background image
background image

Connect 35

Empowering people with learning disabilities.

Continue to the site

Connect 35

Empowering people with learning disabilities.

Continue to the site

Magpie Dance Data Protection Policy

What this policy covers

Magpie Dance is required to comply with the law governing the management and storage of any Personal Data which it collects in the course of carrying out its functions. The law is currently contained in the GDPR, the Act and PECR. The GDPR also gives certain rights to people whose data Magpie Dance holds.

Magpie Dance believes that the correct treatment of Personal Data is integral to its successful operations and to maintaining the trust of the people with whom it works.

The purpose of this policy is therefore to explain to all Responsible Adults their data protection obligations and the procedures that must be followed when collecting and using Personal Data so as to ensure compliance with the GDPR and our other obligations. It covers all Personal Data and Special Category Personal Data processed on computers or stored in manual (paper-based) files.

Responsible roles

The Data Protection Officer is Magpie Dance’s Executive Director. This is not a statutory role. The responsibilities of the Data Protection Officer include:

  • Developing and implementing data protection procedures;
  • Arranging periodic data protection training for all Responsible Adults which is appropriate to them;
  • Acting as a point of contact for all Responsible Adults on data protection matters;
  • Monitoring compliance with Magpie Dance’s data protection policy and procedures;
  • Promoting a culture of data protection awareness;
  • Assisting with investigations into data protection breaches and helping Magpie Dance to learn from them;
  • Advising on Data Protection Impact Assessments; and
  • Liaising with the relevant supervisory authorities as necessary (i.e. the Information Commissioner’s Office (“ICO”) in the UK).

Your responsibilities

All Responsible Adults must ensure that they comply with this policy and that any Personal Data is obtained and processed in accordance with the data protection principles set out below. They are expected to avoid any actions which might lead to a breach of this policy.

Data Protection Principles

The GDPR is based around 8 principles which are the starting point to ensure compliance with the Regulation. All Responsible Adults must adhere to these principles in performing their duties. The principles require Magpie Dance to ensure that all Personal Data and Special Category Personal Data are:

(1) Processed lawfully, fairly and in a transparent manner in relation to the subject (“lawfulness, fairness, and transparency”);

(2) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);

(3) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);

(4) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);

(5) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which Personal Data are processed (“storage limitation”);

(6) Processed in a manner that ensures appropriate security of Personal Data, including prot4ection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures (“integrity and confidentiality”).

Magpie Dance must be able to demonstrate its compliance with (1)-(8) above (“accountability”).

Processing Personal Data and Special Category Personal Data

Responsible Adults must process all Personal Data in a manner that is compliant with the GDPR. The GDPR requires them:

  • To have a legitimate basis for collecting and using the Personal Data;
  • Not to use Personal Data in ways that have unjustified adverse effects on the individuals concerned;
  • To be transparent about how they intend to use Personal Data, and to give individuals an appropriate Privacy Notice when collecting their Personal Data;
  • To handle people’s Personal Data only in ways they would reasonably expect;
  • To make sure they do not do anything unlawful with the Personal Data;
  • To take all necessary steps to ensure that Personal Data are kept secure at all times against unauthorised or accidental loss or disclosure.

In order to achieve such compliance, Responsible Adults must at all times comply with the provisions of Magpie Dance’s Privacy Notice annexed to this policy, which sets out in more detail the manner in and purposes for which Magpie Dance collects Personal Data and the bases on which it relies for processing such data.

Responsible Adults must in particular ensure that they are aware of the difference between Personal Data and Special Category Personal Data and ensure that both types of data are processed in accordance with the GDPR.

If a Responsible Adult has any concerns about processing Personal Data, they should contact the Executive Director.

Rights of the data subject

The GDPR gives rights to individuals in respect of the Personal Data that any organisation holds about them. These are described in Magpie Dance’s Privacy Notice. All Responsible Adults must be familiar with these rights.

If a Responsible Adult receives a request from a data subject to exercise any of these rights, the request must be referred to the Executive Director immediately or, in the absence of the Executive Director, to the Artistic Director.

All requests must be dealt with promptly and courteously. Legitimate requests should be responded to within one month unless they are particularly complex.

