Safeguarding Data (privacy notice)
The Denby Dale Centre is an independent charity who operates with a membership of service users, volunteers and employed staff. The charity performs different activities, for all ages, but older people are the majority user. To be able to operate the social groups, transport services, and other activities, the charity gathers personal information from people involved with the charity and may incidently gather public information in the form of electronic video surveillence.
The charity understands it’s responsibility to safeguard data, including personal data, and this guidance is designed to make how we gather, use and safeguard data clearer for people who’s data we hold.
For the purpose of this document, when we say the “subject of data”, we mean an individual person who we have personal data about.
Why do we gather personal data?
The purpose of us gathering personal data is due to:
uphold legal obligation (6-1b & 9-2b) responsibilities, for example with employed staff to conform to employment and tax laws or regulated roles which require full safeguarding checks.
allow legitimate interest (6-1f & 9-2d) for members, non-regulated volunteer roles and customers' data as they would expect us to be able to communicate, provide service, trade or care for them.
The majority of our members are aged 60+ and from time to time are taken ill, or their health deteriorates. We gather personal information to be able to give best possible care that we can, or to pass on to a paramedic or hospital so that they can give best possible care, and in some cases this timely information may save a life.
How do we gather personal data?
Personal data is gathered using the following methods:
Employed staff: Paper forms, interview notes, meeting notes, digital photographic
Volunteer staff: Paper forms, interview notes, meeting notes, digital photographic
Members: Paper forms, e-Referrals, meeting notes, digital photographic
Public: Electronic moving images (CCTV), digital photographic
We receive personal information:
via our encryted online referral portal
via our encrypted website feedback portal
via our email system
via telephone calls
via the post on paper forms
How do we use personal data?
We use personal data to:
Communicate with people (name, phone number, email, address), Care for people (understand health, dietary, mobility or other similar requirements)
Charge or trade with people (invoicing to name and address)
Transport people (name and address)
Apply for (employed or volunteer) staff safeguarding checks
Apply for driver checks
Process training documentation
Use photos of people to market our services or demonstrate to carers what we do within our services
Who do we give personal data to?
We do not pass on personal data to anyone other than for health or legal reasons, as below.
On occasions, we would pass on limited personal data to a health body such as a paramedic, public health or a hospital, so that they can give appropriate and immediate care for someone. For example in A&E or in a safeguarding situation.
On occasions, we would pass on limited personal data to a representative of local government or an officer, so that we do not obstruct English or European law. For example, this would include mandatory safeguarding and driver checks required by our organisation or if a speeding fine has been issued and we need to provide driver information to the authorities.
How long do we keep personal data?
It depends on which circumstances that data is gathered to the time in which it is held. Below are the general guidance to the time in which personal data is kept:
Employment data: 7 years
Volunteer data: 7 years
Member data: 7 years
Finance data: 7 years
CCTV images: 1 month
Marketing photos: 7 years
How do we secure personal data?
We take our duty to secure personal data seriously, and work to ensure that it is only available to those members of our organisation who require that information. For example our drivers require the address of a passenger that they are collecting.
Paper forms of stored data is locked within our sites, which are secured when not manned.
Electronic forms of stored data is secured with strong digital passwords on both on-site computers and off-site facilities.
Used or copied forms of personal data, for example, a drivers pick up list, are returned to the office for shredding.
How do we make an individual’s personal data available to that individual?
The “subject of [personal] data” (see top of page) may request to know what personal data is being held and may do this in writing to the Chief Officer of the organisation, who will provide sight of the data, and must provide suitable photographic identification in order to protect it from other people or organisations.
The Chief Officer acts as the Information Controller and reports to the Safeguarding Information Governor, a role assigned to one of the trustees. Contact by phone on 01484 860077.
How can a subject of personal data request for data to be updated?
Personal data can easily be updated via the Data Controller (Chief Officer) or a Data Processor (member of staff you usually deal with, who originally processed your original data).
How can a subject of personal data request for data to be destroyed?
The “subject of personal data” may request that personal data relating to them is destroyed. The organisation will comply with the exception of limited data governed by legal governance. For example, finance records are required under the Charity Act, so someone’s name, address and amount paid must be recorded for 7 years, however the rest of the data including health data would be destroyed.
The “subject of data” who has an unsettled finance account, may only request for personal data removing that is not linked to that bill. For example, health data would be destroyed, but contact data would be kept until the account is cleared and then for the required 7 years afterwards.
How do we destroy data?
Paper data is destroyed using an office shredder.
Electronic data is destroyed by deletion and followed by purging of both live files and back up files.
How can a “subject of data” make a complaint?
The “subject of data” may make a complaint initially to the Chairman of the Board of Director Trustees in writing, to the registered address of the organisation found at:
...or using the complaints procedure by phone 01484 860077, by email or by feedback form on the company website as above.
Further complaints may be raised to the Information Commissioners Office by visiting their website at:
Last updated: 16 October 2019