FAET recognises the need to comply with the various laws regulating the storage and processing of personal data.
We are a small Charity with no employees. This policy applies to trustees and other relevant individuals. All individuals involved with or working for FAET should recognise the potential risks involved when dealing with personal data or information and should fully understand the steps that must be taken in order to minimise any data security risks, including the risk of inappropriate or illegal use of any personal data they may have access to.
Whenever trustees or others are involved in processing or storing any personal data, they must comply with the following procedures.
- Ensure that personal data is stored safely, kept up to date and is only used for the purpose(s) for which it has been obtained.
- Personal data will be collected and processed in a prudent and lawful manner and kept up to date and accurate at all times.
- Personal data will only be retained for the period necessary and will be deleted/destroyed when no longer needed.
If any trustee or other individual has any concerns regarding the storage, processing or use of their own personal data they should contact the Chairperson as soon as possible. If any trustee has any doubts concerning the collection or use of personal data relating to others that they hold, they should cease to process this information until further clarification has been sought.
All personal data stored on electronic equipment such as a computer or data-holding device should be held securely. Reasonable security measures include keeping portable equipment in a locked drawer/room when not in use and using password protection for files containing information covered by data protection legislation.
A breach of UK Data Protection regulations or failure to adhere to FAET’s policies could have serious repercussions for the organisation and for any individual responsible. It may also be treated as a serious disciplinary matter and may result in the termination of any arrangements made with that individual.
If any trustee is aware of any breech of this Data Protection policy, they must bring it to the attention of the Chair immediately.
Trustees should be aware that FAET may hold personal and sensitive information pertinent to the organisation’s work. This information may be used for administrative or legal purposes or as required for the continued employment of paid staff and/or volunteers. Such usage may include passing certain employment-related data to third parties such as government authorities, suppliers or contractor organisations supplying services which require the use or creation of employee data. Data may also be used in emergency situations, to protect the legal interests and other rights of FAET or in other situations where individuals have consented to the disclosure of such information.
The above guidelines also cover personal information relating to any of FAET’s clients, employees, service users or local partners.
The following are examples of information which may be retained by FAET; the list is not exclusive or exhaustive:
- References obtained during recruitment
- Details of terms of employment
- Payroll, tax and National Insurance information
- Performance information
- Details of grade and job duties
- Health records
- Absence records, including holiday and sickness records
- Details of any disciplinary investigations and proceedings
- Training records
- Contact names and addresses
- Enhanced Criminal record checks
- Supporters and donors contact details
Disclosure of personal information to third parties will take place only when strictly necessary for the following purposes:
- The health of individuals, for the purposes of compliance with any Health and Safety or occupational health obligations
- For the purposes of personnel management and administration, for example, to consider how an individual’s health affects their ability to do their job/volunteer role and if they are disabled, whether they require any reasonable adjustment to be made to assist them at work
- The administration of insurance or other related benefits in force from time to time
- In connection with unspent convictions, to enable assessment of suitability for a specific employment/volunteer role.
All trustees holding personal information are responsible for ensuring this is updated on a regular basis and/or as soon as practicably possible following notification of any change.