Our Confidentiality and Privacy Policy

Our Confidentiality Policy

1.0. Bath Nightline respects the right to the confidentiality of all callers and the right to anonymity of all its volunteers

2.0. All Bath Nightline volunteers, as a condition of volunteering, must follow the Bath Nightline Confidentiality Policy, which they signed at the beginning of volunteering.

3.0. The Committee may take disciplinary action against volunteers who breach this policy. This may include the termination of their voluntary position.

4.0. Bath Nightline will record some information about calls to the service. This information will be shared with The SU Bath only (apart from in the circumstances described in Section 5.0 of this policy) and only includes:

4.1. The general topics of calls;
4.2. The time and length of calls;
4.3. Call volumes
4.4. The gender of callers.

5.0. In certain circumstances, Bath Nightline is required to break this confidentiality policy. These circumstances include, but may not be limited to:

5.1. Terrorism. The Prevention of Terrorism Act 2000 places a legal obligation on Bath Nightline to disclose information related to a terrorist threat. Bath Nightline will pass on all relevant information to the Anti-Terrorism Hotline or to the police if there is an immediate risk to life. Campus Security will also be notified of the terrorist threat as soon as possible.
5.2. Crime including fraud and money laundering. The Fraud Act 1997, the Proceeds of Crime Act 2002, and the Money Laundering Regulations 2003 all require Bath Nightline to report any relevant information to the police and Campus Security.
5.3. Court orders. When a court order is issued, Bath Nightline will pass on all relevant information to the authorities.
5.4. Abuse of children and vulnerable adults. If the Bath Nightline volunteer feels a child is being neglected or is in imminent danger, Bath Nightline will pass on all relevant information as detailed in The SU Bath’s Child Protection Policy.
5.5. Danger to others. If the Bath Nightline volunteer believes there are other people in imminent danger, Bath Nightline will pass on all relevant information to the police and Campus Security.
5.6. Danger to self, including suicide. If a caller has taken action to end their life; if the caller is unconscious; or if the volunteer feels that they do not understand the risks of their actions, the volunteer will immediately call for help. If the student is on campus, then Campus Security must be alerted so that they are able to direct the Emergency Services to the appropriate area of campus.
5.7.  Abusive calls towards Bath Nightline, information may be shared with the University of Bath Security Service and the police.

6.0. The data that is recorded by Bath Nightline on callers is anonymous.

6.1. The data is compiled, and anonymity is assured by the Treasurer and Secretary before it is shared with The SU Bath.

7.0. Call information may be discussed between the call taker, the debriefed volunteer and the Welfare Officer, both during and after a volunteer shift, only when it is in the interest of the caller, or volunteer welfare.

7.1. Call information will not be discussed outside of Bath Nightline, apart from in the circumstances stated in Section 4.0 and 5.0 of this policy.
7.2. In some circumstances, it may be necessary for call information to be discussed confidentially with external organisations including the University of Bath Counselling & Mental Health Service, and the Samaritans. This will be for the purpose of supporting Bath Nightline volunteers in accordance with the Bath Nightline Supervision and Support Policy.

8.0. There is a minimum of 2 Bath Nightline volunteers during all shifts. The type of call affects the number of Bath Nightline involved in responding to the call.

8.1. Telephone calls are received by one Bath Nightline volunteer. There is no facility for additional Bath Nightline volunteers to hear the caller.

8.1.1. There is no call monitoring facility available, or in use, at Bath Nightline.

8.2. Emails. All emails received to the Bath Nightline listening email account are automatically anonymised. The Bath Nightline volunteers on shift will work together to produce email responses.
8.3. Instant Messages. No account or IP information will be recorded by Bath Nightline, apart from in the circumstances listed in Section 5.0 of this policy. The Bath Nightline volunteers on shift will work together to produce IM responses.

9.0. The Bath Nightline volunteers may seek additional guidance from the on-call committee member as detailed in the Bath Nightline Supervision and Support Policy

10.0. The Internal Coordinator will ensure account details and anonymous emails are deleted within 28 days of receiving them.

11.0. This policy should be reviewed within 12 months of the date it was agreed by the Nightline committee as per Bath Nightline constitution.


Our Privacy Policy

Our organisational details:
Name: Bath Nightline
Email: coordinators@bath.ac.uk
Our governing body’s details:
Name: Bath Students’ Union
Phone Number: 01225 38 3800
Email: thesu@bath.ac.uk

Useful Definitions

‘Personal data’ is information that is personally identifiable, i.e. you can use the data to find out who it is about. This could be a name, date of birth or location data.

‘Special category data’ is more sensitive information, for example, health or genetic information.

‘Processing’ is the action that Bath Nightline or a trusted third party takes when collecting, updating, storing, or sharing an individual’s personal data.
‘We’ or ‘Nightline’ refers to Bath Nightline.

Why we collect your data

We aim to minimise as much as possible the amount of personal data we process. We may process personal data where the law requires us to do so, in order to safeguard vulnerable individuals, to protect our volunteers’ wellbeing and to continuously improve and develop the services we provide.
All of our practices comply with UK GDPR. We have lawful bases for processing your personal data and special category data. The main lawful bases we rely upon are:
● We have a legal obligation
● Protecting vital interests
● Our legitimate interests as an organisation

How we protect your data

At Nightline, we only collect the data we need and we only share it on a need-to-know basis.

We do not share personal data externally with the exception of the circumstances outlined in this policy. In this situation, we will always make you aware of how your personal data might be affected and will always check that the organisation’s systems comply with privacy laws and have robust privacy and security practices.

