a place for wildlife

Privacy Policy

Background Records and data are vital to the Trust’s work and, therefore, it is essential that the Trust does all it can to protect its data from loss or misuse. In addition the Trust has to comply with the Data Protection Act (DPA) 1998 which regulates the use of personal data, no matter how it is held.

A Guide to the DPA is attached as Appendix 1. The Act requires those holding the data (the ‘data controllers’) to comply with 8 data protection principles which say that personal data must be:

  • processed fairly and lawfully
  • processed for limited purposes and not in any manner not compatible with those purposes
  • adequate, relevant and not excessive
  • accurate
  • kept for no longer than is necessary
  • processed in line with the rights of ‘data subjects’
  • kept securely
  • not transferred to countries that do not protect personal data adequately

The Act also gives individuals (the ‘data subjects’) the rights to:
have a copy of the data that an organisation holds about them
apply to the courts to obtain an order requiring data controllers to correct inaccurate data held about them
seek compensation where damage and distress have been caused as a result of any breach of the Act
in some circumstances, stop an employer keeping information about them or using the information in particular ways

Therefore, the Trust must have procedures in place covering all records and data whether they be held manually, electronically (e.g. on computers or CDs), or by any other means (e.g. microfiche).

Guidelines on what personal information the Trust may hold about you and what your rights are under the Act are attached as Appendix 2.

The Procedures:

  • Security of data held on Trust computers
  • Security of data held elsewhere (e.g. by Local Groups)
  • Building security

    • The Procedures for the security of all the above data are set out in the Trust’s ITC Procedures.

  • Records not held on computers

Non-personal records:

  • Important documents such as title deeds to land or property will be held by the Trust’s solicitors.
  • All other documents will be filed on Trust premises and managed by the department responsible for them.
  • No copies of records will be taken if Intellectual Property Rights (e.g. copyright) are likely to be infringed.
  • Records will be regularly reviewed and those no longer required will be disposed of unless they have to be retained for legal, historical or other reasons - see also Retention Guidelines below.

Personal data (including Trust member records):

  • All such records will be stored in specified locked cabinets.
  • Membership Records will be held in secure computer files while membership forms will be stored securely until no longer required.
  • Only people authorised by the Chief Executive or the Development Manager will be allowed access to these records and then only to those records that they need.
  • Records must be relevant and adequate for the intended purpose and they must be checked to ensure they are accurate.
  • Records must be processed fairly, lawfully and with the consent of the data subjects.
  • Where Criminal Records Bureau (CRB) checking is required, the Trust’s procedures will be strictly followed – see Part 5 of the Employment Procedures.
  • No information is to be given to anyone, individual or organisation, that we are not certain has the right to such information or will comply with the DPA.
  • No information is to be given without the express authority of the Chief Executive or Head of Development.
  • Personal and Members data will be regularly reviewed and will be shredded and securely disposed of when no longer required – see also Retention Guidelines in Appendix C.
  • Where a person has the right to have a copy of the personal information we hold about them, any such request must be in writing and dealt with by the Chief Executive, Head of Development, or person authorised by them to do so.

Retention Guidelines:

  • All records, especially personal data, should only be retained for as long as is necessary.
  • In addition there are legal requirements to be met – for instance, under the DPA or in relation to the retention of financial information.
  • Guidelines for the retention periods for various records are set out in Appendix 3.

Criminal Records Bureau data:

  • Special procedures apply to the handling, storage and retention of data produced in the course of CRB checks. These are set out as Part 5 of the Employment Procedures.

Staff training:

  • All staff and appropriate volunteers will be given relevant instructions.
  • Additional training will be given to anyone who will be involved in the handling of personal data as part of their work – for instance, using staff or member records, staff counselling, recruitment, line management, and exit interviews.

Procedures to be read in conjunction with:

  • Data Protection Policy
  • ITC Policy
  • ITC Procedures
  • Employment Procedures (Part 5 on CRB Procedures)

Appendices 1, 2 and 3 form part of these Procedures

As approved by the Management Team on 2 April 2007

APPENDICES

Appendix 1

Data Protection Act 1998

There is a need to ensure that the Trust conforms to best employment practices in accordance with requirements under the Data Protection Act (DPA).

When a voluntary organisation (such as the Trust) holds information on individuals, management and staff both have to be aware of personal privacy and access to information. The aim of the DPA is to strike a balance between an employee’s legitimate right to respect in his/her private life and an employer’s legitimate needs in running a business.

Specific Points to Note:

  • The legal requirement on employers is to comply with the DPA itself.
  • The Trust’s senior manager responsible for all data information is the Head of Development.

  • The main areas covered by the DPA include:

    • managing data; advertising; job applications; verification; short-listing; interviews; pre-employment vetting; retention and recruitment records; and medical forms.
  • All automated and computerised personal data is covered by the DPA, and it also covers personal data put on paper or microfiche and held in any relevant filing system.
  • The DPA allows the individual to request access to his/her personal data. The request must be in writing by letter or e-mail. The Trust must respond within 40 calendar days.
  • Routine monitoring of e-mail and Internet usage is acceptable and guidelines on e-mail usage are set out in Appendix 1 of the Trust’s ITC Procedures, which should be read in conjunction with the Trust’s Data Protection Policy.
  • Line managers have responsibility for the type of personal data they collect and how they use it. No member of staff should disclose personal data outside Trust procedures or use personal data held on other staff for their own purposes. Anyone disclosing personal data without authority may commit a criminal offence.
  • It is important to give accurate information when preparing a job advertisement and when giving reasons for short-listing or not short-listing job applicants, and subsequently to keep interview notes and retention of records.
  • As part of the DPA, the Government has set up the Criminal Records Bureau (CRB) which is intended to put the disclosure of information about an individual’s criminal history in England and Wales on a statutory footing, and to put proper safeguards in place concerning the copying, storage and retention of this information. RSWT has been registered as an umbrella body to access the CRB Disclosure Service and the Trust is entitled to use this service to assess an individual’s suitability for paid and voluntary positions. The Trust’s Head of Development is the designated member of Trust staff who will administer applications to RSWT for disclosure.
  • Guidelines about the retention of data are given in Appendix 3.

