Data Protection Policy

Purpose:

This document sets out The Isabella Trust’s policy and procedures to meet the requirements of the Data Protection Act 1998. The Policy will be made available to all trustees and volunteer staff and other external agencies that have a legitimate interest upon request, although it is not a substitute for the full wording of the Act.

The Isabella Trust is registered with the Information Commissioner and complete details of The Isabella Trust’s current entry on the Data Protection Register can be found on the notification section of the Information Commissioners web site.

The Isabella Trust registration number is: ZA373024

The register entry provides;

  • a fuller explanation of the purposes for which personal information may be used
  • details of the types of data subjects about whom personal information may be held
  • details of the types of personal information that may be processed
  • details of the individuals and organisation’s that may be recipients of personal information collected by The Isabella Trust
  • information about transfers of personal information

 

The Isabella Trust is required to keep certain information about its trustees, clients, volunteer staff members and other users for administrative purposes. It also needs to process information so that legal obligations to funding bodies and government are complied with. When processing such information, The Isabella Trust must comply with the Data Protection Principles, which are set out in the Data Protection Act 1998. Anyone processing personal data must comply with the eight enforceable principles of good practice. In summary these state that personal data shall be:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate;
  • not kept longer than necessary;
  • processed in accordance with the data subject’s rights;
  • secure;
  • not transferred to countries without adequate protection.

 

Scope

All The Isabella Trust’s trustees, volunteer staff and associated documentation.

Personal data covers both facts and opinions about the individual. With processing the definition surrounding the intentions of the data controller towards the individual are far wider than before. For example it incorporates the concepts of ‘obtaining’, holding’ and ‘disclosing’. The Isabella Trust volunteer staff or others who process or use personal information must ensure these principles are followed at all times.

 

Responsibility

It is the responsibility of the management team for ensuring that this policy is applied within the charity. The service manager is responsible for maintenance, regular review and the updating of this policy. All volunteer staff will be made aware of the Data Protection policy as part of the new volunteer staff induction process and the induction checklist annotated to confirm. All volunteer staff have a responsibility to ensure that the policy is implemented and adhered to across all aspects of the charity.

 

Review

This policy will be reviewed as part of the annual review cycle or sooner were legislation dictates

 

The Data Controller

The Isabella Trust Board of Trustees is ultimately responsible for Data Protection, but The Isabella Trust’s Service Manager is regarded as the main Data Protection Officer.

 

Subject Consent

In many cases, The Isabella Trust can only process personal data with the consent of the individual and if the data is sensitive, express consent must be obtained.

Agreement to The Isabella Trust processing some specified categories of personal data is a condition of acceptance of a participant onto any course and a condition of a position volunteer staff and trustee.
The Isabella Trust has a duty to ensure that all volunteer staff are suitable for the activity they are involved in.

All prospective volunteer staff, clients and course attendees will be asked to consent to their data being processed when an offer of a course place or inclusion in other The Isabella Trust activities. A refusal to give such consent may result in the offer being withdrawn. Other relevant policies here are the Criminal Disclosure Checks and Safeguarding Policies.

 

Volunteer Responsibilities

It is a condition of holding a volunteer staff position that volunteers will abide by the rules and policies made by The Isabella Trust. Any failures to follow this Policy can therefore result in a voluntary position being withdrawn.

Any volunteer staff, who considers that the policy has not been followed in respect of personal data about themselves, should raise the matter with the Data Controller. If raising the issue with the Data Controller does not resolve it the matter should be raised as a formal grievance.

All volunteer staff has a responsibility to ensure;

  • Check that any information that they provide to The Isabella Trust in relation to their position is accurate and up to date.
  • Inform The Isabella Trust of any changes to information, which they have provided, i.e. changes of address, emergency contact details, etc.
  • Inform The Isabella Trust of any errors or changes in volunteer staff information.

Where volunteer staff hold or process information about clients, colleagues or other data subjects (for example, clients’ work books, references to other academic institutions, or details of personal circumstances) volunteerstaff should comply with the Data Protection guidelines: All volunteer staff are responsible for ensuring that:

Any personal data, which they hold, is kept securely, for example: kept in a locked filing cabinet; or in a locked drawer;
Electronic records are password protected; or kept only on disk or machine which is encrypted and kept securely.
Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party.

Any unauthorised disclosure will be investigated as a disciplinary matter, and may be considered gross misconduct in some cases. It may also result in a personal liability for the individual volunteer staff member, as unauthorised disclosure can be a criminal offence.

 

Volunteer Staff Obligations

Volunteer Staff should ensure that all personal data provided to The Isabella Trust
is accurate and up to date. Any member of The Isabella Trust, who considers that the policy has not been followed in respect of personal data about him or herself, should raise the matter with the Service Manager. If the matter is not resolved informally it should be raised as a formal complaint through the volunteer staff complaint procedure.

Responsibilities of volunteer staff

All volunteer staff who are active in the organisation and who may have access to hold or store personal data on other volunteer staff should comply with this policy. All volunteer staff are responsible for ensuring that:

Any personal data, which they hold, is kept securely, for example:

  • Kept in a locked filing cabinet; or in a locked drawer
  • Electronic information is computerised, be password protected; or kept only on disk, which is itself kept securely.
  • Personal information is not disclosed either orally or in writing accidentally or otherwise to any unauthorised third party.

