Privacy and Cookies policy

Who we are

The Cellar Trust is a charity working in Bradford district to support people with mental health issues move forward in their recovery and live independent, fulfilling lives.

Your privacy is very important to us and we are committed to letting you know how we use your personal information and how we use your data responsibly. We will never give out or sell the information we have to a third party unless we have your consent or are required to by law in special circumstances.

References to “we”, “us” or “our” in this privacy policy are references to the Cellar Trust, a company limited by guarantee registered in England and Wales, registered company number: 2304802; and a charity registered in England and Wales, registered charity number: 701982.

We are a “data controller” for the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulation 2016. This means that we are responsible for, and control the processing of, your personal information.

For further information about our privacy practices, please contact Kim Shutler-Jones our Data Protection Officer by:

If you have concerns about how we are holding and processing your data you can also make a complaint to the Information Commissioner’s Office by visiting:

You can also download our privacy notices which are summary statements of this policy about how we process data specifically relating to our clients and volunteers:

The Cellar Trust Privacy Notice Clients

The Cellar Trust Privacy Notice Volunteers

The Cellar Trust Privacy Notice Employees

Our full Privacy Policy is available to download as a PDF here:

The Cellar Trust Privacy Policy

How we collect information about you

When you interact with us directly

This could be if you agree to receive a service from us, ask us about our activities, register with us for our newsletter, make a donation to us, purchase something from our shop, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This could be contact in person, over the phone or by email.

When you visit our website

We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use “cookies” to help our site run effectively. There are more details below – see the section on ‘Cookies’. We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.


We use cookies on our website. A cookie is a small file which asks permission to be placed on your computer’s hard drive and it helps us to recognise and track users in order to provide them with a better online experience. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies mean that websites respond to you as an individual and can adapt to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to user’s needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Cookies help us provide you with a better website because we can monitor which pages you find useful and which you do not. A cookie will never give us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you want to.

Links to other websites

Our website may contain links to other websites. If you click on these links you will leave our site. Once you have used these links to leave our site, you should note that we do not have any control over external websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these other sites and they are not governed by this privacy statement. You should exercise caution and look at the privacy statement on the website you are visiting.

Information we collect

Depending on what service(s) you access and on the reasons of your interaction with us we may keep some or all of the following data about you:

  • Your contact details (eg name, address, telephone number, email address)
  • Demographic information (eg your age, gender, ethnicity)
  • Health information (eg details of your therapy and support sessions, medication, mental and sometimes physical health conditions)
  • Information about your employment status, education and training history
  • Financial information eg information relating to the payment of expenses, donations or purchases
  • Information about your education, skills and experience and previous job or volunteering roles if you apply to volunteer with us

Special Category Data

Some types of personal information are more sensitive and have been identified as ‘Special Category Data’ under the law. If you access our services it is likely you will provide details of a sensitive nature (eg about your mental health). The lawful basis for us holding this information is your consent and we are legally required to handle it with more protection. We also have to process this type of data so we can deliver the health related service you have requested from us. We may also hold special category data if you volunteer with us for example this may relate to sickness records and health and safety related issues.

Why do we keep it?

  • To provide the services you have requested from us
  • To keep a record of your relationship with us and / or in order to fulfil our contractual and legal obligations
  • If you volunteer with us in order to fulfil the Volunteer Agreement
  • To send you details of other services, opportunities and events you may be interested in through our newsletter and other means (only with your consent)
  • To evaluate and monitor our services to ensure we are providing an effective service
  • From time to time we may send you promotional emails about new products, special offers, fundraising drives or other information which we think you may find interesting using the email address which you have provided (you may unsubscribe at any time and you will find instructions on how to do so at the bottom of every newsletter or promotional email you receive)

Legal basis for using your information

Under GDPR we must tell you what lawful basis we rely on for processing data.  Some of the grounds for processing will overlap and there may be several grounds which justify our use of your personal information depending on what information it is. If you fail to provide certain information when requested, we may not be able to provide you with the service you have requested.

The lawful basis on which we collect most of your personal data is consent – we will always ask for your consent to process information about you before we start working with you or before you start working / volunteering for us. We also ask for your consent to share any or all of this information with other organisations, professionals and family members – we will ask your consent about who we can share what information with and ask you to sign to say you have agreed. We will not pass on the data we have about you to anyone else without your consent except in exceptional circumstances, the lawful basis of which is vital interests. Examples of these circumstances might include information that suggests you might be a danger to yourself or someone else, or information about a child at risk of harm or neglect.

We may also rely on legitimate interests for processing some of your data. This means that the reason that we are processing information is because there is a legitimate interest for the Cellar Trust to do so to help us to achieve our aim of supporting people with mental health issues move forward in their recovery. Whenever we process your personal information under the legitimate interest lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.

Where we process special category data we always rely on explicit consent. This means that if we are asking you to give us information on your health, ethnic origin or other sensitive data then we will ask you to consent to us processing your data and we will tell you what we will be using it for.

Sharing your Information

Your information may be shared internally, including with staff members responsible for managing and administering projects, HR and health and safety. It may also be shared with external services and professionals such as the Community Mental Health Team, your job centre worker, your GP or your care coordinator. This will only be done with your explicit consent and we will ask you to sign a form to say you agree.

We may have to share your data with other third parties, including third-party service providers, for example in connection with supporting our client management system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to an individual.

We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not currently use the services of any supplier outside the European Economic Area (EEA) so no personal information is transferred, processed and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA. If we do decide to use a supplier outside the EEA we will take steps to put in place suitable safeguards to protect your personal information.

We will only pass on your information without your consent when there a situation that indicates you may be a danger to yourself or someone else, or information about a child at risk of harm or neglect.

Keeping your information safe

The Cellar Trust takes the security of your data seriously.  We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. Where necessary we use passwords, user permissions and encryption to protect data.

Where we engage third parties (external organisations) to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data in accordance with GDPR and Data Protection legislation.

We have put in place procedures to deal with any suspected data security breach and will notify you of a suspected breach where we are legally required to do so.

For full details of our data protection practices you can see our Data Protection Policy which is available from our Data Protection Officer using the contact details at the top of this page.

How long we hold your information for

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods, archiving and destruction policies for different aspects of your personal information are available in our Data Protection Policy which is available from the person responsible for data protection (see above).

Automated Decision Making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Your rights

Under the General Data Protection Regulation 2016 (GDPR) and The Data Protection Act 1998 (DPA) you have a number of rights with regard to your personal data.

You have the right to:

  • Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you at any time free of charge.
  • Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on` this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.
  • Consent: If you have given us your consent to use personal information (for example, for marketing or information about other services), you can withdraw your consent at any time.
  • Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
  • Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
  • No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.  You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law.  You also have certain rights to challenge decisions made about you.  We do not currently carry out any automated decision-making.
  • You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 2018 with regard to your personal data.

You can view full details of your legal rights under GDPR legislation here:

Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.

Changes to this privacy notice

We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information. Please read our privacy policy in conjunction with our website’s terms and conditions.