Privacy Policy

Privacy notice

In this policy, we use the terms, "we", "our" and "us" to refer to BAC-IN CIC. We are a community interest company - CIC Company No: 06040172..

We are committed to protecting the privacy of people who use our services, visit our website, employees and volunteers..


How we use your information

This Privacy notice explains what personal data we collect about you, how and why we use it, who we disclose it to and how we protect it.

We may collect and process the following categories of information about you:


a.   People who use our services

b.   People who visit use website

c.   Employees, volunteers current & past

d.   Complaints & Enquiries


People who use our services

We provide a range of addiction recovery support services to individuals, families & the general public.


Personal data held

We hold related personal & sensitive information of individuals who are assessed by us and have agreed to receive support. We hold this information so that we can respond appropriately to provide you with the right levels of care and support.


Sensitive information

Under data protection law, there are certain categories of personal information that are recognised as sensitive, including; health information; race; religious beliefs; and sexual orientation (‘sensitive personal data’). We only collect ‘sensitive personal data’, where the information is needed to enable us to effectively and safely deliver care, such as health information (GDPR: ‘the provision of social care’; article 9.h).


We also need to collect information on previous convictions from potential staff and volunteers to ensure appropriate safeguards are in place when supporting vulnerable people. This information is processed with utmost discretion in accordance with Data Protection law.


Security of your personal data

We will store all personal data and information you provide to us onto our secure password and firewall protected data management systems/servers. All our storage systems adhere to the requirements of law and ensure security and compliance to ICO standards. We take every reasonable step to ensure that the information we hold about you can only be read by the appropriate members of staff.


Data protection registration

We are registered as a data controller with the UK Information Commissioner's Office (ICO).


Data sharing

We are a confidential support service; anything you share with us will remain with us in line with our confidentiality agreement. Your anonymity is always maintained when we share anonymised information related our service level agreements, activity reports and improvements to our services.


We will not share your information with any other organisation/individual without your explicit consent. There are instances where we are required to share information, this include;


  • if instructed to by law, through a court order


We do not sell personal data and information that we hold for any marketing purposes.


How long do we keep personal data?

We may keep your personal data only for as long as it is necessary to continue to provide you with the support you have requested; to comply with law and to support a claim or defence in court in compliance with legislative obligations.


Your rights

We support the principle of “fair and transparent” processing of your personal information and support your rights to your personal information under the General Data Protection Regulation, this can include the:


  • right to be informed right of access

  • right to rectification

  • right to erasure

  • right to restrict processing

  • right to data portability

  • rights related to automated decision-making including profiling


Requesting access to your personal data

You have a right to request access to the personal data that we hold about you. If you would like to request a copy of your personal data or have any queries in relation to your personal data, please contact our Data Protection Officer in writing at BACIN CIC LTD 278-290 Huntingdon Street, Huntingdon House, Nottingham, NG1 3LY or by email:


Personal data of children

We provide services to adults aged 18 and over.


Reporting a breach

We are required to report any serious security breaches to the ICO line with our policies and procedures.


Third party websites

Our website includes hyperlinks to third party websites; we have no control over and are not responsible for the policies and practices of these third parties.


Policy amendments

We review our privacy and related policies regularly to ensure they are up to date with the latest legislation and standards; - you may occasionally want to check our website for these updates to make sure you are happy with any changes to this policy.


People who visitor our website

We respect the privacy of our website visitors and make no attempt to identify anyone who is visiting our website. We however collect general information such as the number of visitors accessing aspects our website & geographical location. This collection of information does not identify anyone. In order to improve our services, we may analyse how visitors use our websites, we may use cookies or other tracking software. The collection of this information will not be able to identify you as this is based on your Internet Protocol (IP) address only. On our website we use Google Analytics, this service is provided by Google. Google Analytics use cookies to help the website analyse how people use the site. You may decline the use of cookies by selecting appropriate settings on your browser; as a result you may not be able to make full use of the functionality of our website.


Employees & volunteers - past & current

We collect personal data and information as part of our staff or volunteer recruitment processes. We use the data and information provided by you to process and to consider your application, staff administration, payroll, pensions and performance management. Your recruitment information will only be shared with key individuals who will be involved in the processing of your application. We will seek your prior consent when requesting a DBS disclosure and a reference in conjunction with the applied post.


Past employees 

All files are destroyed or deleted in relation to our past employees after 12 months of their employment. We however keep secure generic information for up to 3 years for providing ‘reference requests’ only.


Security of your personal data

We keep a secure file for all of our employees with pertinent information relevant for their employment.


Donors, grant providers and funders

We will maintain anonymity of all our financial supporters such as; donors, grant providers and funders unless they consent otherwise, permitting us to say ‘thank you’ and how their contributions are used to support people through our services. Complaints & Enquiries If you have a complaint or query in relation to your personal information or any other matter then please contact our Management Board in writing, at BAC-IN CIC LTD, 278-290 Huntingdon Street, Huntingdon House, Nottingham, NG1 3LY or by email: All complaints received are kept in a secure file with restricted access according to the ‘need to know’ principle. The file will enclose the identity of the complainant and any other individual/s in relation to the complaint. Any information relative to the complaint will be kept for 12 months after closure.