This policy describes how personal data is collected, handled and stored to meet Jaqui Supple counselling (JSC) data protection standards and to comply with the law.
The Data Protection Act 1998 applies to every business that collects, stores and uses personal data relating to customers, staff or other individuals.
1.1 The policy applies to:
1.2 It applies to all data that the company collects and holds relating to: All individuals and or customers
JSC needs to gather and use certain information from clients suppliers, businesses, employers, instructors and other people the company has a relationship with or may need to contact. Everyone who works for or with JSC has some responsibility for ensuring data is collected, stored and handled appropriately.
2.1 Jaqui Supple data protection manager is responsible for:
3. DATA PROTECTION AND THE LAW
The Data Protection Act 1998 describes how organisations including JSC must collect, handle and store personal data. These rules apply regardless of whether data is stored electronically, on paper or on other material.JSC working with the new GDPR – General Data Protection Regulations regulatory requirements for data protection which come into force on 25 May 2018.
“Personal data” is defined in both the Directive and the GDPR as any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
JSC makes no distinction between personal data about individuals in their private, public or work roles – the person is the person. Online identifiers including IP address, cookies and so forth are also regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.
“Personal Data Breach’ is defined in the GDPR as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, transmitted, stored or otherwise processed”. Data breaches will be reported to ICO Commission within 72hrs
JSC only collects personal data for specified purposes, and does not use it for other ‘incompatible’ purposes. Example: Individuals details are not used for marketing purposes if originally collected for an entirely different purpose.
JSC is registered with the Information Commissioner’s Office (ICO) to process personal data. As a registered body, we determine the purposes for which, and the manner in which, personal data is to be processed.
The Scottish Information Commissioner and the UK Information Commissioner’s Office (ICO) have separate roles and responsibilities. The Scottish Information Commissioner is responsible for the freedom of information compliance of all public authorities in Scotland, while the ICO is responsible for public authorities in England, Wales, and Northern Ireland, and for any agencies operating in both Scotland and another part of the UK. The ICO also covers Data Protection rights (personal information) for the whole of the UK, including Scotland.
The Data Protection Act 1998 is underpinned by eight important principles. JSC regards the lawful and correct treatment of personal information as very important and therefore ensures that personal information complies with the principles of the Act.
3.1 The principles say that personal data must:
4. GENERAL GUIDELINES
4.1 JSC will, through appropriate management, strict applications of controls ensure:
5. DATA STORAGE
5.1 JSC will ensure:
6. DATA SHARING
All documents created by JSC are checked for accessibility and compatibility prior to pubic sharing; documents are also inspected for sensitive and personal data within:
7. PRIVACY STATEMENT
JSC committed to protecting the privacy and confidentiality of information provided by ‘users’ who access our website.
In order for ‘users’ to use some of our online services and to respond to enquiries we need to collect and process various personal data. Users may be asked to complete an online form(s) which request, name, address, e-mail and telephone number. The personal data we collect is used to process your request for our services.
By submitting personal information, individuals consent to JSC processing personal information in accordance with our data protection policy. All information provided will be treated as confidential and will only be used for the purpose intended. Anyone can contact JSC to correct or update personal information in our records.
8. REQUEST FOR DATA
An individual is entitled to be given a description of the data being processed or held about them and to be provided with the information constituting personal data and the source.
8.1 JSC will supply information where:
Where these criteria have been met we will comply within 20 working days. Where complying with the request would lead to disclosing data about another identifiable person we are not able to comply unless the other individual has consented or it is reasonable to comply without consent. Where JSC has previously complied with a request, subsequent or similar requests for data will not be supplied unless a ‘reasonable interval’ has elapsed. As a non-public body, JSC is not covered by the Freedom of Information Act.
9. ARCHIVING AND RETENTION
JSC has an obligation, in line with the data protection policy, to implement and preserve good archiving procedures and processes. Archival records can be in any format; they can exist electronically or paper versions.
9.1 Files are summarised as:
9.2 JSC aims to ensure:
9.3 Email archive and retention
10. Access to data Laptop/Home-Working Guidance / Personal Equipment Use
This policy is reviewed regularly and updated annually or as and when required.