GDPR Policy

For The Susan Vickers Foundation

Purpose

This policy outlines how we collect, process, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As an organisation supporting care experienced individuals, we handle sensitive personal data with the utmost care and confidentiality.

Scope

This policy applies to all personal data processed by our charity, including data relating to service users, employees, volunteers, donors, and other stakeholders.

Data Protection Principles

We process personal data in accordance with the following principles:

1. Lawfully, fairly, and transparently

2. For specified, explicit, and legitimate purposes

3. Limited to what is necessary

4. Accurately and kept up to date

5. Kept for no longer than necessary

6. Securely, protecting against unauthorised processing, loss, or damage

Legal Basis for Processing

We process personal data under the following legal bases:

- Consent from the data subject

- Contractual necessity

- Legal obligation

- Vital interests

- Legitimate interests

For special category data relating to care experience, we maintain additional safeguards and only process such data where explicitly necessary for our charitable purposes.

Individual Rights

Data subjects have the right to:

- Be informed about data processing

- Access their personal data

- Rectification of inaccurate data

- Erasure of personal data

- Restrict processing

- Data portability

- Object to processing

- Rights regarding automated decision making

Data Security

We implement appropriate technical and organisational measures to ensure data security, including:

- Encryption of digital data

- Secure physical storage

- Access controls

- Regular security assessments

Data Breaches

We maintain procedures to detect, report, and investigate personal data breaches. Reportable breaches will be notified to the Information Commissioner's Office (ICO) within 72 hours.

Accountability

We:

- Maintain records of processing activities

- Conduct Data Protection Impact Assessments where required

- Have appointed a Data Protection Officer

- Review this policy annually

Contact

For data protection queries, contact our Data Protection Officer at [email protected].

Last updated: February 2025
-=-=-=-=-==-=-
Safeguarding Policy

For The Susan Vickers Foundation

Purpose and Scope

This policy outlines our commitment to safeguarding and protecting vulnerable adults and children from harm, in accordance with the Care Act 2014, Children Act 1989/2004, and Safeguarding Vulnerable Groups Act 2006.

Key Principles

1. Everyone has the right to live free from abuse and neglect

2. Safeguarding is everyone's responsibility

3. A person-centered approach is essential

4. All concerns must be taken seriously and responded to appropriately

Definitions

**Safeguarding** refers to protecting an individual's right to live safely, free from abuse and neglect. It includes:

- Preventing harm and abuse

- Promoting wellbeing

- Protecting human rights

- Enabling individuals to make their own choices

Roles and Responsibilities

Board of Trustees

- Hold ultimate responsibility for safeguarding

- Ensure adequate resources for safeguarding

- Review safeguarding reports quarterly

- Appoint a designated safeguarding lead

Designated Safeguarding Lead

- Manage safeguarding concerns and referrals

- Maintain accurate records

- Liaise with relevant authorities

- Provide guidance to staff and volunteers

All Staff and Volunteers

- Report concerns promptly

- Maintain confidentiality

- Follow safeguarding procedures

Reporting Procedures

1. **Immediate Risk**: Contact emergency services (999)

2. **Non-immediate Risk**: Report to Designated Safeguarding Lead within 24 hours

3. **Document**: Record concerns using approved reporting forms

4. **Follow Up**: Maintain communication with relevant parties

Types of Abuse to Be Aware Of

- Physical abuse

- Emotional/psychological abuse

- Financial abuse

- Sexual abuse

- Neglect

- Discriminatory abuse

- Institutional abuse

- Modern slavery

- Domestic violence

- Self-neglect

Confidentiality and Information Sharing

- Information shared on a need-to-know basis

- GDPR and Data Protection Act 2018 compliance required

- Consent sought where possible

- Information shared without consent if risk of harm exists

Training Requirements

- Basic safeguarding training for all staff/volunteers

- Advanced training for designated leads

- Annual refresher training

- Additional specialist training as required

Review and Monitoring

- Annual policy review

- Regular audit of safeguarding practices

- Learning from incidents incorporated into updates

- External review every three years

Key Contacts

- Designated Safeguarding Lead: Chris Watkins ([email protected])

- Local Authority Safeguarding Team: [Insert Details]

- Police Non-Emergency: 101

- Emergency Services: 999

- Adult Social Care: [Insert Local Authority Details]

- NSPCC Helpline: 0808 800 5000

Declaration

This policy was approved by the Board of Trustees on [Insert Date]

Next review date: [Insert Date]

Signed: _______susan vickers_________

Chair of Trustees