1 About this Policy, issue 1.2 published 27 Feb 2020
1.2 Icebreakers is an award winning stand-alone Not-for-Profit Charitable Unincorporated Association which has run a facilitated, mutual support self-help group within a safe space in Manchester Gay Village for over 30 years. It is a transitionary group for “Service Users” to build their own support networks and make friends and move on having no further need for Icebreakers. The support group is facilitated by a small group of unpaid volunteers, that help individuals self-identifying as male, aged 18 or over, presenting as men who are gay, bisexual, questioning their sexuality, or trans-men.
1.3 Icebreakers do not charge a membership fee, except for a modest donation towards tea and biscuits, and is reliant on funding and grants from other charities, local government, donations from businesses, foundations, trusts, and private individuals to cover running costs. As a condition for this funding, and to show we do not discriminate, Icebreakers is periodically required to demonstrate that it provides support to gay/bi/trans/questioning men across a variety of cultural, ethnic, religious, and national backgrounds.
Proof of support is achieved with consolidated group statistical information on “Service Users” attendance at weekly meetings and can be processed to give, for example, the number of “Service Users” from a particular postcode, country, or age attending in the last year. This consolidated information is totally anonymous and cannot be used to identify an individual and is not covered by GBPR as explained below in section 2.2.4. During 2018 & 2019 Icebreakers has only released this summarised data to the LGBT Foundation.
1.4 To protect individual “service users” safety/confidentiality individual “service user” records are not shared, or sold, outside of Icebreakers, even to our funders, except for specific requests from law enforcement, or in cases where you may pose a risk to yourself or others.
1.5 Icebreakers occasionally gets requests from solicitors asking for information about individual service users’ attendance in relation to asylum seekers. Because of the extreme sensitivity of our service user’s data, and the fact that asylum seekers often come from countries where being gay is illegal or carries the death sentence, we cannot respond to written requests from unknown people, even those claiming to be acting on behalf of a service user. The information we hold about individual service users does not include full name, full address, or date of birth anyway so could not be uniquely linked to an individual.
2 General Principals
2.1 Background: For centuries gay and bi men have been persecuted, discriminated against, thrown out of their jobs, been the target for blackmail, the victims of violent attacks, killings, and mass murder. Sadly, in the 21st century this is still the case, particularly for men coming from ill-informed extremist cultural backgrounds. Icebreakers often supports service users living with death threats against them, either from family or foreign state.
It has long been the practice for members of the LGBT community to conceal their real identity by using false names or pseudonyms to protect their life, personal safety, professional and private reputation, financial security, roof over their heads etc.
Icebreakers respects this right to use pseudonyms and will never ask you to prove your real identity (except to prove your age if you look under 18), we will never ask you for your full name (real or false), your full address – only a partial postcode, date of birth, financial details, email, phone number, and will not collect any biometric data e.g. membership photographs for ID cards etc. Recital 28 of GDPR allows for “other measures of data protection”, we view false names as “other measures”. We do ask if a fake name is used that it be used for each visit. Icebreakers assumes those service users at highest risk will use false names. Icebreakers are also aware some users use a different name from time to time.
In the past Icebreakers has collected email and phone numbers just in case we need to contact service users, but very rarely made use of this for safety reasons. Icebreakers also used to collect information on asylum seeker status but since we do not provide any specific targeted help or advice for asylum seekers we no-longer collect this. With the introduction of GDPR and the requirement only to hold the minimum data we need to deliver our service, Icebreakers decided, prior to GDPR implementation, to delete this historic information from our database and modify the database so it couldn’t be collected.
2.2 GDPR and Icebreakers:
2.2.1 GDPR is pan-European legislation covering the protection of data of identified or identifiable living people. It governs how people’s personal data is collected, used, shared, and what rights individuals have over this process and their data. If someone is unidentified or un-identifiable then GDPR does not apply to their data.
2.2.2 Is Icebreakers registered for GDPR with the ICO? Certain types of very small not-for-profit organisations, provided they meet certain criteria, are exempt from registration with ICO but must “adhere to the principals of GDPR and understand best practice for managing information”. Icebreakers have followed the on-line registration process and fall into this category. Icebreakers do not require a Data Protection Officer.
2.2.3 Information we collect from the service users: The minimal information we collect from “service user” at their initial interview renders them unidentified and un-identifiable, by any means or other data we have, especially if they use false names. Within the group environment users are only known by their first name, and for maintenance of the attendance/fire register they are known as First name, and initial letter of family name and first part of postcode e.g. Joe B M14. Icebreakers believe the anonymous nature of the individual service user data puts it outside the scope of GDPR, however Icebreakers will follow GDPR as best practice anyway.
GDPR concerns itself, in part, with the accuracy of identified or identifiable living people’s data however these requirements conflict with an organisation dealing with vulnerable people who, in some cases, need anonymity to protect their life, or way of life.
Fortunately, one of the principals of GDPR legislation is data minimisation which means, by law, that Icebreakers must not collect information that we don’t need to deliver our service, however this does prevent Icebreakers from complying with some parts of GDPR. This situation is covered by Recital 57 of the GDPR regulation which States “If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation”. This is reinforced by Recital 64 which states that “a controller should not retain personal data for the sole purpose of being able to react to potential requests”
2.2.4 Information that we share with funding organisations: The Recital 26 of the GDPR regulation states “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes”. In other words, the anonymous demographic attendance data we share with our funding organisations is exempt from GDPR.
2.2.5 GDPR and CCTV. Icebreakers do not make use of CCTV in any way. However, the building used by Icebreakers, the LGBT Foundation, does have CCTV in the entrance intercom, the entrance area by the lift, in internal corridors, stair wells, and fire escapes. There is no CCTV in the rooms used by Icebreakers.
2.2.6 Although Icebreakers are not required to be registered with the Information Commissioners Office (ICO) it follow General Data Protection Regulation (GDPR) when dealing with your personal data wherever possible but cannot comply fully with all the terms of GDPR because we don’t record your full identity, we don’t need your full identity or for you to prove it.
Obvious notable exceptions are:
- Since we don’t need your full name and address, or for you to prove who you are to access our service, we cannot guarantee the accuracy of your Full Name and Full Address. Under GDPR it would be illegal to capture and hold information we don’t need therefore we don’t have fields in our database for full name and address and obviously can’t verify something we don’t have.
- If Icebreakers were required to confirm that Joe Blogs of 23 Some road, Some Town, Some Postcode was a service user we would obviously be unable to do so with absolute certainty since we do not hold full name and address details.
- In the unlikely event of a data breach of our encrypted database of unidentified / unidentifiable users we cannot contact you directly since we don’t have your name and address. We will use our Website and Twitter account to notify service users if a data breach is detected.
- Sexuality: We can’t confirm your sexuality and only record what you tell us.
2.2.7 For the purposes of the GDPR, Icebreakers will be the “Controller” of all anonymised personal data we hold about you, and the Volunteer members will be the “Processors”.
3 How Icebreakers collect, store, and process your personal data
3.1 Icebreakers collects service used data in 2 different ways
3.1.1 New “Service Users” are interviewed before being permitted to join the group to ensure they meet the entry requirements, that Icebreakers is the best group for them, and for Icebreakers to assess their needs. At this interview minimal anonymous data is collected, just enough to facilitate running the group but not enough to uniquely identify an individual outside the group. Service Users are informed the minimal information gathered is to aid in getting funding to run the support group, as explained on the interview sheet. The data is stored in paper form on the interview sheet and then transferred to an encrypted database. This data includes
- First/given name
- Initial Letter of Family Name
- First part of postcode e.g. M33
- Age on the date of interview
- Self-identified Sexuality & gender identity
- Gender Identity
- How did they find out about Icebreakers?
- What are their goals from attending the group?
Certain categories of information require the service user to confirm each individual category they are happy to have the information recorded and processed. This confirmation is also stored in our records. The special categories are Nationality, Ethnicity, Religion, Sexual Orientation, and Gender.
