Data Protection Policy & Procedures

Similar documents
Data Protection Policy

Data Protection Policy, including Key Procedures

Data Protection Policy.

HERITAGE TRUST NETWORK Data Protection Policy, including Key Procedures

Tourettes Action Data Protection Policy

POLICY ON INFORMATION, SECURITY & DATA PROTECTION

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

St Mark s Church of England Academy Data Protection Policy

DATA PROTECTION POLICY

Data Protection Policy

Data Protection Policy

Data Protection Policy

Data Protection Policy

DATA PROTECTION POLICY

DATA PROTECTION POLICY 2016

Data Protection Policy

Data Protection Policy for the Grimsby Institute of Further & Higher Education

Data Protection. Policy

SHENLEY BROOK END SCHOOL

General Optical Council. Data Protection Policy

This personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.

DATA PROTECTION POLICY 2018

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Our Volunteer Privacy Notice: protecting and respecting your information

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

Our Volunteer Privacy Notice: protecting and respecting your information

DATA PROTECTION POLICY

Security of Personal Data Policy and Guidelines

DATA PROTECTION POLICY

Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE

EDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants

Brasenose College Data Protection Policy Statement v1.2

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

Data Protection/ Information Security Policy

VMS Software Ltd- Data Protection Privacy Policy

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

Baptist Union of Scotland DATA PROTECTION POLICY

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY

DATA PROTECTION POLICY

DATA PROTECTION POLICY

Data Protection Policy

2.1.2 Gender, age, date of birth, marital status and nationality;

Data protection (GDPR) policy

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3

Nissa Consultancy Ltd Data Protection Policy

DIGITGAIN LTD. Rectory Road, Padworth Common, West Berkshire, RG7 4JD Tel: DATED GDPR PRIVACY POLICY FOR EMPLOYEES,

PRIVACY NOTICE for Welsh St Donat s Community Council, May 2018

Trinity is committed to protecting the privacy and security of personal data.

Data Management and Protection Policy

Data Protection Policy. UK Policy May 2018

Job applicant privacy notice (compliant with the General Data Protection Regulations (GDPR)

The Diocese of Galloway - Privacy notice

Data Protection Policy

Data Protection Policy

Brasenose College is committed to protecting the privacy and security of personal data.

DATA PROTECTION POLICY

The Society of St Stephen s House Site Security and Monitoring Privacy Notice

GDPR Policy of Lovedaycare Nursery

Douai Abbey Parishes Trust

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021

General Data Protection Regulation. What should community energy organisations be doing to prepare?

Data subject access policy

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

GROUP DATA PROTECTION POLICY

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

RECRUITMENT PRIVACY NOTICE

DATED: 25/05/2018 GDPR PRIVACY NOTICE FOR HOPES & DREAMS LTD FOR EMPLOYEES, CHILDREN ATTENDING A GROUP NURSERY AND THEIR PARENTS

Data Protection Policy

DATED. 14 th MAY 2018 GDPR PRIVACY NOTICE FOR TRUSTEES, EMPLOYEES, VISITORS, STUDENTS, CHILDREN ATTENDING

PRIVACY NOTICE FOR JOB APPLICANTS

RECRUITMENT PRIVACY NOTICE

St Michael s CE Primary School Data Protection Policy

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

APCC Policy Statement

UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.

DATA PROTECTION POLICY AND PROCEDURE

DATA PROTECTION POLICY

LPC Law Recruitment Privacy Notice

St Laurence s Primary School. Privacy notices GDPR compliant

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:

Data Protection Policy

SSI SERVICES (UK) LTD APPLICANT PRIVACY NOTICE

Data Protection Act Policy And Operational Procedures For the Trust, Its Academies, And Essa Nursery

The template uses the terms students / pupils to refer to the children or young people at the institution.

Data Protection Employee Privacy Notice

DATA PROTECTION POLICY VERSION 1.0

DATA PROTECTION POLICY

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

UK Research and Innovation (UKRI) Data Protection Policy

General Personal Data Protection Policy

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY

DIOMED DEVELOPMENTS LIMITED DATA PRIVACY NOTICE FOR APPLICANTS

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

Transcription:

Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who are covered by this policy. It does not form part of your terms and conditions of employment and may be subject to change and statutory updates at our discretion. Policy Statement - Our commitment to you: Clear Sky Children s Charity needs to keep certain information on its employees, volunteers, service users and trustees to carry out its day to day operations, to meet its objectives and to comply with legal obligations The organisation is committed to ensuring any personal data will be dealt with in line with the Data Protection Act 1998. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully Key Principles The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document also highlights key data protection procedures within the organisation This policy covers employed staff, trustees and volunteers Equality Statement We are committed to ensuring that all of our people management policies, and their application, are free from any form of discrimination on the grounds of: race; disability; gender; gender identity; religion/belief; age; sexual orientation; or any other personal characteristics. Data Protection Policy Contents 1. Glossary of terms used 2. Definitions 3. Type of information processed 4. Notification 5. Responsibility 6. Policy Implementation 7. Training 8. Gathering Information and checking 9. Data security 10. Subject access requests 11. Review

