Privacy notice
Our privacy notice sets out how Waythrough uses and protects any of your personal data we collect.
Privacy Notice Summary
Humankind and Richmond Fellowship have merged to form a new charity, Waythrough, with Aquarius as their subsidiary.
Humankind remains the legal entity operating as Waythrough pending legal and regulatory finalisation of our name change. Humankind Charity (Humankind) is a company registered in England and Wales (Registered Charity No. 515755 Registered Company No 182 0492 , VAT 413 2088 32, Registered Provider 4713).
Our registered office is: Head Office North, Inspiration House, Unit 22, Bowburn, North Industrial Estate, DH6 5PF
Waythrough is a new identity created after the merge of two charities – Humankind and Richmond Fellowship. The organisations legally merged in June 2024, and the Waythrough identity was launched in October 2024. Our legal name remains Humankind whilst the final legal and regulatory stages of the merge process are completed. Some individual project privacy notices may refer to previous brands, but we are working to update these.
The purpose of our privacy notice
Personal data is information about a living, identifiable individual and includes any information that can be attributed to you personally, including your name and contact information.
There are more sensitive types of personal data, known as ‘special categories’, which include information about your health, identity and any criminal offences. You can read about them on the Information Commissioner’s Office website.
We’re committed to ensuring your privacy is protected. Waythrough offers a range of services which include mental health, substance use, clinical and health, employment, training and education, housing services, housing support domestic abuse, young people, and family services.
Our responsibilities
A Data Controller is a term used in the Data Protection Act 2018 to describe an organisation that has the most responsibility for protecting personal data.
Waythrough is a Data Controller for some of its services but not for all. For other services, Waythrough is a Data Processor. A Data Processor acts upon the instructions of a Data Controller and is not accountable for privacy information.
Each service, where Waythrough is the Data Controller, has its own Waythrough privacy notice.
We offer a layered approach to providing privacy information in these services. This means that when we first make contact with you, we usually read you a short privacy statement. Then, when we hold our first meeting with you, we give you an A4 privacy factsheet and other information.
We have two different factsheets with two different privacy videos (see below). One is for services that support adults and the other is for services that support children and young people. The factsheets also signpost to the service’s Full Version Privacy Notice so that you are aware that there is a long notice with more detail in it. Our privacy information is only relevant when we are a Data Controller.
Our privacy videos
Your data rights
You have data rights, but these rights vary depending upon which lawful reason the Data Controller has applied to the use of your data.
Our privacy information explains what your rights are and how you can use them. We have also provided an overview of the Data Subject Rights below. Please note that when the word “processing” is used, this means any use of your personal information (for example, collection, storage, sharing, updating etc). You can find out more about these terms and about your rights at www.ico.org.uk
Your right of access: You have the right to ask for a copy of your information or to know what information a Data Controller has about you. This right always applies. There are some exemptions, which means you may not always receive all the information.
Your right to rectification: You have the right to ask that your information is rectified if you think it is inaccurate. You also have the right to ask the Data Controller to complete information you think is incomplete. This right always applies.
Your right to erasure: You have the right to ask the Data Controller to erase/delete your personal information in certain circumstances. This is also known as the right to be forgotten.
Your right to restriction of processing: You have the right to ask the Data Controller to restrict/pause the processing of your information in certain circumstances.
Your right to object to processing: You have the right to object to processing if the Data Controller is processing your information as part of their public tasks, or is in their legitimate interests.
Your right to data portability: This only applies to information you have given the Data Controller. You have the right to ask the Data Controller to transfer the information you gave them from one organisation to another, or give it to you. The right only applies if your information is used based on your consent or under (or in talks about entering into) a contract and the processing is automated/done by machine.
Your right to withdraw consent: This only applies to information the Data Controller is using based upon your consent. Consent is just one of six lawful reasons (legally called “bases”) upon which a Data Controller can rely on. How data is used is only your choice if the data use was consent-based and this is not always the case. The Data Controller is the organisation that decides what the lawful basis should be, not the data subject.
You’re not required to pay any charge for exercising your rights. Data Controllers have one month to respond to you, but this in some cases can lawfully be extended.
Accessing our privacy information
Don’t worry if you lost the factsheet we gave you. You can ask for another copy of the privacy information provided by a project, by asking the project staff directly or emailing caldicott.guardian@waythrough.org.uk
For transparency, each project (where Waythrough is the Data Controller) has a custom-made Full Version Privacy Notice and our A4 factsheets summarise key elements. Every A4 factsheet reminds you that there is a Full Version Privacy Notice and you should read the Full Version Privacy Notice. This means you’ll be aware of all the details which are specific to how we use your personal information in the service you are using.
Each project where Waythrough is the Data Controller, has a Full Version Privacy Notice. This is available to you at any time. You can see it on the project’s individual webpage. You can search for each service’s individual webpage in the search tool in the top left corner of our website or on our find support page. You can ask the project directly or email caldicott.guardian@waythrough.org.uk
If there is no privacy notice on the services webpage this is because we are a Data Processor, so please phone or speak to staff in that particular service for more information. Where we are a Data Processor we will provide the privacy information that belongs to the Data Controller and in some services, we may need to signpost you to the Data Controller.
Every project has a manager who can inform you and you can also email caldicott.guardian@waythrough.org.uk
You do not have to read any of the information we provide to you, but we have a legal obligation to make sure we have provided you with it.
How we use your information when you use this website
All websites use personal data and the law says we need to inform you about what happens to your information when you use our website.
You can read information about how we use your data when you use our website.
Privacy notice review period
This notice was last reviewed August 2023 and will next be reviewed August 2025 unless there are significant changes to how we use your personal information.
Subject access request statement
In compliance with the UK General Data Protection Regulation (UKGDPR), Waythrough (where we are the Data Controller) is obliged, upon request, to disclose any information we hold about you. This is called your Right Of Access.
This includes people who have accessed our services or support, staff, volunteers, students, placements apprentices, temporary staff and any other person working on behalf of Humankind.
We have one month to respond to your request, although this can be extended in certain circumstances. There are rules for what we can and cannot disclose, so all requests require a rigorous redaction process by our information governance team.
If you would like to view the records we hold about you please contact us at caldicott.guardian@waythrough.org.uk or call us on 01325 731 160.
We also have a Staff Privacy Notice, Volunteer Privacy Notice and Housing Privacy Notice which you can access through the links below.
Please note that if we are a Data Processor for your data, we will signpost you to the Data Controller who will manage your request.