Privacy

We take your privacy seriously. This notice explains how Kaleidoscope handles your personal information—whether you’re using our services, applying for a job, or just visiting our website.

Who we are
Kaleidoscope is a UK-based drug and alcohol charity. We collect and use personal information so we can deliver support services, meet legal obligations, and manage our organisation effectively.

Each of our services has its own detailed Privacy Notice, given at the first point of contact. This page gives you an overview of how we handle personal information more broadly.

What kind of information we collect
Most of the information we hold is provided by you. Sometimes we also receive data from third parties (e.g. other agencies or professionals). If that happens, we’ll tell you what we’ve received and where it came from.

Examples of data we may collect:

  • Name, contact details, date of birth
  • Health information (with extra safeguards)
  • Emergency contact details
  • Service history

Why we use your information
We only use your data when we have a valid reason to do so. This is called the “legal basis” for processing, and it could include:

  • Your consent
  • A legal obligation
  • Our legitimate interest as a treatment provider
  • Providing you with care or support

If we ask for consent, you can withdraw it at any time—we’ll explain how to do that.

Some of the information we handle is classed as special category data (e.g. health, ethnicity, sexual orientation). We take extra steps to protect this data and always identify a clear legal reason before using it.

We don’t use machines to make decisions about your treatment, and we don’t transfer your information outside the UK.

Who sees your data
Kaleidoscope is usually the “data controller”—responsible for your information. Our Data Protection Officer is David McNeil, who can be contacted at david.mcneil@kaleidoscope68.org

If we’re acting as a data processor for another organisation (such as a local authority), we still ensure your rights are protected under the GDPR.

When we collect your data, we’ll tell you:

  • Who will use it
  • Whether we share it, and with whom

Your rights
Under the Data Protection Act 2018, you have rights over your personal information. These include the right to:

  • Access your data
  • Correct inaccurate data
  • Ask us to delete your data
  • Limit how we use your data
  • Move your data to another provider (data portability)

Some of these rights may not apply in all situations, but we’ll always consider your request carefully.

To make a request, email david.mcneil@kaleidoscope68.org

Accessing your information
You can ask for a copy of the information we hold about you at any time. A written request is preferred. If someone is acting on your behalf, we may ask for proof of identity or authorisation.

How long we keep your data
We keep your data for as long as needed, based on our retention policy. When we no longer need it, we securely delete or destroy it.

Keeping your information safe
We use technical and organisational safeguards to protect your data from loss, damage, or misuse. This includes encryption and strict access controls.

Complaints
If you’re unhappy with how we’ve handled your data, email us at david.mcneil@kaleidoscope68.org

If you’re still not satisfied after we respond, you can contact the Information Commissioner’s Office (ICO):
https://ico.org.uk
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

 

If you’re applying for a job at Kaleidoscope

When you apply for a job with us, we collect certain information so we can manage the recruitment process fairly and safely.

We use your data to:

  • Contact you about your application
  • Review your experience, education, and suitability for the role
  • Fulfil our duty to protect the people we support
  • Meet our legal responsibilities (e.g. right to work checks)

Diversity and equal opportunities
We may ask for information about your age, ethnicity, disability, gender, sexual orientation, marital status or language. This is used only for equal opportunities monitoring. It’s kept confidential and isn’t seen by the people assessing your application.

Sharing your data during recruitment
We may share your application data with partner organisations in a consortium, if they’re part of the hiring process. They will only use it for recruitment and must keep it secure.

We only process your application data within the UK.

How long we keep your application

  • Unsuccessful applicants: data kept for 6 months
  • Successful applicants: application data becomes part of your employment file and is kept for 6 years after you leave the organisation

Your rights during recruitment
You have the same rights as outlined earlier—including the right to access, correct, object to, or delete your data. You can exercise these by contacting our Data Protection Officer directly.

Keeping recruitment data secure
We design our recruitment systems with privacy in mind. Only people who need to see your data will have access to it. Data is encrypted during submission and never shared without good reason.

 

Legal information for job applicants

Data Protection
All personal data is stored securely with restricted access. Anonymised data may be used for equal opportunities monitoring.

If you’re not hired, your application is deleted after 6 months. If you’re offered the job, the relevant information is added to your personnel file.

Criminal convictions
Kaleidoscope is exempt from the Rehabilitation of Offenders Act 1974 due to the nature of our work with vulnerable people. This means you must declare all convictions—including those that are spent.

Right to work
We follow the Asylum and Immigration Act 1996 and must check that anyone we hire has the right to work in the UK. This will involve checking documents, usually after a job offer is made.