Volunteer staff should note that unauthorised disclosure may result in a personal liability for the individual voluntary member, as unauthorised disclosure can be a criminal offence. Any unauthorised disclosure will be investigated as a disciplinary matter and dealt with under the process contained in The Isabella Trust Volunteer Staff Policy.

 

Volunteer Staff Personal Information

The Isabella Trust holds general information about volunteer staff, such as name, address and telephone number. Volunteer staff data is the responsibility of the Service Manager.
Personal information is used in the following ways:

  • To process volunteer staff applications.
  • To provide services to volunteer staff. This might include sending information about current and future The Isabella Trust courses and events.
  • To contact volunteer staff in relation to participation in The Isabella Trust projects

Individual contact details will not be made available to any third parties

 

Client Obligations

Client’s must ensure that all personal data provided to The Isabella Trust is accurate and up to date. They must ensure that changes of address, etc are notified to Service Manager as appropriate.

 

Client personal information

Information that The Isabella Trust collect, including information that course attendees provide at registration, is added to a record. The Isabella Trust holds general information about clients, such as name, address, contact telephone number, email address, courses studied and fee payments Personal information is used in the following ways:

  • To process applications.
  • To provide services to applicants and clients. This includes sending information about current and future opportunities with The Isabella Trust.
  • To undertake research in order to help us plan and improve services. The Isabella Trust may contact applicants or clients.
  • To provide information about students to other bodies in order to provide accreditation and for audit purposes.

Client personal data records will show whether or not the individual consented to be contacted for audit purposes.

 

Accreditation

Clients will be entitled to information about their marks for both coursework and examinations as part of their support. This is within the provisions of the Act relating to the release of data. However, this may take longer than other information to provide.

 

Accuracy of Data

Updating is required only “where necessary” on the basis that, provided the
The Isabella Trust has taken reasonable steps to ensure accuracy (e.g. taking up references), data held is presumed accurate at the time it was collated.
All clients and volunteer staff members should be made aware of the importance of providing The Isabella Trust with notice of any change in personal circumstances. Where Individual Client Records are kept, clients will be made aware of who to contact in order to access the data for the purposes of ensuring that the data is up to date and accurate. Clients and volunteer members will be entitled to correct any details.

 

Third Parties

Any personal data which The Isabella Trust receives and processes in relation to third parties, such as suppliers, former clients and volunteer staff members, enquirers and other individuals on mailing lists etc. will be obtained lawfully and fairly and dealt with in accordance with the principles and conditions of the Act.

 

Security Measures

This policy is designed to fulfill statutory requirements and to prevent unauthorised disclosure of/or access to personal data. The following security measures will therefore be required in respect of the processing of any personal data.

Access to personal data on volunteer staff and clients is restricted to those who have a legitimate need to access such data in accordance with The Isabella Trust’s notification to the Information Commissioner.

Members of volunteer staff authorised to access personal data, will be allowed to do so only in so far as they have a legitimate need and only for the purposes recorded in the notification.

All persons processing data and individuals requesting access to personal data in accordance with this policy must have familiarised themselves with this policy.

All personal data will be stored in such a way that access is only permitted by authorised staff, including storage in filing cabinets, computers and other storage systems. Any act or omission which leads to unauthorised access or disclosure could lead to disciplinary action.

Personal data should be transferred under conditions of security commensurate with the anticipated risks and appropriate to the type of data held.

Personal data held electronically should be appropriately backed up and stored securely to avoid incurring liability to individuals who may suffer damage or distress as a result of the loss or destruction of their personal data.

Any disposal of personal data will be conducted in a secure way, normally by shredding. All computer equipment or media to be sold or scrapped must have had all personal data completely destroyed, by re-formatting, overwriting or degaussing (a method of erasing data held on magnetic media).

 

Retention of data

The Isabella Trust will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements.

 

Transfer of data outside the UK

The Women’s Organisation does not transfer personal data outside the UK.

 

Use of Personal Data in Research

The 1998 act provides certain exemptions for ‘research purposes’ including statistical or historical purposes. Provided that the purpose of research processing is not measures or decisions targeted at particular individuals and it does not cause substantial distress or damage to a data subject, then personal data may be:

Processed for purposes other than for which they were originally obtained

 

Held indefinitely

Exempt from the right of access by data subjects where the results do not identify individual data subjects

Most of the Data Protection Principles still apply to personal data used for research purposes and researchers should always provide clear guidance to individuals whose personal data will be used in research as to why the data is being collected and the purposes for which it will be used.

Collection of Personal Data from Web Pages
Personal data received by The Isabella Trust enquiries from on the web site use the data for the following:

To process and respond to applications and enquiries.

To provide services to applicants and clients who have provided consent to be included in The Isabella Trust mailing list. This includes sending information about current and future opportunities with The Isabella Trust.

Client personal data records will show whether or not the individual consented to be included on The Isabella Trust mailing list..

The Isabella Trust will provide users with the opportunity to opt out of any parts of the collection of or use of the data that are not directly relevant to the intended transaction.

 

Rights to Access Information

Volunteer staff and clients and other users of The Isabella Trust have the right to access any personal data that is being kept about them either electronically or in paper based files.
Any person who wishes to exercise this right should submit a written request to The Isabella Trust, Service Manager (Data Controller) at The Isabella Trust, 54 St James Street, Liverpool, L1 0AB.

The Isabella Trust aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days.

Download Leaflet

Looking for more information