Privacy Policy

Changing Lives' Privacy Notice

This Privacy Notice sets out how Changing Lives uses and protects any information you give us. It is designed to be as comprehensive as possible, but it does not include an exhaustive list of every occasion where we collect and process personal information or data. However, we would be happy to provide any further information or explanation about our practices if you contact us directly.

Updated Privacy Notice:

Changing Lives Privacy Notice

Last Reviewed and Updated: June 2026

Changing Lives is committed to respecting and protecting the privacy of all individuals whose data we process and this Privacy Notice explains what personal data we collect, why we collect it, how we use it, who we may share it with, how we safeguard it, how we will dispose of it once it is no longer used, and your privacy rights.

This privacy notice is designed to be as comprehensive as possible, but it does not include an exhaustive list of every occasion where we collect and process personal information or data. We would also be happy to provide any further information or explanation about our practices when you contact us directly.

When we use your personal data, we ensure that it complies with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act (2018).

WHO WE ARE AND OUR CONTACT DETAILS

Changing Lives is a UK-registered charity dedicated to supporting vulnerable people experiencing difficult times such as homelessness, addiction, abuse, exploitation, unemployment and others. As the ‘Data Controller’, it means we are responsible for your personal data. Our contact details are as follows:

Changing Lives (registered name: The Cyrenians)

Registered Charity Number: 500640.  Registered Company Number: 995799

Registered Office: H26, The Avenues, Eleventh Ave N, Team Valley, Gateshead NE11 0NJ

Telephone: 0191 273 8891

Email: central.office@changing-lives.org.uk

LAST REVIEW AND UPDATE

We keep this privacy notice under regular review and may be updated where necessary to let you know about any changes in how we use and process your information.

This Privacy notice was last updated in June 2026.

SPECIFIC PRIVACY NOTICES

Given the diverse nature of our work, we provide specific and detailed privacy notices. Before you register for any of our services, you will receive a privacy notice tailored to the service you are accessing. Please refer to the relevant notice for full information.

WHAT PERSONAL DATA WE COLLECT

We’ll collect and use your information personal data for different reasons. The types of personal data we may collect about you are set out below. We’ll only collect data which is necessary and relevant to the service we provide to you.

We may collect:

  • Name(s)
  • Date of birth
  • Address
  • Telephone number(s)
  • Email address
  • Gender/Gender identity
  • Ethnicity
  • Spoken language
  • Asylum seeker / refugee status /immigration status
  • Nationality
  • Disability
  • Sexual orientation
  • Religion or belief
  • National Insurance number
  • Next of kin/emergency contact information
  • Medical / Health / Treatment information (includes GP/doctor information)
  • Financial information (bank account, debit/credit card details)
  • Accommodation History
  • Education / Training / Employment
  • Social Care information
  • Social History
  • Police / Criminal / Offence information
  • Probation information / conditions
  • Service provided / contacts with service
  • Risk information (risks to self, children, public, other adults, staff, other residents, vulnerability to abuse from others, etc)
  • Your CCTV image
  • Any content produced for our website, publications, social media, articles, and blog posts featuring you
  • Donation information
  • Information you enter on our website

Special Category and Criminal Offence Data

Due to the nature of our work, we may also collect some sensitive personal information. These are known as ‘Special Category Data’ and ‘Criminal Offence’ data which includes:

  • Personal data revealing racial or ethnic origin
  • Personal data revealing religious or philosophical beliefs
  • Data concerning health
  • Data concerning a person’s sex life
  • Data concerning a person’s sexual orientation
  • Data revealing criminal history, allegations, investigations, and proceedings
  • Data revealing safeguarding checks

We process Special Category and Criminal Offence Data only where necessary and proportionate.

HOW WE COLLECT YOUR PERSONAL DATA

  • We collect information directly from you when:
  • You contact us in person, by phone, email, online form or post.
  • You access services, support or apply for roles.
  • You have been referred to one of our services.
  • You volunteer, donate or fundraise for us.
  • You buy our merchandise.

WHEN WE COLLECT YOUR PERSONAL DATA

We will:

  • Ensure you know why we need it
  • Only ask for what is necessary for the service we are providing to you
  • Protect it and make sure only those people who need access to it can see it.
  • Make sure we don’t keep it for longer than is necessary

We ask that you:

  • Give us accurate information
  • Tells us as soon as possible about any changes
  • Tell us as soon as possible if you notice any mistakes in the information we hold about you

HOW WE USE YOUR PERSONAL DATA

We only use your personal data for the purposes described in this privacy notice.

We may use your personal data for purposes including:

  • Providing support services.
  • Employee recruitment and volunteer engagement.
  • Processing donations, fundraising communications and reporting.
  • Marketing, newsletters and event communications
  • Service assessment, research and quality improvement.
  • Compliance with audit, regulatory and statutory reporting.

THE LAWFUL BASIS FOR COLLECTING YOUR DATA

We can only use your personal data when we have lawful reason to do so, this is called our “Lawful Basis”. The lawful bases we may rely on, what they mean and examples of when we rely on them are set out below.

