top of page

Headway SB Privacy Policy

1. Headway South Bucks needs to collect and use personal data about clients, staff and volunteers in order to carry out business effectively and to provide high quality services. It is recognised that the lawful and correct treatment of personal data is very important to maintain confidence between the charity, it's clients, their carers and families, staff and volunteers, and professionals in the field of brain injury.

 

2. Any personal data collected, recorded or used in any way, whether it is held on paper, computer or on other media, will have appropriate safeguards applied to it to ensure HSB comply with the UK General Data Protection Regulation (January 2021) and the Data Protection Act (2018) and adhere to the 8 principles of data protection, as set out in the Act, which states that personal data must be:

  • Fairly and lawfully processed

  • Processed for limited purposes and not in any other way which would be incompatible with those purposes

  • Adequate, relevant and not excessive

  • Accurate and kept up to date

  • Not kept for longer than is necessary for the purpose

  • Processed in line with the data subject's rights

  • Kept secure, and

  • Not transferred to a country which does not have adequate data protection laws

​​

3. In order to adhere to these principles HSB will:

  • Observe the conditions concerning the fair collection and use of personal data

  • Meet its obligations to specify the purposes for which personal data is used

  • Collect and process appropriate personal data only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements

  • Ensure the quality of personal data used

  • Apply strict checks to determine the length of time personal data is held

  • Ensure that the rights of individuals about whom the personal data is held can be fully exercised under the Act

  • Take appropriate security measures to safeguard personal data, and

  • Ensure that personal data is not transferred abroad without suitable safeguards.

 

4. Where any sensitive data is collected, HSB will take appropriate steps to ensure that there is an appropriate lawful basis to hold such data or explicit consent of the data subject. Sensitive data is personal data that clearly identifies the person including name, address, date of birth, telephone number and next of kin. It also can include other sensitive information about an individual's health conditions, racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence.

 

5. Headway South Bucks has decided that the following categories of contacts are considered as having a ”legitimate interest” and will therefore not be required to sign a permissions agreement:

​

a) Clients: A client contract will be obtained as part of the process of becoming a new client of Headway South Bucks. A General Data Protection Regulation statement will be issued advising what data is being stored on to the Data Base.

b) Carers:

c) Volunteers

d) Trustees

e) Third parties

f) Supporters

 

6. Headway South Bucks has decided that at the present time, there is no requirement to appoint a Data Protection Officer.

 

7. Headway South Bucks respects the privacy of data subjects and in connection with the handling of information it will ensure that:

 

  • A nominated Trustee is the Data Controller for Headway South Bucks and as such assumes overall responsibility for data captured and stored

  • Everyone managing and handling personal information known as Data Collectors understands the requirements of the Act and their responsibilities under it

  • Everyone managing and handling personal information is appropriately trained to do so

  • Everyone managing and handling personal information is appropriately supervised

  • Queries about handling personal information are promptly and efficiently dealt with

  • A regular review and audit is made of the way in which personal information is managed

  • Methods of handling personal information are regularly assessed and evaluated

 

8. Under the Data Protection Act (2018) and UK General Data Protection Regulations (January 2021) any individual may write to the Chairman of Headway South Bucks, at Community Centre, Wakeman Road, Bourne End, SL6 and request a copy of the information held about them. After proving their identity, the Data Controller will disclose to the individual all data held on them in an easily readable form and it will be sent electronically. If the details are inaccurate the requestor can ask for them to be amended. Headway South Bucks will not make a charge for this service

 

9. All data subjects under Article 17 have the right to be forgotten. If the subject is no longer working with or a client of the charity, Headway South Bucks will delete all data being held immediately upon request.

 

10. As Data controller, Headway South Bucks’s Trustee Board is legally required to ensure that the information is processed securely and that the risk of accidental loss or inappropriate access is minimised. Periodically, the Board will conduct a data audit in order to check and verify data and procedures.

 

11. Headway South Bucks is responsible for keeping all data safe. This is required for all data whether kept in electronic or written form. Data is stored electronically on the charity’s Salesforce database is backed up to the cloud automatically. Other important documents and emails are backed up to Google Cloud through Google drive.

 

12. Headway South Bucks staff will be responsible for ensuring that all devices used to capture data are downloaded with suitable anti-virus protection programmes and all system updates are made.

 

13. Any breaches of data will be investigated within 24 hours of notification and will be recorded in Headway South Bucks’ Data Breach Register. Steps will be taken to mitigate the breach and the individual to whom the breach relates will be informed immediately and written to confirm details of the breach and to include the steps Headway South Bucks has taken. The Information Commissioners Office (ICO) will be advised following notification to the individual.

 

14. Data will be stored for as long as contacts remain a client of Headway South Bucks and for two year following discharge from the service as this is considered a reasonable time period for any pending inquest or other legal proceedings.

 

15. Headway South Bucks will obtain disclaimers from all parties accessing its data from personal devices such as homeworkers using non-HSB PC’s iPads, iPhone etc. to confirm that they are responsible for keeping their device and data safe and backing the data up regularly if not using Google cloud.

 

16. All confidential waste that is no longer required, will be disposed of either by shredding or burning.

bottom of page