Privacy Policy & Data Protection Policy
INTRODUCTION
This Policy is between you, herein known as the client or“data subject” and Onward Life Ltd, herein known as the company for the purposes of advising clients of how their data will be regulated and their rights and company’s obligation in accordance with the Data Protection Act 2018.As a business we are committed and fully supportive of transparency and fairness of all our activities concerning the storing and processing of our client’s personal information.
WHO WE ARE
Onward Life is a unique and inspirational organisation that focuses on post-traumatic stress and pre and post mental infirmities that can arise from personal and subsequent death responsibilities, following the loss of a loved one.
Our primary objective is to support and uplift individuals in the Surrey area who have been affected by a lack of resources, support, and societal acknowledgment.
We provide a one-stop-shop service of care, support and reliability that would help alleviate the added pressures that comes with the passing of the deceased.
LEGAL REQUIREMENTS
The Data Protection Act was updated in 2018 to include theEU GDPR (now known as UK GDPR) came into force in 2018, setting out with it, legal obligations that control how a person/s personal information should be used, processed, and shared by organisations or businesses amongst other priorities.
As a business there are certain requirements provided by the 2018 Act that are placed upon organisations to ensure information is:
a) Used fairly, lawfully, and transparently –personal client information procured by a company or organisation should be used in a way that will not infringe on the subject rights or expose them to harm or threat, used in a way that will not cause them detriment or impartiality but in a way that is correct and right and in a way that is open and translucent.
b) Used for specified and explicit purposes – personal client information should not exceed reasons for use that have been advised by the company/organisation unless communicated and authorised by the subject or permitted by law.
c) Use in a way that is adequate, relevant, and limited to only what is necessary – Personal client information must only be used for required purposes unless specified under legislation.
d) Accurate and, where necessary, kept up to date –personal client information must be accurate for the purposes of communication, diagnosis, treatment etc.
e) Kept for no longer than is necessary – personal client information is not to be kept longer than is needed by the company/organisation unless authorised by the subject or legal requirement.
f) Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction, or damage – personal client information must be stored according to legal requirements, which provides for the safe and secure storing of data online, where only relevant individuals may have access to, password protected if necessary, and have all the necessary security systems or firewalls in place to prevent hacking. Hard copies should be kept in licked storage units with access only being provided to a selective few.
g) Providing Subject Access Request (SAR) in a specified period of no longer than 1-month for general cases and a further 2-months for complex cases – This is a legal requirement to provide requested personal client information in the specified timeframe above.
h) Not charged for except for specified requirements – SARs are not to be charged for except for in extreme circumstances where data is thought to be excessive and time consuming.
For further information on organisations or business legal obligations please click HERE
HOW WE INTEND TO USE YOUR DATA
The organisation will use the client/s personal information in line with our legal obligation provided by the Data Protection Act 2018.
All personal information will be used for the purposes of the work carried out by the organisation or any third parties working for and on behalf of the organisation. These are, but not limited to:
a) Client Services – To ensure service users receive the right assistance there need to be accurate data logs of all the client information; personal and additional.
b) Client Treatment – Each client has independent requirements specific to their diagnosis. Individual data kept on clients allows counsellors to administer the correct treatment to the right person and if necessary, share with relevant third-party officials.
c) Payment for Services – Due to different service sand packages provided by the company it is imperative that we associate the correct charge amount to the right client.
d) Third Party Access – There are times in our work as counsellors that treatments required for a specific client will be outside our professional remit, and therefore may need a different level of analysis. As such your data may need to be shared with a third-party professional to ensure the most effective outcome.
e) Client Communication – from time-to-time correspondence between the client and the company may need to be achieved, hence contact information is imperative to attain the necessary result.
WHO DOES THIS APPLY TO?
This Privacy and Data Protection Policy relates to all those who are in some way or the other affiliated with Onward Life Ltd. This policy is applicable to any person/s herein known as the client or “subject data” who have procured and continue to use the services of Onward Life Ltd.
WHY DO WE NEED A PRIVACY POLICY?
A privacy and data protection policy are essential to the peace of mind and transparency to all those who utilise any resources provided via Onward Life Ltd.
As a company it is important that all our service users are kept informed on how we use and process their data, not as an obligation, but as a duty of care to our all who we look after.
SHARING PERSONAL DATA
The sharing of personal data is the disclosing of either personal and or additional information of a subject to appropriate/relevant third parties within (different departments in-house) or outside the entity that is withholding said information.
Section 5 (1) of GDPR provides that:
a) “Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
b) Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
All data are confidential and cannot be shared without the subject (clients) consent, however there are circumstances where the law permits data or disclosed admissions to be shared with other professional bodies that may be able to assist with situations that falls outside the remit of this organisation. These can be:
a) The knowledge of harming oneself or another.
b) Medical conditions that are outside the company’s professional remit.
c) The knowledge that a crime is being committed to the client.
For more information on “lawful basis” to share information please click HERE
YOUR RIGHTS AND PERSONAL DATA
As a client there are certain rights afforded to you regarding your data. The UK GDPR (under the Data Protection Act 2018) sets out the need for data and how it should be held, who have authorisation to hold, process, and store client’s data, the way it should be processed and stored, who bears responsibility if the safety of your data is breached and many more principles.
Some stipulations to the rights of a “data subject” or“subjects” are:
a) The right to access – this is where the subject is entitled to request and be provided with any relevant information being held on their behalf.
b) The right to be informed – all subjects have the right to be provided with correspondence on what, how and when we use their data.
c) The right to rectification – If for some reason information pertaining to the subject is stored and processed incorrectly, individuals have the right to have this data put to rights.
d) The right to erasure – although not an absolute right, subjects have the right to request that certain data being held of them, be erased.
e) The right to restrict processing – there are times when “data subjects” can limit the use of their information from being actioned; examples of these situations can include but not limited to:
1) “The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
2) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests restriction of their use instead.”
For more rights for “data subject/s” please click HERE