Bradford Cyrenians Statement on Confidentiality and GDPR Compliance

Your Personal Data

Bradford Cyrenians aims to protect and promote the rights of individuals and the organisation. We identify information
that is to be treated as confidential and the procedures for collecting, storing, handling and disclosing such
information. We have developed a Confidentiality, Data Protection and GDPR Compliance Policy, which will run alongside
this statement.

Why we need it

Personal information is requested, recorded and retained only if it is relevant to the services offered by Bradford
Cyrenians.  It is used in accordance with the purpose for which it was given and it is in the interest of the
organisation to hold such information.

What we do with it

Individuals will be made aware of the reasons why personal information is required and held on record and the people
likely to have access to it. We will hold information on Staff, Volunteers, Student Placements, Service Users, Trustees
and Contractors.
On those occasions when disclosure is necessary, consent will be obtained by each individual through a Confidentiality
Agreement.   The Confidentiality agreement will be completed with service users at the signing up stage.

In certain circumstances, for instance where there is a legal obligation or where it is necessary to protect the vital
interests of the individual or another person, then information will be disclosed without the individual’s consent. In
these cases, the information disclosed is limited to factual data that is strictly relevant to the enquiry.

How long we keep it for

All paperwork/information is kept for a minimum of 6 years in order to comply with legal requirements irrespective of a
person’s status within the organisation.

What are your rights

Any complaints of breaches of confidentiality should be reported to the Head of Service using the Grievance Procedures
and/or Complaints & Appeals policy.  All breaches will be investigated thoroughly and reported back to the a)
Complainant b) Management Team and c) Board of Trustees
Any breaches of sensitive data will be reported to the ICO in line with their reporting procedures.