We store most of our data on Google Workspace (i.e. Gmail, Google Drive etc). It is secured and supported by Google and has been security assessed by independent organisations (including the National Cyber Security Centre: https://www.ncsc.gov.uk/guidance/g-suite-security-review).

We store some personal data on Three Rings. Three Rings’ data is stored on a server leased exclusively to Three Rings CIC in a UK-based datacentre registered as a data processor with the Information Commissioner’s Office, with 24/7 security, remotely-monitored CCTV, and access control systems throughout. Connections to the server whether by service users or Three Rings CIC staff take place exclusively over high-grade encrypted connections.

Some personal data may also be stored on Microsoft Teams. Microsoft complies with the EU-U.S., UK Extension to the EU-U.S., and Swiss-U.S. Data Privacy Frameworks. It is secured and supported by Google and has been security assessed by independent organisations (including the National Cyber Security Centre).

For every system we use, we check that it complies with privacy laws and has good privacy and security practices.

How we process your data

Nightline Service Users
As a general rule, Nightline does not store personal data of service users in call records. We keep call logs, but these are limited to primarily statistical information and no identifying information is recorded.
On some occasions, in order to detect and prevent abuse to Nightline services, we do collect data about calls we believe to be non-genuine, in order to prevent such calls taking place again in the future. This information includes details of the caller and the topics discussed on the call. This information may be retained for up to 5 years.
Some personal data (IP addresses, email addresses, etc.) and messages are stored in the databases of our anonymous instant messaging and email software, which is provided to Bath Nightline by our umbrella organisation, the Nightline Association. Volunteers at Bath Nightline cannot access any personal data, and the Nightline Association does not access the databases (unless requested by us as outlined below), except in exceptional circumstances where system administrators must undertake system maintenance.
In certain circumstances, Nightline may share personal data with a third party:
Any information relating to an act or potential act of terrorism will be reported to the police in order to comply with our legal obligation under the Terrorism Act 2000
Any calls where there is a threat to either a child or an adult at risk may require us to make a report to the police or to the local authority. This is done to meet our responsibilities to protect vulnerable individuals.
Where we receive a call where there is a serious risk of harm to the caller we may pass personal data onto the emergency services in order to protect the vital interests of the caller
Court Order
Personal data may be disclosed to the police if requested under a court order. This is in order to meet our legal obligation to cooperate.
Abuses of the Service
Where a caller acts in an abusive or threatening manner towards our volunteers, we may disclose personal data of that caller to appropriate third parties. These parties include the police, other Nightlines, the Nightline Association and other authorities with responsibility for the welfare of our volunteers such as the University of Bath and Bath Student’s Union. This is done in order to serve our legitimate interest to protect our volunteers from harm and to keep the service available for genuine users.

Volunteers and Potential Volunteers

During the process of recruiting new volunteers, we collect some information from everyone who registers their interest in volunteering. The data collected includes the following:
• Name
• Email address
• Phone number
• Address
• Degree
• Gender identity and pronouns
Once the recruiting procedure is over, we retain the information of unsuccessful applicants for 1 year. Details of applicants’ gender identity and degree course may be shared with the University of Bath and Bath Students’ Union in line with our agreement to share some basic demographic information with these stakeholders. No other information is shared with anyone outside of Nightline before, during or after the recruitment drive.
For our volunteers, we store this data (along with other relevant information such as the number of shifts you complete and ongoing training sessions you attend) for as long as you are a volunteer and for 2 years after you leave the Nightline.
We collect this information in order to administer the recruitment process and effectively run the service.

Website Visitors

When you visit the Bath Nightline website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
Bath Nightline uses “cookies” to collect information. You can opt-out of cookies but you are required to do this proactively by changing the setting in your browser – unfortunately, we cannot control this on your behalf. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
Anonymised data from visitors to our website will be collected, including your interaction with our website and cookies to track with pages you visit. This helps us to analyse how our website is being used and how we can improve.
Data Retention Periods
We only keep your information for as long as is necessary for the relevant purpose. We use a number of criteria for determining the retention period, including obligations under law, our legitimate interests, and consideration of the original purpose we collected it for.

Your Rights

The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and rights. This is why we are providing you with the information in this policy. If you have any additional questions, you can contact us using the contact details at the end of this policy.

The right to object
You always have the right to object to certain types of processing, including the option to stop receiving information from us across all of our communication channels (which is known as processing for direct marketing). This is at your discretion and we will respect your choice. However, for us to enact this we encourage you to notify us. You can use unsubscribe links on emails or contact us using the contact details at the end of this policy.

The right to access a copy of the personal data we hold.
You, or an organisation with legal purpose, can request a copy of your personal data for legitimate purposes. This is known as a ‘Subject Access Request’. To request this, contact us using the contact details at the end of this policy. Please note that proof of identity may be required and providing the reason for your request will allow Bath Nightline to respond most appropriately. We may ask for further details if needed.

The right to erasure
This is where you can request that Bath Nightline delete the data that we hold on you. Please note that this will not apply if there is lawful basis for us to continue to use the data we hold about you. To request this, contact us using the contact details at the end of this policy.

The right to rectify inaccurate data
As detailed above you can make corrections to the data we hold about you. To request this, contact us using the contact details at the end of this policy.

The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

The right to data portability
You have rights to obtain and re-use your personal data for your own purposes across different services.

The right to lodge a complaint
You can lodge a complaint about the way we handle or process your personal data with us or your national data protection regulator.

Contact coordinators@bath.nightline.ac.uk. We will aim to respond to your complaint within 48 hours.

The national data protection regulator for the UK is the Information Commissioner’s Office (ICO) and they can be contacted here: https://ico.org.uk/global/contact-us/.