Glossary of Terms Used DPA Data Protection Act 1998 ICO Information Commissioners Office SMART database Online System for Monitoring and Recording Data for Clear Sky client work SDQ Strength and Difficulties Questionnaire for assessing needs and outcomes of Play and Creative Arts Therapy Definitions In line with the Data Protection Act 1998 principles, Clear Sky Children s Charity will ensure that personal data will: Be obtained fairly and lawfully and shall not be processed unless certain conditions are met Be obtained for a specific and lawful purpose Be adequate, relevant but not excessive Be accurate and kept up to date Not be held longer than necessary Be processed in accordance with the rights of data subjects Be subject to appropriate security measures Not to be transferred outside the European Economic Area (EEA) The definition of Processing is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer. The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. The organisation will seek to abide by this code in relation to all the personal data it processes, i.e. Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data Visibility: Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data Consent: The collection and use of personal data must be fair and lawful and in accordance with the DPA s eight data protection principles. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject s consent should be explicitly obtained Access: Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data Stewardship: Those collecting personal data have a duty of care to protect this data throughout the data life span

Type of information processed Clear Sky Children s Charity processes the following personal information: Information on applicants for posts, including references Employee information contact details, bank account number, payroll information, supervision and appraisal notes Client information referral forms, SDQ s, end of Play & Creative Arts Therapy reports, parental consent forms, safeguarding concerns, and session notes from Play & Creative Arts Therapy School information names, email addresses and phone numbers of key members of staff Personal information is kept in the following forms: Paper based Computer based systems Groups of people within the organisation who will process personal information are: Employees Volunteers Notification The needs we have for processing personal data are recorded on the public register maintained by the Information Commissioner We notify and renew our notification on an annual basis as the law requires If there are any interim changes, these will be notified to the Information Commissioner within 28 days The name of the Data Controller within our organisation as specified in our notification to the Information Commissioner is Sophia Giblin Responsibility Under the Data Protection Guardianship Code, overall responsibility for personal data in a not for profit organisation rests with the governing body. In the case of Clear Sky Children s Charity, this is the board of Trustees The governing body delegates tasks to the Data Controller. The Data Controller is responsible for: understanding and communicating obligations under the Act identifying potential problem areas or risks producing clear and effective procedures notifying and annually renewing notification to the Information Commissioner, plus notifying of any relevant interim changes All employed staff and volunteers who process personal information must ensure they not only understand but also act in line with this policy and the data protection principles. Breach of this policy will result in disciplinary proceedings, or dismissal from the board of Trustees.

Policy Implementation To meet our responsibilities staff, volunteers and trustees will: Ensure any personal data is collected in a fair and lawful way Explain why it is needed at the start Ensure that only the minimum amount of information needed is collected and used Ensure the information used is up to date and accurate Review the length of time information is held Ensure it is kept safely Ensure the rights people have in relation to their personal data can be exercised We will ensure that: Everyone managing and handling personal information is trained to do so Anyone wanting to make enquiries about handling personal information, whether a member of staff, volunteer or service user, knows what to do Any disclosure of personal data will be in line with our procedures Queries about handling personal information will be dealt with swiftly and politely Training Training and awareness raising about the Data Protection Act and how it is followed in this organisation will take the following forms: On induction: employees must read this Data Protection policy and sign the agreement as proof of reading and understanding Employees and volunteers are made aware that they are not to share passwords for computer systems with anyone else Employees and volunteers must store files in lockable filing cabinets, and the keys must be kept in a lockable key box which is kept locked at all times Employees must not share the combination for the key box with anyone else Employees are to be made aware about the procedures for taking personal information off site General training/ awareness raising: Annual reminders about the policy at team meetings Gathering Information and Checking Before personal information is collected, we will consider: What details are necessary for our purposes How long we are likely to need this information We will inform people whose information is gathered about the following: Why the information is being gathered What the information will be used for Who will have access to their information We will take the following measures to ensure that personal information kept is accurate: reminders to people asking them to check their details which is good practice. If we receive no response, we will decide whether or not to keep their details.

Personal sensitive information will not be used apart from the exact purpose for which permission was given. Consent must be sought each time it is to be used This is information about ethnic origin, political opinions, religious beliefs, membership of a trade union, physical or mental health, criminal convictions etc Data Security The organisation will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken: Using lockable cupboards (restricted access to keys) Password protection on personal information files Setting up computer systems to allow restricted access to certain areas Personal data that is being taken off site (paper form) must be kept in a lockable file box as provided by Clear Sky at all times. No one except the employee should have access to this data. See Data Security & Storage Procedures and Best Practice Backup of computer data on password protected external hard drive All personal data is sent via a central email address through an encrypted, secure email system. See Data Security & Storage Procedures and Best Practice Any unauthorised disclosure of personal data to a third party by an employee may result in disciplinary action. The Board and trustees are accountable for compliance of this policy. A trustee could be personally liable for any penalty arising from a breach that they have made. Any unauthorised disclosure made by a volunteer may result in the termination of the volunteering agreement. Subject Access Requests Anyone whose personal information we process has the right to know: What information we hold and process on them How to gain access to this information How to keep it up to date What we are doing to comply with the Act They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong. Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to Sophia Giblin, Charity Director, The Manor House, Little Wittenham, Oxfordshire, OX14 4RA We may make a charge of 10 on each occasion access is requested

The following information will be required before access is granted: Full name and contact details of the person making the request Their relationship with the organisation (former current member of staff, trustee or other volunteer, service user etc.) Any other relevant information- e.g. timescales involved We may also require proof of identity before access is granted. The following forms of ID will be required: Passport or driving license Queries about handling personal information will be dealt with swiftly and politely. We will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the 40 days required by the Act from receiving the written request (and relevant fee). Review This policy will be reviewed at intervals of 2 years to ensure it remains up to date and compliant with the law. Data Protection Policy & Procedures Last reviewed & updated Jan 2017

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback