Privacy Policy

Wellsprings Together Privacy Notice

Our Contact Details

Wellsprings Together, Church House, 17-19 York Place, Leeds, LS1 2EX. Phone: 0113 3530294. Email:

1. Introduction

WELLSPRINGS TOGETHER (WT) needs to collect and use certain types of information about staff, volunteers, job applicants, trustees, members, and potentially others who come into contact with WT in order to carry out our work.

We take our duty to process your personal data very seriously and comply with our obligations under GDPR. This notice explains how we collect, manage, use and protect any information we collect about you to ensure you remain informed and in control of your information. We may change this document from time to time to reflect the latest regulations on what we should lawfully do with your information. Please check back frequently to ensure that you are happy with any changes.

We are a "data controller" for the purposes of the General Data Protection Regulation (GDPR) 2016. This means that we are responsible for, and control the processing of, your personal information.

2. Data

Personal data is defined as “information about a living individual (data subject) who is identifiable by that information, or who could be identified by the information combined with other data”. It includes names, addresses, date identifying descriptions and information relating to individuals such as bank details or personal attributes and opinions. It also includes online identifiers, such as an IP address.

How we collect information about you

When you interact with us directly

This could be if you work with us on a project, ask us about our activities, register with us for our newsletter, make a donation to us, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This could be contact in person, over the phone or by email.

When you visit our website

We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use "cookies" to help our site run effectively. There are more details below – see the section on 'Cookies'. We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.


We use cookies on our website. A cookie is a small file which asks permission to be placed on your computer’s hard drive and it helps us to recognise and track users in order to provide them with a better online experience. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies mean that websites respond to you as an individual and can adapt to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to user’s needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Cookies help us provide you with a better website because we can monitor which pages you find useful and which you do not. A cookie will never give us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you want to.

Information we collect

Depending on what service(s) you access and on the reasons of your interaction with us we may keep some or all of the following data about you:

  • Your contact details (eg name, address, telephone number, email address)
  • Demographic information (eg your age, gender, ethnicity)
  • Information about your employment status, education and training history
  • Financial information eg information relating to the payment of salary, expenses, or donations.
  • Information about your education, skills and experience and previous job or volunteering roles if you apply to volunteer or work with us

Sensitive personal data

This means personal data on the racial or ethnic origin, religion, sex life, membership of a Trade Union, physical or mental health, commission or allegation of an offence or political opinions of the data subject. Examples of this are:

  • Sick notes, and medical assessments, including information relating to disabilities.
  • Absence records, including sickness absence, compassionate leave, unauthorised absences.
  • Data relating to recruitment and selection such as proof of eligibility to work in the UK; where relevant, unspent criminal records and/or the outcome of Disclosure and Barring investigations

We do not normally collect or store sensitive data (such as information relating to health, beliefs or political affiliation) about partners. However there are some situations where this will occur including, but not exclusively, if:

  • An accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers).
  • If you are attending one of our events and have disclosed specific access or dietary needs.

If this does occur, we will be very clear with you that we wished to collect such information, our reason for collecting such information, and that we would only do so with your specific consent and permission. The only exception to this would be if your consent is not required by law or the information is required to protect your health in an emergency.

Why do we keep your personal data?

  • To provide the services you have requested from us
  • To keep a record of your relationship with us and / or in order to fulfil our contractual
  • and legal obligations
  • For the legitimate interest of establishing, exercising or defending legal claims
  • If you volunteer with us in order to fulfil the Volunteer Agreement
  • To send you details of other services, opportunities and events you may be
  • interested in through our newsletter and other means (only with your consent)
  • To evaluate and monitor our services to ensure we are providing an effective service
  • From time to time we may send you promotional emails about new products, special offers, fundraising drives or other information which we think you may find interesting using the email address which you have provided (you may unsubscribe at any time and you will find instructions on how to do so at the bottom of every newsletter or promotional email you receive)

Legal basis for using your information

Under GDPR we must tell you what lawful basis we rely on for processing data. Some of the grounds for processing will overlap and there may be several grounds which justify our use of your personal information depending on what information it is. If you fail to provide certain information when requested, we may not be able to provide you with the service you have requested, or we may not be able to offer you bank work, volunteering work or employ you. The lawful basis on which we collect most of your personal data is consent – we will always ask for your consent to process information about you before we start working with you or before you start working / volunteering for us as an employee or volunteer. We also ask for your consent to share any or all of this information with other organisations, professionals and family members – we will ask your consent about who we can share what information with and ask you to sign to say you have agreed. We will not pass on the data we have about you to anyone else without your consent except in exceptional circumstances, the lawful basis of which is vital interests. Examples of these circumstances might include information that suggests you might be a danger to yourself or someone else, or information about a child at risk of harm or neglect.

We may also rely on legitimate interests for processing some of your data. This means that the reason that we are processing information is because there is a legitimate business interest for Wellsprings Together to do so to help us to achieve our aim of supporting people with mental health issues move forward in their recovery. We would also have a legitimate interest in processing your data for the purpose of establishing, exercising or defending legal claims. Whenever we process your personal information under the legitimate interest lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.

Sharing your Information

Your information may be shared internally, including with staff members responsible for managing and administering projects, HR and health and safety. It may also be shared with external services and professionals. This will only be done with your explicit consent. We may have to share your data with other third parties, including third-party service providers, for example in connection with supporting our client management system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to an individual. We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions. We will only pass on your information without your consent when there a situation that indicates you may be a danger to yourself or someone else, or information about a child at risk of harm or neglect.

Keeping your information safe

WT takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. Where necessary we use passwords, user permissions and encryption to protect data. Where we engage third parties (external organisations) to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data in accordance with GDPR and data protection legislation. We have put in place procedures to deal with any suspected data security breach and will notify you of a suspected breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.

3. Subject Access Requests (SARs)

On receipt of a written request for information WT holds on an individual, we will advise the individual of whether or not WT is processing their personal data and give them within one month:

  • a description of their personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • a copy of the information comprising the data; and given details of the source of the data;
  • information about the period for which the data will be stored;
  • information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing;
  • information about the existence of the right to complain to the ICO;
  • information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on data subjects.

Access may be denied or limited where it involves disclosing information about or from an identified third party (e.g. a colleague) unless the third party concerned has given consent to the disclosure of that information.

WT will not respond to subject access requests which:

  • disclose any information relating to management forecasts where this could jeopardise the business effectiveness of the organisation;


  • reveal legal proceedings against an individual, except to those directly concerned with those proceedings;


  • no verification of the identity of the individual is forthcoming.