Introduction
PIP Help CIC will protect your personal data and sensitive personal data, using them only for the purposes for which you supplied it.
Policy Statement
This Data Protection Policy explains how PIP Help CIC discharges its legal obligations concerning confidentiality and data security standards. The requirements within the policy are based upon the Data Protection Act 2018.
Registration with the Information Commissioner
The Digital Economy Act 2017 requires every data controller (i.e. organisation) in the UK to pay a fee to the Information Commissioner’s Office (ICO) and outline the categories of data they hold about people, and what they do with it.
PIP Help CIC has an Entry in the ICO register of data controllers. Registration Number: ZB186471.
Data Protection Principles
The principles require that personal data is processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; accurate and kept up-to-date; kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data are processed; processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Records can be in computerised and/or in a physical formatted and can include:
Manually stored paper files – many social security and other legal processes are still dominated by paperwork and PIP Help CIC operates from secure locked premises so that manual records are safe. Any hand-written notes are either promptly destroyed or stored in the same secure way as official documents.
Electronic records – PIP Help CIC operates using electronic as well as paper storage of documents. All personal data is password-protected.
Photographs – occasionally photographic evidence may be supplied by PIP Help CIC clients to PIP Help CIC. When this occurs they are stored in the same way as other physical and electronic records.
Videos and tape recordings – occasionally these are also supplied by PIP Help CIC clients to PIP Help CIC and are stored in the same way as other physical and electronic records.
Rights of Access by Individuals
Data Protection law gives everyone (or their authorised representative) the right to apply for access to the personal data which organisations hold about them. This is called a “Subject Access Request”. PIP Help CIC will comply with subject access requests within the legislative time limits.
We must act on the subject access request without undue delay and at the latest, within one month of receipt.
Practicalities
PIP Help CIC only gathers and uses personal and sensitive personal data to progress cases according to the instructions of the individuals concerned. PIP Help do not pass on any data whatsoever for marketing or any other purposes at all. The only time data is shared is with third-parties is to progress a case. Authority is obtained from data subjects using a plain-English form of authority which authorises the sharing of such data only to progress a case. Permission to share data on this basis can be withdrawn by the data subject at any time.
Roles and Responsibilities
Maintaining confidentiality and adhering to data protection legislation applies to everyone at PIP Help CIC. David Simpson is the person responsible for personal data and sensitive personal data at PIP Help CIC. His responsibilities include ensuring compliance with all relevant legislation and ensuring notification of processing of personal data and sensitive personal data to the ICO is up-to-date.
The Information Commissioner’s Office (ICO) – The Information Commissioner’s Office is responsible for overseeing compliance e.g. investigating complaints, issuing codes of practice and guidance and maintaining a register of Data Protection Officers.
Glossary of Terms
Data Subject
An individual who is the subject of personal data or sensitive personal data. This includes employees, members, volunteers, clients, residents and tenants.
Data Controller
A person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data and sensitive personal data are, or are to be, processed. The data controller of PIP Help CIC is: David Simpson.
Third-Party
In relation to personal data or sensitive personal data, this refers to any person other than the data subject and the data controller. For example; the Department for Work & Pensions or Her Majesty Revenue and Customs.
Processing
Recording or holding data or carrying out any operations on that data including organising, altering or adapting it; disclosing the data or aligning, combining, blocking or erasing it.
Subject Access Request
A written, signed request (which includes email and other written formats) from an individual to see data which PIP Help CIC holds about them. The Data Controller must provide all such information in a readable form within 1 month of receipt of the request.