Safeguarding and Data Protection Policy

Oriel Safeguarding Policy
Data Protection Policy

Last Updated: April 20th 2018

1.    Introduction

(This supercedes and amends any deficiencies inherent in the original data protection policy of Oriel Ministries in order to comply with GDPR.)

Oriel Ministries needs to collect and use certain types of information about the Individuals or Service Users who come into contact with Oriel Ministries in order to carry on our work. This personal information must be collected and dealt with appropriately whether it is collected on paper, stored in a computer database, or recorded on other material and there are safeguards to ensure this under the Data Protection Act 1998.

New data privacy and protection laws, known as General Data Protection Regulations (GDPR), have come into force from the 25 May 2018. To insure Oriel Ministries complies with the new regulations, we have updated our data protection policy (see below) and have contacted individuals already signed onto the database to see the new rules and reapply with the correct new procedure.

General provisions and lawful, fair and transparent processing

·      Oriel ministries has a database for individuals who would like to know more about the work of the charity and their various projects.

·      Oriel Ministries will gain permission and consent from the individual to be able to send out emails, letters and other information regarding the ministry and projects regularly throughout the year. They will also have the option of how they will receive this information.

·      The information collected will be stored until the charity finishes or the individual asks to be removed. Oriel Ministries will do checks every 5-8 years to give opportunity for people to be removed or ask to continue and will update any information given.

·      Oriel Ministries will give the option for the individual to give full details of their name, address, email address, phone number and church they attend. In some circumstances in regards to children’s work we will need age, medical and school records for that particular event. This is the only information we require as a charity and therefore will store either electronically through a database or in paper format which will be kept in a locked filing cabinet in the Oriel Ministries offices. In the case of needing information only for an event it will be disposed of accordingly. *On certain occasions the charity will take an indivduals Stewardship form (an organisaition that helps deal with monies through sponsorship or one off giving and involves taxes). This form will only be held by Oriel Ministries until they can get to the post office (one day max – basically posting the form for the individual) details on the form include their address, telephone number and including bank details.

·      Our Data Protection officer – Connie Smith will be in charge of all information collected either through the website, emails or hard copies through church presentations.

·      This information will be kept on one computer (excel document) and one external hard drive (Connie Smith and Nikki Uglow will be the holders of this information only). There will be a third party – Mailchimp who will hold the online database (See point below) and hard copies will be updated onto our database and then shredded and thrown away unless needed for ongoing projects and therefore filed away.

·      Oriel Ministries uses Mailchimp and will make sure that all information will be stored safely and in accordance with Data Protection Act 1998 and in compliance with GDPR. To find out about the Mailchimp Privacy Policy you can find all the information on the this link: https://mailchimp.com/legal/privacy for their terms and conditions please follow the link: https://mailchimp.com/legal/terms

·      Our data protection policy will be reviewed every 6 months and a record will be kept of when it has been checked and where the data is being stored, checking dates and signatures of any new individuals and report any new processes of storing the data.

·       Individuals may ask to see their own data and how it is stored. The individual have the right to ask about their data and/or have their data removed from our databases at any time and may do so by unsubscribing electronically from mailchimp or by sending a request to info@orielministries.org.

 

·      Oriel Ministries have in place a process to assess the likely risk to individuals as a result of a breach of data and will report to the ICO if this cannot be dealt with internally within Oriel Ministries according to recital 87 of the GDPR.

·      breach of the Data Protection Act (DPA); a Privacy and Electronic Communications Regulations (PECR) security breach by a telecoms or internet service provider; or. the unlawful obtaining of personal data (known as a section 55 DPA breach).

 

Oriel Ministries Breach protocol:

·       The Oriel staff know how to recognise a personal data breach with the understanding that a personal data breach isn’t only about loss or theft of personal data.

·       Oriel Ministries have a response plan for addressing any personal data breaches that occur and will report this to our Data Protection Officer – Connie Smith who will then take any action required by the GDPR.

·       Connie Smith/ or relevant staff member will notify ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.

·       Oriel Ministries staff under the supervision of Connie Smith will inform affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms and will inform affected individuals without undue delay and that we should provide advice to help them protect themselves from its effects.

·       Oriel Ministries will document all breaches, even if they don’t all need to be reported.

Old Data Protection Policy 2012-2018

1. Data Controller

Oriel Ministries is the Data Controller under the Act, which means that it determines what purposes personal information held, will be used for. Oriel Ministries is currently exempt from notifying the Information Commissioner, however if this status changes, it will also be responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.

2. Disclosure

Oriel Ministries will not share information with any other agencies but in any case that this may happen the exception would be that we may share data with agencies such as the local authority, funding bodies and other voluntary agencies.

The Individual/Service User will be made aware in most circumstances how and with whom their information will be shared.  There are circumstances where the law allows Oriel Ministries to disclose data (including sensitive data) without the data subject’s consent.  

These are:

a)    Carrying out a legal duty or as authorised by the Secretary of State

b)    Protecting vital interests of an Individual/Service User or other person

c)    The Individual/Service User has already made the information public

d)    Conducting any legal proceedings, obtaining legal advice or defending any legal rights 

e)    Monitoring for equal opportunities purposes – i.e. race, disability or religion

f)     Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.

