Data Protection policy

How and why we collect personal data from you, and how we keep it safe

A New Direction is committed to the accurate, secure and lawful processing of personal data, complying with all relevant UK laws regarding personal data and protecting the rights and freedoms of individuals whose data we process.

You can view A New Direction's full Data Protection Policy using this link.

This policy outlines our data protection processes to ensure everyone who works for or with A New Direction understands their responsibilities, follows secure and compliant procedures, and receives appropriate information, guidance and training.

On this page, we will summarise the key points about how we keep your data safe.

It is important to us that you feel safe and informed about how we use your personal data. If you need to contact us about anything to do with data protection at A New Direction, please email dataprotection@anewdirection.org.uk.

Personal Data

Personal data is information that can be used to identify you, for example your name, address or phone number.

Some of your personal data is categorised as ‘special’. This means it is more sensitive and needs greater protection. This could include information about your national insurance number, ethnicity, sexuality or religion. Personal data about children (anyone under 18 years old) also needs particular protection.

The data that we collect from you depends on the type of activity you are involved with.

You can find out more about the personal data we collect from you and how it is processed and stored: Privacy Policy

Your Data Rights

Everyone has data protection rights under UK law. These are:

  • Right to be Informed about how their data is being used.
  • Right of Access to their personal data.
  • Right to Rectification: to correct inaccurate data.
  • Right to Erasure: to have their data deleted.
  • Right to Restrict Processing: to limit how their data is used.
  • Right to Data Portability: to move their data to another service.
  • Right to Object to data processing.
  • Rights in Relation to Automated Decision Making and Profiling: to not be subject to decisions based solely on automated processing.

Our Responsibility

A New Direction is responsible for ensuring that your information is:

  • secure
  • accurate and up-to-date
  • only kept for legitimate reasons
  • only kept for as long as is necessary
  • used for legitimate purposes,
  • not passed on to third parties without your consent,
  • and that everyone managing and handling your data understands that they are responsible for adhering to good data protection practice.

We also have a Data Protection Officer (DPO), an independent expert who reports to our highest management level. They are responsible for ensuring that A New Direction complies with UK GDPR, including Subject Access Requests (see below), and they ensure that all your information is accurate and up to date.

How We Keep Your Personal Data Safe

At A New Direction, we take the security of your personal data very seriously. Here’s how we ensure your information is protected:

  • Strict Access Controls: Only authorised members of our team can access personal data, and they must follow strict guidelines to keep it secure. Any third party given access must sign a Confidentiality or Information Sharing Agreement.
  • Comprehensive Training: New staff members receive thorough guidance on our data protection policies during their induction, ensuring they understand how to handle personal data responsible. We have whole team data protection and cyber security refreshers at least annually.
  • Robust Security Measures: We implement technical and organisational measures to guard against unauthorised access, loss, or damage to personal data. These measures are regularly reviewed and updated to ensure they remain effective and up to date.
  • IT System Updates: All our IT systems and software are regularly updated to protect against known vulnerabilities, ensuring your data remains secure.

Accessing Your Personal Information

As your personal data is held by A New Direction, you are entitled to:

  • Ask what information we hold about you and why;
  • Ask how to gain access to it;
  • Be informed on how to keep it up to date; and
  • Be informed on how A New Direction is meeting its data protection obligations.

If you ask us for this information, this is called a subject access request, and we will follow the procedure outlined in our Subject Access Request Policy.

We will always verify the identity of anyone making a subject access request before handing over any information.

Disclosing data for other reasons

In certain circumstances, A New Direction is allowed to disclose data to law enforcement agencies without your consent, upon their request.

However, we will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Personal data breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your data. If this happens, A New Direction staff report it to their manager and/or the Data Protection officer, who will then follow the procedure outlined in our Data Breach Policy.

Complaints

If you have a complaint about how your data is used you should be directed to the DPO following the complaints procedure, using a complaint form supplied by A New Direction.

You can also complain directly to the Information Commissioners Office. Details of how to make a complaint is provided within our Privacy Policy.