We operate in accordance with General Data Protection Regulation (May 2018) principles. The client data we hold is used on the basis of consent and is limited to name, address, telephone number and, in a few cases, age.
Where service user data is kept and how we protect it:
Clients’ contact details are kept in three places: (1) an Excel spreadsheet; (2) our Microsoft OneNote system; (3) a filing cabinet (for hard-copy referrals, letters to and from listeners and all other administrative files).
- We do not store client data on portable devices. Both the spreadsheet and OneNote systems (available to only four volunteers) are password protected and maintained without remote access on a single password-protected computer. The locked filing cabinet and computer are kept inside a locked office within a well secured building.
- Our despatch process (i.e. putting recordings in the postal wallets) includes the use of a printed list showing surnames and client numbers but no contact details. Four regular volunteers make up the despatch team. (The addressed postal wallets are also handled by Royal Mail under the ‘Articles for the Blind’ label.)
- We keep a separate ‘ex listeners’ file on OneNote for those who temporarily opt out of our service; we then periodically contact these clients to check whether they would like to resume, or be removed from, the service. (This ‘ex-listeners’ list accommodates the extended holidays or hospital stays of some of our mostly elderly clients.)
- We delete a deceased client’s contact details within a month of that notification; we delete the details of any permanently opting-out client immediately upon request.*
- *For research or potential fundraising purposes a record is maintained of the number of clients we have served within a specific period – and where they live/d according to postcode only. All other identifying data (names, street addresses, etc.) is deleted.
Volunteer and Trustee data:
We hold the names, telephone numbers, email addresses (where possible) and home addresses of our 20 volunteers. We also hold bank details (within the secure online banking system) for those volunteers who claim expenses. Two volunteers (both trustees) have access to this bank account.
We also hold, securely, the standard details required of any trustee of a CIO as recorded in our charity’s official documents.
The five volunteers with administrative and/or despatch roles have been made fully aware of why, and how, to keep client records secure; all other volunteers have been apprised of the requirement to practise discretion in accordance with GDPR rules as they pertain to our charity and their role within it.
NB: Our external recording services team includes a fully CRB checked technician available to record text containing personal sensitive data.