3.1.2 Attendance / fire register: “Service Users” are required to sign in and out of the group to keep the attendance register up to date and for a fire roll call. This data includes
- First/given name
- Initial Letter of Family Name
- First part of postcode e.g. M33
3.2 Lawfulness, fairness, transparency, and purpose. Under GDPR Icebreakers are required to inform you of the lawfulness, fairness and transparency of data collection and the Limited purpose we have for processing the data. The table below details this information
|Type of information||Purposes||Legal basis of processing|
|Service user first/given name||To differentiate the service user within our records.||Legitimate interests in operating the support group.|
|Service user Initial letter of Family Name/Surname||To differentiate the service user within our records||Legitimate interests in operating the support group.|
|Service user age at initial interview||To confirm prospective service user is adult. Icebreakers is a support group for adults.||Legitimate interests in operating the support group, and Legal obligation|
|First part of postcode e.g. OL10||To provide anonymous aggregated data, if required, to funding organisations||Legitimate interests in operating the support group.|
|Permission to record Sexuality||To confirm Icebreakers can process this special category data||Consent|
|Permission to record Nationality||To confirm Icebreakers can process this special category data||Consent|
|Permission to record Religion||To confirm Icebreakers can process this special category data||Consent|
|Permission to record Ethnicity||To confirm Icebreakers can process this special category data||Consent|
|Permission to record gender identity||To confirm Icebreakers can process this special category data||Consent|
|Service user’s self-identified sexuality, Gay, Bi, or Questioning||To provide the volunteer team with information to provide a more tailored help to an individual, and confirm they’re LGBTQI . To provide anonymous aggregated, if required, to funding organisations.||Legitimate interests in operating the support group.|
|Nationality||To provide demographic info to funding bodies as required and demonstrate diversity compliance.||Legitimate interests in operating the support group.|
|Religion||To provide demographic info to funding bodies as required and demonstrate diversity compliance.||Legitimate interests in operating the support group.|
|Ethnicity||To provide demographic info to funding bodies as required and demonstrate diversity compliance.||Legitimate interests in operating the support group.|
|Gender identity||To provide demographic info to funding bodies as required and demonstrate diversity compliance.||Legitimate interests in operating the support group.|
|Type of information||Purposes||Legal basis of processing|
|Date of first arrival at the group||Enable Icebreakers to monitor your progress and hold follow up advice sessions if you are struggling to make progress and to have a count of new users.||Legitimate interests in operating the support group.|
|Notes||We make a note of your aims in joining the group especially if you need help in coming out as gay/bi||Legitimate interests in operating the support group.|
|How did service user learn about Icebreakers||To help Icebreakers better promote our service||Legitimate interests in operating the support group.|
|Date of any meeting you attend,||To record your attendance at meetings as a fire role call and to provide anonymous aggregated data, if required, to funding organisations||Legitimate interests in operating the support group.|
3.3 How we minimise your personal data: GDPR requires us to only hold the minimum amount of data Icebreakers need to perform their function. GDPR Recital 57 also states we must not collect any data that Icebreakers does not need just so we can comply with any part of GDPR Regulations.
Icebreakers does not therefore collect your Family name, your full address, or date of birth since we do not need them to provide a service. We also do not need to verify who you are.
3.4 Data accuracy: As explained in section 2.1, for service users life safety and wellbeing we do not require service users full legal identity to provide a service, and data minimisation and GDPR Recital 57 make it illegal to collect full and unnecessary data, so obviously we cannot maintain totally accurate identity records. We have no external verification process.
If, during a service user visit to our support group, it becomes obvious that they have perhaps changed postcode or are using a different false name we will amend our database to reflect changes.
3.5 Storage Limitation: Service users normally attend the group for perhaps 6 to 12 months whilst they form their own network of friends and move on. Some service users return to the group 2 or 3 years later if they require more support after perhaps a relationship breakdown. Icebreakers will keep anonymised personal data on our systems whilst you are an active service user and for 3 years after your last attendance.
After 3 years of non-attendance, Icebreakers will remove the First name, initial of family name, and any notes from our records and replace the first name with “Ex-user” and the database reference number. We do this to remove the service user from our records whilst being able to hold totally anonymous historic data for funding purposes or to demonstrate diversity compliance. Paper records may be deleted or reprinted with Ex-user as the name.
If a service user returns to Icebreakers at some future point after
their first name record has been replaced, they will have to be re-interviewed
and treated as a new user.
3.6 Data integrity, confidentiality and security
3.6.1 We will not transfer your personal data outside Icebreakers except for specific requests from law enforcement, or in cases where you pose a risk to yourself or others.
3.6.2 We will never sell, or give away, your personal data
3.6.3 From time to time fully anonymous statistical data may be transferred to support funding requests. We may do this for the purpose of our legitimate interests in providing ongoing support for gay/bi/trans men.
3.6.4 In order to protect personal data from loss, misuse, or unauthorised alteration or destruction we have implemented generally accepted standards of technology and operational security including virus/malware protection of computer, data encryption of the database, password protection. The encrypted computer records are not accessible on-line but on a stand-alone computer kept along with the paper records in a locked filing cabinet in an access-controlled CCTV monitored area when not in use.
3.6.5 We will notify you promptly by means of our website and our twitter account in the event of any breach. Since we do not have your full identity, we can’t contact you directly. Our computer data is encrypted, and your personal data is limited and can’t identify you anyway
3.6.6 The only people who can see the data you have provided us are the volunteer team. We do not obtain information about you from any other source. We do not share this individual information with anybody else, even the LGBT Foundation or funders. The only exception to this is where we feel you may be a danger to yourself or others.
3.6.7 Group photographs taken at public events e.g. Gay Pride may occasionally be used for publicity but only with the express permission of all those appearing on them.
3.6.8 Icebreakers does not issue any form of membership card or document to users for their personal safety in case a family member finds them.