Confidentiality and data sharing

Responsible Adults must ensure that they only share Personal Data in the circumstances set out in Magpie Dance’s Privacy Notice.

Wherever possible, Responsible Adults should ensure that they have the data subject’s consent before sharing their Personal Data, although this will not be possible in all circumstances, for example if the disclosure is required by law.

Data Protection Impact Assessments (“DPIA”s)

DPIAs are required to identify data protection risks, assess the impact of such risks, and determine appropriate action to prevent or mitigate the impact of such risks when introducing or making significant changes to systems or projects involving the processing of Personal Data.

This means thinking about whether Magpie Dance is likely to breach the GDPR and what the consequences might be if it uses Personal Data in a particular way. It is also about deciding whether there is anything that Magpie Dance can do to stop or at least minimise the chances of any potential risks materialising.

DPIAs will be undertaken by the Executive Director.

Breaches

A data protection breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

All Responsible Adults have a duty to report any actual or suspected data protection breach without delay to their line manager and the Executive Director.

Breaches will be reported to the ICO by the Executive Director without undue delay and, where possible, no later than 72 hours after having become aware of the breach, unless it can be demonstrated that the breach is unlikely to result in a risk to the rights and freedoms of the data subject.

The Executive Director will maintain a central register of the details of any data protection breaches.

Complaints

Any questions, comments, complaints or requests regarding any aspect of the way in which Magpie Dance handles Personal Data should be referred to the Executive Director without delay.

Penalties

It is important that every Responsible Adult understanding the implications for Magpie Dance of a failure to meet our data protection obligations. Failure to comply could result in:

  • Criminal and civil action;
  • Fines and damages;
  • Personal accountability and liability;
  • Suspension/withdrawal of the right to process Personal Data by the ICO;
  • Loss of confidence in the integrity of Magpie Dance;
  • Irreparable damage to the reputation of Magpie Dance.

MAGPIE DANCE EMAIL, INTERNET AND SOCIAL MEDIA POLICY

1. Definitions

Responsible Adults, Employees, Participants, Bullying and Harassment have the same meaning in this Policy as in the Magpie Dance Safeguarding Policy, Guidelines and Procedures.

2. Policy Aims and Objectives

Magpie Dance recognises that use of email and the internet is a valuable business tool and further provides unique opportunities to participate in interactive discussions and to share information on particular topics using a wide variety of social media, such as Facebook, Twitter, blogs etc. Magpie Dance encourages the responsible use of social media where such use supports its objectives.

However, misuse of these facilities could pose risks to Magpie Dance’s confidential and proprietary information and to its reputation. It could also jeopardise Magpie Dance’s compliance with its legal obligations and have a negative effect on productivity.

The purpose of this Policy is to minimise these risks and to ensure that:

– Magpie Dance’s IT facilities and equipment are used only for appropriate business purposes unless specific authorisation has been obtained to use them for other purposes

– Responsible Adults use email, the internet and social media in a responsible and acceptable way and never in a way that:

  • is unlawful or contravenes current legislation;
  • creates any unnecessary business or reputational risk to Magpie Dance
  • breaches any of Magpie Dance’s other Policies. If an internet post would breach any of Magpie Dance’s Policies in another forum, it will also breach them in an online forum

3. Application of Policy and Responsibility for Implementation

This Policy applies to all Responsible Adults. A copy of this Policy will be distributed to all new and existing Responsible Adults who should ensure that they take the time to read and understand it.

Third parties who have access to Magpie Dance’s IT facilities and equipment are also required to comply with this Policy as if they were Responsible Adults.

While ultimate responsibility for implementation of this Policy rests with the Board of Trustees, all Responsible Adults are expected to avoid any actions that might lead to a breach of this Policy.

All Line Managers have a specific responsibility for operating within the boundaries of this Policy, including a responsibility for:

– ensuring that all Responsible Adults who report to them and third parties to whom this Policy applies understand the standards of behaviour expected of them; and

– taking action in accordance with this Policy when behaviour falls below those standards

Any suspected misuse of email, the internet or social media should be reported to the Executive Director. Questions regarding the content or application of this Policy should also be directed to him/her.

