Data Protection And Privacy Policy

Introduction

This Data Protection and Privacy Policy outlines how personal information about children, young people, and their families will be stored, used, and protected by our organization. We are committed to ensuring the privacy and confidentiality of all personal data in compliance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy also integrates trauma-informed and Adverse Childhood Experiences (ACE) principles to ensure that our approach to data protection respects the rights, dignity, and welfare of individuals.

Purpose of Data Collection

We collect personal data to provide effective and tailored services to children, young people, and their families. This includes but is not limited to:

  • Supporting young people’s development and well-being.
  • Providing tailored interventions to address individual needs and goals.
  • Communicating with families to enhance engagement and outcomes.
  • Reporting to regulatory bodies or funding sources when required.

Types of Data Collected

We collect the following categories of personal data:

  • Personal Identifiers: Name, age, gender, contact details.
  • Health and Welfare Information: Medical history, trauma-related information, ACEs, educational background, and mental health.
  • Family Information: Parent/guardian details, living arrangements, and family structure.
  • Behavioral and Social Information: Engagement in activities, progress reports, interactions with support services, and involvement in antisocial behavior, crime, or other risk factors.

Legal Basis for Processing Data

Under the UK GDPR, we process personal data based on the following legal grounds:

  • Consent: For most of the data collected, explicit consent from children, young people, or their families is obtained.
  • Legal Obligation: Data may be processed to fulfill legal duties, such as safeguarding responsibilities.
  • Vital Interests: In some circumstances, data may be processed when it is necessary to protect someone’s life.
  • Public Task: Data is processed when required for the performance of a task in the public interest or in the exercise of official authority vested in us.

Data Protection Principles

In compliance with the UK GDPR, we adhere to the following principles in handling personal data:

  • Lawfulness, Fairness, and Transparency: Data will be collected and used lawfully and transparently, and individuals will be informed of how their data will be used.
  • Purpose Limitation: Data will only be used for the specific purpose it was collected for.
  • Data Minimization: We will only collect data that is necessary for the purposes outlined above.
  • Accuracy: Personal data will be kept up to date and accurate.
  • Storage Limitation: Data will only be kept for as long as necessary to fulfill the purpose for which it was collected.
  • Integrity and Confidentiality: Data will be kept secure and protected from unauthorized access, disclosure, alteration, and destruction.

How We Store and Protect Data

We implement a range of measures to protect personal data, including:

  • Secure Systems: We store personal data in secure, password-protected systems.
  • Access Control: Only authorized personnel with a legitimate need have access to sensitive data.
  • Data Encryption: Sensitive data will be encrypted when stored and transmitted.
  • Training: Staff members are trained on data protection principles and how to handle personal data responsibly.

Sharing of Data

We may share personal data with the following entities only when necessary and in compliance with the law:

  • External Agencies: As part of service provision, such as healthcare providers, schools, and social services, in line with safeguarding or legal obligations.
  • Regulatory Bodies: Where required by law for reporting purposes, such as to Ofsted or other relevant authorities.
  • Third-Party Service Providers: When engaging with third-party providers who assist in the delivery of our services, we ensure they adhere to the same data protection standards.

Rights of Individuals

Children, young people, and their families have the following rights regarding their personal data:

  • Right to Access: Individuals have the right to request copies of their personal data.
  • Right to Rectification: Individuals can request the correction of inaccurate or incomplete data.
  • Right to Erasure: Individuals can request that their data be deleted when it is no longer needed or when they withdraw their consent.
  • Right to Restrict Processing: Individuals can request that processing of their data be limited in certain circumstances.
  • Right to Object: Individuals can object to the processing of their data in certain situations.
  • Right to Data Portability: Individuals can request their data to be transferred to another service provider, if applicable.

Requests to exercise these rights can be submitted to our Data Protection Officer (DPO), whose contact details are provided below.

Trauma-Informed Approach to Data Protection

We recognize the importance of handling personal data with sensitivity, especially in the context of trauma and ACEs. We are committed to:

  • Ensuring that data collection and usage do not retraumatize individuals.
  • Providing individuals with information in a clear, accessible, and compassionate manner.
  • Ensuring that personal data is only shared with relevant parties who have a legitimate need to know.
  • Taking steps to minimize any potential harm caused by the misuse of data.

Retention of Data

Personal data will be retained for the minimum time necessary to fulfill the purposes for which it was collected, as outlined above. After this period, data will be securely deleted or anonymized in accordance with our data retention policy.

Data Breaches

In the event of a data breach, we will promptly assess the situation, mitigate the impact, and notify affected individuals and relevant authorities if required. We will take appropriate corrective actions to prevent future incidents.

This Data Protection and Privacy Policy will be reviewed regularly to ensure compliance with any changes in data protection laws and regulations.

Founded in 2022, Youth Empowering Service CIC (YES CIC) is a forward-thinking, trauma-informed social enterprise dedicated to empowering young people and strengthening communities. We specialise in delivering innovative programmes that address anti social behaviour via detached programmes, adverse childhood experiences (ACEs), promote positive behaviour, and support mental health and well-being.

Quick Links

Services

Legal

Designed by Frances and Kevin

Facebook-f Instagram Linkedin-in