Oriel Ministries regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal. 

Oriel Ministries intends to ensure that personal information is treated lawfully and correctly.

To this end, Oriel Ministries will adhere to the Principles of Data Protection, as detailed in the Data Protection Act 1998.

Specifically, the Principles require that personal information:

a)    Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met,

b)    Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes,

c)    Shall be adequate, relevant and not excessive in relation to those purpose(s)

d)    Shall be accurate and, where necessary, kept up to date,

e)    Shall not be kept for longer than is necessary

f)     Shall be processed in accordance with the rights of data subjects under the Act,

g)    Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,

h)    Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of Individuals/Service Users in relation to the processing of personal information.

Oriel Ministries will, through appropriate management and strict application of criteria and controls:

·      Observe fully conditions regarding the fair collection and use of information

·      Meet its legal obligations to specify the purposes for which information is used

·      Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements

·      Ensure the quality of information used

·      Ensure that the rights of people about whom information is held, can be fully exercised under the Act. These include:

o   The right to be informed that processing is being undertaken,

o   The right of access to one’s personal information

o   The right to prevent processing in certain circumstances and  

o   The right to correct, rectify, block or erase information which is regarded as wrong information)

·      Take appropriate technical and organisational security measures to safeguard personal information

·      Ensure that personal information is not transferred abroad without suitable safeguards

·      Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information

·      Set out clear procedures for responding to requests for information

3. Data collection

Informed consent is when

·      An Individual/Service User clearly understands why their information is needed, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data

·      And then gives their consent.

Oriel Ministries will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form.

When collecting data, Oriel Ministries will ensure that the Individual/Service User:

a)    Clearly understands why the information is needed

b)    Understands what it will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing

c)    As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed

d)    Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress

e)    Has received sufficient information on why their data is needed and how it will be used

4. Data Storage

Information and records relating to service users will be stored securely and will only be accessible to authorised staff and volunteers.

Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately.

It is Oriel Ministries responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.

6. Data access and accuracy

All Individuals/Service Users have the right to access the information Oriel Ministries holds about them. Oriel Ministries will also take reasonable steps ensure that this information is kept up to date by asking data subjects whether there have been any changes.

In addition, Oriel Ministries will ensure that:

·      It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection

 

·      Everyone processing personal information understands that they are contractually responsible for following good data protection practice

 

·      Everyone processing personal information is appropriately trained to do so

 

·      Everyone processing personal information is appropriately supervised

 

·      Anybody wanting to make enquiries about handling personal information knows what to do

 

·      It deals promptly and courteously with any enquiries about handling personal information

 

·      It describes clearly how it handles personal information

 

·      It will regularly review and audit the ways it hold, manage and use personal information

 

·      It regularly assesses and evaluates its methods and performance in relation to handling personal information

 

·      All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.

In case of any queries or questions in relation to this policy please contact the Oriel Ministries Data Protection Office.

 

Oriel Ministries

The Old Foundry

Quarry Lane

Newport

Launceston

Cornwall

PL15 8EX

01566 776106 

www.orielministries.org

A Company Limited by Guarantee. Registered in England No: 7081812. Registered Charity No: 1134992

Ready to Sign-Up?

Need help picking a Workshop?
Ready to Sign-Up?
Need help picking a Workshop?

Event Tickets

Girls
Individuals
Regular Pricing
£55
  • £150 Value
  • All Main Sessions
  • 1 Group Activity
  • 2 Workshops
  • 2 Meals
  • Concert Entry
  • Goodie Bag
  • Loads of Extras
NEW 2018
Leaders
Individuals
Regular Pricing
£55
  • £150 Value
  • All Main Sessions
  • 1 Group Activity
  • 2 Leader Sessions
  • 2 Meals
  • Concert Entry
  • Tea & Coffee
  • Loads of Extras
Early Bird Pricing £45 thru 30th June         Regular Pricing £50 from 1st July thru 19th Oct

No refunds for bookings cancelled after 10th Oct, 2018   ●  Registration closes on Friday 19th Oct, 2018

Event Tickets

Girls
Individuals
Regular Pricing
£55
  • £150 Value
  • All Main Sessions
  • 1 Group Activity
  • 2 Workshops
  • 2 Meals
  • Concert Entry
  • Goodie Bag
  • Loads of Extras
NEW 2018
Leaders
Individuals
Regular Pricing
£55
  • £150 Value
  • All Main Sessions
  • 1 Group Activity
  • 2 Leader Sessions
  • 2 Meals
  • Concert Entry
  • Tea & Coffee
  • Loads of Extras

Early Bird Pricing £45 thru 30th June

Regular Pricing £50 from 1st July thru 19th Oct

Registration closes on Friday 19th Oct, 2018

Contact Us

If you have questions about the Innocence Girls Conference or StarGirlz please contact us below and we will get back with you ASAP ?

Contact Us

If you have questions about the Innocence Girls Conference or StarGirlzplease contact us below and we will get back with you ASAP ?

Phone:

01566 776106

Post:

Oriel Ministries

The Old Foundry

Quarry Lane Newport

Launceston

Cornwall

PL15 8EX

Phone:

01566 776106

Post:

Oriel Ministries

The Old Foundry

Quarry Lane Newport

Launceston

Cornwall

PL15 8EX