Confidentiality and Data Protection Policy
- General principles
- ParentSpace recognises that our staff, facilitators, volunteers, trustees & others who work within our organisation (referred to in this policy as “staff members”) gain information about individuals and organisations during the course of their work or activities. In most cases, such information will not be stated as confidential, and we may have to exercise common sense and discretion in identifying whether information is expected to be confidential.
- ParentSpace is committed to ensuring that any personal information which is provided to us in the course of our work will be processed and stored in accordance with the Data Protection Act.
- Confidentiality is a broader concept than data protection but there is overlap between the two areas.
- Confidentiality refers to all forms of information including personal
information about people using services or employees or volunteers,
information about the organisation, for example, its plans or finances and information about other organisations, whether the information is recorded or not. - Data protection concerns only personal information, which is recorded, whether this be in electronic or manual format.
- Confidentiality refers to all forms of information including personal
- Information received by ParentSpace, as part of the services it provides, will be considered to be information for ParentSpace to share with colleagues and use to deliver its aims and objectives.
- All staff members should inform groups, organisations or individuals why they are requesting information and explain the purpose of storing and using this information. They should ask permission to keep and use this information and keep a record that permission was obtained. This is communicated verbally, documented on registration/sign up forms, online referral forms, recorded on membership forms and recorded on our confidential storage system.
Staff members are able to share information with their Line Manager in order to discuss issues and seek advice but should not disclose to anyone, other than their line manager, any information considered sensitive, personal, financial or private without the knowledge or consent of the individual, or an officer, in the case of an organisation
- Staff members should avoid exchanging personal information or comments (gossip) about individuals with whom they have a professional relationship.
- Staff members should avoid talking about organisations or individuals in social settings.
- There may be circumstances where it would be appropriate for colleagues to discuss difficult situations with each other to gain a wider perspective on how to approach a problem.
- If staff members receive information from individuals outside ParentSpace regarding the conduct of a colleague or group, then this should be dealt with sensitively. The appropriate colleague should tell the individual about the Complaint Procedure and advise them accordingly.
- If employees are dissatisfied with the conduct of a colleague, and have sensitive information that could be evidenced through investigation, they should discuss it with the appropriate line manager. Any allegation, which is found to be malicious, or ill-founded, will be dealt with by ParentSpace action under the Disciplinary Procedure
- Where there is a legal duty on ParentSpace to disclose information, the person that is affected will be informed that disclosure has or will be made.
- Breach of confidentiality
- Staff members who are dissatisfied with the conduct or actions of other
colleagues or ParentSpace should raise this with their line manager as a grievance if necessary and should not discuss their dissatisfaction outside ParentSpace. - Employees accessing unauthorised files or breaching confidentiality may face disciplinary action.
- Ex-employees breaching confidentiality may face legal action.
- Staff members who are dissatisfied with the conduct or actions of other
- Why information is held
- Most information held by ParentSpace relates to individuals or service users, members, facilitators, employees, trustees, and volunteers.
- Information is kept to enable ParentSpace staff to understand the needs of individuals or service users in order to deliver the most appropriate services.
- Information about users may be kept for the purposes of monitoring our equal opportunities policy, for reporting back to funders and any other reason as identified during the course of our activities.
- The type of personal information we collect
- ParentSpace is what is known as the “controller” of the personal data you provide to us. We currently collect and process the following basic information: Name, address, email address, telephone number, date of birth and next of kin. Depending on the service accessed, other relevant information may be requested with your permission.
- We will be clear as to the reason this information is collected and will only collect this with your consent and permission.
- We may also store short notes in relation to drop in and one to one sessions.
- How we get the personal information and why we have it
- Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Becoming a member of ParentSpace;
- Receiving newsletters, updates and notifications of our online drop ins;
- Contacting ParentSpace for Support;
- Joining a course provided by ParentSpace;
- ParentSpace website contact forms;
- Bookings made on Eventbrite and other 3rd party systems.
- We collect this information for the purposes of providing the service requested where you are a participant, including the communication of relevant information and for safety purposes.
- We may also receive personal information indirectly, for example when you provide permission to another organisation to share it with us (Social Media where you have joined our groups or pages, Facebook or Instagram) or when you have provided your information to a third party and given them your permission to pass your information to us.
- We use the information that you have given us where we need it in order to run courses, workshops and drop ins safely where you are a participant. We will use the information provided for the purposes of contacting you about specific courses, workshop and drop-in sessions, 1:1, befriending and newsletters.
- We will never take photos without your consent and we will always check with you that you are happy for these to be used in promotional materials.
- Most of the personal information we process is provided to us directly by you for one of the following reasons:
Sharing your information We only share information with a third party or individuals when obliged to by law
- Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by contacting [email protected]
- When we use other companies to provide services on our behalf e.g. processing course bookings, sending mail and emails and analysis
- Legal obligations. There are legal obligations that require us to retain certain information for specific time periods. The purposes for which we may use personal data include, regulatory and organisational purposes.
- We have a legitimate interest and these interests do not overwrite your rights. These legitimate interests include providing you with information in relation to our services. We will only use your information for our legitimate business interest to carry out our work.
- If we run an event in partnership with other named organisations your details may need to be shared. We will ensure that it is clear what will happen to your data when you register and the purpose of sharing the information.
- How we store your personal information
- We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have suitable physical, electronic and managerial procedures in place to safeguard and secure the information we collect
- We keep your information only as long as necessary for each purpose we use it. We hold member and trustee names for 6 years from the recorded date the individual notified withdrawal of their membership or stepped down as a trustee. Where one to one support would be considered counselling, these records are retained for 7 years. All other personal data is deleted after a service user has been inactive for 2 years.
- Where information is obtained on printed forms, this form will be transferred to a secure electronic location and the printed form will be securely destroyed.
- Website Links
- Our website contains links to other websites of potential interest. Once you have used the links to access the site, you will leave our site. We do not have any control over the other websites.
- As these are not our websites we cannot be responsible for the protection and privacy of any information which you provide while using these sites and these sites are not governed by our privacy policy. You should check the privacy statement of any third party site which you visit.
- Your data protection rights
- Under data protection law, you have certain rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
- Under data protection law, you have certain rights including:
Please contact us at [email protected], 07545 592 464 or 07502 412 321 ParentSpace Office, Volunteer Hall, Duns.TD11 3AF, if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected], 07545 592 464 or 07502 412 321 ParentSpace Office, Volunteer Hall, Duns.TD11 3AF
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The Information Commissioner’s Office has a guide to Data Protection. See
www.ico.org.uk/for_organisations/data_protection/the_guide
ParentSpace’s Data Protection Officer is the Project Manager.
Version:3 Date of Issue:10.07.2024
ParentSpace (SCIO) is a Scottish Charitable Incorporated Organisation (SCIO) regulated by the Scottish Charity Regulator (OSCR), Scottish Charity number: SC049137