Registration Agreement

You agree, through your use of this forum, that you will not post any material which is false, defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, adult material, or otherwise in violation of any International or United States Federal law. You also agree not to post any copyrighted material unless you own the copyright or you have written consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also forbidden on this forum.

Note that it is impossible for the staff or the owners of this forum to confirm the validity of posts. Please remember that we do not actively monitor the posted messages, and as such, are not responsible for the content contained within. We do not warrant the accuracy, completeness, or usefulness of any information presented. The posted messages express the views of the author, and not necessarily the views of this forum, its staff, its subsidiaries, or this forum's owner. Anyone who feels that a posted message is objectionable is encouraged to notify an administrator or moderator of this forum immediately. The staff and the owner of this forum reserve the right to remove objectionable content, within a reasonable time frame, if they determine that removal is necessary. This is a manual process, however, please realize that they may not be able to remove or edit particular messages immediately. This policy applies to member profile information as well.

You remain solely responsible for the content of your posted messages. Furthermore, you agree to indemnify and hold harmless the owners of this forum, any related websites to this forum, its staff, and its subsidiaries. The owners of this forum also reserve the right to reveal your identity (or any other related information collected on this service) in the event of a formal complaint or legal action arising from any situation caused by your use of this forum.

You have the ability, as you register, to choose your username. We advise that you keep the name appropriate. With this user account you are about to register, you agree to never give your password out to another person except an administrator, for your protection and for validity reasons. You also agree to NEVER use another person's account for any reason.  We also HIGHLY recommend you use a complex and unique password for your account, to prevent account theft.

After you register and login to this forum, you will be able to fill out a detailed profile. It is your responsibility to present clean and accurate information. Any information the forum owner or staff determines to be inaccurate or vulgar in nature will be removed, with or without prior notice. Appropriate sanctions may be applicable.

Please note that with each post, your IP address is recorded, in the event that you need to be banned from this forum or your ISP contacted. This will only happen in the event of a major violation of this agreement.

Also note that the software places a cookie, a text file containing bits of information (such as your username and password), in your browser's cache. This is ONLY used to keep you logged in/out. The software does not collect or send any other form of information to your computer.

Privacy Policy

Freelearners Community Interest Company

Data Protection Policy
October 2020

Introduction

Freelearners collects and uses personal data, for example about its staff, volunteers, members and users, to fulfil its purpose and to meet its statutory obligations.  Freelearners is committed to ensuring this personal data will be dealt with in line with the General Data Protection Regulations 2018 (henceforth: the GDPR or “the Regulations”). In order to comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully. The Regulations also give individuals the right to access and change personal data that is kept on them.

The purpose of this policy is to inform staff and volunteers how Freelearners complies with the GDPR and its associated legislation and Codes of Practice.

The following definitions are operative in what follows:

•   Personal data is information that relates to a living individual who can be identified from that data: this includes opinions as well as facts;
•   The data subject is an individual who is the subject of personal data;
•   Processing is the obtaining, holding, organising, retrieval or destruction of data;
•   A data controller is a person (or body) who determines the purposes for which data is processed and the manner in which this processing is carried out; and
•   A data processor is someone, other than an employee, who processes personal data on behalf of a data controller.

The Principles of Data Protection

Freelearners recognises that personal data is the property of the individual and it regards the lawful and correct treatment of personal data as very important. To this end Freelearners fully supports and adheres to the Seven Principles of Data Protection as set out in the Regulations:
1.   Lawfulness, fairness and transparency – all personal dated is processed lawfully, fairly and in a transparent manner
2.   Purpose limitation – personal data is collected for specified, explicit and legitimate purposes
3.   Date minimisation – all personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
4.   Accuracy – every reasonable step must be taken to ensure that personal data that is inaccurate, is erased or rectified without delay
5.   Storage limitation – kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed, or for the amount of time required by law. For personnel files this is 7 years after the termination of the contract of employment. Information that is of vital importance to the future protection of an individual (e.g. safeguarding notes) will be securely archived and stored as long as express agreement is retained from the data subject or in the case of children and young people, until the age of 21 or for 5 years, depending on which period is shorter.
6.   Integrity and confidentiality – processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures. All persona data is confidential, unless the following exceptions apply:
a.   Abuse of a young person (<18 years of age) is suspected
b.   A young person reports or alleges abuse
c.   A life is at risk, or there is a reasonable cause to believe that there is a risk of significant harm to a young person
d.   Information is revealed about a criminal activity
e.   A young person could cause harm to themselves or others
Then, information relevant to Safeguarding and Child Protection may be divulged to appropriate external agencies, as detailed in the Freelearners Safeguarding and Child Protection Policy.
7.   Accountability – the most senior member of the organisation shall be responsible for, and be able to demonstrate compliance with these principles

All Freelearners staff and volunteers must observe these Principles when processing personal information, be it for the purposes of recruitment, managing employee records, or in the course of providing services to clients.


