Merton Centre for Independent Living - Privacy Notice


This privacy notice explains how we collect, use and share personal data, and your rights in relation to the personal data we hold.

For these purposes Merton CIL is the Controller of your personal data under the General Data Protection Regulation and other UK data protection laws.

Our contact details are:

Merton Centre for Independent Living (Merton CIL) (registered charity number 1152825), of Wandle Valley Resource Centre, Church Road, Mitcham, Surrey, CR4 3BE


Phone: 020 3397 3119

As a Charity, the trustees have overall responsibility for data protection.

Our Data Protection Officer is Lyla Adwan-Kamara


This Privacy Notice is effective from 25 May 2018. Merton CIL can change or update this privacy notice at any time. We last checked it in June 2018

In line with the General Data Protection Regulations, Merton CIL will ensure that personal data held by us will be accurate, limited to what is necessary, and secure.

Merton CIL aims to ensure that all service users, members, volunteers and trustees are able to trust and have confidence in the way that Merton CIL keeps personal information.


How we collect your information

We may collect your personal data in a number of ways, for example:

  • When you would like our support we will store information relating to you and your case
  • When you sign up as a member of Merton CIL
  • When you register or enter your details on our website, for example sending an enquiry or signing up to our newsletter
  • When you communicate with us by post, telephone, fax, email, social media or other forms of electronic communication;
  • When you attend an event, meeting or consultation
  • When you complete a Merton CIL survey, questionnaire or give us feedback
  • From information provided to us by a third party organisation if you were referred by them
  • If you apply for a job with us

The categories of data we collect

We may collect the following categories of personal data about you:

  • Your name and contact information such as address, email address and telephone number (and, on an ongoing basis, any change of address details);
  • Protected characteristics such as your race, religion, sexuality etc;
  • Income and employment details where needed for your case
  • Information regarding your disability or health condition;
  • Information about your access requirements
  • To a limited extent and only occasionally, medical information such as dietary requirements where we require this information to provide catering for you at our events;
  • Information about your case with Merton CIL, including records of communications between you and us and your appointments with caseworkers at Merton CIL
  • Information about you or relating to your case shared by other organisations involved in the matter
  • Any feedback in relation to any surveys or questionnaires that you complete
  • Technical information collected through the use of cookies about your use of our website including details of your domain name, location and Internet protocol (IP) address, operating system, browser version, the content you view, and how long you stayed on a page.
  • Website analytics collected to look at how our website is used. This information is anonymous
  • Photographs from events and consultations.
  • If you visit our offices we will ask you to sign in and out for Health & Safety reasons. The building we work in also asks you to do this and that information is held by Evolve Housing.
  • CCTV at our offices is not operated by us so we are not the data controller. Evolve Housing operate CCTV


The basis for processing your data, how we use that data and with whom we share it


Legitimate interests

We record contact details and casework information from everyone accessing our services under what is called ‘legitimate interests’. This information is necessary for us to check your eligibility for the service, to provide advice, and quality check our work. People seeking to access our service will be informed of this both verbally and in writing.

In this respect, we may also provide your personal data to the following (where this is necessary for our or a third party's legitimate interests):

  • Our funders who we will need to report back to regarding the service that we are delivering and to whom. Your data will only be shared anonymously and you won’t be identifiable
  • Our websites operator, who may store details such as name and email address to enable you to log in to our websites;
  • Professionals who assist us in putting together, printing and directed invitations, and our IT support and data storage provider(s)



In some circumstances Merton CIL will seek your specific consent to process your personal data. This includes sensitive information like sexuality. Consent must be in writing unless this is not possible due to an access need. Consent is also needed for anyone signing up as a member or agreeing to be contacted in other ways, such as to give feedback or to allow third party service providers to assist in auditing or evaluating our work. Consent can be withdrawn and if you wish to do so please contact us.


Information sharing

When sharing information about your case, we will take steps to be sure we are talking to the right person. We may ask you to confirm personal details, check your ID or signature or meet for an appointment. 

Sometimes it is necessary to share information about your case with a third party. We will ask you to fill in a form to say which organisations we can speak to about your case. You can change your mind about this and ask us not to talk to those organisations about your case anymore.


Removing Consent

Where personal information is held by consent, you have the right to withdraw your consent. We will record when consent is withdrawn. You can withdraw your consent by contacting us on: 0203 397 3119 or


Links to websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.


Children’s Data

We do not provide services directly to children or proactively collect their personal information. However, we are sometimes given information about children while supporting someone with their case. The information in the relevant parts of this notice applies to children as well as adults.


Social media

Sometimes we communicate with people via social media like Twitter and Facebook. We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry or a complaint. Sometimes we reply to messages on social media or we might share comments on social media. xx


Information about other people

During the course of our work we may be made aware of the personal details of other people in addition to our service user. This could include other people in their household or an alleged perpetrator. This could also be another organisation or individual supporting the service user

We will keep the information of third parties revealed in this way, where it is necessary for the purposes of supporting our service user and/or giving them accurate advice.

We will not contact the third party about this information, and, in particular, we will not reveal this information where it would possibly cause harm to our service user


Your rights

You also have the following rights:

The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply: for example if we have reason to believe the personal data we hold is accurate or we can show our processing is necessary for a purpose set out in this Privacy Notice.

You can find out more about your rights under data protection legislation at If you are not satisfied with how we are processing your personal data, you can raise a concern with the Information Commissioner (


How will Merton CIL uphold your rights?

You can make requests to see the data we hold on you verbally or by writing to us. If you make a verbal request we will take reasonable steps to make sure your data is being shared with you and not with someone pretending to be you.

We will provide information without delay and at least within 28 days of receiving it.

We can extend this by a further two months for complex or numerous requests. In this case we will inform you and give an explanation.

If we refuse to enforce a right, eg the right of erasure, we will inform the you within 28 days of the request and inform you of:

•       The reasons we are not taking action;

•       Your right to make a complaint to the ICO or another supervisory authority; and

•       Your ability to seek to enforce this right through a judicial remedy


Fees for information requests

We will provide a copy of the information free of charge.

We can charge a ‘reasonable fee’ when a request is:

•  Manifestly unfounded or excessive, particularly if it is repetitive, unless we refuse to respond; or

•  For further copies of the same information that’s previously been provided. This does not mean that we can charge for all subsequent access requests.

We will base the fee on the administrative cost of providing the information.


Loss of information and Personal Data Breaches

When personal data has been breached, Merton CIL will establish the likelihood and severity of the resulting risk to peoples rights and freedoms. If its likely that there will be a risk then we must notify the ICO; if it is unlikely then we do not have to. This decision will be made by a senior manager. We will document all breaches of personal data. 


How long do we hold data?

How long we keep your data depends on what it is.

If you used a service then we will archive the information after 2 years and destroy it after 7 years of no contact from you.

If you stop being a member, we will destroy your membership file after 7 years of no contact from you


Questions and concerns

If you have any questions or concerns about how we process your personal data, or you wish to exercise any of the rights set out above, you may contact Lyla Adwan-Kamara, CEO or Charlet Wilson, Office Manager:

  • By telephone: 0203 397 3119
  • By post: Wandle Valley Resource Centre, Church Road, Mitcham, Surrey, CR4 3BE