Data Protection Policy.

Policy Statement

Driver’s SEAT collects and uses information about people with whom it communicates.

This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998.

Driver’s SEAT regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals.

To this end Driver’s SEAT fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998.

Purpose

The purpose of this policy is to ensure that the staff and clients of Driver’s SEAT are clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place which are consistently followed.

Failure to adhere to the Data Protection Act 1998 is unlawful and could result in legal action being taken against Driver’s SEAT or its staff.

Principles

The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.

Data users must comply with the data protection principles of good practice which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

To do this Driver’s SEAT follows the eight Data Protection Principles outlined in the Data Protection Act 1998, which are summarised below:

  1. Personal data will be processed fairly and lawfully
  2. Data will only be collected and used for specified purposes
  3. Data will be adequate, relevant and not excessive
  4. Data will be accurate and up to date
  5. Data will not be held any longer than necessary
  6. Data subject’s rights will be respected
  7. Data will be kept safe from unauthorised access, accidental loss or damage
  8. Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data

The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. Driver’s SEAT employees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.

Procedures

The following procedures have been developed in order to ensure that Driver’s SEAT meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by Driver’s SEAT falls into 2 broad categories:

  1. Driver's SEAT internal data records; relating to staff
  2. Organisation Name's external data records; relating to clients

Driver's SEAT as a body is a DATA CONTROLLER under the Act, and the Sole Trader is ultimately responsible for the policy’s implementation.

Internal data records

Purposes

Driver's SEAT obtains personal data (names, addresses, phone numbers, email addresses), application forms, and references and in some cases other documents from staff. This data is stored and processed for the following purposes:

  • Recruitment
  • Equal Opportunities monitoring
  • To distribute relevant organisational material e.g. meeting papers
  • Payroll

Driver's SEAT as a body is a DATA CONTROLLER under the Act, and the Sole Trader is ultimately responsible for the policy’s implementation.

Access

The contact details of staff, volunteers and trustees will only made available to other staff as necessary for emergency contact purposes. Any other information supplied on application will be kept in a secure and is not accessed during the day to day running of the organisation.

Contact details of staff will not be passed on to anyone outside the organisation without their explicit consent.

Staff will be supplied with a copy of their personal data held by the organisation if a request is made.

Accuracy

Driver’s SEAT will take reasonable steps to keep personal data up to date and accurate.

Personal data will be stored for 6 years after an employee has worked for the organisation and brief details for longer. Unless the organisation is specifically asked by an individual to destroy their details it will normally keep them on file for future reference. The Operations Manager has responsibility for destroying personnel files.

Storage

Personal data is kept on a password-protected computer system.

Driver's SEAT operates a clear desk policy at all times.

External data records

Purposes

Driver's SEAT obtains personal data (such as names, addresses, and phone numbers) from clients. This data is obtained, stored and processed solely to assist staff in the efficient provision of services. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on the organisation’s database.

Consent

Written consent is not requested as it is assumed that the consent has been granted when an individual freely agrees for their details to be passed to Driver’s SEAT by the Sentencing Court.

Personal data will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation.

Access

Only the organisation’s staff will normally have access to personal data. All staff are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.

Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service.

Information will not be passed on to anyone outside the organisation without their explicit consent.

Individuals will be supplied with a copy of any of their personal data held by the organisation if a request is made.

Accuracy

Driver’s SEAT will take reasonable steps to keep personal data up to date and accurate. Court referrals and payment details will be kept for two years after the individuals’ Date of Completion. Unless we are specifically asked by an individual to destroy their contact details, we will normally keep them on our database for future reference.

If a request is received from an organisation/ individual to destroy their records, we will remove their details from the database.

Storage

Personal data may be kept in paper-based systems and on a password-protected computer system. Paper-based data are stored in organised and secure systems.

Driver’s SEAT operates a clear desk policy at all times.

Responsibilities of staff, volunteers and trustees

During the course of their duties with Driver’s SEAT staff will be dealing with information such as names/addresses/phone numbers/e-mail addresses of clients. They may be told or overhear sensitive information while working for Driver’s SEAT The Data Protection Act (1988) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Staff must abide by this policy.

Compliance

Compliance with the Act is the responsibility of all staff. Driver’s SEAT will regard any unlawful breach of any provision of the Act by any staff as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution.

Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the Operations Manager.

Retention of Data

No documents will be stored for longer than is necessary (unless otherwise stated)

All documents containing personal data will be disposed of securely in accordance with the Data Protection principles.

Last reviewed: 25 May 2014.
Next review date: 1 June 2015