DATA PROTECTION POLICY
Introduction
1. BCUIM needs to process information about chaplains, trustees, useful contacts, organisations and other individuals.
2. BCUIM Team Leader and Administration Officer will deal with day-to-day data protection issues.
The Team Leader is the Data Controller.
3. The BCUIM Management Council has overall responsibility for ensuring that BCUIM works in line with the General Data Protection Regulations (GDPR) and that chaplains are aware of their responsibilities.
4. The BCUIM Management Council, BCUIM staff and volunteer chaplains, and any others who process personal information on behalf of BCUIM must comply with the principles of GDPR.
These are that information must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
5. The Data Protection Act 1998 remains in force and sets limits on the way we collect, store and use information. The Act controls how:
- We file information
- We access information
- We pass information on to other organisations and individuals;
- How and when we destroy information we are storing.
6. The Act says that people have a right to access any information that we hold about them. This includes volunteers and people who use our services. The Act says that we have to respond to requests for access to information within 40 calendar days.
7. BCUIM maintains a Data Protection registration with the Information Commissioner’s Office (no. Z2136037)
BCUIM’s Data Activity
9. BCUIM wants to protect the right of individuals to privacy and so staff and chaplains will take appropriate measures to make sure that the data we hold is stored securely.
10. Collecting Data
a. BCUIM chaplains and staff may record data of people who initiate communication with them, in order to respond to their requests and to supply them with further information about BCUIM.
b. BCUIM may collect and store data in the public domain in order to supply people and organisations with information about BCUIM.
c. BCUIM chaplains and staff may record sensitive data about people with whom they have had conversations, chaplaincy interactions or meetings. Such data will be stored securely or coded so that it is not immediately recognizable to another party. Any information recorded will be adequate, relevant and not excessive in relation to chaplaincy purposes.
d. As far as possible, BCUIM chaplains and staff will keep data up to date and accurate.
e. BCUIM chaplains and staff may record statistical information about the sort of contacts that they have, for reporting to businesses. Individuals will not be identifiable from these records.
f. When people supply us with their information we may inform them of how we intend to use that information. It is as follows:
How we use the information you give us
Information you give BCUIM (and our chaplains and staff) will be used by us (and our chaplains and staff) to tell you about BCUIM services, and to give you information on issues relevant to Chaplaincy and Industrial Mission the Black Country. The information will not be made available to the general public and will be stored in accordance with best Data Protection principles.
BCUIM will also draw on information in the public domain, and may store that information. BCUIM will communicate with you by telephone, letter, email, or in any other reasonable way.
You can ask for a copy of the information we hold about you and your organisation, and if the information isn’t accurate, you can ask us to correct it.
If you do not want to receive letters, emails and telephone calls from us in the future, please tell us in writing. We may occasionally pass your contact information to other similar organisations, after careful consideration. If you do not wish that to happen then please let us know.
Statistical information about our chaplaincies and contacts may be shared with other bodies, but no identifiable personal information will be disclosed in this way.
If you have any questions about how BCUIM will use information please contact us.
11. Right of access
a. BCUIM staff, volunteers, contacts, and people who use our services have the right to access personal information BCUIM holds about them, whether in electronic or paper form.
b. People who want to access information held about them should contact the BCUIM Administration Officer. We will need to check that they are the individual who they claim to be, before releasing our information.
c. People can also ask in writing to be removed from our records, or to say how and when we can use the information we hold about them. For example, someone might choose not to receive emails from us. We need to deal with requests like this within 21 days.
12. BCUIM Data Security
a. Personal information relating to the involvement of individuals and organisations with BCUIM is stored centrally and by local chaplains.
b. Centrally, the information is stored on the BCUIM office computers, database and filing cabinet. Access to this data is limited to BCUIM staff, Chair of BCUIM Executive Committee, and their agents.
Some of this information is considered sensitive. Before disposal, sensitive personnel documents are shredded.
c. Under arrangements currently in force, regular back-ups of the BCUIM office computers are made by “Broken Stones”, the Lichfield Diocesan IT providers. These are held under their normal secure storage arrangements.
d. Locally, sensitive information is stored by chaplains, workers and volunteers on their computers and local filing systems. These people undertake to keep this date secure, to restrict access to it, and to destroy it confidentially in due time.
e. We shall not transfer date to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal information.
13. Sharing Data
a. There are circumstances where the law requires or allows BCUIM to disclose data (including sensitive data) without the data subject’s consent. These are:
i. Carrying out a legal duty or as authorised by a Secretary of State
ii. Protecting vital interests of a Data Subject or other person
iii. The Data Subject has already made the information public
iv. Conducting any legal proceedings, obtaining legal advice or defending any legal rights
v. Monitoring for equal opportunities purposes – i.e. race, disability or religion, but this will, in every case, avoid such detail as would identify individuals
vi. Providing a confidential service where the Data Subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Data Subjects to provide consent signatures.
b. BCUIM Chaplains may share statistical records, extracted from personal records, with businesses.
No personal data, or any material which would identify individuals, will be shared in this way.
14. BCUIM and Chaplains/ Staff Responsibilities
a. It is a responsibility of Chaplains and Staff to ensure that:
i. They process personal information in ways that follow good data protection practice in collecting, securely storing, using and sharing data.
ii. Anyone they allow to access the data adheres to these guidelines.
iii. Any personal information they choose to give to BCUIM colleagues is accurate and deserves to be communicated.
iv. They understand that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.
b. The BCUIM Team Leader is responsible for ensuring that:
i. Everyone processing personal information is appropriately trained to do so and appropriately supervised.
ii. Anybody wanting to make enquiries about handling personal information knows what to do.
iii. BCUIM deals promptly and courteously with any enquiries about handling personal information,
iv. BCUIM describes clearly how it handles personal information,
c. The BCUIM Executive Committee will assess this policy at regular intervals, against best practice and any changes or amendments made to the Data Protection Act 1998.
