We can help you
We offer a range of free services including a support line and counselling.
Find out moreSupport line freephone: 0808 2840484 Enquiries: info@csass.org.uk
This policy aims to ensure that personal data of individuals is stored and processed, by CSASS, with their consent. This applies to data within filing systems both on computer and in paper records.
CSASS are committed to complying with all laws in respect of personal data. Other relevant policies and procedures include:
This policy applies to all CSASS personal data processing, including personal data of clients, employees, volunteers, suppliers or partners. This policy also applies to external suppliers or partners working with CSASS, who have access to personal data processed by CSASS e.g. a payroll service provider, a cloud-based database provider, or a service delivery partner organisation. This policy will form part of any formal partnership agreements. Contracts with external organisations ensure practice that is compliant with this policy.
CSASS is aware of the risks associated with processing personal data, including the risks to individuals. These risks are identified and managed as part of CSASS service risk assessment, in order to reduce the likelihood and the impact of data breaches. Any changes to data processing procedures will be risk assessed.
We will review this policy regularly, or as needed.
The Centre Manager is the Data Protection Officer and is accountable to the Board of Trustees for the management of personal data and ensuring compliance with legislation and good practice. All trustees, staff and volunteers are responsible for following good practice in processing personal data within CSASS. Data protection principles and practice will form part of trustee, staff and volunteer induction and training.
Personal data must be processed lawfully, fairly and transparently, and not for purposes outside those we have notified to the Information Commissioners Office (ICO). Our registration reference with the ICO is: Z2946994.
Individuals have the right to:
CSASS will ensure all data collection forms include a data consent statement (or a link to one), which includes these principles.
CSASS will make every effort to ensure personal data is accurate and up to date. Individuals are also expected to ensure personal data is accurate and up to date, notifying CSASS of any changes.
CSASS will respond to requests for change/removal of data from individuals within one month. This can be extended to a further two months for complex requests.
In most instances, data consent is obtained routinely through requiring agreement to statements include in standard documents e.g. new client referral forms, volunteer, staff or membership application forms, the website contact form or newsletter sign-up sheets at public events. Consent can be withdrawn at any time.
Personal data will be accessible only to those who need to use it.
CSASS will store personal data securely, and not disclose it to external individuals or organisations, unless:
Good practice followed includes:
CSASS will not keep personal data for longer than is necessary for the purpose(s) for which it was originally collected e.g. to contact or support an individual, or to improve our service.
CSASS may store anonymised data for longer periods for the purposes of monitoring, reporting on or improving our service. Any exceptions to general retention procedures need authorisation from the Data Protection officer, and good records kept, including the reasons for the exception.
CSASS will review the retention dates of all personal data annually and remove and dispose of, or anonymise, any personal data no longer required.
Personal data is disposed of or deleted securely from cloud databases, file storage, automatic email lists (e.g. outlook contacts). Paper records are shredded, and computer hard drives removed and destroyed professionally.
CSASS will not normally export data outside the European Economic Area. In the event of a request or requirement, CSASS will obtain specific permissions from the individual and regulators, take professional advice and make a full assessment.