Platform 1 Privacy Statement and GDPR Policy
- Privacy is an integral part of Platform 1.
- We ask you to provide the requested personal details (Platform 1 Referral Form) to keep you and others safe, in line with Platform 1’s Safeguarding Policy and Procedures.
- The information you provide will be stored safely and securely in the office and on our electronic database. Information will not be passed to other agencies without your consent.
Who are Platform 1?
Platform 1 is a Mental Health Service which provides counselling services, crisis support, welfare services and after care through support groups. We are based in two locations depending on the services required.
Counselling/Crisis Support Site:
7 St George’s Square
St George’s Square
CEO: Gez Walsh email@example.com
Crisis Support Lead: Bridget Fahy firstname.lastname@example.org
The Platform 1 Board of Trustees govern the work of the project and can be contacted via email@example.com
What information is collected?
- Forms: Prospective clients/members are asked to complete the Platform 1 Member or Referral form, depending on what service they require. These forms ask for personal and sensitive information which allow us to assess the individual’s difficulties and ensures that we provide the appropriate service to meet their needs.
- Evaluations: At times our clients/members may be asked to fill out an evaluation form of our services. It is up to them if they wish to sign their name to these forms as they can be anonymised.
- Contact: During our welfare work a client/member may need to provide us with information e.g. income & expenditure, medical, legal, debt account numbers etc. in order to support them through a difficulty with an outside agency. Any notes of this information is kept in their file and uploaded onto our digital database under their allocated membership number. Actions taken and outcomes are added to their file electronically once completed.
How we use this information.
- Forms: This information is also used to monitor our service and support us to gather data information for funding purposes. All data information gathered for funding purposes is anonymised to protect our client’s identity.
- Evaluations: This information can be provided to us anonymously. This feedback is invaluable to us as it tells us what is working and what isn’t which informs our practices. The information is also used by our Funding Manager when applying for grants.
- Contact: When notes and information is recorded during a welfare session it assures that difficulties can be addressed in a timely manner. In the event that a client/member is being supported by one of our welfare workers, having an effective chronological order of contacts made and actions to be taken ensures that nothing is missed and that the responsibility of outside agencies is addressed.
What legal basis do we have for processing your personal data? And what applies in our organisation.
A principle of GDPR is to ensure that personal data is processed lawfully, fairly and transparently. To comply with this principal we, as an organisation, are required to have a valid legal basis for any personal data processing activity.
GDPR provides six legal bases for processing:
- Consent: must be freely given, clear and easy to withdraw. At Platform 1 a client/member may withdraw their consent to hold data about them and their membership at any time. This can be done by speaking to a member of staff or alternatively emailing firstname.lastname@example.org and requesting termination of their membership.
Where we receive a referral from a 3rd party there is a presumption of consent but will endeavour to verify and confirm consent on contact.
- Contract: the data processing activity is necessary to enter into a contract with the data subject. At Platform 1 our practitioners, working within our counselling service, have a contractual commitment to work in accordance with the current Ethical Framework for the Counselling Profession as outlined by the BACP (British Association of Counselling and Psychotherapy). This includes the performance of contracting with their client. In order to contract with a client effectively personal information will be divulged and taken into account to ensure that the client is well enough to contract and also understands both their responsibility and their counsellor’s responsibility within the counselling process. Successfully contracting promotes an effective therapeutic relationship and increases the success of the counselling sessions.
- Vital Interest: where using a client/member personal data is necessary to prevent harm. At Platform 1 where a client/member divulges a medical issue eg. Epilepsy that information, with consent, will be shared amongst staff only to ensure that any medical events are effectively supported.
- Public Tasks: where data processing is necessary to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legal Obligation: the processing of personal data where it is necessary to comply with the law
- Legitimate interests: where processing of personal data is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data.
When do we share personal data?
- Personal Data is shared when we have received permission from our clients/members. This occurs when we are asked to contact organisations, people or companies on their behalf.
- Where permission has not been given or is not legally required (Terrorism) we implement our Safeguarding Policy and Procedures to safeguard the client/member and others who attend Platform 1.
- We treat personal data and information confidentially and will explain the circumstances and reasons for sharing information to the client/member where necessary.
How we store and process personal data.
- We comply with the Data Protection Act (May 2018) and GDPR mandates regarding storing and processing hardcopy and electronic data at Platform 1.
- We are registered with the Information Commissioners Office (ICO).
How do we secure personal data?
Hardcopy versions of client/members data are initially stored, anonymised by number, in a locked filing cabinet in the office. It is digitised into an electronic format either on an office computer or on an external medium which is encrypted and security locked to ensure only authorised personnel have access.
How long do we keep personal data?
- Unless clients/members request data is destroyed and deleted Platform 1 will keep personal data for up to 5 years
- Business related data will be kept for approximately 7 years
Hardcopy data is disposed of through confidential waste and shredding.
Electronic data will be deleted from the hard drives and thus purged from the database.
The named Data Protection Officer is responsible for ensuring the training and management of staff. Individual users are responsible for general housekeeping of cookies and tracking of similar technologies that store and manage user preferences on their personal or assigned machines.
Linking to other websites and third party content
Platform 1 uses search engines, online email and cloud services. This does not constitute endorsement.
Individual users must take responsibility for managing content and links to other websites including what they upload to “trusted” sites and servers.
Platform 1 does not pass on electronic confidential data to other websites and third parties.
Platform 1 is not intentionally on any private electronic mailing lists.