President
Andrew Coombe FCA
H. M. Lord-Lieutenant of South Yorkshire
Chairman
James Newman OBE
Chief Executive
Ruth E Willis MCIH FRSA MCMI
Data Protection & Confidentiality Policy
1. Introduction ......................................................................................................................... 2
2. Context ................................................................................................................................. 2
3. Data Protection Act – Registration .................................................................................... 2
4. Data Controller..................................................................................................................... 2
5. Type & Purpose of Data ...................................................................................................... 2
5.1
Staff Data ....................................................................................................................... 2
5.2
Volunteer Data............................................................................................................... 3
5.3
Donor data ..................................................................................................................... 3
5.4
Applicants & Grant Recipient Data.............................................................................. 3
6. Accuracy of Data ................................................................................................................. 4
7. Data Sharing ........................................................................................................................ 4
8. Confidential Treatment of Information .............................................................................. 4
9. Review .................................................................................................................................. 4
I have read and understood this policy and agree to abide by it.
Signature …………………………………………
Name ……………………………………………..
Volunteer/Staff/Trustee (delete as appropriate)
Date ………………………………………………
D:\81910886.doc
1. Introduction
In pursuit of the Foundation’s objectives private and sensitive information on individuals is
recorded on the organisation’s systems. This information is provided to the Foundation
In good faith that it will be processed and managed in accordance with the general principles
of Confidentiality and Data Protection. The Foundation is committed to safeguarding private
information and to abide by good practice when publishing information on the organisation’s
activities, events and achievements.
This policy covers requirements of Data Protection and Confidentiality for all staff, volunteers
and other individuals who, through their association with the organisation, have access to
the Foundation’s records.
2. Context
This policy has been developed against the context of the Principles of the Data protection
act 1998 and good practice developed by the Foundation since 1986.
3. Data Protection Act – Registration
In compliance with the Data Protection Act 1998 the Foundation is registered with the
Information Officer’s Office under Reference Z657900X
The Foundation abides by the 8 principles of the Data Protection Act 1998 which are as
follows:
1)
2)
3)
4)
5)
6)
7)
8)
Data shall be processed fairly and lawfully
Data is processed for limited purposes
Data is adequate, relevant and not excessive
Data is accurate
Data is not kept longer than necessary
Data is processed in accordance with the data subject’s rights
Data is secure
Data is not transferred to countries without adequate protection
4. Data Controller
The Foundation’s Data Controller is the Business Support Manager. On written request from
an individual whose data is held by the Foundation the Data Controller will supply details of
what data is held, why it is held and to whom it may be disclosed, as well as a copy of the
relevant data record.
5. Type & Purpose of Data
The Foundation stores data for a variety of reasons.
5.1 Staff Data
Data on Foundation staff is stored for the purposes of Human Resources Management and
Payroll. Data, including contact details, bank details and emergency contact details as well
as recruitment information is stored on the relevant systems and is password protected on
D:\81910886.doc
2
relevant software and locked away for hard copy storage. Access is limited to the Chief
Executive, Operations Manager and Finance Administrator.
Data stored for Human Resource Purposes also includes documentation relating to staff
review system, disciplinary or grievance issues and progress within the Foundation in
accordance with Employment Law.
Basic contact details for all staff are also recorded on DIGITS. This information will be
password protected when Digits version 2 is operational. All computers on the network are
password protected but the current version of Digits does not allow the setting of access
levels.
Upon leaving the Community Foundation contact data on DIGITS will be maintained for
invitation/communication purposes unless otherwise requested by the individual.
5.2 Volunteer Data
Data on volunteers, including board members and vice presidents, includes contact details
as well as information relating to their registration or appointment and activity in relation to
their role. This data is used for communication purposes as well as to record the
organisation’s activities.
Data on board members also includes legally required forms and declarations linked to
becoming the trustee of a charity.
When individuals cease to be volunteers’ superfluous data will be removed but contact
information will be retained for invitation/communication purposes.
5.3 Donor data
Data relating to the Foundation’s donors is highly sensitive as it records financial
transactions. Donors have the right to remain anonymous to the public if their donations
stem from private sources and the Foundation respects donor’s wished if they choose to do
so.
For internal purposes data includes contact details, records of donations as well as
agreements relating to the respective fund. In the case of individual donors this information,
unless the donor has given explicit consent for publicity use, remains confidential and cannot
be shared with third parties. Data is used for communications purposes, internal audit and
reporting.
Once a donor relationship ends related data will be archived where necessary or removed.
Donor contact details will be maintained on DIGITS for invitation/contact purposes.
5.4 Applicants & Grant Recipient Data
Data pertaining to grant applicants and recipients is recorded on DIGITS. This includes
contact details, financials and bank details, qualitative information on the applications, and,
in cases of individual applicants, some personal information. Data of this nature will only be
shared with third parties with explicit consent from the applicant. However, general data
relating to any grant award is public information and, thus, must be available to the public.
D:\81910886.doc
3
6. Accuracy of Data
The Foundation is committed to keeping its growing database as up-to-date and accurate as
possible. Records are amended when requests to do so are received from the data subjects
and a regular data cleansing exercise helps to purge irrelevant and incorrect information.
Each member of staff has responsibility to ensure data is recorded and updated accurately.
7. Data Sharing
Data is only shared with third parties if the data subjects have given explicit consent. Data
will only be shared with other agencies to further the objectives of the Foundation.
8. Confidential Treatment of Information
Foundation staff, trustees and volunteers all have access to confidential information on a
regular basis. This includes application forms, panel summary sheets, financial statements,
personal and business correspondence. Each individual is expected to deal with this data in
a professional manner and avoid any action that could breach the Foundation’s Data
Protection Policy.
Foundation staff contracts include a clause on data protection which also forms part of the
induction.
All volunteers are required to sign an Agreement confirming that they will abide by the
requirements of Confidentiality. A copy of this policy is included in the documentation given
to new trustees and new panel members.
9. Review
The Board of trustees will review this policy on a regular basis in order to ensure it remains
relevant to the work of the Foundation and the principles of Data Protection.
Signed on behalf of the Trustees
Date 1st September 2016
D:\81910886.doc
4