Privacy Policy
ATA PROTECTION POLICY & PRIVACY NOTICE
SECTION ONE – DATA PROTECTION POLICY
Spadework, Registered Charity 291198
Teston Road, Offham, Kent. ME19 5NA.
Spadework is a charity, which provides life skills training and work experience for over 110 people with learning disabilities. Our aim is to support the Trainees who use our service as they develop their independence and personal skills through social interaction with the community, and to ultimately provide them with the necessary skills to reach their full potential.
Our Trainees are involved in all aspects of Spadework. They produce the plants that are sold in the garden centre and the fruit and vegetables served in the café and sold in the farm shop. They help to make cakes, jam and chutneys and serve customers in the café and in the farm shop.
For any queries regarding the content of this Policy Document and Privacy Notice, or any requests to access data held, please contact Kris Healey on 01732 870002, kris@spadework.org.uk
Spadework is registered with the Information Commissioner’s Office, reference ZA134153
Understanding our Obligations
Spadework have assessed and documented all processing activities conducted regularly, those exposing data to a high-risk and any sensitive personal data. These activities have been justified using the Legal Bases and Special Conditions provided in the Regulations and written into a Privacy Notice, please see Section Two of this document. The Privacy Notice is also available to all Interested Parties on our website, spadework.net
Data Subject Access Rights
Individuals have the right to request details of any personal information that Spadework may hold on you, and you have increased rights regarding our use of that information, including;
- The right to request rectification of information that is inaccurate or out of date
- The right to erasure of your information (also known as “the right to be forgotten”)
- The right to restrict the way in which we are dealing with and using your information
- The right to request that your information be provided to you in a format that is secure and suitable for re-use (also known as “the right to portability”)
Spadework acknowledges that any person may ask if any information is held containing their personal data. Spadework will respond to written requests as soon as possible, not taking any longer than 30 days to provide copies of any data held. The company shall correct any errors if requested, and agrees to delete records where this is permitted under the Legal Basis.
Review of Data Protection Policy and Privacy Notice
Data Protection is a standing agenda item at the Spadework Management Review Meeting and the Trustee Board Meeting; this includes a review of the Data Protection Impact Assessment and Privacy Notice for relevance and accuracy. The documents, and this policy document, shall be reviewed in full at least annually.
Security Details
Every effort is made to manage the personal information held by Spadework in a responsible and secure manner. To this end, all network equipment is encrypted and password protected. The servers are located in a locked room with limited key-holders. Staff using mobile phones to access business information, including emails, are asked to add PIN or fingerprint security, and ensure that the operating system updates are downloaded when available.
Hard copy information on donors, supporters, Trainees and personnel is kept in a locked cabinet in a locked office with limited key-holders.
Breach Response
In the event of a breach, such as a break-in, loss or theft of a laptop or phone, all Staff, Trainees and Trustees will be made aware. If there is a serious risk of personal data being misused, then all donors and supporters will be informed and the incident reported to the Information Commissioner’s Office within three days of the breach being discovered; Spadework will then take guidance on further action from the ICO.
Consent Management
Where Spadework has an individual’s consent to send promotional material, by post or email, we will make it as easy to withdraw that consent as it was to give it. Consents will be refreshed every two years.
SECTION TWO – PRIVACY NOTICE
Processing Activity Statements
Activity
Purpose/justification – Legal Basis / Special Condition
Trainee Files
Photos
Digital pictures of Staff and Trainees for use on social media and for other marketing purposes – Consent
Trainee Information
Personal details, including a medical & health history for the purposes of assessing how best to meet the needs of the Trainee and deliver a suitable training package – Contract
Medical Alerts
A process exists to inform staff on site of a medical emergency, this includes the immediate medical requirements of the Trainee involved – Vital Interests / Special Condition C Vital Interests
Medical Emergencies
An accident book is held, as well as reports on medical incidents – Legal Obligation / Special Condition B Legal Compliance
General Contacts
Database of Contact Information for Businesses
Business contacts from networking and referrals for the promotion of the Charity – Legitimate Interests
Database of Contact Information for Direct Marketing
Personal contact details for donors and supporters subscribed to receive post and emails from Spadework regarding events, news and fundraising opportunities – Consent
Business
Accreditation
Evidence of the Charity’s activities and responsible persons are provided in the application for Registered Charity Status – Legitimate Interests
Donations
Retention of Gift Aid records – Legal Obligation
External Customers
Supply of Goods & Services
Records of customer details and their requirements are kept for the duration of any contract for garden maintenance and regular log deliveries – Contract
Staff & Volunteers, including Board & Trustees
Staff: Absence Monitoring and Appraisals
To monitor performance, sickness and holiday absences – Legitimate Interests
Staff: HR Issues, Consultant
The occasional referral to QBH Solutions for the purposes of consultation on HR Documents such as Contracts of Employment, and for assistance with resolution on disciplinary and grievance issues – Legitimate Interests
All: Records
Retention of application form and contract, copies of identification, qualifications and references, where applicable – Legal Obligation / Special Condition B Legal Compliance
All: DBS Checks
Checks conducted and copies retained for all staff, volunteers and trustees working with vulnerable people and children – Legal Obligation / Special Condition B Legal Compliance