South Bedfordshire Dyslexia Association (SBDA) is committed to ensuring that all personal information handled by us will be processed according to legal compliant standards of data protection and data security.
The purpose of this policy is to help us achieve our data protection and data security aims by:
We may amend this policy at any time, at our discretion.
Maintaining appropriate standards of data protection and data security is a collective task shared between SBDA and the volunteers. This policy and the rules contained in it apply to all volunteers of SBDA, irrespective of seniority, tenure and working hours, including all officers, trainees, and any volunteers.
Denise Taylor is appointed as the Data Protection Officer and has overall responsibility for ensuring that all personal information is handled in compliance with the law.
All volunteers have personal responsibility to ensure compliance with this policy, to handle all personal information consistently with the principles set out here and to ensure that measures are taken to protect the data security. The chairman has special responsibility for leading by example and monitoring and enforcing compliance.
Any breach of this policy will be taken seriously and may result in disciplinary action.
This policy covers personal information:
Volunteers whose work involves using personal data must comply with this policy and with the legal data protection principles which require that personal information is:
SBDA will process personal data in line with data subjects’ rights. Data subjects have the right to:
We must all protect personal information in our possession from being accessed, lost deleted or damaged unlawfully or without proper authorisation through the use of data security measures.
Maintaining data security means making sure that:
By law, we must use procedures and technology to secure personal information throughout the period that we hold or control it, from obtaining to destroying the information.
Personal information must not be transferred to any person to process (e.g. while performing services for us or on our behalf) unless that person has either agreed to comply with our data security procedures, or we are satisfied that other adequate measures exist.
Security procedures include:
Particular care must be taken by Staff who deal with telephone enquiries to avoid inappropriate disclosures. In particular:
Any personal data we control or process may be held in the following systems and locations, and we are satisfied that there are adequate data protection and data security measures in place:
Copies of personal information, whether on paper or on any physical storage device, must be physically destroyed when they are no longer needed. Paper documents should be shredded and CDs or memory sticks or similar must be rendered permanently unreadable.
A personal data breach is defined as a security incident that has affected the confidentiality, integrity or availability of personal data. There will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.
If a personal data breach has occurred, SBDA will take immediate steps to contain it and assess the risk of potential adverse consequences for individuals. If there is a risk to people’s rights and freedoms it will be reported to the ICO within 72 hours of becoming aware of the breach. If there is a high risk to those concerned, they will be informed directly and without undue delay. If the breach is unlikely to result in a risk to rights and freedoms, the breach will be investigated, recorded and steps taken to avoid a future recurrence.
We collect personal information about Volunteers which:
The types of personal information that we may collect, store and use about Volunteers include records relating to:
We will use information to carry out our business, to administer your engagement and to deal with any problems or concerns you may have.
We confirm that SBDA is a Data Controller of the personal information in connection with your engagement. This means that we determine the purposes for which, and the manner in which, your personal information is processed.
We will take reasonable steps to ensure that your personal information is kept secure, as described in this policy and in general, we will not disclose your personal information to others outside SBDA. However, we may need to disclose personal information about Volunteers:
We collect personal information about clients which you provide, or we gather, before or during your engagement with us.
The types of personal information that we may collect, store and use about clients include records relating to:
We will use information to carry out our business in order to provide you with learning support and assessments. We will not collect any personal data from you we do not need in order to provide and administer this service to you.
We will take reasonable steps to ensure that your personal information is kept secure, as described in this policy and in general, we will not disclose your personal information to others outside SBDA unless we have your permission or we are required by law to do so.
By providing your personal information to us, you consent to the use of your personal information in accordance with this policy.
We collect personal information about suppliers which:
The types of personal information that we may collect, store and use about suppliers include records relating to:
We will use information to carry out our business with you/your business such as contacting you to discuss your products and services, place orders with you and pay your invoices. We will not collect any personal data from you we do not need in order to carry out these transactions.
We will take reasonable steps to ensure that your personal information is kept secure, as described in this policy and in general, we will not disclose your personal information to others outside SBDA unless we have your permission or we are required by law to do so.
By providing your personal information to us, you consent to the use of your personal information in accordance with this policy.
We collect personal information about other third parties which:
The types of personal information that we may collect, store and use about suppliers include records relating to:
We will use information to carry out business with you/your business such as contacting you to discuss your products and services. We will not collect any personal data from you if we do not need to do so.
We will take reasonable steps to ensure that your personal information is kept secure, as described in this policy and in general, we will not disclose your personal information to others outside SBDA unless we have your permission or we are required by law to do so.
By providing your personal information to us, you consent to the use of your personal information in accordance with this policy.
By law, any Subject (including Volunteers) may make a formal request for information that we hold about them, by completing a Subject Access Request (SAR). If you would like a copy of the information we hold on you please write to us at 29 Brandreth Avenue, Dunstable, Beds LU5 4JP.
If you believe that any information we are holding on you is incorrect or incomplete, or if you wish to have it deleted, please write to us at 29 Brandreth Avenue, Dunstable, Beds LU5 4JP. We will correct any information found to be incorrect or delete it if requested.
In the case of Volunteers we will only delete the information once the engagement has ceased and it is no longer required to comply with our legal obligations, assist in a criminal investigation or for legal and regulatory authorities, such as HM Revenue and Customs.
Any Volunteer who receives such a request from a third party should forward it to the Data Protection Officer immediately.
If any Subject wishes to raise a complaint on how we have handled their personal data, they can contact our Data Protection Officer who will investigate the matter. If they are not satisfied with the response or believe we are not processing their personal data in accordance with the law they can complain to the Information Commissioner's Office (ICO). Our Data Protection Officer is Denise Taylor who can be contacted at 29 Brandreth Avenue, Dunstable, Beds LU5 4JP.
Date of last Review — 05/08/2018