1. General information
2. Personal data that we collect on adults
3. Storage and retention of information
4. How to access the personal information we hold on you
5. Sharing of data
6. DBS personal information collection
7. Cold calling
8. Communications and social media
9. Information held about young people
10. Specific information for STEM Ambassadors
11. Recruitment processes
12. Data Protection Officer
We at Derbyshire Education Business Partnership Ltd (DEBP) – a Social Enterprise – love our jobs, working with business volunteers, young people, teachers and youth groups. To do that effectively, we need to know a little bit about you.
However, your privacy is important to us. This privacy statement explains what personal data DEBP Ltd collects from you, through our interactions with you and how we use that data.
DEBP Ltd offers a wide range of volunteering opportunities, some of which are against very specific needs, others which are more general. We also offer an advisory service for Employability Skills and STEM Enrichment, some of which we do through e-newsletters.
Our website address is www.debp.org
Please read the specific details in this privacy statement, which provide additional information about some of DEBP’s activities.
All staff work through a server which is secured through the East Midlands Chamber of Commerce.
Personal data that we collect on adults
For all the grown up people we deal with, we collect the information you would normally find on a business card:
Name / Organisation / Organisation address / Job role / Telephone number(s) / Email address / website / possibly gender.
In addition, very useful information to us might include your areas of interest, including your business sector or curriculum subject. This enables us to match you to the most appropriate opportunities to inspire and support young people.
For one to one mentoring opportunities, we ask a lot more questions! This might be about your hobbies, music tastes, favourite food etc. We do this to make sure that you have a great start to your mentoring by having something in common with your mentee. For this opportunity, you will also need to have a Disclosure Barring Service – DBS – check. Please see below for our policy on DBS information.
As the majority of our funding comes from contracts, occasionally we are asked by the contractor to gather other information about people. If we are offering you an opportunity to get involved with a contract that requests more data, we will let you know exactly what we are asked to collect, how we will handle and store the data
Storage and retention of Information
We store all of the personal information we gather on an online database, housed on a secure server.
At any time you can ask us to remove all of the data we hold on you. Please do this in writing and present your ID documents to our Chesterfield Office. We will do this within 30 days of seeing your identification.
We will delete all personal data that has not been updated in the previous 3 full years every August, which is when our activities allow us time to do this effectively.
Some contracts we work on however, ask that we store the information so that it can be audited for a significant length of time. This can be 7 or even 10 years. We will only keep your data if required to by our funders.
How to access the personal information we hold on you
You can make a request at any time for us to gather the personal information we hold on you. To do this, we will ask you to bring two things to our Chesterfield Office:
• Your passport or UK driving licence (or suitable ID documents from another country)
• An official proof of address sent through the post during the last 3 months
We will pull together all of the data we hold within a period of 30 days from the date we receive the identification documents.
Sharing of data
When you get involved in an activity we share your basic data – name, contact details (sometimes) and possibly a little about your interests with the people and organisations involved. This may be done on an Excel spreadsheet. If it sent by email, our staff are instructed to encrypt the email.
We would never sell or transfer your information to 3rd parties.
DBS personal information collection
We only insist on DEBP volunteers having an enhanced DBS check when there is a possibility that an adult would be in a position to form a relationship with a young person from regular visits. One to one business mentoring is one such example.
To obtain a DBS check, identification documents need to be presented in person to a registered person in the DEBP. We will not keep or photocopy your documents and only take from them the specific numbers that legally we are asked to supply. If we take your information on paper, we will transport it securely to our office, enter it onto the secure online portal and shred the paper copy.
To see how the Government handle your data once it is entered on their secure online portal, please see https://www.gov.uk/government/publications/dbs-privacy-policy/dbs-privacy-policy
Sometimes we are asked to work in new areas, either geographically or in a new business sector, or have localised opportunities which we would like you to know about. In that case, we may use searches to find new telephone numbers and email addresses. We will record that we have contacted you on our database, and if you choose not to be contacted again, we will also record this, so that we don’t bother you again.
