Home Our Story Why Knitting? Gallery Information Contact Us

Ewe-Nique ©2015
Although we take every care in the publication of this website, Ewe-Nique cannot guarantee the accuracy of the contents, or accept liability for any action or consequence resulting from the information presented nor for the claims or representations of advertisers on the site.
All logos & slogans used within this site are the property of their respective owners.

Data Protection Policy


1. Purpose and scope

Ewe-Nique is committed to ensuring the confidentiality and integrity of personal data held by the organisation. It will at all times fulfil data protection requirements placed on it by law, and will in particular ensure the individual’s right to privacy, and their right to exercise control over data about themselves. The policy applies to all volunteers, and to others who may be given access to personal data held by Ewe-Nique.

.

The purpose of this policy is to enable Ewe-Nique to:

comply with the law in respect of the data it holds about individuals

follow good practice

protect Ewe-Nique’s supporters, volunteers, members and other individuals

protect the organisation from the consequences of a breach of its responsibilities.


All volunteers with access to personal data must be informed by the Co-Chairpersons of the contents of Ewe-Nique’s data protection policy and must take responsibility for implementing the policy. Unauthorised access to or disclosure of personal data, deliberately or through negligence, may be treated as a disciplinary matter.  To ensure that the principles of confidentiality are applied in all our working relationships with service users and volunteers and all information is kept secure and processed in line with the Data Protection Act 1998.


1.2 Background and need

Legislation and regulation

The Data Protection Act of 1998 came into force early in 2000 and covers how information about living identifiable persons is used.  The purpose of the Act is to protect the rights and privacy of individuals, and to ensure that data about them are not processed without their knowledge and are processed with their consent wherever possible. The Act covers personal data relating to living individuals, and defines a category of sensitive personal data which are subject to more stringent conditions on their processing than Data protection policy.  Ewe-Nique is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data.


2. Definitions

Data: any set of organised electronic or paper records containing information about named individuals (not notebooks or single documents). This may include, but is not limited to contact details of individuals, donor information, support provided to people within the flock and volunteer records.

Data owners: the persons who have responsibility for the maintenance and security of named data sets.

Data subject: the individual about whom personal data is held.

Data controller: the organisation or individual responsible for how and why personal data is used.

Personal data: information about a living individual who is identifiable from the data held on them by a data controller.

Processing: any use of personal data, including obtaining, storing, disclosing or destroying it.

Sensitive personal data: special categories of data which have to be treated with particular care.


3. Policy statement

It is the policy of Ewe-Nique that:

Personal data shall be processed fairly and lawfully

Personal data shall only be obtained for specified and lawful purposes

Personal data shall be adequate, relevant and not excessive to the purpose(s) for which they are processed

Personal data shall be kept accurate and up to date

Personal data shall not be kept for longer than is necessary

Personal data shall be processed in accordance with the rights of the data subjects

Personal data shall be protected from unauthorised and unlawful processing and against accidental loss or destruction or damage by appropriate technical and organisational controls

Personal data shall not be transferred to a country or territory outside the EEA unless an adequate level of protection of the rights and freedoms of the data subject(s) can be guaranteed.


4. Policy principles

Ewe-Nique will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.  Ewe-Nique recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means:

 keeping information securely in the right hands, and holding good quality information.  

Information has to be secure, adequate, relevant and not excessive, whether it is kept on computer, paper files, faxes, e-mails etc. It must be accurate and kept up to date. It must not be kept longer than is necessary and must be obtained and used only for specified and lawful purposes which have been made known to the subject of the data.  Wherever Ewe-Nique records data on individuals, the individual will be informed of the intended use of the data, and their consent for Ewe-Nique to hold data about them will be recorded. Data about individuals will not be disclosed to others, except as originally stated, without the permission of the individual.  Where an individual is unable to meaningfully give their consent, the identity of the person who has made the decision on their behalf, and the reason for their decision, will be recorded.


Ewe-Nique will ensure that people about whom we hold data are from time to time reminded of that fact, and made aware of their right to inspect the data which we hold. Ewe-Nique may impose a charge for providing copies of subject data on a second or subsequent occasion. All data collection forms will carry a statement defining the limits of use of the data.


Ewe-Nique will maintain one register of all databases containing personal data. This will list the location, use and ownership of all existing paper and electronic record sets. No new databases containing data on individuals will be maintained unless they are added to this register.


Sets of records which are uniform across a group of Ewe-Nique can be registered under one entry. It will be assumed that these records exist in each unit in the group referred to. (For example, membership forms, contact information, accident records, all owned by the Flock Leaders).


Where anyone within Ewe-Nique feels that it would be appropriate to disclose information in a way contrary to the confidentiality policy, or where an official disclosure request is received, this will only be done with the authorisation of the Chairpersons. All such disclosures will be documented.


Significant breaches of this policy will be handled under Ewe-Nique’s disciplinary procedures.


5. Responsibilities

Data owners:

that data is recorded accurately and consistently and with the consent of the individual for the use stated

that the restrictions on use and access to the data are documented and are observed

that the data is secure

that the data is reviewed at least annually, and that data which is no longer required is destroyed or returned to the individual

that requests for disclosure of data by individuals are given to the Co-Chairpersons as soon as received

to comply with requests for disclosure of data within 40 days

to ensure that the confidentiality of other Ewe-Nique clients and supporters is not compromised when disclosing data to an individual.


6. Risk assessment

Ewe-Nique has identified the following potential key risks, which this policy is designed to address:

Breach of confidentiality (information being given out inappropriately)

Insufficient clarity about the range of uses to which data will be put — leading to data subjects being insufficiently informed

Failure to offer choice about data use when appropriate

Breach of security by allowing unauthorised access

Harm to individuals if personal data is not up to date

Insufficient clarity about the way personal data is being used e.g. given out to general public

Failure to offer choices about use of contact details for staff, volunteers, or service users.