In its use of personal data in the exercise of its functions, paid employees and volunteers of The Haven must comply with the requirements of the General Data Protection Regulation 2018. This statement sets out the policy by which it will ensure that compliance is achieved.
Compliance with Data Protection Principles
The Haven fully supports the objectives of the General Data Protection Regulation 2018 (GDPR) and will comply with its principles, namely that the personal data it processes will be obtained fairly and lawfully and not processed
unless one of the conditions specified in Schedule 2 (and also in the case of sensitive data, one of the conditions in Schedule 3) of the Act are met.
We are committed at every level and in all aspects of the service we offer to provide a confidential service to all clients
Confidentiality is not between the individual and the trained counsellor, but between the individual and the organisation. Any discussion of the client records within the organisation will be purposeful, sensitive and respectful
No conversation about a client should take place outside of the organisation or with anyone who does not work as a volunteer or a paid employee
In order to provide the best possible help to clients, it may be necessary to share information with a supervisor or Counselling Team
Information divulged by a client will be treated in the utmost confidence and will not be divulged to anyone outside the organisation except where extenuating circumstances exist (see below)
No information about a client will be given to any third party even if the person is a member of the client’s family
Information will only be passed onto another agency with the full informed consent of the client. The client has the right to withhold consent unless there are exceptional circumstances relating to the client’s safety (see details
If the trained counsellor intends to obtain help from another agency or refer the client to another agency, this must be explained to the client and their permission given
Clients under 16 are not required to have parental consent to use our services but trained counsellors will always encourage these younger clients to discuss this issue with their parents or carer
In certain circumstances, we reserve the right to break confidentiality should this be deemed necessary. These circumstances include:
Where there is reasonable cause to suspect that a child under the age of 18 is suffering, or at risk of suffering, significant harm
Where the client has threatened, or is likely, to do serious harm to themselves or another individual
Where the client gives information which indicates a possible terrorist attack
Where the centre has been instructed by the courts (including in limited circumstances by the police, acting on the authority of the courts) to reveal information. This will only be done if the courts or the Police ask in writing
through their official channels
In all of these cases, if a decision is made to break confidentiality, it will be done only after consultation with the supervisor, Counselling Team Lead and Project Manager
If confidentiality will have to be breached the Counsellor will make every effort to discuss it with the client unless this is deemed inadvisable. The client will be encouraged to contact the relevant authority involved themselves
If the client is unwilling to take action then the decision to breach confidentiality will be made by the organisation, not the individual trained counsellor. The trained Counsellor must consult the Counselling Team Lead / Project
Manager and or supervisor
Trained counsellor will keep careful notes of any incidents and all action taken should be recorded in the relevant place for a supervision record
Data Subject Access Requests
All data subject access requests for personal information made to The Haven under the GDPR will be dealt with by the Trustee with responsibility for Data Protection.
The Haven will provide copies of the information it holds, by post, subject to the provisions of the GDPR.
Staff Awareness and Training
All staff will be made aware of the GDPR , and of their obligations under it.
All new members of staff will receive information about the Data Protection Act as part of their induction process.
All staff and volunteers will be asked to sign a policy agreement form when joining the organization.
Staff and volunteers will be properly trained and competent to receive confidential information and deal with the issues raised
Staff and volunteer induction will involve familiarisation with the Confidentiality Policy and instruction in implementing it
Confidentiality re: Staff
Staff and volunteer members also have the right to confidentiality
In order to protect trained counsellors and staff members, their personal details should never be divulged to a member of the public
On joining, all staff and volunteers will be asked to complete a form with their contact details. This will be kept in a secure place only to be accessed by management staff
All staff training and supervision records will be kept in a secure place
Confidentiality of Client Records, Statistics, Publicity, Phone calls and Correspondence.
All client records will be kept securely. It is the responsibility of those on duty to ensure that all written records are locked away at the end of each session
Client records and any correspondence will be destroyed after six years or if a client is under 18, six years after they turn 18
Clients have the right to see their records. If such records exist the client is entitled to see them
Any statistical information shared for publicity purposes will not allow any clients to be identifiable
Anonymity will always be preserved if composite stories are created for publicity purposes
No specific information about a client will be used publicly without their written consent
All letters and printed emails that disclose personal details of clients will be kept in a locked filing cabinet, separate to their notes
If a letter or email is received from a client that could be purposefully used in publicity, permission will always be sought from the writer
Regarding phone calls. If returning a landline phone call to a client, 141 should be dialled first to prevent other members of the client’s household tracing the call. Texts to client’s mobiles should be discreetly worded. Any
client numbers left on the voicemail service should be removed as soon as possible and any notes made during the conversation revealing the client’s details should be shredded or stored in a locked filing cabinet
An email regarding an appointment or personal client information will be deleted as soon as possible. If the correspondence is such that it is needed to be kept with their records it will be printed and stored in a locked filing
cabinet and then deleted from the email account
In order to comply with the requirement of the GDPR that personal data be kept safe from unauthorised or unlawful access or processing and protected against accidental loss destruction or damage, all staff will:
Be aware of and follow the security requirements applicable to the personal data upon which they work, to files and documentation, and which cover access to their work areas;
Ensure that personal data is disposed of in accordance with the The Haven Data Retention Policy.
Confidentiality of Supporters on the Mailing List
All supporter’s information that is stored on the computer will be kept up to date and will not be used outside the charity in anyway
This data will be stored in a folder with a password. Only the Administrator, Project Manager will have access to this information. This information will not be shared with anyone else unless there is need to do so on grounds
their being a significant risk to those involved
All written information about supporter’s and correspondence will be stored in a locked filing cabinet in the office or shredded if no longer needed
Only what is needed will be kept about supporters, as soon as someone would like to be removed from our mailing list we shall do so instantly
Confidentiality for Supporters who give Financially
All supporters who give financially will be seen on the online bank statements and so those who have access to this will only know who the regular givers are: these are the people appointed as financial signatories of the
organisation by the Trustees
Gift aid forms are stored in a locked filing cabinet and will be kept indefinitely in compliance with HMRC. It is the responsibility of the person who filled out the form to make us aware of any changes to their circumstances
which mean we can no longer claim gift aid on their behalf
Disregarding this policy or failing to comply with the requirements of any Code of Practice or instruction issued in order to implement it may result in disciplinary action.