Contract

We process your data because it is necessary to deliver a service you have requested or to take steps before entering into a contract/agreement.
Some situations when we rely on it:

  • Providing accommodation, recovery, employment support services etc
  • Managing recruitment processes or volunteering
  • Delivering the support you have formally agreed to receive

Public Task

We process your data because processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Changing Lives by a local authority or government body.
Some situations when we rely on it:

  • Delivering commissioned services such as housing support
  • Conducting research or policy work that supports our charitable mission
  • Providing services funded by public authorities

Legal Obligation

We must process your data to meet our legal or regulatory requirements.
Some situations when we rely on it:

  • Where we have to do things to comply with a law or regulation that applies to us. This may include sharing information with the necessary regulators
  • Comply with a common law or statutory obligation on behalf of relevant public authority
  • Employment law requirements during recruitment or staff management

Vital Interests

We process your data when it is necessary to protect someone’s life or prevent serious harm.
Some situations when we rely on it:

  • Safeguarding concerns involving immediate risk
  • Situations where you or another person is at risk of significant harm
  • Emergency disclosures to protect vulnerable individuals

Consent

We process your data when you have given clear permission for us to process your data for a specific purpose. You can withdraw your consent at any time.
Some situations when we rely on it:

  • Sending electronic marketing such as newsletters, texts etc
  • When you opt in to receive information about our organization
  • Processing requests for professional support evidence, such as housing applications, Legal Aid letters etc.

Legitimate Interests

We process your data because it is necessary for our legitimate organizational benefits.

Some situations when we rely on it:

  • The processing is such as you would reasonably expect to be undertaken by Changing Lives in respect of the management of our operations
  • That the processing is necessary in respect of the activities that are undertaken and is in the interests of Changing Lives and the relevant third parties

Processing based on legitimate interest will be balanced against your rights and expectations.

Conditions for processing Special Category and Criminal Offence Data

Data classified under special category data or criminal offence data require additional protection, due to their sensitive nature.

For Special Category Data, we rely on Article 9(2)(g) UK GDPR, processing is necessary for reasons of substantial public interest, such as safeguarding and supporting vulnerable individuals, in accordance with Schedule 1 of the Data Protection Act 2018.

We will only process criminal offence data where we have a lawful reason to do so under Article 10 UK GDPR and Schedule 1 of the Data Protection Act 2018.

WHO WE SHARE YOUR DATA WITH

We may share your personal data with other organizations where we have a lawful reason to do so. This may include

  • Service providers to provide you with the services you have requested
  • Third parties and partners with whom we have a relationship with to deliver services or support on our behalf
  • Government bodies, regulatory and statutory agencies where required, and we have a legal reason to share information.
  • Audit and monitoring authorities for service compliance, safeguarding reasons and improving delivery of the services we provide.
  • Healthcare related organisations where required
  • Advertising and analytics platforms, including Google, Meta and LinkedIn, used to measure and improve our marketing and fundraising activity. See Advertising and Analytics Technologies below.

If we need to discuss your situation with other third parties who are not listed in this privacy notice, we will always seek your permission to do so, unless the law requires or permits us to share it for another reason.

Anonymised data may be used to provide statistical information, for example to report on and evaluate the effectiveness of the service. In these circumstances we will contact you separately to seek your consent.

HOW WE SECURE YOUR DATA

The security of your personal data is a priority for Changing Lives. We are committed to maintaining robust security standards and implement a range of appropriate technical and organisational measures, including:

  • Encryption at rest and in transit.
  • Role-based access controls and Multi-factor authentication.
  • Regular backups, Vulnerability scanning, Intrusion detection and prevention system, Firewall, Anti-virus and Business continuity plan.
  • Staff training and data protection awareness.
  • Policies and procedures aligned with ISO/IEC 27001 security framework to protect the confidentiality, integrity and availability of personal data.

These measures are reviewed regularly to maintain adequacy and security resilience.

HOW LONG WE KEEP YOUR DATA

We will hold your personal data on secure databases kept on the Changing Lives IT network for the duration of our relationship with you. We will also keep paper files where necessary.

We will not keep your personal information for longer than is necessary for the purpose for which it was collected unless a longer retention period is necessary and justified. This means that information will be securely destroyed or erased when it is no longer required.

We store personal data in accordance with our data retention policy and procedures. For more details, please refer to our Data Retention Schedule, which outlines specific retention periods for different categories of data. This ensures compliance with Article 5(1)(e) UK GDPR.

CCTV

Some premises may have a CCTV system installed on them. It is used to:

  • ensure your health and safety while you are on the premises
  • detect, deter and prevent crime and disorder
  • provide the Police/Changing Lives with evidence to enable criminal and/or civil proceedings to be brought in the courts.

For full information about the use of CCTV, please refer to our CCTV privacy notice.

INTERNATIONAL DATA TRANSFERS

Your personal information is stored and managed within the UK and is not transferred outside the UK/EEA. This means your information remains subject to UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The exception to this is the advertising and analytics platforms described in Advertising and Analytics Technologies above. Google, Meta and LinkedIn are based in the United States and information shared with them is transferred outside the UK. These transfers rely on legally recognised safeguards, such as the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses with the UK Addendum, depending on the platform. We will continue to review these transfer mechanisms periodically to ensure they remain valid and appropriate under applicable data protection law.

Storage arrangements are regularly reviewed to ensure ongoing compliance with data protection law. If this changes, we will update this privacy notice and ensure appropriate safeguards are in place in accordance with data protection law.

If we engage any third-party processors outside the UK/EEA in the future, we will implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or UK Addendum to ensure compliance with Chapter V of UK GDPR.

AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling in our processing. This means that any decisions affecting you, for example, the outcome of a case, eligibility assessments, or service provision are made by human beings, not by a computer algorithm.

All personal data we collect is reviewed and assessed by trained staff, ensuring that decisions are fair, transparent, and based on careful consideration of the information provided.

If this changes, we will update this privacy notice and inform you of your rights under data protection law.

FURTHER PROCESSING

If we need to use your personal data for a new purpose, not covered by this Privacy Notice, then we will update our privacy notice explaining it.

COOKIES

To improve our website, we use ‘cookies’ and similar technologies. Cookies are small text files stored on your device when you visit our website. They help us provide a seamless and optimized experience tailored to your preferences.

We will ask you whether you give your consent for the use of cookies when you enter our website. Our cookie consent platform is configured so that non-essential analytics and advertising cookies, including Google Ads, Meta Pixel and LinkedIn Insight Tag, are blocked unless and until you have given your explicit consent.

For more information, our Cookie Policy can be found at https://www.changing-lives.org.uk/cookie-policy. We keep this Privacy Notice and our Cookie Policy under review to ensure they remain consistent, particularly in relation to the cookies and tracking technologies used on our website.

ADVERTISING AND ANALYTICS TECHNOLOGIES

We use Google Tag Manager to manage tracking tools on our website. This currently includes Google Ads, Meta Pixel (Facebook and Instagram) and LinkedIn Insight Tag.

These tools help us understand how people use our website and measure how well our advertising and fundraising campaigns are performing. They also let us show relevant Changing Lives content to people who have previously visited our website when they use these platforms.

Information collected through these tools may include the pages you visit, actions you take on our website, and your device and browser details.

These tools only load once you have given consent through our cookie banner. Non-essential advertising and analytics tags are not activated before valid consent has been obtained. You can manage or withdraw this consent at any time. See our Cookie Policy at https://www.changing-lives.org.uk/cookie-policy for more information.

Google, Meta and LinkedIn are based in the United States. Information shared with them is covered under International Data Transfers below.

You can manage how these platforms use your information directly through their own settings:

  • Google: myadcenter.google.com
  • Meta: facebook.com/adpreferences
  • LinkedIn: linkedin.com/psettings/advertising

YOUR DATA PROTECTION RIGHTS

Under the UK General Data Protection Regulation (UK GDPR), you have specific rights regarding your personal data. Which lawful basis we rely on may affect your data protection rights which are outlined in brief below.

  • Your right of access (Subject Access Request): You have the right to ask us for copies of your personal.
  • Your right to rectification: You have the right to ask us to correct personal information you think is inaccurate or incomplete.
  • Your right to erasure: You have the right to ask us to delete your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to limit how we can use your personal information in certain circumstances.
  • Your right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you in certain circumstances.
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Please note that certain exemptions may apply to these rights where disclosure would prejudice safeguarding, crime prevention, or regulatory obligations, as permitted under the Data Protection Act 2018.

You don’t normally need to pay any charge for exercising your rights and if you make a request to access any of your information, you will receive a reply within one month.

You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website.

CONTACT FOR DATA PROTECTION QUERIES

If you have any questions about this privacy notice, or how we use your personal data, or if you wish to exercise your rights, please contact us using the contact details at the top of this privacy notice.

or contact our Data Protection Officer at

Email: sunny.vara@changing-lives.org.uk

or write to:

Data Protection Officer

Changing Lives

Central Office

H26 The Avenues

Eleventh Avenue North

Team Valley

Gateshead

Tyne and Wear

NE11 0NJ

HOW TO COMPLAIN

If you have any concerns about our use of your personal data, you can make a complaint to us in the following ways:

  • By email via dataprotection@changing-lives.org.uk or complaints@changing-lives.org.uk.
  • Telephone via 0191 2738891 between 9am and 3pm, Monday to Friday.
  • Writing to our Central Office: H26 The Avenues, Eleventh Avenue North, Team Valley, NE11 0NJ
  • Via our Website.
  • Any Changing Lives or Changing Lives Homes colleague, who will forward it to the appropriate person.
  • Direct messaging via the Changing Lives Social Media pages such as Facebook Messenger.
  • Any relevant third party

The Data Protection Team or Central Office to acknowledge receipt of the complaint.

If you are not satisfied with the outcome or about our handling of your complaint, you may request a review of our decision or escalate your complaint to the Information Commissioner Office (ICO). ICO contact details are:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint