RISE Mutual CIC
Contact us

About Us

RISE Mutual CIC (RISE) is a community interest company with limited liability. We are registered in England and Wales under registration number 12123151 and our registered office is at

3rd floor, The Bridge,

73-81 Southwark Bridge Road,

London SE1 0NQ

 

What we do

We deliver life-changing programmes that help service users break their cycle of harmful behaviour and develop better relationships with their family and community. We work closely with Service Users and Stakeholders to secure safe outcomes for victims, individuals, families and communities.

Your privacy is important to us

RISE is committed to protecting your privacy and respecting your rights. This privacy notice sets out what personal data we collect, for what purpose and how it will be used and protected. It also explains our legal basis for doing so, as well as your rights and how to complain.

We are registered as a data controller with the UK Information Commissioner’s Office. Our data protection registration number is ZB064454.

Our Director of Business Development oversees all matters relating to data protection on our behalf. They currently carry out the functions required of a Data Protection Officer within our organisation. They can be contacted on: info@risemutual.org

The type of data we use

The type of data subjects we are involved with are, without limitation: service users and their families, contractors, staff and their next of kin, stakeholders and suppliers. The type of personal data we collect includes names, dates of birth, telephone numbers, email address, National Insurance number, CVs, vetting, next of kin details, physical or mental health conditions, religious beliefs, racial or ethnic origin, and criminal data.

Most of the work we are contracted to perform relates to perpetrators of crime, their victims and their families. This information is shared with our contractors and agencies we work in partnership with to deliver our service. We do not have any involvement in collecting or specifying how the data will be used. This data is likely to include information relating to physical or psychological injury, criminal convictions, information about court outcomes, alternative criminal justice procedures, as well as information from joint services strategy meetings and offender management meetings.

How we use your information

We will use your personal information in a number of ways which reflect the legal basis we are using as the lawful grounds for processing of your data. These may include:

  • Providing you with services you have asked for, providing services appropriate to your needs.
  • When necessary for carrying out our obligations under a contract to deliver services to you, or other obligations imposed, for example, under the Health & Safety or the Equality Act.
  • For quality assurance and auditing purposes.
  • Seeking your views on the services we provide so that we can make improvements.
  • Where the processing is necessary to comply with legal obligations, e.g. the prevention and/or detection of crime.
  • Manage a contract for services you may provide to us.
  • Sending you communications.
  • Maintaining our organisational records, including accounts.
  • Processing job applications.
  • Managing employees, including employment records, payroll and pensions.

Our legal basis

One or more of the following provides the lawful basis for which it is necessary for RISE to process your personal data:

Consent and Explicit Consent:

The majority of programmes we facilitate are carried out on behalf of another organisation responsible for controlling the personal information they collect and share. Your personal information may have been shared with us for these purposes. In these circumstances we follow the instructions issued to us by the organisation who control your personal information and have a responsibility for determining the purpose and legal basis when collecting or sharing your personal information beforehand.

However, in some circumstances,  we may be involved in a contractual arrangement with one or a number of other organisations when delivering our specialist services. In these circumstances we will enter into a sharing agreement with the parties involved and may when necessary seek the consent or explicit consent of individuals before either sharing their personal data or making onward referrals to other parties in the agreement.

Contract: you may be either a client, contractor or member of staff. If so we will need to enter into a contract with you, which we will need to maintain for its duration.

Legal obligations: the processing is necessary for RISE to comply with any legal obligations that we may be subject to, for example, orders of the court or information we are required to supply to HMRC.

Legitimate interests: it is also in our legitimate interests to collect and use your personal information for us to manage our business. Its use might include keeping an inventory of contracts including copies of any communications associated with them, maintaining contact lists, accounting, personnel record, also records of staff vetting, conduct and performance. This is necessary for us to operate as a business, we take great care to maintain a balance of our own needs against your own interests, rights and freedoms.

Our staff are highly experienced in delivering behavioural change programmes on behalf of our clients, when doing so they exercise the highest levels of professionalism and discretion. Their work often involves face to face discussions and meetings with people who cause harm, their victims and families. Staff are also required to carry out risk assessments and provide reports back to our clients.

The personal data necessary for carrying out this type of work is shared with us. RISE Mutual is not involved in collecting this personal information or defining its purpose or use. In these circumstances the client (controller) specifies in a written contract how we are to use the information including strict parameters for us to follow to ensure its security, and for it to be retained no longer than the client’s period specified in the contract.

The processing described above as recognised legitimate interest within the data Use and Access Act 2025. Our processing is aimed at safeguarding vulnerable individuals, and or preventing crime. In accordance with this legislation, when sharing data with public authorities for this purpose we will no longer require the requestor to justify their request.

How we collect your information

  • When it is provided to us by another organisation

Your personal information may be shared with us by another organisation when it is necessary to enable us to carry out specific work on their behalf. They will have a responsibility in these circumstances for specifying the purpose and lawful basis before they share your personal information with us.

  • When you give it to us directly

You may provide details to us in order for us to carry out a service for you.

  • When you have given another organisations permission to share it

Your information may be provided to us by other organisations if you have given them your permission.

  • When you use our website

We gather information relating to website usage. Any information gathered is primarily for internal use to allow us to refine and improve our customer service.

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how you use the site.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

  • When you email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

How we keep your information safe

We fully understand the importance and duty we have in protecting your privacy. We take appropriate organisational and technical steps to safeguard it whilst in our care, including:

  • Restricting access to only those who require it to process data.
  • All personal data is password protected.
  • Proportionate technical preventative solutions are installed on our systems.
  • Using encrypted computers.
  • Ensuring our staff are trained and understand potential risks.
  • By using adequate physical security in our offices.
  • When transferring data to a third party, sending it by securely using encryption or password protection.
  • When taking files and records off site for business purposes.

 

Who we share information with

Information RISE collects is routinely shared with other third parties, such as local authorities, the police, health and social care organisations, community organisations, authorised auditing and accreditation bodies, who we have either entered into an Information Sharing Agreement, or have a written contract in place with them, or those we work in partnership with or make referrals to, in order to carry out our services effectively.

We also have contracts for services such as IT and payroll.

We have an agreement in place with third parties for safe and effective information sharing and we require any suppliers to abide by the GDPR, to ensure that there are sufficient systems and procedures in place to protect your information.

We may also disclose your personal information if we are required to do so under any legal obligation.

We do not transfer data outside of the EEA.

We do not sell your personal data, or use it for direct marketing.

 

How long do we keep your information for

We will hold your personal information for as long as it is necessary for the relevant activity.

By way of example, we may hold data for six years after contract end so we can fulfil any statutory obligations.

When performing contracts for clients who provide personal data for us to use, we strictly observe the retention periods written in their contracts.

Your rights

You have the right to access your personal data, and any such requests made to RISE shall be dealt with in a timely manner.

When carrying out work with a stakeholder or client who for data protection purposes is a controller, an Information Sharing Agreement will be put in place, its contents will explain to you, which controller you should contact should you wish to exercise any of your rights.

Your rights include:

  • The right to be informed about the collection and use of your personal data. This is a key transparency requirement of the GDPR.
  • The right to access to information held about you.
  • The right to have inaccurate personal data rectified, or completed if incomplete.
  • The right to have personal data erased.
  • The right to request the restriction or suppression of the processing of their personal data.
  • The right to data portability.
  • The right to object to the processing of their personal data in certain circumstances.
  • Rights in relation to automated decision making and profiling.

You also have the right to lodge a complaint with the Information Commissioner Office who can be contacted via their web site www.ico.org.uk

The Data Use and Access Act 2025 states that when responding to a request we are only obliged to make reasonable and proportionate searches to retrieve the requested information. We will always seek to respond to your request, but within the context of this legislative change.

Data Protection Legislation does not insist requests are made in writing; however, it will enable us to manage your request more quickly if you were to use either email or letter, accompanied by some form of identification such as a copy of a passport or driving license. Your request should be directed to:

The Business Support Manager

Info@risemutual.org

or

3rd floor, The Bridge,

73-81 Southwark Bridge Road,

London SE1 0NQ

In most circumstances charges will not be made. Information will be provided promptly and no later than 30 days following receipt of the request.

Changes to this privacy notice

We keep our privacy notice under is reviewed every year. This privacy notice was last updated in August 2025.

How to contact us

If you want to request information about this privacy notice you can email or write to:

RISE Mutual CIC

3rd floor, The Bridge,

73-81 Southwark Bridge Road,

London SE1 0NQ

Email: info@risemutual.org