- Comply with our statutory responsibilities in respect of health & safety, including the Data Protection Act and General Data Protection Regulations (GDPR).
- Respect and safeguard the privacy of all of our stakeholders.
- Not to share data with third parties without the consent of the individual.
- Only use data in a way that is adequate, relevant and limited to what is necessary.
- Take all reasonable steps to ensure that data is accurate and current.
- Only retain data for as long as necessary.
- Keep all data secure, including preventing unauthorized access and use.
- Review this policy on a regular basis, but at no more than two year intervals, and to revise as necessary.
The Data Protection Officer for The Nightingale Cancer Support Centre is Nick Jacobs – Director
Consent – we will always try to make clear what is agreed to and seek specific consent. In limited cases, such as the use of images at events etc., we will assume consent unless told otherwise. We will display signs to this effect in such cases.
Access to Data – the Data Protection Officer will receive and process requests for access to information we hold on an individual.
Deletion of Data – on request we will comply with requests to delete an individual’s personal data (“the right to be forgotten”). There may be exceptions to this, such as if the data is relevant to a complaint investigation, legal action etc. The Data Protection Officer will either comply with or respond to requests within one month.
Complaints – in the first instance, complaints about use of data, breaches of confidentiality etc. should be addressed to the Data Protection Officer.
Policy updated on 30th May 2022