GDPR Privacy Statement
Vision Support is committed to ensuring that your personal data is held in accordance with the law. For the purposes of the act:
-
The Data Controller is Vision Support – a charity registered in England under registration number 1068565. Our address is Units 1 & 2, The Ropeworks, Whipcord Lane, Chester CH1 4DZ.
-
If you want to request your information please contact the Chief Executive, at the above address
-
Personal data on individuals is held either to allow us to provide our services, or because we are required to do so by law, or with your consent (for example for fundraising or marketing purposes).
-
Personal data is held in accordance with the Data Protection principles below, and for the reasons specified
-
If at any point you are concerned that we are not complying with Data Protection rules you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Data Protection Principles
We endorse and adhere to the principles of the Data Protection Act 2018 which specify that data must:
-
be fairly and lawfully processed;
-
be obtained for a specified and lawful purpose and not be processed in any manner incompatible with that purpose;
-
be adequate, relevant and not excessive for those purposes;
-
be accurate and, where necessary, kept up to date;
-
only be kept for as long as necessary for the purpose for which it was obtained;
-
be processed in accordance with the data subject’s rights;
-
be kept secure from unauthorized or unlawful processing and protected;
-
not be transferred to a country or territory outside the European Union without adequate protection.
Handling of Personal/Sensitive Information
Vision Support will, through appropriate management and the use of strict criteria and controls:-
-
Observe fully the conditions concerning the fair collection and use of personal information;
-
Specify the purpose for which information is used;
-
Collect and process information only to the extent that it is needed to fulfil operational needs or legal requirements;
-
Ensure that data is only passed to a third party where there is a legitimate or lawful reason for doing so (for example, passing bank details to our payroll bureau in order to pay staff; passing service user details to a local authority as part of our contract with them)
-
Endeavour always to ensure the quality of information used;
-
Not keep information for longer than required operationally or legally;
-
Always endeavour to safeguard personal information by physical and technical means (i.e. keeping paper files and other records or documents containing personal/sensitive data in a secure environment; protecting personal data held on computers and computer systems by the use of secure passwords which, where possible, are changed periodically and ensuring that individual passwords are not easily compromised);
-
Ensure that personal information is not transferred abroad without suitable safeguards;
-
Ensure that the lawful rights of people about whom the information is held can be fully exercised.
-
Ensure that CCTV images, if applicable, are used solely for the purposes of safety and security
In addition, Vision Support will ensure that:
-
There is a designated person with specific responsibility for data protection in the organisation.
-
Reasonable steps are taken to ensure the reliability of employees having access to personal information;
-
All staff managing and handling personal information understand that they are contractually responsible for following good data protection practice;
-
All staff managing and handling personal information are appropriately supervised and made aware of their legal responsibilities;
-
Computer terminals are placed in such a way that screens displaying personal information are not in public view and cannot be seen by passers-by;
-
That laptops and other portable devices are protected so that information cannot be accessed if they are lost or stolen;
-
A clear procedure is in place for anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public and that such enquiries are promptly and courteously dealt with;
-
Methods of handling personal information are regularly assessed and evaluated;