The General Data Protection Regulations 2018 (GDPR) and the Data Protection Act 2018 replaces the previous UK legislation in regard to data protection. The GDPR is designed to ensure that EU Citizen’s data privacy is protected and organisations regularise their approach to data privacy.
What information does dasl hold about me?
We understand the importance of your right to privacy and confidentiality. dasl only holds (also known as ‘processes’) data that we genuinely need to provide you with support from our specific service or we require as part of our contract with our funders. This could include personal data such as your name, contact details, details of your health and support needs or information about your financial situation.
Why does dasl process information about me?
dasl processes information in order to provide you with a service. dasl will always have a lawful basis for processing (including keeping and sharing) your information and we will be able to tell you what this is. The lawful basis differs depending on what information is being processed. More information about this can be found in our Information Governance policy.
What will dasl do with my information?
dasl will be clear with you about how we will process your personal information. We will ask you to sign an authorisation form detailing your specific consent to process your information and keep copies of documentation. You can withdraw your consent at any time. Your consent will be kept under review and we will respond to changes you might wish to make and document how you have given your consent.
Where information may be processed for those under age 16, a parent or guardian will be asked to provide consent for this. dasl will provide you with information about your or your child’s case and the support you are receiving in a way that has been agreed with you.
With your consent, dasl may share your personal information in strict confidence with auditors where we need to demonstrate our work in order to maintain our quality standards. This currently applies to data belonging to clients using our Professional Advocacy or Specialist Advice services.
People who are unable to provide their consent to dasl
dasl must be satisfied that a person fully understands the specific consent that is being provided to us. Capacity to make this decision is assumed in law.
If we assess that a person is unable to consent to how their information is processed, personal data may be processed if we have another lawful basis for doing so. This is likely to be in their 'legitimate interests' to do so. dasl will make a best interest decision regarding the processing of this data paying due regard to the principles laid out in Chapter 16 of the Mental Capacity Act 2005. We will document and be able to demonstrate how we have come to this decision.
Third party data controllers
We will clearly explain to you the services we provide as part of a formal partnership with other organisations and where these other organisations will have access to your data. These are known as ‘third party controllers’ under the GDPR.
dasl’s services which are currently provided in conjunction with other organisations are:
- Connect Lambeth (currently relating to dasl’s Advocacy and Community Development services only). The Third Party Controllers are Age UK Lambeth.
- IntoSport – Third Party Controllers are Activity Alliance (formerly the English Federation of Disability Sport) and Lambeth Council for the Get Out Get Active service.
How is my information stored?
dasl has robust data recording systems in place. All paper records are kept securely at dasl offices in locked cabinets. Records stored electronically, including databases, are password protected and passwords are regularly changed to ensure maximum security.
The current databases that dasl use are: AIMS, Charity Log and Upshot. AIMS is provided by LASA and managed by dasl’s IT support company, Oaklands, both of whom may be given temporary access to personal data in order to carry out technical support.
Age UK Lambeth is the data controllers for Charity Log, used by Advocacy and Community Development services. Dizions – the company that owns the data processing system — may be given temporary access to personal data in order to carry out technical support to dasl or Age UK Lambeth.
Activity Alliance is the data controllers for Upshot, the Get Out Get Active database.