Where you do consent to be contacted again, we will record this on our database, and if the current opportunity is not suitable, we will be in touch when we find something that might pique your interest.
Communications and social media
We like to tell people about the great work that our volunteers are doing with young people, and what schools are doing to prepare their students for the world of work. We have active Twitter feeds and may sometimes post on LinkedIn. If you tell us that you do not want to be mentioned on these feeds – we will not do it!
To celebrate achievements on our website, we write case studies about the work that is happening. If you are featured in one of our case studies, you will have been asked for permission for us to use information about you, including any photographs. This gives you chance to redact anything you don’t want us to say.
We communicate with e-newsletters using software such as MailChimp which will carry an unsubscribe option. This is to tell you of the opportunities for either volunteering or enrichment activities and to thank you for the work you are doing.
Information held about young people (up to the age of 19 and up to the age of 25 for young people with special needs)
We work closely with lots of fantastic young people. It helps then if we at least know their name and have it on a register for monitoring attendance and celebrations. An ongoing record of activities and contact, including issues faced by the young person, may be will normally be held by the person working with them and on a need-to-know basis by our other staff. All information is stored securely when not in use.
By the nature of our one-to-one support, we may have information on medical conditions or family situations which have been shared by the school, parents or carers which will always be on a need-to know basis.
Where we are looking at distance travelled and matching with during our programmes we may hold:
• CV’s and application forms
• Likes and dislikes for mentoring
We will use this information to give them bespoke support.
When we have finished working with the young person we will shred paper copies and ensure we delete anything sent to us electronically.
We will only store information on young people if our contract asks us to do so. Where it can be anonymised, we will do so.
Irrespective of the age of the young person, if they are in compulsory education phases then DEBP seek consent from a parent/carer as well as the young person directly. We ensure that young people are aware they have the same rights as adults over their personal data and explain why we require the data and how it will be used. This explanation is delivered clearly and is accessible by the young person. When there is not capacity to understand this, DEBP ensure that the information is communicated effectively with parents/carers.
For intensive support programmes, where a long term relationship is in place between DEBP and the young person, parent/carer consent is sought and their personal contact details are retained by DEBP. These are not shared with anyone external to DEBP and will be destroyed in line with the end of any contracts.
When DEBP are contracted by another organisation to work with the young people, DEBP are contractually obliged to share information with the funders. This information can include: name; date of birth, home postcode, school attending, ethnicity and learning support needs. A student or their parent/carer can decline to share this. Where consent is provided this data is transferred to the third party securely and is encrypted.
Specific information for STEM Ambassadors
STEM Learning who manage the national STEM Ambassador programme have an online portal so that you can manage the amount of data you make available to the company and the STEM Ambassador Hubs. We as the Hub for North Midlands, South & East Yorkshire cannot change any of those details.
When you registered as a STEM Ambassador, you have a choice of the amount of information you want to share. This can be changed at any time by logging onto your profile.
When we look at your identification evidence for DBS purposes, we will endeavour to enter it directly into the Government’s DBS system. If for some reason we cannot do this, we may take your details down on paper. This paper will be transported securely to our office and once entered on the DBS system, it will be immediately cross-cut shredded. Our staff are instructed not to leave any of these papers in a car or public place.
When we recruit, we will ask candidates to fill out an application form which may be on line or on paper. Some candidates choose to send us their Curriculum Vitae. We will keep these papers in our systems until the post is filled and then they will be deleted or shredded. We may wish to keep some information on file to contact candidates for future posts. If we wish to do that, we will ask for email consent from the candidate. Candidates are also welcome to ask us to keep their details on file by contacting us on email.
Data Protection Officer
If you have any questions about our work, our Data Protection Officer is Laura Khella. Please contact her on the first instance with any questions using the email address: firstname.lastname@example.org
This policy was reviewed by the Board on: 10th May 2018. Next review due: November 2018