Data Protection Statement
1. Mind are a Data Controller of personal information and only collects information about you that helps them to make improvements to their administration and to enable them to contact you if needs be.
2. All information you provide is stored on secure environment/servers.
3. The Principles require that personal information:
a. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
b. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
c. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
d. Shall be accurate and where necessary, kept up to date;
e. Shall not be kept for longer than is necessary for that purpose or those purposes;
f. Shall be processed in accordance with the rights of data subjects under the Act;
g. Shall be kept secure i.e. protected by an appropriate degree of security;
h. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
4. When handling of personal/sensitive information, we will, through appropriate management and the use of strict criteria and controls;
a. Observe fully conditions regarding the fair collection and use of personal information;
b. Meet our legal obligations to specify the purpose for which information is used;
c. Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
d. Ensure the quality of information used;
e. Apply strict checks to determine the length of time information is held;
f. Shall be accurate and where necessary, kept up to date;
g. Shall not be kept for longer than is necessary for that purpose or those purposes;
h. Shall be processed in accordance with the rights of data subjects under the Act;
i. Shall be kept secure i.e. protected by an appropriate degree of security;
In addition, Mind in Bradford will ensure that:
a. Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
b. Methods of handling personal information are regularly assessed and evaluated;
All members of staff are to be made fully aware of this policy and of their duties and responsibilities under the Act.
All managers and staff must take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:
a. Paper files and other records or documents containing personal/sensitive data are kept in a secure environment;
b. Personal data held on computers and computer systems is protected by the use of secure passwords, which where possible have forced changes periodically;
c. Individual passwords should be such that they are not easily compromised.
5. The Data Protection Act (1998) gives individuals the right to access personal data about themselves. All requests for access to personal data should be made in writing to the Administration Officer of Mind in Bradford who will then process the request. All written requests must use the Subject Access Request form.
Requests for access to personal data must include:
a. A description of the personal data requested (i.e. all date, or recovery plan data);
b. Further information to identify the individual, if necessary;
c. Payment of a fee of £10.00.
Mind in Bradford will respond promptly, and at the latest within 40 days of receiving the fee, and sufficient information to identify the data requested.If Mind in Bradford cannot comply with the request, the reasons must be documented. The requester will be advised of these in writing, where possible.