data protection and privacy statement
FWAG SW collects and uses information about people with whom it communicates. This personal information must be dealt with properly and securely, however it is collected, recorded and used. Data can be stored on paper, electronically or recorded on other material such as videos and images. There are safeguards to ensure the correct handling of personal data in the Data Protection Act 2018. FWAG SW regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions and to maintain confidence between those it deals with. To this end FWAG SW fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 2018 (the “Act”) and the General Data Protection Regulations.
The purpose of this policy is to ensure that the staff, volunteers and trustees of FWAG SW are clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place which are consistently followed. Failure to adhere to the Data Protection Act 2018 is unlawful and could result in legal action being taken against FWAG SW or its staff, volunteers or trustees.
The Data Protection Act 2018 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes. Data users must comply with the data protection principles of good practice which underpin the Data Protection Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this FWAG SW follows the six Data Protection Principles outlined in the Data Protection Act 2018, which are summarised below.
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. FWAG SW’s employees, volunteers and trustees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.
Compliance with the Act is the responsibility of all staff, paid or unpaid. FWAG SW will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution. Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the line manager.
No documents will be stored for longer than is necessary. For guidelines on default retention periods see the Data Retention Schedule in Appendix A. All documents containing personal data will be disposed of securely in accordance with the Data Protection principles.
The following procedures have been developed in order to ensure that FWAG SW meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by FWAG SW falls into 2 broad categories:
FWAG SW as a body is a DATA CONTROLLER under the Act, and the Trustees are ultimately responsible for this policy’s implementation. The Trustees delegate the day-to-day responsibility for the implementation of the Data Protection Policy and Procedures to the Business Manager who fulfils the role of Data Protection Officer for FWAG SW.
FWAG SW obtains personal data (names, addresses, phone numbers, email addresses), via application forms, references and other documents from staff, job applicants, volunteers and trustees. This data is stored and processed for the following purposes:
The contact details of staff, volunteers and trustees will only be made available to other staff, volunteers and trustees. Any other information supplied can only be accessed by the Business Manager and the Office Manager, to ensure the essential management of HR functions.
A copy of staff, volunteer and trustee emergency contact details will be kept in personnel files in both electronic and paper forms to be used in emergency situations only e.g. fire evacuations or in the event of an accident at work. This data is located in the same positions as all employee HR data and has the same restrictions on access (see “Storage” below).
FWAG SW will take reasonable steps to keep personal data up-to-date and accurate. Personal data will be stored for 6 years after an employee, volunteer or trustee has worked for the organisation. The Business Manager has responsibility for destroying personnel files.
Personal data is kept in paper-based systems and on a password-protected proprietary HR computer system. Paper-based data are stored in organised and secure filing systems. FWAG SW operates a clear desk policy at all times.
Where practicable, FWAG SW will seek consent from individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), the organisation will remove any photograph if requested. This policy also applies to photographs published on the organisations website, social media feeds or in newsletters.
FWAG SW will act in accordance with the Disclosure and Barring Service (DBS) code of practice. Copies of disclosures are kept for no longer than is required. There may be circumstance where it is deemed appropriate to exceed this limit e.g. in the case of disputes.
FWAG SW obtains personal data (such as names, addresses, phone numbers and farm holding information) from members/clients. This data is obtained, stored and processed solely to assist staff and volunteers in the efficient running of services. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on the organisation’s database. FWAG SW obtains personal data and information from clients and members in order to provide services. This data is stored and processed only for the purposes outlined in the agreement and service specification signed by the client/ member.
Personal data is collected over the phone and using other methods such as e-mail and through the FWAG SW website. During this initial contact, the data owner is given an explanation of how this information will be used. Written consent is not requested as it is assumed that the consent has been granted when an individual freely gives their own details. Personal data will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case the Business Manager will discuss and agree disclosure with the Chairman. Contact details held on the organisation’s database may be made available to groups/ individuals outside of the organisation. Individuals are made aware of when their details are being collected for the database and their written consent is requested.
Only the organisation’s staff, volunteers and trustees will normally have access to personal data. All staff, volunteers and trustees are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.
Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service. Information will not be passed on to anyone outside the organisation without their explicit consent, excluding statutory bodies e.g. the Inland Revenue.
FWAG SW will take reasonable steps to keep personal data up to date and accurate. Personal data will be stored for as long as the data owner/ client/ member uses our services and normally longer. Where an individual ceases to use our services and it is not deemed appropriate to keep their records, their records will be destroyed according to the schedule in Appendix A. However, unless we are specifically asked by an individual to destroy their details, we will normally keep them on file for future reference.
If a request is received from an organisation/ individual to destroy their records, we will remove their details from the database and request that all staff holding paper or electronic details for the organisation destroy them. This work will be carried out by the Business Manager. This procedure also applies if FWAG SW is informed that an organisation ceases to exist.
Personal data may be kept in paper-based systems and on a password-protected computer system. Paper-based data are stored in organised and secure systems. FWAG SW operates a clear desk policy at all times. Use of Photographs Where practicable, FWAG SW will seek consent of members/ individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), the organisation will remove any photograph if a complaint is received. This policy also applies to photographs published on the organisation’s website or in newsletters.
During the course of their duties with FWAG SW, staff, volunteers and trustees will be dealing with information such as names / addresses / phone numbers / e-mail addresses of members / clients / volunteers.
They may be told or overhear sensitive information while working for FWAG SW. The Data Protection Act (2018) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Staff, paid or unpaid must abide by this policy.