us to make corrections.  If you would like to do this, contact our Data Protection Officer using the details at the end of this policy.

Reporting a problem

If you have a complaint about how we have processed your personal information, please contact our Data Protection Officer using the details at the end of this policy.  If you wish to make a complaint to the UK’s external regulator of data protection the Information Commissioner's Office.  In the first instance, call its helpline on 0303 123 1113.

Further information

For further information on this policy and our implementation of it, contact us at or write to us at:

Simon Courage
Data Protection Officer
Merton Voluntary Service Council
The Vestry Hall
336-8 London Road
London CR4 3UD
Phone: 020 8685 1771

Review of this policy

We keep this privacy policy under regular review and we place any updates on this web page.  This version was published on 30 January 2019.