Data protection policy

This version agreed by the Board Autumn 2010 Next review due 2013   AACT recognises its obligations to beneficiaries, staff, volunteers and others with whom it does business to process data reasonably and fairly.   Access-ability Communications Technology Ltd (AACT) is a data controller under the meaning of the UK’s Data Protection Act.   This policy applies to information relating to identifiable individuals. Its purpose is to enable AACT to
  • comply with the law in respect of the data it holds about individuals
  • follow good practice;
  • protect AACT’s supporters, staff and other individuals
  • protect the organisation.
  AACT will
  • not only comply with the law but also monitor good practice guidelines from main charitable umbrella bodies and follow these where appropriate
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff and volunteers who handle personal data, so that they can act confidently and consistently
  AACT’s first priority is to avoid causing harm to individuals.  This means
  • keeping information securely in the right hands
  • holding good quality information.
  AACT will have a designated Data Protection Officer with the following responsibilities
  • Keeping informed about changes in the law relating to Data Protection
  • Regularly checking at least one of the main voluntary sector organisations to obtain updates in good practice guidance
  • Briefing the board on Data Protection responsibilities
  • Reviewing Data Protection and related policies
  • Advising other staff on Data Protection issues
  • Ensuring that Data Protection induction and training takes place
  • Notification and any other responsibilities under the UK’s Data Protection Act as required
  • Handling subject access requests
  • Approving unusual or controversial disclosures of personal data
  • Approving contracts with Data Processors
  • Ensuring accuracy of data held, for example by an annual audit of filing systems
  • Maintaining and publishing the method for Data Subject Access
  All staff, volunteers and sub-contractors where relevant are required to read, understand and accept any policies and procedures that relate to the personal data AACT holds.   Confidentiality applies to a wider range of information than covered by Data Protection. In cases where someone will be working with confidential information for AACT they will be required to sign a confidentiality statement. Our privacy statement   We have a legal duty under the Data Protection Act to prevent your information falling into the wrong hands.  We must also ensure that the data we hold is accurate, adequate, relevant and not excessive.   Normally the only information we hold comes directly from you.  Whenever we collect information from you, we will make it clear which information is required in order to provide you with the information, service or goods you need.  You do not have to provide us with any additional information unless you choose to.  We store your information securely on a computer system, we restrict access to those who have a need to know, and we train people in handling the information securely.   AACT is a mainly voluntary organization, but we do run projects which may have paid workers, for example from another charity, university or a self-employed person. We may pass your personal details to these people if (and only if) it is relevant to the work they are contracted to do with or for us. Such people will be required to agree to AACT’s confidentiality and data protection policies.   You have the right to a copy of all the information we hold about you (apart from a very few things which we may be obliged to withhold because they concern other people as well as you). To obtain a copy write to the Data Protection Officer at AACT.  There is a charge of £10 for a copy of your data (as permitted by law).  We aim to reply as promptly as we can and, in any case, within the legal maximum of 40 days.   Currently our website does not automatically collect data about users (such as IP addresses), nor does it set any cookies. This may change in the future, and our policy will be publicized on the website and this statement updated.