Data Protection Policy
Purpose of procedure:
The UK Sepsis Trust are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
Any person(s) who has access to this data must comply with the data protection principles of good practice which underpin the act. Any personal data must be;
- obtained and processed fairly and lawfully
- held only for specific reasons
- adequate, relevant and not excessive
- accurate and up to date
- not kept longer than is necessary
- processed in accordance with the Act
- kept secure and protected
- not transferred to countries without adequate data protection
It is the policy of the Sepsis Trust that all personal data will be held in accordance with the principles and requirements of data protection and other relevant legislation, and that procedures will be put in place to ensure the fair processing of data subjects.
Information held by the Organisation
Information held by the UK Sepsis Trust relates to voluntary and community organisations, other organisations (including those in the public and private sectors) and individuals (including volunteers, employees, Board members and any committee members, trainers and consultants, current, past and potential) which support, assist, provide services to, work within or alongside, or fund voluntary and community organisations or which the UK Sepsis Trust provide services to.
Information held about individuals will only be collected and recorded with good reason. It will be stored securely and for only as long as required.
Relevant data protection issues will be included in all induction and training, and an internal audit of data protection compliance will be carried out at appropriate intervals.
The organisation will not give out information about any individual over the telephone or by e-mail unless it is satisfied that the individual knows that this type of disclosure may be made and/or the information is already in the public domain (or that there is some over-riding reason for the disclosure).
Information about individuals will not be published in any type of directory without the written consent of the individual.
Details of individuals will not be passed to other organisations for marketing, fundraising or circulating information unless the individual has been informed that this might happen and been given the opportunity to opt-in or opt-out as appropriate.
The web site will not contain any personal data that is not absolutely necessary. Where information is captured on the web site, a clear policy statement will be provided, and no personal data will be captured without the knowledge of the data subject.
Photographs, recordings, videos or DVDs in which individuals are identifiable will only be used with their explicit written consent.
Manual files containing sensitive information about individuals will be labelled confidential and kept in locked filing cabinets, accessible only to relevant staff and the Chief Executive.
Computer files containing sensitive information about individuals will be password protected, accessible only to relevant staff and the Chief Executive.
Information no longer required will be disposed of appropriately including ensuring that data is non-recoverable from any computer system.
Data about individuals shall be deleted on the request of the individual when the data is no longer used or required by the UK Sepsis Trust for legal, financial or contractual reasons.
Data about individuals shall only be used by the UK Sepsis Trust for:
- circulating the Trust’s publications and other information about the Trust and its work, via regular mailings to all on that particular database
- direct marketing of the UK Sepsis Trust’s training, events or services to selected individuals/organisations, unless the individual/ organisation has opted out of receiving direct marketing
- providing contact details for a specified organisation when requested or when it is considered that another organisation offers a service of benefit to users, unless that individual/organisation has requested that all or some of the contact details not be made available outside the UK Sepsis Trust.
- circulating information or direct marketing on behalf of another body on the grounds that it will potentially be of benefit to users and/or the Trust’s charitable objects, unless the individual/organisation has requested that all or some of the contact details not be made available.
- any other reason which has been specifically agreed with that individual/organisation in advance.
Data about individuals shall not be used for direct marketing if the individual has exercised their right to opt out of this.
Access to information
Data Subject Access requests should be made in writing and signed by the individual and addressed to the Data Protection Officer at the UK Sepsis Trust.
In response to a Data Subject Access request, the Trust aims to disclose as much information as possible within 40 days, while respecting the right of any third party to maintain confidentiality wherever reasonable.
No charge will be made for a Data Subject Access request from staff, volunteers or Board members.
A charge of £10 will be made for a Data Subject Access request from service users or any other person.
- Freedom of Information Act 2000
- Data Protection Act 1998
The following related policies should be read in conjunction with this policy
- Code of Conduct
- Confidentiality Policy
At The UK Sepsis Trust we’re committed to delivering a service to teenagers and young adults with sepsis that is embedded in safeguarding and safe working practice guidance. We recognise that in order to help young people to achieve their potential staff need to be trained and equipped to provide a safe and supportive environment. This process starts in the recruitment of staff and volunteers and continues in the policies and procedures that govern the work of the organisation, its trustees, staff and volunteers.
At The UK Sepsis Trust we recognise the impact that sepsis can have on the social, emotional and psychological development of young people. As such we identify all young people that we work with as vulnerable, even when over the age of 18.
At The UK Sepsis Trust we consider that we have a responsibility to safeguard both the teenager and young adults that we work with and therefore adhere to policies and procedures relating to both child and adult safeguarding practice.
Our staff and volunteers are aware through regular training, supervision and informal support of their own duty, and the duty of other statutory and voluntary agencies, to safeguard children and promote effective inter-agency working. This is informed by the National guidance, Working Together to Safeguard Children, 2015, in accordance with the Children Act, 2004 and the Children Act, 1989 and Safeguarding Vulnerable Groups Act, 2006.