LCCT Data Protection Policy
Leeds Christian Community Trust
Data Protection Policy
Leeds Christian Community Trust (LCCT) takes seriously its obligations under the General Data Protection Regulations 2018, and we are registered with the Information Commissioner Office (ICO). Our registration, which is renewed annually, allows us to process certain personal information following very strict guidelines, which define the data subjects, the classes of data, which may be held, and the data recipients.
We hold data for the purposes of Staff Administration, Supporter communications, Fundraising and Realising our Charitable Objectives. Personal data is defined as information about a living individual who is identifiable by that information, or who could be identified by the information combined with other data; it includes recorded opinion about or intentions regarding a person. The data falls into two main categories: -
- staff data (LCCT employees)
- external data
What: Various data is held on staff relating to their employment with LCCT. This will cover all aspects of recruitment, selection and employment such as the job application form, interview assessments, references, criminal records checks, probationary and annual reviews and supervisions, bank details and national insurance number, details of any deductions from pay (e.g. to the courts…or to trades unions), sick notes and medical assessments, details of grievance and disciplinary proceedings including current warnings (within the timescale allowed by the appropriate policies), reference requests, etc. Much of this data is, by its nature, highly personal, and LCCT recognises that it is its duty to safeguard the data by all possible means, and to notify staff about what is kept and why, along with information on how the data can be accessed and by whom.
Why: The data kept on staff is exclusively in relation to their employment with LCCT; no unrelated data will be kept. The data that is kept will be used for the purpose of administering and managing the employment of that individual.
Where: Most personal data is kept in LCCT’s employment files in the LCCT office and these are locked. Data relating to payroll (e.g. bank details, national insurance number, deductions details) are also kept by LCCT’s Payroll provider (Voluntary Action – Leeds), and again these are kept locked. Project managers, supervisors and Steering group chairs may also keep staff files covering supervision sessions plus any job-related information necessary for management. Again, these are securely kept. Computer files (e.g. supervision records, payroll details) are passworded and secured.
Whom: All staff contracts include information on data protection, and make clear that by signing the Statement of Written Employment Particulars, staff give express consent for LCCT to keep the data outlined above and to use it in the ways outlined above. Access to staff data is restricted to Management at the appropriate level, to Payroll staff for any issues specifically relating to pay, and to senior administrative staff (in connection with file maintenance, employment correspondence and the like). Staff are entitled to see their own personnel files; to do so, they should arrange a mutually convenient time with a member of the Governing Body or the LCCT Charity Administrator as appropriate.
Information on past employees is kept for up to 7 years under the same conditions as outlined above.
Personal data held on computers (including files, emails, databases, etc.) and personal data downloaded from the web or posted on the web are subject to the same control and restrictions as paper-based data. Staff must take particular care when using any personal data in these contexts.Staff should be aware that in exceptional circumstances LCCT may monitor use of the internet and/or emails; further information on this may be found in the Statement of Written Employment Particulars.
While the LCCT staff team are the Registered Data Controller, all staff and projects are responsible for ensuring their compliance with this Policy – for example, by keeping data they hold both up to date and secure (files should be kept locked up, and computers should be password protected), by not disclosing personal information or transferring it outside the organisation, and by taking particular care when using laptops, etc., in other locations (password protection is essential, and personal information may not be shared; neither screens nor paper files should be left unattended at any time). All data kept must be accurate, current, fair, kept and disposed of safely. Misuse of personal data is a disciplinary offence, and may even constitute a criminal offence.
Particular care must be taken when providing references, either employment-related or personal. it is usually preferable to provide factual references confirming employment dates, job title and key responsibilities Information relating to personal data (e.g. attendance records, discipline, etc.) must not be provided without the express written consent of the data subject.
LCCT recognises its duty to safeguard the data it holds on external groups and individuals. To this end at regular intervals we conduct an audit of data held, dispose of outdated information, and arrange secure storage systems for current data including locked/passworded storage, and locked archive facilities. In addition, the following steps have been taken:
- All written materials (payroll packs, newsletter forms, gift aid forms, recruitment packs, generic marketing leaflets, etc.) have been designed to ensure that all data is being kept with permission.
- Anyone LCCT works with is entitled to know what data is kept on her/him, why, how it is kept, and who can access it. Anyone LCCT works with may also see what data is kept on her/him and correct it if necessary; to do so, s/he should make a written request to the LCCT Charity Administrator, who will contact her/him to arrange a mutually convenient appointment for this, and who will facilitate the occasion either in person or by ensuring the involvement of other relevant project managers or staff.
Other Relevant Policies
Various LCCT Policies relate to and should be read alongside this Policy – for example:
(a) Statement of Written Employment Particulars
(b) Disciplinary Procedure
(c) Archiving Policy
(d) Safeguarding Policy
Any questions or concerns about the implementation of this Policy should be addressed to the LCCT administrator.
Further information on data protection issues generally is available from www.ico.gov.uk
Date of last Review: May 2018
Date of next Review: May 2019