3.7 Accountability: Icebreakers will regularly review this document considering operational changes or to reflect evolving needs of our service users or funding organisations. This procedure will be discussed periodically at monthly volunteer safeguarding meetings.
4. Your rights as an individual under GDPR
Please note, because of the very sensitive nature of our data, that we cannot accept written requests for changes or information unless hand delivered during a meeting by a service user.
Icebreakers will try and comply with request within 1 month although
because we are a small group of volunteers and only 1 volunteer has full access
to the reports it may take longer to obtain access depending on holidays and
Please note Icebreakers are aware that sometimes service users use a different name at weekly meetings. If you have done this then your attendance at meetings many not be logged on the computer, we can only record attendance information that matches the partial name and postcode you gave at interview.
4.1 Right to be informed: You have the right to know how Icebreakers collect and process your information. This document explains how we collect and process your data and who we share your anonymous consolidated information with.
4.2 Right of Access: you have a right to access your personal data which can be made verbally to one of the volunteers. To request access a service user must provide the First Name, Initial of Family Name, and first part of the postcode that they provided when joining. Please note we have no printer attached to our computer and will be unable to give your paper reports on the spot.
4.3 Right of rectification: Service users have a right to have inaccurate personal data rectified and can make a request verbally. Icebreakers will rectify errors but not modify the database to include data we do not need or compromise the anonymity of other users, as per data minimisation and GDPR Recital 57
4.4 Right of erasure: Service users have a right to have their data personal removed, this is done in line with section 3.5 – Storage Limitation, and can make a request verbally. Once erased the service user’s data, including attendance data, can’t be recovered and if you want to re-join Icebreakers you will to be re-interviewed and a new computer record started
4.5 Right to restrict processing: Service users have the right to request their data is not processed but this is not an absolute right. If a user has not given permission for the special category date to be processed, we will not include that specific anonymous data in any statistical report to our funding organisations.
4.6 Right to data portability: The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
If a service user requests this data, it can be made available in .CSV format although once out of Icebreaker control obviously we can’t verify its integrity.
4.7 Right to object: The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing. Icebreakers will never use your personal data for direct marketing, and we can’t anyway because we don’t have your full name and address.
4.8 Rights relating to automated decision making / profiling: Icebreakers do not use any automated decision-making or user profiling software on user’s data in relation to your rights to attend the support group.
Icebreakers periodically use a manual report to identify users who have not attended for more than 3 years to enable their data to be deleted as per section 3.5 – Storage Limitation.
5 Appendix 1: Just for your reference the 7 principles of GDPR data protection are
5.1 Lawfulness, fairness and transparency
- You must identify valid grounds under the GDPR (known as a ‘lawful basis’) for collecting and using personal data.
- You must ensure that you do not do anything with the data in breach of any other laws.
- You must use personal data in a way that is fair. This means you must not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.
- You must be clear, open and honest with people from the start about how you will use their personal data.
- The options for lawful basis of collecting and processing data are: (a) Consent, (b) Contract, (c) Legal obligation, (d) Vital interests, (e) Public task, (f) Legitimate interests:
5.2 Purpose limitation
- You must be clear about what your purposes for processing are from the start.
- You need to record your purposes as part of your documentation obligations and specify them in your privacy information for individuals.
- You can only use the personal data for a new purpose if either this is compatible with your original purpose, you get consent, or you have a clear obligation or function set out in law.
5.3 Data minimisation
You must ensure the personal data you are processing is:
- adequate – sufficient to properly fulfil your stated purpose;
- relevant – has a rational link to that purpose; and
- limited to what is necessary – you do not hold more than you need for that purpose.
At a glance
- You should take all reasonable steps to ensure the personal data you hold is not incorrect or misleading as to any matter of fact.
- You may need to keep the personal data updated, although this will depend on what you are using it for.
- If you discover that personal data is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible.
- You must carefully consider any challenges to the accuracy of personal data.
5.5 Storage limitation
At a glance
- You must not keep personal data for longer than you need it.
- You need to think about – and be able to justify – how long you keep personal data. This will depend on your purposes for holding the data.
- You need a policy setting standard retention periods wherever possible, to comply with documentation requirements.
- You should also periodically review the data you hold, and erase or anonymise it when you no longer need it.
- You must carefully consider any challenges to your retention of data. Individuals have a right to erasure if you no longer need the data.
- You can keep personal data for longer if you are only keeping it for public interest archiving, scientific or historical research, or statistical purposes.
5.6 Integrity and confidentiality (security)
- You must ensure that you have appropriate security measures in place to protect the personal data you hold.
- This is the ‘integrity and confidentiality’ principle of the GDPR – also known as the security principle.
- The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles.
- You must have appropriate measures and records in place to be able to demonstrate your compliance.