Data Protection

We have a responsibility, as a ‘Data Controller’ registered with the Information Commissioner, to uphold Data Protection standards required by the Data Protection Act 1998. The Trust is serious about protecting your privacy; protecting personal data that is held about individuals in compliance with the Act.

Information on how the Trust uses and shares personal information is provided in its Privacy Notice.docx [docx] 33KB

Some key definitions relating to Data Protection are:

Data Controller: The Trust is the ‘Data Controller’ and determines the purposes, and the manner, in which personal data is processed.

  • Data Subject: Is any living individual who is the subject of ‘Personal Data’, whether in a personal or business capacity. A person who is deceased is not a ‘Data Subject’. Any current, past and prospective customers, colleagues, Board members and third parties are all data subjects if we hold personal information about them.
  • Recipient: Any person to whom ‘Personal Data’ is disclosed.
  • Third Party: Any person other than the ‘Data Subject’, the ‘Data Controller’ or any other person authorised to process the data on the ‘Data Controller’s’ behalf. This could be an advisor, auditor, contractor or partner for example and can sometimes be known as data processors.
  • Personal Data: Data which relates to a living individual who can be identified from those data, or from those data and other information which is possession of or is likely to come into the possession of the ‘Data Controller’ (i.e. the Trust), and includes any expression of opinion about the individual and any indication of the intentions of the ‘Data Controller’ or any other person in respect of the individual.
  • Processing: If information is collected or held about an identifiable living individual, or if it is used, disclosed, retained or destroyed, then this would be deemed as ‘Processing Personal Data’.
  • Principles: There are 8 ‘principles’ within the Data Protection Act, all of which have the main purpose of protecting the interests of the individuals whose ‘Personal Data’ is being processed. These apply to everything that is done with that ‘Personal Data’and the Trust is therefore committed to these principles:
  1. To process personal data fairly and lawfully
  2. To only process personal data for specific and necessary purposes
  3. That the amount of personal data being held is adequate, relevant and not excessive
  4. That personal data is kept accurate and up to date
  5. That personal data is not kept longer than is necessary
  6. That the rights of individuals are recognised with regards to accessing personal data
  7. That appropriate security measures are taken against unauthorised or unlawful processing
  8. That no personal data is transferred to a country or territory outside the European Economic Area unless they have adequate levels of protection relating to processing of personal data

In providing our services to you, an in the course of dealing with your enquiries, we may have the need to pass your details on to one of our contractors or partner organisations. These third parties are also required to keep your personal information secure and abide by our Data Protection expectations.

Our data protection leaflet (click here to download: Data Protection Leaflet.pdf [pdf] 2MB ) provides you with an overview of your rights regarding Data Protection and informs you how you can access your personal data through a ‘Subject Access Request’. Please note that a £10 processing fee will be charged for each individual request.

You can view the Trust's Information Management (incorporating Data Protection) policy in A-Z of Policies

Further information relating to the Data Protection Act can be found on the Information Commissioner website

*Please note that throughout this website it contains links to other organisations but that we cannot give guarantees about their data protection policies and procedures