Data Protection and Confidentiality Policy

 

CONFIDENTIALITY 

Employees, Trustees and volunteers will gain information about individuals and organisations as part of their activities. Information is confidential to Kingston Community Foundation (KCF) as an organisation but may be passed to colleagues, managers or trustees to ensure the best quality of service for users.  

Information about individuals must be held in accordance with the General Data Protection Regulation 2018 (see below). This includes any information which can be used to identify an individual e.g. address or date of birth. 

Employees, trustees and volunteers should exercise reasonable care to keep safe all documents and material containing confidential information (whether printed or electronic). This includes avoiding discussing organisations or individuals in a social environment.  

Confidential information should be securely stored and everyone should ensure that confidential information is not visible to others when working e.g. on computer screens or when photocopying.  

Employees, Trustees and volunteers must return any material held to KCF at the end of their employment or voluntary service, or at any other time upon demand. 

 

GENERAL DATA PROTECTION REGULATION 2018 

The General Data Protection Regulation covers any information from which an individual can be identified, whether held electronically or printed records. Personal data must be: 

  • Processed fairly and lawfully

  • Obtained and used only for specified purposes

  • Relevant to the purposes for which it is processed

  • Accurate and kept up to date

  • Not kept for longer than is necessary

  • Processed according to the rights of the Data Subject under the Act

  • Protected against unauthorised processing, accidental loss or damage

  • Not transferred to areas outside of the European Union (including via websites)

A breach of the regulation or failure to adhere to our policies could have serious repercussions for KCF. It may also be treated as a serious disciplinary matter. If you are aware of any breach you must bring it to the attention of your manager or a trustee immediately. Any failure to do so may result in disciplinary action.  

 

EMPLOYEE INFORMATION 

As an employer, KCF holds details on its employees as part of their personnel records. This can include sensitive information. This information may be processed for administrative or legal purposes and as required for employees’ continued employment. This includes passing employment related information to third parties, e.g. government authorities, pension providers. Your data may also be used in emergency situations or in other circumstances where an employee has consented to the disclosure of such information.  

Employees are responsible for ensuring that any changes in personal details are communicated to KCF immediately (or as soon as practicable). 

It is KCF’s responsibility to ensure that the documentation held is relevant, accurate and, where necessary, kept up-to-date. Any data held shall be processed fairly and lawfully, and in accordance with the rights of data subjects under the General Data Protection Regulation.  

Employees, trustees and volunteers have the right to see information held on them by KCF. Requests must be made in writing to the CEO and a copy of the information will be made within 28 days.