It is the intention of the PARC leadership team, to commit to complying with both the law and good practice, to respect every individual’s rights and to provide training and support to all staff who handle personal data. We are committed to protecting the data that we hold and process. This policy sets out how PARC will treat any personal information and data.
PARC operates a clear desk policy. Everyone must ensure their working area is always left clear of personal and sensitive information.
Staff must ensure that they are not sharing personal or sensitive information with any outside agencies without permission from the person or their parent/carer. The only occasion this may be breached is if we believe there may be a child or adult at risk from harm, in line with PARC’s Safeguarding policy.
Any personal or sensitive information held at PARC will be done securely, either locked in filling cabinets, drawers or cupboards. Personal and sensitive information is kept locked away at all times and offices are locked at the end of the day.
If someone makes a request to have access to confidential information, this must be made in writing to the Data Protection Officer/Data Protection Manager who will deal with this within one month.
PARC will check the identity of all persons asking for access to personal information. All staff must ensure that any request for information must be reported to the Data Protection Officer without delay.
Requests for access to personal and sensitive information may be refused if the request is vexatious or repeated, the cost of complying exceeds the appropriate limit (£450) or the information requested falls under one of the exemptions listed in part 2 of the Freedom of Information Act. If the request is refused you will be sent a Refusal Notice.
Children’s photos will only be used with permission from the individual or their parents/carers. This will usually be obtained by filling in a registration pack or during our annual database update.
All personal and sensitive data collected by PARC shall be adequate, relevant, accurate (and where necessary kept up to date) and not excessive. All data is not kept for longer than is necessary. All confidential information is either returned or shredded before disposal.
All memory sticks are locked away and staff are not permitted to take them home.
All computers are password protected, with only the necessary/specific staff having access to. All highly confidential information is password protected with only the necessary people allowed access.
All emails needing to be sent out to multiple recipients will be sent through blind carbon copy (BCC) as to keep everyone’s email addresses private.
Personal and sensitive data will only be processed in accordance with this policy.
If staff or volunteers witness any PARC member breaking these rules, please report to a Team Leader or Manager immediately. Anyone found not to be adhering to the above will be investigated and the disciplinary procedure will be actioned.
(1) What information do we collect?
PARC may collect and hold the following information:
a) Information about contact details of parents whose children or young adults attend PARC services.
b) Information that is personal and sensitive to the children and young adults that attend PARC services.
c) Information about contact details for staff and volunteers that work at PARC Centre or PARC Charity Outlet.
(2) Using your personal data
We will never, without your express permission, share your information with any third parties for any purpose. We will also not use your personal information if you have instructed us not to.
(3) Other disclosures
We may be required to disclose some of your information if required to do so by law under the following circumstances.
In connection with any legal proceedings or prospective legal proceedings in order to establish, exercise or defend our legal rights.
(4) Security of your personal data
We will take reasonable precautions to ensure that your personal and sensitive information will not be lost, misused or altered by us. In the unlikely event of a security breach, we will inform you.
(5) Policy amendments
It may be necessary to amend this policy from time to time to adhere to new regulations and changes in circumstance.
(6) Data review
We intend to review the data and personal information we hold on an annual basis, in line with the financial year. Any out of date information will be deleted.
In the event of receiving a request to delete personal information, we will process the request within one month in line with GDPR.
(7) Designated Data Protection Officer