This policy statement is a commitment by Bodywhys to protect the rights and privacy of individuals in accordance with legislation concerning data protection; Data Protection Acts 1988 and 2003 (amended). Bodywhys is committed to ensuring compliance and best practice guidelines and procedures in relation to all aspects of data protection.

Data Protection Principles

Bodywhys adheres to its responsibilities under the Acts in accordance with the eight data protection principles outlined in the legislation as follows:

1. Obtain and process information fairly
2. Keep it only for one or more specified and lawful purposes
3. Process it only in ways compatible with the purposes for which it was given to you initially
4. Keep the data safe and secure
5. Keep the data accurate, complete and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain data for no longer than necessary for the purpose(s) for which it is acquired.
8. Provide a copy of his/her personal data to the relevant individual, on request

Responsibility

Bodywhys has overall responsibility for ensuring compliance with Data Protection legislation when it is the data controller of personal data. All Bodywhys staff who collect and control personal data are responsible for compliance with the legislation.

It is the policy of Bodywhys that all confidential and sensitive information is safeguarded from unauthorised access, modification or usage. Within Bodywhys, access rights to electronic information are confined to members of staff. Individuals who volunteer with Bodywhys support services, and who record confidential information, are obligated to adhere to a confidentiality agreement. Volunteers do not have access to confidential electronic data available to staff.

Practical steps for data protection, as advised by the Health Service Executive (HSE)

Sensitive information, electronic or non-electronic, must be kept hidden from visitors to the Bodywhys office. Files containing personal information must not be left unattended or visible to unauthorised individuals or members of the public.

Computer systems, including email, must be password protected to avoid access by unauthorised individuals or members of the public.

Office space and associated storage units that contain confidential information must be locked when unattended.

Service user or staff information must not be discussed in inappropriate areas where it may be overheard, including telephone contacts and conversations.

For a detailed description of how Bodywhys manages personal data, please see the Bodywhys Privacy Policy.

Review

This policy will be reviewed in view of legislative or other relevant developments.

Version 1.1 Last updated 28/04/2015

Data Protection Policy – PO Box 105, Blackrock, Co. Dublin. Admin Tel: 01 2834963 Email: info@bodywhys.ie – Material © 2015 Bodywhys.