Type of information processed

Freelearners processes the following personal information:
•   Names of individuals
•   Postal addresses
•   Email addresses
•   Telephone numbers
•   Debit/credit card details
•   Safeguarding and child protection data (safeguarding notes, accident records)
•   From employees only: bank details, information relating to national insurance and tax
•   From employees and regular volunteers only: information relevant to enhanced DBS checks

Personal information is kept in the following forms:
•   Computer-based system, excepting debit/credit card details
•   paper-based system that be kept in a secure, locked filing cabinet as per the Act

Responsibilities of the Data Protection Officer and Freelearners Board of Directors

Freelearners’s Board of Directors is the data controller for all personal data processed in the course of all our business. The Data Protection Officer (DPO) is appointed by the Board to ensure that the organisation complies with the Regulations. As part of these duties, the DPO is responsible for auditing the organisation’s compliance (policies and procedures) every three years; for auditing detailed procedures on a regular cycle; and for reporting audit results to the Board of Directors. The DPO is responsible for immediately raising any serious breaches or risks of non-compliance with the Regulations with the Board of Directors. The DPO is also responsible for advising Freelearners’s staff and volunteers on all matters relating to data protection, for issuing detailed guidance as appropriate and for responding to subject access requests (see the last section of this policy).

Freelearners is responsible for keeping an up to date data mapping document and ensuring that all actions are adhered to in a timely manner.

Any high risk data protection breaches will be reported within 72 hours to the Information Commissioners Office on 0303 1231113.

Responsibilities of all Freelearners’s staff and volunteers

If, in the course of their duties, Freelearners’s staff acquire information about other people (eg about service users or about members of staff or volunteers) they must comply with this Data Protection Policy.

It is a disciplinary offence, and may be a criminal offence, to obtain or disclose personal information without authority or to misuse another individual’s personal data in any way.


Freelearners’s staff and volunteers are responsible for ensuring that:

•   the Data Protection Officer is informed of any processing of personal information carried out on behalf of the organisation, in order that full notification can be made to the Office of the Information Commissioner;
•   the Data Protection Officer is informed of any proposed new systems developments, and of any proposed end user applications (such as a spreadsheet or database) holding personal data;
•   staff or others processing personal information on behalf of Freelearners are aware of their obligations under the GDPR and this policy and compliant with the Regulations;
•   staff or others processing personal information on behalf of Freelearners implement the data protection principles (1-7) outlined above;
•   procedures, manuals etc. relating to the processing of personal information are consistent with the data protection principles (1-7) outlined above, with this policy, and with any other guidance issued by the Data Protection Officer, and that such procedures are followed correctly at all times;
•   any breaches of data protection are reported to the Data Protection Officer, who will report to the Board of Directors.
•   subject access requests are dealt with as a priority and in line with the timescales defined in the last section of this policy.

Responsibilities of Freelearners staff and volunteers as data subjects

All staff and volunteers are responsible for:

•   ensuring that any personal data that they provide to the organisation is accurate and up to date;
•   informing the organisation of any changes to information which they have provided, e.g. changes of address;
•   checking any information that Freelearners may send out from time to time which gives details of information that is being kept and processed.



Responsibilities of data processors

All data processors processing personal information on behalf of Freelearners are contractually required to comply with the GDPR and any associated Codes of Practice.

Notification of data processing

Freelearners will ensure that its Information Commission Register entry, detailing what information it collects and for what purpose, is up-to-date and as full and accurate as possible. Notification of any change is carried out by the Data Protection Officer on behalf of Freelearners Board of Directors, and it is therefore essential that staff inform the DPO of any change or additions to processes carried out using personal data by or on behalf of the organisation.

Rights of data subjects

All individuals who are the subject of personal data held by the Organisation are entitled to:

•   Ask what information the Organisation holds about them and why
•   Ask how to gain access to it
•   Be informed how to keep it up to date
•   Be informed what the Organisation is doing to comply with its obligation under the General Data Protection Regulations
•   Individuals also have the right to ask for data to be deleted, though this may be refused in certain circumstances e.g. legal reasons
•   Any person who wishes to exercise these rights, should make the request in writing to the Data Protection Officer. Such a request will be fulfilled within 40 days.

If an access request is received by any other member of staff or volunteer, it should be forwarded to the Data Protection Officer immediately.



This policy was agreed to by the Freelearners Board of Directors on: October 26, 2020

Date of next policy review: October 2023