DVC General Data Protection Regulation POLICY
The GDPR replaces the Data Protection Act and applies to any data that is held and could identify an individual, including photographs and biometric or genetic data.
DVC hold personal information as follows –
Staff and volunteers : name, address, telephone and email contact details, copy drivers licence (staff)
Clients / service users : name, address, telephone and email contact details, photographs (where the Photographic Consent form has been signed) and health information (special category personal data)
Others : contact information for other organisations whom we regularly liaise with
DATA PROCESSING AND PROTECTION
DVC holds the above personal information in order to comply with legislation (employees and volunteers), to carry out its contractual business (clients and their next of kin / support network) and to enable us to engage in the legitimate interests of the day centre.
Data is held either in paper format or on computer. It is not shared with any third party except where there is a legal or contractual obligation to do so, eg processing payroll, issuing client invoices or reviewing the service provided to an individual or protecting their rights / interests (reporting safeguarding concerns).
DVC does not analyse, process or share personal data for any other reason.
Photographs of individuals are shown on the DVC website where the individuals have signed a Photographic Consent form. No other personal data or information is ever displayed or published.
All personal data is held in the office on computer and within filing cabinets. The computer is protected by security software and cabinets containing personnel and client files are kept locked. Only relevant persons have access. The office is locked at the end of each day and the owners live on site, further increasing security.
In the unlikely event of any breach of security the individual(s) concerned will be informed, and a report will be made to the local authority by the Data Protection Officer (Lynn Roberts).
Under the GDPR you have the right to access to the information we hold about you, to correct inaccurate information, to object, and in some instances to have personal data removed. Any queries should be raised with Lynn Roberts (DPO).
Updated May 2018