Jeena Data Protection Policy
JEENA collects and uses certain types of information about the individuals and organisations it comes into contact with in the course of its work and the delivery of the service it provides. The purpose of this policy is to outline how Jeena processes such information subject to its obligations under the Data Protection Act 1998 and other relevant legislation.
Data Protection Act 1998
The Data Protection Act 1998 is designed to ensure that personal data about living individuals is handled properly by organisations and that the rights of individuals to access information that is held about them are protected. Any person or organisation that handles personal data must therefore comply with the requirements of the Act.
What Is Personal Data?
Personal data is information about a living individual from which that person can be identified. Such information can exist in a variety of formats, for example, on a computer or in a paper filing system.
What Principles Apply To The Collection Of Personal Data?
There are eight governing principles that must be followed in connection with the processing of data about individuals. These state that information must:
- Be processed fairly and lawfully.
- Be collected and processed for the particular purposes specified. In other words, it must not be collected for one reason and then used for another.
- Be adequate, relevant and not excessive for the purposes for which it is kept.
- Be accurate and, where necessary, kept up-to-date.
- Not be kept for longer than necessary.
- Be processed in accordance with the subject’s rights.
- Be kept securely and adopt measures to guard against its accidental loss.
- Not be transferred outside the European Economic Area unless the country receiving it has an adequate level of protection for the rights and freedoms of data subjects.
How We Use Personal Data
All personal data is treated strictly in accordance with the terms of the Data Protection Act 1998. This means that, as outlined below, confidentiality will be maintained and appropriate security measures are taken to prevent unauthorised disclosure.
Under the Act, JEENA, as registered with the Information Commissioner’s Office, is the data controller and its trustees are therefore ultimately responsible for implementing this policy and the procedures it sets out. The Chief Executive Officer has been designated as the Data Protection Compliance Officer for JEENA.
Where appropriate, all new staff and volunteers will be given training as part of their induction on this policy and Jeena’s procedures around data protection and confidentiality.
JEENA will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form. When collecting data, JEENA will ensure that the Data Subject:
- Clearly understands why the information is needed
- Understands what it will be used for and what the consequences are should the Data Subject decide not to give consent to processing
- As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed
- Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
- Has received sufficient information on why their data is needed and how it will be used
In accordance with the Act, JEENA will only use the personal data that others have chosen to provide for the purpose for which it was requested. JEENA will not use it for any other purpose without the prior consent of those concerned.
Furthermore, JEENA will not disclose personal data, such as names, addresses, email addresses or telephone numbers, to any organisation or person outside of JEENA without the prior explicit or implied consent of those concerned, unless it is under a legal obligation to do so, e.g. where withholding such information would place an individual at risk.
JEENA may share data with other agencies such as the local authority, funding bodies and other voluntary agencies. The Data Subject will be made aware in most circumstances how and with whom their information will be shared. There are circumstances where the law allows JEENA to disclose data (including sensitive data) without the data subject’s consent.
- Carrying out a legal duty or as authorised by the Secretary of State
- Protecting vital interests of a Data Subject or other person
- The Data Subject has already made the information public
- Conducting any legal proceedings, obtaining legal advice or defending any legal rights
- Monitoring for equal opportunities purposes – i.e. race, disability or religion
- Providing a confidential service where the Data Subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Data Subjects to provide consent signatures.
Storage & Access
All personal data held by JEENA is kept with the consent of those who have provided it; password protected where held on computer; and stored securely in lockable non-portable filing cabinets where kept on paper. In all cases, access is strictly controlled and limited to those who are authorised to use it in the course of their duties for the organisation.
JEENA maintains a record of all those who have access to personal data or to whom such information has been revealed and recognises that it is a criminal offence to pass personal data to anyone who is not entitled under the Act and other legislation to have access to it.
Any individual about whom JEENA holds personal data shall be given access to the data held about them upon request. At all times, JEENA will ensure that the rights of such individuals can be fully exercised.
Handling & Retention
JEENA will not keep personal data for longer than necessary. In particular, personal data held for recruitment purposes will be destroyed within a period of 6 months of the data subject’s active involvement with JEENA coming to an end.
JEENA will also take reasonable steps to ensure that all personal data it holds is kept up-to-date by putting in place measures through which data subjects can update the information held about them.
Sensitive data, defined by the Data Protection Act as information about racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, criminal record or proceedings relating to an individual’s offences, were collected by JEENA. will not be kept with a person’s records but will always be kept separately and securely as outlined under the section on storage and access above. Equal opportunities monitoring information will be collected/stored anonymously and will only be used for reviewing how Jeena is ensuring equality of opportunity.
Once the retention period has elapsed, JEENA will ensure that personal data is destroyed by secure means, i.e. by shredding, pulping or burning. While awaiting destruction, personal data will not be kept in any insecure receptacle (e.g. waste bin or confidential waste sack). A photocopy, other image, or any copy or representation of the personal data will not be kept.
This policy will be reviewed by the board of trustees to reflect best practice in response to changes in relevant legislation or an identified failing in its effectiveness, in any case the policy will be reviewed annually.