DATA PROTECTION Policy
Data protection principles
Helplink is committed to processing data in accordance with its responsibilities under the General Data Protection Regulations (GDPR):
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
- This policy applies to all personal data processed by Helplink Support Services CLG (Helplink)
- The Data Controller shall take responsibility for Helplink’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, the Helplink maintains a ‘Data Processing Activity Log’
- The ‘Data Processing Activity Log’ details:
- the types of data being kept
- the reasons for keeping this data
- the appropriate lawful basis for processing the information.
- Security measures in place
- The ‘Data Processing Activity Log’ shall be reviewed at least annually.
- All data processed by Helplink is be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests
- Helplink will ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Helplink will not request any information regarding a person’s ‘Sensitive Personal Data’ (as classified under GDRP regulations)
- Personal data will not be shared with any 3rd party
- Your data will not be used in any direct marketing campaigns or fundraising efforts undertaken by Helplink Support Services CLG
- Helplink will take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
Archiving / removal
- Client records and personal information are kept for a period of no longer than 7 years (the length of time recommended by the IACP) except in the following exceptions:
- Client is still receiving treatment
- The records have been ordered to be kept because of a court subpoena
- At the end of this period all information will be irretrievably deleted
- All personal identifying data is kept in encrypted documents
- All documents containing client information are scanned and encrypted, and kept on a separate flash drive that is also encrypted
- The flash drive is kept in a secure location and never leaves the premises
- No paper copies are kept. They are shredded once they have been scanned and encrypted
- Access to personal data is limited to the administrator and the counsellor in question
- Any messages sent via email (which includes our contact form) will be irretrievably deleted as soon as they are no longer needed
- All our staff have undergone Data Protection Training to ensure that they can handle any data provided to us in the correct manner
- If a data breach occurs, it will be reported to the Data Protection Regulator within 72 hours
- Any person whose data is violated in such a breach will be informed within 72 hours
If you would like to raise any issues regarding your data, please contact us: