This notice specifically covers how data is used by our finance department.
The purpose of processing
The Finance department provides a range of services to the charity including financial planning, accounting, budgeting, financial systems and controls, and payments.
The department holds information about individuals so that it can carry out effective financial management including:
- Processing payments for external individuals
- Processing payments to employees
- Procurement card administration
- Recording transactions on the ledger
- Properly accounting for expenditure and income
- Budget setting and budget monitoring
- Providing financial management information
- Providing financial analysis and advice
- Managing insurance claims from the public, employees and customers
- Management of the section and all related policies
The legal basis for processing
We either have a contractual or legal obligation to process personal data for the purposes set out above.
What data we need
The department collects and processes the following types of personal data in order to provide the services:
- Personal, for example: name, address, telephone, date of birth
- Employee information, for example, payroll number, salary, taxation, national insurance, pension details
- Bank account details
- Email addresses
- Personal details relating to insurance claims
- Insurance-related legal records.
Why we need the data and what we do with it
Personal data is accessed from the charity's systems, for example the payroll system. Responsibility for the data within these systems rests with the relevant department. However, where individuals' data is downloaded and processed within finance services responsibility for this information is within the department.
Personal data, e.g. bank details may also be collected directly from the individual where required.
For insurance purposes, information may be obtained from claimants, witnesses, the police, insurance providers and brokers.
The department processes personal information for the purpose of:
- To know who our suppliers are in general and process their payments.
- To create invoices to cover the services that Leonard Cheshire provide.
- To chase the debts owed to Leonard Cheshire for services provided.
- To process and audit the payments made to staff in line with the legal and regulatory obligations required of Leonard Cheshire.
- To create and produce the monthly management accounts required by the standing orders of the Leonard Cheshire Executive and Trustees in line with legal and regulatory requirements.
- To process all types of payments made directly into our bank account.
- To verify the donations made by donors as a result of the pledges that they have made to Leonard Cheshire in line with regulatory requirements.
- To produce the annual report for Leonard Cheshire that is required by the standing orders of the Leonard Cheshire Executive and Trustees in line with legal and regulatory requirements.
- To know who has made an insurance claim against Leonard Cheshire and at what stage it is at in line with the legal and regulatory obligations required of Leonard Cheshire.
- To reconcile the pension payments made by Leonard Cheshire in line with the legal and regulatory obligations required of Leonard Cheshire.
- To process and audit annually the employee life assurance and sickness cover costs and to allocate said costs to the correct cost centre in line with legal and regulatory requirements.
- To manage the recruitment process of temporary employees.
- To allow external auditors to access our data in order to complete the audit process.
- To allow our accounting software providers access to files in order to process required upgrades or fixes.
Your personal data may be received by the following categories of people:
- Internal LC employees
- Local Authorities
- Care Commissioning Groups
- Trusts/Pension providers
How long we keep the data
We must legally retain financial information for 7 years. More information about how long we keep data can be found in our retention schedule.
We only process and store your data for the time period specified in our retention schedule (PDF).
What are your rights?
You have rights in respect to the processing of your information which are explained in the main section of the privacy notice.
Do we use any data processors?
We use a data processor to securely store our contract management database. This arrangement is governed by a GDPR compliant data processing contract.
Do we make transfers overseas?
We do not transfer personal data overseas.
Do we use any automated decision-making including profiling?
We do not use any automated decision-making or profiling.