ELREM Foundation Community Interest Company

Data Protection Policy

Nominated Data Protection Officer: Dorothy Dady (Co-founder) Version: 1

Date: 1st June 2023 – Reviewed by: Alan Reed (Co-founder) Next Review Date: June 2024

ELREM Foundation CIC (ELREM) is fully committed to protecting the rights and privacy of individuals operating in accordance with the statutory legislation outlined within the General Data Protection Regulation (GDPR) and the forthcoming Data Protection Bill. In doing so, we are committed to protecting the privacy and confidentiality of the data provided to us. Any decisions for the disclosure, retention or disposal of information are made in line with relevant legislation.

Co-founder Dorothy Dady is responsible for ensuring that this policy is published, implemented and accessible to all personnel, learners, and any relevant third parties. Dorothy will also ensure that all personnel have read and understood this policy and that any amendments to the policy are communicated to relevant parties.

Learners should be made aware of this policy at the start of their course/programme, and the policy should be easily accessible (website, intranet, booklets).

Information about our personnel, learners and other individuals will only be used in line with established regulations. Personal data will be collected, recorded and used fairly, stored safely and securely and not disclosed to any third party unlawfully.

Objectives

As the lawful and correct treatment of personal data is critical to our successful operations and to maintaining confidence, ELREM is committed to operating in line with the data protection principles by:

  • ensuring that personal data is accurate and, where necessary, kept up to date
  • protecting staff, learners’ and other individuals’ personal details and any related records using this data fairly and only for specified lawful purposes
  • handling personal data for limited, specifically stated purposes
  • using personal data in an adequate and relevant manner, which is not excessive
  • holding personal data only for the time period required
  • maintaining personal data safely and securely
  • releasing personal data only to authorised individuals/parties and not outside the UK without adequate protection and the individual’s permission
  • adhering to regulations and related procedures to ensure that all employees who have access to and handle any personal data held by or on behalf of ELREM are in line with individual’s data protection rights and are fully aware of and abide by their duties under GDPR and the Data Protection Bill.

Data Sharing

Sharing information can help to mitigate risks to vulnerable children and young people. Appropriate and timely sharing aids the effective identification of needs and facilitates integrated responses to address these needs. ELREM shares personal data with training funders at their request.

Under GDPR and the Data Protection Bill, personal data may be shared without a Data Subject’s consent where one of the processing conditions from the following list is met:

  • the sharing is necessary to comply with any non-contractual legal obligation of the Data Controller;
  • the sharing is necessary to protect the vital interests of the Data Subject;
  • the sharing is necessary for the administration of justice, to comply with a statute or for exercising functions of a public nature
  • the sharing is necessary for the legitimate interests of the Data Controller or a third party to whom the data is disclosed, except where it is unwarranted because it is prejudicial to the Data Subject

Learners on 1st4sport courses are made aware that data will be shared with 1st4sport Qualifications in order to register and certificate them and that data may be shared with relevant third parties (e.g. National Governing Bodies) in line with the 1st4sport Qualifications Data Protection Position Statement.

Reporting Procedure

Learners are required to report any allegation in relation to the unlawful treatment of personal data via the ELREM’s complaints procedure.

Personnel are required to report any allegation in relation to the unlawful treatment of personal data via the ELREM’s line management process.

A complaint should be made in the event that individuals feel that records of their personal data have been:

  • lost or not protected.
  • obtained through unlawful disclosure or unauthorised access.
  • recorded inaccurately and/or in a misleading manner.
  • provided to a third party without permission.
  • held longer than required.
  • used for unlawful purposes.

Where required, ELREM will take appropriate action/corrective measures against unauthorised/unlawful treatment, loss, destruction or damage to personal data.