Subscribe

Privacy Policy

Protecting your privacy

On 25th May 2018, data protection laws are changing when the General Data Protection Regulations (GDPR) take effect.  As someone who engages with and supports the activity of Youth Homeless NE we want to let you know that we are committed to protecting your privacy.

We have reviewed and updated our Privacy Policy in line with GDPR which is available on our website.

We will always respect your privacy, and any personal information you share with us will be kept safe and secure.  Your information will only be used for the purposes that have been explained to you and for which you have given express consent.

We do not share your personal information with third parties unless required by law.

If at any time you would prefer not to receive communication or e newsletters, please unsubscribe at the bottom of the newsletter or contact info@yhne.org.uk. Where YHN is using your information with consent, you can remove consent at any time.  You also have the right to ask YHN to stop using your information for marketing purposes.  To remove consent please contact us on 0191 2551911 or email info@yhne.org.uk.

If you have any questions are require more information about our privacy policy, please contact us on 0191 2551911 or email info@yhne.org.uk.


Privacy Statement

It is the policy of YHN to collect and retain data that is necessary to the conduct of our business, to respect the privacy of individuals and to ensure that any data held is secure.  Access to such data will be available only to those who have a specific right, as detailed, under current legislation.  This applies to automated, electronic and manual records.

These principles will be followed at all times when processing or using personal information. Therefore, through appropriate management and strict application of criteria and controls, YHN will:

  • observe fully the conditions regarding the fair collection and use of information
  • meet its legal obligations to specify the purposes for which information is used
  • collect and process appropriate information only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements
  • ensure the quality of information used
  • ensure that the information is held for no longer than is necessary
  • ensure that the rights of people about whom information is held can be fully exercised under the Data Protection Act (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information)
  • take appropriate technical and organisational security measures to safeguard personal information
  • ensure that personal information is not transferred abroad without suitable safeguards.


Our commitment to protecting your privacy

 Youth Homeless North (YHN) is committed fully to compliance with the requirements of the General Data Protection Regulations 2018. The Regulations applies to all organisations that process data to their employees, as well as to others e.g. customers, donors and clients. It sets out principles which should be followed by those who process data; it gives rights to those whose data is being processed.

To this end, the organisation endorses fully and adheres to the eight principles of data protection, as set out in the Regulations.

  1. Data must be processed fairly and lawfully
  2. Data must only be obtained for specified and lawful purpose
  3. Data must be adequate, relevant and not excessive
  4. Data must be accurate and up to date
  5. Data must not be kept for longer than necessary
  6. Data must be processed in accordance with the “data subject’s” (the individual’s) rights
  7. Data must be securely kept
  8. Data must not be transferred to any other country without adequate protection in place

If subjects are unidentifiable by the information collected and retained, the Regulations don’t apply.  However, it is good practice to do so.

Full Privacy Policy

Terminology

Data Subjects – the people or organisation(s) of whom the organisation keeps details on. This includes employees, young people, volunteers and donors.

The Data Controller – is the body ultimately accountable for data – which is Youth Homeless North.

A person (or incorporated organisation) who either alone, jointly or in common with other persons, determines the purposes for which, and the way, any personal data are, or are to be, processed. YHN decides why and how personal data is processed.

The Data Protection Officer – is exempt, therefore not required by YHN.  This is only appropriate for public bodies and other large organisations.

Data Processor – personnel or organisations who process data on behalf of YHN.  Currently (May 2018) this is Northumbria University (annual survey) and Ellison Services (payroll service).

Responsibility – to process data in line with the regulations and company policy. This is delegated to the Office Manager as data protection lead.

Responsibility – including volunteers, staff and Board members

All personnel connected with YHN are expected to abide by this policy and its implementation.

Awareness that disclosure of information in breach of this policy may be subject to disciplinary action and may even be committing a crime and could be prosecuted.

All personnel are responsible for informing YHN of any changes to information that they have provided, e.g. changes of address, either at the time of appointment or subsequently.

Devices

Portable devices such as memory sticks, iPads, laptops, digital cameras, smart phones and the likes, will be the property of YHN and password protected.

Any sensitive or confidential information will be passworded.

Computers and papers should not be removed from the office for any other purpose without the prior consent of the Director.  This consent will outline procedures and protocols for data input, timescales and security during induction period.

Storage and Data Retention Periods

Data retention periods are as listed below regardless of manual or electronic formats.

All sensitive and/or confidential information shall be held on site with restricted access via passwords, encryptions and lockable storage by the Director.

Published reports – for the life of the project or until the organisation ceases to exist.

Financial Records – accounts, purchase orders, petty cash records, funding grant and tender applications and all other relevant information – 7 years PLUS current financial year.

Insurance Records – including indemnity, employer, public liability etc. – Forever with a minimum of 40 years.

