Terms & Conditions Using Our Services and Data Protection Policy
Data Protection Act (1998) On Between You And Me Seva
Between You and Me Seva uses personal data about individuals for the purposes of general administration and communication: SEVA recognises the importance of the correct and lawful treatment of all Personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act 1998.
SEVA Fully endorses and adheres to the eight principles of the Data Protection Act. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for SEVA must adhere to the following Principles:
Be processed fairly and lawfully and shall not be processed unless the following conditions are met:-
- Be obtained for a specified and lawful purpose and shall not be incompatible with Data Protection Act 1998
- Be adequate, relevant and not excessive for those purposes.
- Be accurate and, where necessary, kept up to date.
- Not be kept for longer than is necessary for that purpose.
- Be processed in accordance with the data subject’s rights.
- Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
- Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
These are the categories of individual for whom personal information may be held
The policy covers:
- Recruitment and Employment Records: applications, short-listing, interviews for paid staff and volunteer workers, including absence, equal opportunity monitoring, personal information.
- References, security of records, disclosure requests, discipline, grievance, dismissal and retention of records, as appropriate.
- Clients; potential, current or past.
- Details of other professionals in a working relationship with SEVA.
No details may be given to a third party except for referrals, where permission will be sought if possible.
Between You And Me Seva Data Protection Policy
COLLECTING DATA AND INFORMED CONSENT:
When collecting data from subjects the aim of SEVA to obtain their consent to hold their personal information in line with the policies of this document and the data protection act 1998.
SEVA will only collect personal data if actively given to us by the subject, e.g. through filling in an online enquiry form, by telephone or email. Collection, processing and use of personal data only occur in support of the client’s (previous, existing and potential) interests.
SEVA aims to treat all personal information as private and confidential, not to be shared with third parties. However, confidentiality may be breached if there appears to be a real danger of serious harm to the subject or to another person. Legal limitations to confidentiality include information about terrorism or money laundering for drug use. There may also be circumstances where a referral to another professional may seem appropriate. This would be discussed with the client beforehand and express permission sought if at all possible.
Brief notes are made about each session, but your name does not appear on them, and they are kept in a locked cabinet. All personal data is held and managed according to our data protection policy. Every counsellor and support worker has a supervisor whose role it is to help maintain good practice.
Supervisors are also bound by the same terms of confidentiality.
All SEVA staff and volunteers who have access to personal data will be required to adhere to the policies laid out in this document and in the data protection act (1998).
There are four legal exceptional circumstances to maintaining confidentiality:
- Where we are legally compelled to do so
- Where there is a duty to the public to disclose
- Where disclosure is required to protect our interests
- Where disclosure is made at your request or with your consent
THE USE OF PERSONAL INFORMATION:
Between You and Me Seva will use your data for three main purposes:
- Statistical analysis: Gaining a better understanding of client demographics.
- The day-to-day administrationof the organisation: e.g. making appointments, keeping session records, maintaining financial records of giving for audit and tax purposes.
- Child Protection and safeguarding Procedures, records relating to children or adults will be kept securely for an indefinite period in a secure environment.
- Personal information will not be passed onto any third parties, except for the reasons outlined above.
- The need to process data for normal purposes will be communicated to all data subjects. Some data held in personal records may be of a sensitive nature. SEVA will only store sensitive data when it is relevant and necessary.
- All individuals who are the subject of personal data held by SEVA are entitled to:
- Ask what information the organisation holds about them and why.
- Ask how to gain access to the information that we have on them.
- Be informed how to keep it up to date.
- Be informed what the organisation is doing to comply with its obligations under the 1998 Data Protection Act.
- Personal data will not be retained any longer than is useful for the day to day running of SEVA. In the case when personal data is no longer useful, it will be deleted, burned or shredded as appropriate. SEVA reserves the right to keep non-personally identifiable data about individuals for statistical analysis.
- For Child Protection purposes, records relating to children will be kept securely in our care for an indefinite period.
HOW DATA WILL BE STORED
Client notes are not named, and kept separate from personally identifiable data; Electronic data (tables, emails and databases) are kept on a secure, pass worded local computer which is backed up regularly, and are also destroyed when no longer needed. In addition:
- Access to the sensitive data is strictly controlled and authorised by the Data Controller.
- People who will have secure and authorised access to this data include SEVA Staff and business associates.
- Data will NOT be accessed by any authorised or non-authorised users outside of the EU, in accordance with the Data Protection Act, unless prior consent has been obtained from the Individual whose data is to be viewed.
RIGHTS TO ACCESS INFORMATION
Employees and other subjects of personal data held by SEVA have the right to access any personal data that is being kept about the client. This right is subject to an exemption: Personal Information may be withheld if the information also relates to another individual. Any person who wishes to exercise this right should make the request in writing to the Data Controller at SEVA using the standard letter which is available online from www.ico.gov.uk. SEVA reserves the right to charge a maximum fee of £10 payable for each subject access request. If personal details are inaccurate, they can be amended upon request.
SEVA aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days of receipt of a completed form unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
In order to keep personal data secure the following controls will be followed:
- Personal data, whether in written or electronic form, will normally be kept at the registered office under supervision of the Data Control Officer.
- With the approval of the Data Control Officer, personal data may be held at the home of Staff members, but should be returned to the office or destroyed safely (deleting, shredding or burning) once it is no longer required.
- Personal data must not be transferred between computers by means of email because of the insecure nature of email. Data transfer must be by means of physical paper or electronic means, e.g. memory stick or CD.
If the client or professional chooses to email the referral assessment form to SEVA, SEVA is not responsible any personal data that is not received as it is not a secure email system.