4. Policy Provisions

This Policy applies to the sending of email, accessing the internet and the use of all forms of social media, including Facebook, LinkedIn, Twitter, Wikipedia, all other social networking sites, and all other internet postings, including blogs, whether for Magpie Dance’s business purposes or for personal purposes, whether during office hours or otherwise and regardless of whether Magpie Dance’s IT facilities and equipment or personal equipment is used.

Use of Magpie Dance’s IT facilities and equipment

Only Responsible Adults who have been granted permission by their Line Manager may use Magpie Dance’s IT facilities and equipment to send email or access the internet or use social media.

Magpie Dance’s IT facilities and equipment are provided for the business purposes of Magpie Dance and should only be used to send email or access the internet or use social media on behalf of Magpie Dance or for Magpie Dance’s business purposes unless prior authorisation for personal use has been obtained.

Magpie Dance recognises that Responsible Adults may occasionally desire to use Magpie Dance’s IT facilities and equipment for personal purposes. If a Responsible Adult wishes to use Magpie Dance’s IT facilities and equipment to send external email or access the internet or use social media for personal purposes, authorisation must be obtained in advance from the appropriate Line Manager. Personal use of email and the internet is generally discouraged but occasional such use during rest breaks will generally be authorised so long as it is kept to a minimum, complies with this Policy and does not interfere with the user’s responsibilities towards Magpie Dance.

Responsible Adults are prohibited from using Magpie Dance’s IT facilities and equipment in any circumstances to send email, access the internet or use social media to:

– take any steps that would or might damage the reputation of Magpie Dance or which may bring Magpie Dance into disrepute

– send misleading or anonymous messages

– falsify emails so as to make them appear to originate from another person

– circulate Magpie Dance’s confidential messages or other information which is confidential to Magpie Dance to external locations

– break into another organisation’s system or make unauthorised use of a another person’s password/mailbox

– access copyrighted information in a way that violates the copyright

– save a file from an internet site unless (i) permission to do so is expressly given by the site; and (ii) it is work-related

– send, download, distribute, disseminate or store images, text or materials that might be considered defamatory

– send, download, distribute, disseminate or store images, text or materials that might be considered indecent, pornographic, obscene or illegal

– send, download, distribute, disseminate or store images, text or materials that might be considered discriminatory, sexist, racist, offensive or abusive, for example in the context of a personal attack

– send, download, distribute, disseminate or store images, text or materials that might be considered as Harassment or Bullying

– circulate or post unsolicited personal views on social, political, religious or other matters unrelated to Magpie Dance’s business purposes

– circulate or post unsolicited commercial or advertising material

– circulate chain letters or other spam or indulge in frivolous communications with other Responsible Adults or third parties

– set up personal businesses

– promote outside organisations unrelated to Magpie Dance business

– disparage Magpie Dance or its Participants, parents and carers, or other stakeholders

– breach Magpie Dance’s Data Protection Policy (for example, never disclose personal information about a colleague online)

– breach any other laws or ethical standards

– deliberately undertake activities that waste Magpie Dance’s time or resources

– introduce any form of computer virus or malware into Magpie Dance’s IT facilities and equipment.

Responsible Adults must not disclose to others their email password, provide email access to an unauthorised user or access another user’s email box without authorisation.

Use of personal IT facilities and equipment

Responsible Adults are prohibited from using their own personal IT facilities and equipment to send email, access the internet or use social media to:

– take any steps that would or might damage the reputation of Magpie Dance or which may bring Magpie Dance into disrepute

– circulate Magpie Dance confidential messages or other information which is confidential to Magpie Dance to external locations

– disparage Magpie Dance or its Participants, parents and carers, or other stakeholders

– breach Magpie Dance’s Data Protection Policy (for example, never disclose personal information about a colleague online)

– deliberately undertake activities that waste Magpie Dance’s time or resources

– introduce any form of computer virus or malware into Magpie Dance’s IT facilities and equipment

Responsible Adults are further strongly advised when using personal IT facilities and equipment to abide by the other prohibitions applicable to the use of Magpie Dance’s IT facilities and equipment, which represent best practice.

General guidelines applicable to use of IT facilities and equipment and social media

The Guidelines in this section apply to the use of any IT facilities (whether belonging to Magpie Dance or personal facilities and equipment) and social media, whether for Magpie Dance’s business purposes or for personal purposes, and whether during office hours or otherwise.

Responsible Adults are asked not to correspond with Participants via social media. In no circumstances should they make a “Friend” of a Participant on Facebook or equivalent in other forms of social media (this includes any volunteers who have a learning disability and are considered as a vulnerable person).

Responsible Adults should make it clear in social media postings or when sending other communications whether they are speaking on their own behalf or whether they are speaking for or on behalf of Magpie Dance.

When speaking on their own behalf, Responsible Adults should write in the first person and use a personal email address.

Responsible Adults are personally responsible for what they communicate in social media or via email or the internet. Before posting or sending any content, it should be borne in mind that such content may be available to be read by the general public (including Magpie Dance, future employers and social acquaintances) for a long time.

If a Responsible Adult discloses his or her affiliation with Magpie Dance when using social media or sending other communications then (unless they have authorisation to speak for or on behalf of Magpie Dance) they should state that their views do not necessarily represent those of Magpie Dance.

Any profile and content posted or sent should be consistent with the professional image that Magpie Dance endeavours to present to its Participants, parents and carers, stakeholders and other third parties.

Responsible Adults should avoid posting comments or sending other communications about sensitive business-related topics, such as Magpie Dance’s performance. Such comments could still damage Magpie Dance’s reputation even if it is made clear that the comments do not represent the views of Magpie Dance.

Responsible Adults should never provide references for other individuals on social or professional networking sites. Such references, positive and negative, can be attributed to Magpie Dance and create legal liability for both the author of the reference and Magpie Dance.

If a Responsible Adult or third party to whom this Policy applies sees content in social media or in another online forum that disparages or reflects badly on Magpie Dance or on its Participants, parents and carers or stakeholders, he/she should contact the Executive Director.

Responsible Adults are not permitted without authorisation from the Executive Director to add business contacts made during the course of their work for Magpie Dance to personal social networking accounts, such as Facebook accounts or LinkedIn accounts.

Usage Monitoring

The contents of Magpie Dance’s IT facilities and equipment are the property of Magpie Dance. Therefore Responsible Adults should have no expectation of privacy in any message, file, data, document, facsimile, telephone conversation, social media post conversation or message, or any other kind of information or communications transmitted to, received or printed from, or stored or recorded on Magpie Dance’s IT facilities and equipment, whether personal or not.

Magpie Dance reserves the right to monitor, intercept, review and record, without further notice, the activities of Responsible Adults and (where applicable) third parties using Magpie Dance’s IT facilities and equipment, including but not limited to all incoming and outgoing email, other electronic material, social media postings and activities to ensure that Magpie Dance’s Policies are being complied with and for Magpie Dance’s legitimate business purposes.

Responsible Adults and third parties to whom this Policy applies consent to such monitoring by acknowledgement of this Policy and by using such resources and systems. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, postings, log-ins, recordings and other uses of the systems as well as keystroke capturing and other network monitoring technologies.

Magpie Dance may store copies of such data or communications for a period of time after they are created, and may delete such copies from time to time without notice.

5. Monitoring and Breach

This Policy will be monitored on an on-going basis to ensure that it operates effectively. It will be reviewed and, if necessary, revised in the light of legislative or organisational changes, and annually in any event.

Breach of this Policy may result:

– in the case of Employees, in disciplinary action up to and including dismissal being taken in accordance with the Magpie Dance Disciplinary Policy

– in the case of other Responsible Adults or third parties to whom this Policy applies, in termination of any contract or other relationship Magpie Dance may have with the person concernedDisciplinary or other action may be taken regardless of whether the breach is committed during working hours, and regardless of whether Magpie Dance’s IT facilities and equipment are used for the purpose of committing the breach.

A Responsible Adult suspected of committing a breach of this Policy will be required to co-operate with any investigation, which may involve handing over relevant passwords and login details.

Responsible Adults and third parties to whom this Policy applies may be required to remove internet postings which are deemed to constitute a breach of this Policy. Failure to comply with such a request may in itself result in disciplinary or other action being taken as set out above.

 

For information on Analytics and Performance cookies, please refer to Google's privacy policy: http://www.google.com/privacypolicy.html