Name of company
Music Mind Spirit Trust, SongTrees
Registered office
The Old Farmhouse, Hermongers Lane
Horsham RH12 3AL
Contact details
Tel: +44 01403 824034+44 01403 824034
E-mail: musicmindspirit@gmail.com
Policy operational date |
from 25 May 2018 to present |
Policy prepared by |
Dr J C Robertson |
Policy review date |
reviewed 25 May 2022; next review 25 May 2023. |
Introduction |
|
Purpose of policy |
|
Data Protection Principles |
The EU General Data Protection Regulation (GDPR) offers increased protection of the collection and processing of personal data, including contact details. |
Policy statement |
The MMST Policy statement:
|
Key risks |
The two key areas of potential risk about which MMST takes extra precautions to guard against:
|
Responsibitilies |
|
Trustees |
MMST Trustees have overall responsibility for ensuring that the organisation complies with its legal obligations. |
Data Protection Officer |
The Data Protection Officer’s responsibilities include:
|
Team/Department managers |
Each MMST team where personal data is handled is responsible for drawing up its own operational procedures (including induction and training) to ensure that good Data Protection practice is established and followed.
Also, the managers ensure that the Data Protection Officer is informed of any changes in their use of personal data that might affect MMST’s Notification. |
Staff & volunteers |
MMST staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work. |
Confidentiality |
|
Scope |
Confidentiality applies to a much wider range of information than Data Protection. Therefore, the following are likely to be confidential, but may well not be subject to Data Protection:
|
Understanding of confidentiality |
When working with all ages, including children, young people and the elderly, procedures from the MMST’s Safeguarding Policy are strictly followed. |
Communication with staff |
Staff and volunteers are informed and trained in their responsibilities, and about correct procedures regarding disclosure and access. |
Security |
|
Specific risks |
Staff and volunteer contact details are not given over the phone. |
Subject access |
|
Responsibility |
MMST ensures that subject access requests regarding the contact details held about an individual are handled within the legal time limit of 40 days. |
Procedure for making request |
Subject access requests must be in writing or via email. There is a clear responsibility for all staff to pass on anything which might be a subject access request to the appropriate person without delay. |
Provision for verifying identity |
Where the person managing the access procedure does not know the individual personally, identity is required and verified before handing over any information. |
Transparency |
|
Procedure |
Data protection information is conveyed through:
|
Consent |
|
Forms of consent |
Consent for MMST to use email addresses to send updates about events and activities can be given via email, in writing or by verbal consent, which is safely documented. |
Opting out |
Individuals are free to opt out of receiving email updates at anytime via the website. |
Withdrawing consent |
MMST acknowledges that, once given, consent can be withdrawn, but not retrospectively. |
Direct marketing |
|
Underlying principles |
Activities include providing information about donations, goods and services, and forthcoming and historic events. |
Opting out |
As individuals have the right to require their data not to be used for notification about the above activities, they are free to opt-out (via email, including from the website) at any time. |
Electronic contact |
Because of the Data Protection and Privacy (EC Directive) Regulations 2003 most electronic marketing (by phone, fax, e-mail or text message) either requires consent in advance or electronic consent. |
Staff training & acceptance of responsibilities |
|
Documentation |
Procedures relating to Data Protection are maintained and documented. |
Induction |
All staff who have access to any kind of personal data have their responsibilities outlined during their induction procedures. |
Continuing training |
Data Protection issues are raised at opportunities including staff training, team meetings, supervisions, etc. |
Policy review |
|
Responsibility |
MMST has responsibility for carrying out the next policy review. |
Procedure |
Dr C Robertson will consult with staff members with responsibility for complying with the Data Protection Act in the review. |
Timing |
The next major review will commence by Feb 2023, in order to be completed by 25 May 2023. |