Bradford Cyrenians Statement on Confidentiality and GDPR Compliance
Your Personal Data
Bradford Cyrenians aims to protect and promote the rights of individuals and the organisation. We identify information that is to be treated as confidential and the procedures for collecting, storing, handling and disclosing such information. We have developed a Confidentiality, Data Protection and GDPR Compliance Policy, which will run alongside this statement.
Why we need it
Personal information is requested, recorded and retained only if it is relevant to the services offered by Bradford Cyrenians. It is used in accordance with the purpose for which it was given and it is in the interest of the organisation to hold such information.
What we do with it
Individuals will be made aware of the reasons why personal information is required and held on record and the people likely to have access to it. We will hold information on Staff, Volunteers, Student Placements, Service Users, Trustees and Contractors.
On those occasions when disclosure is necessary, consent will be obtained by each individual through a Confidentiality Agreement. The Confidentiality agreement will be completed with service users at the signing up stage.
In certain circumstances, for instance where there is a legal obligation or where it is necessary to protect the vital interests of the individual or another person, then information will be disclosed without the individual’s consent. In these cases, the information disclosed is limited to factual data that is strictly relevant to the enquiry.
How long we keep it for
All paperwork/information is kept for a minimum of 6 years in order to comply with legal requirements irrespective of a person’s status within the organisation.
What are your rights
Any complaints of breaches of confidentiality should be reported to the Head of Service using the Grievance Procedures and/or Complaints & Appeals policy. All breaches will be investigated thoroughly and reported back to the a) Complainant b) Management Team and c) Board of Trustees
Any breaches of sensitive data will be reported to the ICO in line with their reporting procedures.