Any query about the Act should be directed to the Head of Development.

Appendix 2

Guide to Data Protection

Personal data in the UK is protected by the Data Protection Act 1998 (DPA). The DPA enhances the rights of individuals in respect of the information held about them by organisations.

Avon Wildlife Trust takes very seriously the privacy and security of the data that it holds about Trust people (this includes members of staff, volunteers and Trust members). This document sets out the ways in which the Trust handles information about you, and your rights in respect of that information.

WHAT INFORMATION DOES THE TRUST HOLD AND HOW DOES IT OBTAIN THE INFORMATION?

Generally, the Trust receives information about you from one or more of the following sources: directly from you, usually when you are appointed to a staff post, become a member, or offer to volunteer for us. This information might include name and address, telephone number, skills, occupation, bank details, etc. from third parties such as contact information, references, and telephone directories.

FOR WHAT PURPOSES DOES THE TRUST USE THE INFORMATION?

The Trust uses your information for a number of purposes which are outlined below:

Provision of services:

  • to administer and maintain your records (eg personnel records, volunteering details, and membership files)
  • to ensure that the support the Trust offers you continues to be the most appropriate for your needs
  • to respond to any other query that you might raise with the Trust about your employment, voluntary work, or membership
  • to update the Trust’s systems and improve its service to you

Other purposes:

  • to pass on information about you to the Royal Society of Wildlife Trusts
  • to keep you informed (by post, telephone or e-mail) about other ways in which members or volunteers can help Avon Wildlife Trust
  • to use information about you for the purpose of research and statistical analysis
  • to pass on information about you to banks and building societies for the purposes of collecting membership subscriptions
  • to appeal for funds both for specific purposes and for general support
CARING FOR YOUR DATA

The Trust undertakes that it will have in place a level of security appropriate to the nature of the data and the harm that might result from a breach of security.

The Trust further undertakes that it will:

  • not hold information about you which is excessive in relation to the purpose or purposes for which it is processed
  • ensure that any information about you is accurate and where necessary up-to-date (to help the Trust do this, please keep the Trust informed if any of your details change)
  • not keep data for any purpose longer than is necessary (the Trust may retain records of your employment, voluntary service, or membership for a time, after your involvement with the Trust has ended, to enable it to resolve any subsequent queries and to comply with legislative requirements)
  • process your information in accordance with your rights under the DPA
YOUR RIGHTS

You have certain rights under the DPA in relation to the information that the Trust holds about you. These rights are set out below:

  • You may request, by writing to the Trust at the address below, details of the information that the Trust holds about you and the purposes for which it is held. The Trust will provide the information held in a permanent form, as at the time of the request, subject to any routine processing continuing between that time and the time of response. Provision of such information will be subject to a charge (as permitted by the DPA) – currently £10 (cheque made payable to Avon Wildlife Trust). Your request will be met within 40 days of its receipt, or within 40 days of receipt of the fee or of any subsequent information needed to establish your relationship with the Trust or verify your identity.
  • You are entitled, by notifying the Trust in writing, to require the Trust to cease (or not to begin) processing personal data on the grounds that it is causing, or is likely to cause substantial damage or distress to you, or another, and that the damage or distress is, or would be, unwarranted. This does not apply (1) where you have consented to the processing, (2) where the processing is necessary for entering into, or for the performance of, a contract, (3) where the processing is necessary for compliance with a legal obligation, or (4) where the processing is necessary to protect your vital interests.
  • You are entitled, by notifying the Trust in writing, to require the Trust to stop using information about you for the purpose of direct marketing. Direct marketing means the communication (by whatever means) of any advertising or marketing material which is directed to you.
  • You are entitled, by notifying the Trust in writing, to require the Trust to ensure that no decision taken by or on behalf of the Trust, and which significantly affects you, is based solely on the automated processing of your information, for the purpose of evaluating such matters as reliability or conduct.
CONTACT DETAILS

Head of Development (Data Protection), Avon Wildlife Trust, 32 Jacobs Wells Road, Bristol BS8 1DR

THE INFORMATION COMMISSIONER

If you wish to know more about your rights in respect of protection of personal data, you should write to:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire SK9 5AF

Or telephone 01625 545745 Or email Or view the data protection website www.ico.gsi.gov.uk

Appendix 3

Retention Guidelines

The following periods are guidelines to the main retention periods required by legislation or by decision of the Trust:

Application form (successful candidate)
Duration of employment
Application form (unsuccessful candidate)
3 months
Interview notes
3 months
Payroll and tax information
6 years
Sickness records
3 years
Annual leave records
2 years
Unpaid leave/special leave records
3 years
Staff Reviews
5 years
Records relating to promotion, transfer, training, and disciplinary matters
1 year from end of employment
References given/information to enable reference to be provided
5 years from reference/end of employment
Records relating to accident or injury at work
12 years
Grievances/notes on disciplinary actions
Keep on file for 12 months and then destroy if no other warnings are given