Personnel Records – including Board, volunteers and staff applications, appraisals, supervisions, training records, disciplinary, scoring criteria, referee letters etc. If successful appointment, 3 years after departure date.  If unsuccessful – candidates 3 months.

Personal Information – that could be used to identify an individual; including young people, volunteers, donors (information may include name, postal address, email address, phone numbers, social media contact details) will be stored for 12 months after engagement has ceased.

Safeguarding (referrals) information – 7 years after last contact with person/family/ child concerned.

Evidence relating to YHN reports i.e. surveys, polls, questionnaires, focus group notes etc. – 5 years after report published date.

E-news subscribers – for the life of the organisation or until organisation ceases to exist.

Media/photos/images and consent of such – for the life of the organisation, until the organisation ceases to exist, or consent is withdrawn.

Data Security

All personnel are responsible for ensuring that:

  • any personal data held is kept securely.
  • personal information is not disclosed either orally, in writing, electronically or by any other means, accidentally or otherwise, to any unauthorised third party.

YHN will implement appropriate security measures including technical and organisational procedures against any unauthorised or unlawful processing of personal data and to prevent its accidental loss, damage or destruction.

YHN will ensure that personal data, electronic, manual or any other means is stored securely, for no longer than necessary and disposed of appropriately.  This usually means shredded using Mea House shredding facility. Any other methods of disposal must be agreed by the Director and it is the Directors discretion to inform the Board before any action is taken.

Staff should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases. Personal information will be kept in a locked filing cabinet or drawer.  Electronic files will be password protected and only accessible by the Director.  If it is computerised, be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.

Disaster Recovery

The organisations’ data is automatically backed up through Office 365. Offline copies of YHN files are stored on an external hard drive and backed up every two weeks. In the event of file deletion, files can be recovered from the electronic recycle bin. The Office 365 administrator should be contacted prior to file recovery.

Firewalls and virus checkers are kept up to date and running on all YHN hardware. The Office Manager should ensure that all laptops are set to automatically run weekly system scans for threats and real-time protection is in operation.

In the event of loss of electricity, network problems or server failure, paper forms should be used for temporary record keeping. YHN files are automatically backed up to the cloud through Office 365 and should not be affected. Once access has been restored, any temporary data should be stored electronically, and the physical copy destroyed or securely stored in a locked cabinet or drawer.

Subject Consent

We will only process data and personal data with the consent of the individual unless we are legally bound to share data. Consent will be retained for the life of the organisation.

Incident Reporting

Any breach or the misuse or loss of data should be reported immediately to the Director who will inform the Chair. The incident will be fully investigated, existing procedures checked, and new measures implemented if necessary.  Any affected parties of a breach will be notified of such breach as soon as possible but certainly within 14 working days.

Any breaches directly, negligently or otherwise, or misuse of information may result in disciplinary action against the person concerned under YHN’s disciplinary procedure.

Confidentiality

All personal information will be treated in confidence and will not be given out to any party without their express permission to do so (except where we have a legal obligation to do so). Legal reasons include:

  • If there is a real concern that a third person is at risk i.e. suspected adult or child abuse
  • Should an individual fall urgently ill whilst working or volunteering with us and information needs to be given to medical personnel
  • When it is necessary to disclose information for the detection and prevention of crime and taxation or any other illegal activity or purposes
  • Where any other overriding law requires us to disclose
Training

Training in GDPR will be offered to all staff, Board members, volunteers and appropriate personnel this can be classroom based, online, or any other format deemed appropriate during the induction period.  This training will be refreshed when deemed necessary.

Transfer

YHN may transfer data without the specific consent of subjects if the transferred data will be kept in line with current policy.  Data may not be transferred to a nation state outside the EU unless we are duty bound to for criminal, safeguarding or fraudulent purposes as determined by the General Data Protection Regulations.

Subject Access

Any subject (as determined earlier in this document) may request details of personal information which we hold about him or her under the DPA. If someone wishes to do so they need to write to the Director at Mea House, Ellison Place, Newcastle upon Tyne, NE1 8XS. The requested information will normally be provided within 14 days.

If a person believes that any information held on them is incorrect or incomplete, they should contact the Director at YHN office as soon as possible, at the above address. We will promptly correct any information found to be incorrect or we will correct any information to be found within 14 days.

Any subject can request their information be deleted or removed without prejudice, at anytime in writing or via email to info@yhne.org.uk. YHN will undertake this request as soon as possible and certainly within 14 days.

Twitter:

More news

Supported by:

Youth Homeless North East is made possible by the generous support of




Contact Us:

Youth Homeless North East
MEA House
Ellison Place
Newcastle upon Tyne
NE1 8XS

Tel: 0191 255 1911

Email:
info@yhne.org.uk

Make a donation using Virgin Money Giving