We operate in accordance with General Data Protection Regulation (May 2018) principles. The client data we hold is used on the basis of consent and is limited to name, address, telephone number and, in a few cases, age.
Where service user data is kept and how we protect it:
Clients’ contact details are kept in three places: (1) a password protected Excel spreadsheet; (2) a password protected Microsoft OneNote system (offline only); (3) a locked filing cabinet (for hard-copy referrals, letters to and from listeners and all other administrative files).
- We do not store client data on portable devices. Access to the spreadsheet and OneNote systems is restricted to four people, three of whom are trustees. The locked filing cabinet and computer are kept inside a locked office within a well secured building.
- Our despatch process entails the use of a printed list showing surnames and client numbers but no contact details. The postal wallets showing clients’ addresses are kept inside a locked office within a secure building.
- We keep a separate ‘ex listeners’ file on OneNote for those who temporarily opt out of our service for reasons including hospitalisation or holiday; we then periodically contact these clients to check on their status and whether they would like to resume, or be removed from, the service.
- We delete a deceased client’s contact details within a month of that notification; we delete the details of any permanently opting-out client immediately upon request.
Volunteer and Trustee data:
We hold the names, telephone numbers, email addresses (where possible) and home addresses of our 20 volunteers. We also hold bank details (within the secure online banking system) for those volunteers who claim expenses. There are two signatories (both trustees) to this bank account.
We also hold, securely, the standard details required of any trustee of a CIO as recorded in our charity’s official documents.
The four volunteers with administrative and/or despatch roles have been made fully aware of why, and how, to keep client records secure; all other volunteers have been apprised of the requirement to practise discretion in accordance with GDPR rules as they pertain to our charity and their role within it.