Confidentiality & Data Protection Policy
1. General principles
1.1 Knutsford Community First Responder Trust (KCFRT) recognises that KCFRT colleagues (volunteers and trustees) gain information about individuals and organisations during the course of their work or activities. In most cases such information will not be stated as confidential and colleagues must exercise common sense and discretion in identifying whether this information should be communicated to others. Information given in confidence must not be disclosed without consent unless there is a justifiable reason e.g. a requirement of law or there is an overriding public interest to do so.
1.2 Confidential information includes anything that contains the means to identify a person, e.g. name, address, post code, as defined by the Data Protection Act. It also includes information about organisations such as confidential business plans, financial information, contracts, trade secrets and procurement information.
1.3 The NWAS Confidentiality Policy governs information disclosed to Community First Responders (CFR’s) when attending 999 calls and can be found in Section 19 of the NWAS MOU with CFR’s 11.11.15. (Please ask the Knutsford First Responder Team Leader if you would like a copy of this document).
2. Good working practice for KCFRT colleagues
2.1. Colleagues should seek advice from members of the KCFRT Executive about confidentiality and sharing information as necessary.
2.2. Colleagues will avoid exchanging personal information or comments about individuals with whom they have a professional relationship.
2.3. Talking about the private life of a colleague is to be avoided at all times, unless the colleague in question has instigated the conversation.
2.4. Colleagues will avoid discussing confidential information about organisations or individuals in social settings.
2.5. Colleagues will not disclose to anyone, other than where appropriate, to the KCFRT Chairman or other representative of the KCFRT Executive, any information considered sensitive, personal, financial or private without the knowledge or consent of the individual.
3. Why information is held
3.1. Most information held by KCFRT relates to individuals, voluntary and community organisations, volunteers, trustees or services, which support or fund them. KCFRT does not hold individual personal files.
3.2. KCFRT may collect personal information when a member of the public interacts with KCFRT. There are many occasions when this could happen, for example; if someone enquires about KCFRT activities, registers online, makes a donation, applies for a volunteering opportunity, or if someone provides some optional feedback, or otherwise provides us with personal information. This may be by phone, website, through the post, or in person.
3.3. Information is kept to enable KCFRT colleagues to understand the history and activities of individuals or organisations in order to deliver the most appropriate services.
4. What information is held
4.1. The personal information collected might include contact details such as name, date of birth, email address, postal address, telephone number and credit/debit card details (upon making a donation), as well as information provided in any correspondence.
5.2. The CAF Widget and the Donate Button use a cookie. By using the Widget and the Donate Button, donors are agreeing to the use of the cookie on their computers (“Cookies” are small text files that are placed on computers by websites visited. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site).
6. How personal information is used
6.1. KCFRT may use personal information to:
• Provide or administer activities relating to all services
• To enhance the service that KCFRT colleagues provide, to fulfil gift aid declarations or to improve information and communications
• Provide information about KCFRT plans. This may include fundraising updates; KCFRT will only do this either with consent, where there is a need to fulfil a contract or service, or where KCFRT believes there is an expectation to be updated and contacted.
7. Access to information
7.1. Information is confidential to KCFRT as an organisation and may be passed to KCFRT colleagues on a need to know basis to ensure the best quality service for users.
7.2. Where information is sensitive, i.e. it involves disputes or legal issues, it will be confidential to the KCFRT colleague dealing with the case and the Chairman and/or another member of the KCFRT Executive. Such information should be clearly labeled ‘Confidential’ and should state the names of the KCFRT colleagues entitled to access the information and the name of any individual or group who may request access to the information.
7.3. Personal information is never shared with other organisations for any marketing activities. Nor does KCFRT sell any information web browsing activity. Any information collected by KCFRT will be treated confidentially.
8. Storing information
8.1. General non-confidential information about organisations is kept in unlocked filing cabinets and in password protected personal computer folders.
8.2. Personnel information will be kept in password protected personal computer folders.
8.3. We may carry out periodic deletion of data whose retention period has expired and/or when the need to continue holding such data is no longer necessary.
8.4. The KCFRT website may contain links to other sites. KCFRT is not responsible for the content or the privacy practices employed by other sites. Advertisers or Web sites that have links on the KCFRT site may collect personally identifiable information. This privacy statement does not cover the information practices of those websites or advertisers.
8.5. Any debit or credit card details which are received on the KCFRT website are passed securely to CAF a payment processing partner, according to the Payment Card Industry Security Standards.
9. Duty to disclose information
9.1. There is a legal duty to disclose some information including:
• Child and vulnerable adult abuse will be reported to the relevant statutory services
• Drug trafficking, money laundering or acts of terrorism will be disclosed to the police
9.2. In addition colleagues believing an illegal act has taken place, or that a user is at risk of harming themselves or others, must report this to the Chairman who will report it to the appropriate authorities.
9.3. Users should be informed of this disclosure unless this would put at risk the safety of any individual or jeopardise a potential criminal investigation. Details about disclosure of information and who has been informed will always be kept on record and stored securely with restricted access.
10. Data Protection Act
10.1. Information about individuals, whether on computer or on paper, falls within the scope of the Data Protection Act and must comply with the data protection principles. These are that personal data must be:
• Obtained and processed fairly and lawfully
• Held only for specified lawful purposes
• Adequate, relevant and not excessive
• Accurate and where necessary kept up to date
• Not kept longer than necessary, for the purpose(s) it is used
• Processed in accordance with the rights of the data subject under the Act
• Appropriate technical and organisational measures are to be taken to guard against loss or destruction of, or damage to, personal data
• Not transferred to countries outside the European Economic Area without an adequate level of protection in place
11. Breach of confidentiality
11.1. Misuse of personal data and security incidents must be reported to members of the KCFRT Executive so that steps can be taken to rectify the problem and ensure that the same problem does not occur again. This includes unauthorised access to person-identifiable information where a KCFRT colleague, or a third party, does not have a need to know. It also includes incidents of information lying around in a public area, theft and loss of information.
12. How to update or access personal information
12.1. Any KCFRT colleague or member of the public can contact KCRFT at any time to ask for an update to their personal details, or correct or remove inaccurate information. Any KCFRT colleague or member of the public also has a right to know what personal information KCFRT holds about them. To request a copy of personal information held by KCFRT, or to request changes to personal information, contact the Secretary using the contact details on our website
13. Revision History
|Version number||Reason for change||Valid from|
|2||Ammendments made in 5.1 Web address changed in footer||01-Aug-2019|