This policy is intended to inform you how and why Kairos Community Trust uses personal information from and about clients, staff, volunteers, trustees and other relevant individuals, in accordance with the General Data Protection Regualtion (GDPR).
We use your personal information to help Kairos assess your suitability and eligibility for its services and to manage your care/support while in a Kairos service. When you contact us at the point of referral, we will collect personal information about you (for example, your name, address, telephone number etc.). We may request further information before we offer an assessment for the service (for example, ID, reports from previous interventions, OASYs etc).
During the course of providing care/support services to you, we may request information about you and other individuals you tell us about. We may request and use special categories of personal data about you or a third party you tell us about (for example, about health, ethnic origin, criminal history, significant others).
Staff and Volunteers
Personal information satisfying Kairos’ recruitment criteria, regulatory requirements (for example, from the Care Quality Commission) and ongoing Kairos employment management (as per Disclosing and Barring Service – DBS – checks and training profiles and staff handbook applications) will be kept in your place of employment and at Head Office. This information will be stored securely, both in password-protected IT systems and in locked filing cabinets.
Information required by law will be held at Head Office.
The purpose of our website – www.kairoscommunity.org.uk – is to communicate Kairos Community Trust’s work in promoting recovery. The News page records latest developments and events and we will collect personal information that you voluntarily provide to us for inclusion on the site (for example, a News item). A Subject Release form will be signed by anyone agreeing to be photographed for use on the website or inclusion in the Archive and the form will be co-signed by a Kairos representative. All such photographs are copyright of Kairos Community Trust. The purpose of the Archive is to record the history and work of Kairos Community Trust for future generations of Kairos.
Kairos does not use social media as a tool for communication and/or messaging in regard to its work in the care and support of its clients.
How We Use Your Information
We only ever use your personal data if we are satisfied that it is lawful and fair to do so and for the following reasons.
You have given your consent to us using your information:
• for the specific objectives outlined in your care/support plan
• for the specific purposes of your rehabilitation
• for the purposes of a contract or licence agreement with you
• in order to comply with our legal obligations (as per the Care Act 2008 and/or Health and Safety Regulations) and for our own legitimate interests and protection (for example, we may use personal information to ensure Kairos’ protection from fraud and crime).
We will only use special categories of personal data relating to you or third parties you tell us about when we have your explicit consent and/or where it is necessary to use the information for the benefit your ongoing care/support objectives.
Sharing Your Information
We will never sell your personal data or share it with third parties who might use it for their own purposes.
We will not disclose any information you provide to any third party other than where you have given us written consent to share your information; and where we instruct relevant professionals on your behalf (for example, medical, DWP, referrals and any other third parties necessary to carry out your instructions).
Such information would also be shared in order to enforce any terms and conditions between Kairos and you, the client.
We will share your information if we are under legal or regulatory duty to disclose or share such information (for example, with the police).
Operational, Administration and Technical Support
Operational, administration and technical support is provided internally as in DBS applications, in referrals from one stage of Kairos’ pathways programme to the next, as from rehab to Move-On accommodation.
Access to client data is restricted to Kairos Community Trust Admin Team (for example, to provide IT and document management support).
Systems and protocols for the secure passing on, processing and recording of such information are in place e.g. in providing case management, document management, typing services.
Security measures are in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, changed or disclosed. We hold data electronically in our secure management system and on our ‘on site’ servers. Network integrity is protected using firewalls and anti-malware systems. We also have offsite back-up services through our IT service providers.
We will encrypt data leaving Kairos (for example, email), using encryption methods.
We store paper documents in locked cabinets in our offices. These offices are secure and only mandated personnel can access areas where personal data is stored.
We limit access to your personal information to relevant management, counsellors, support workers and those who have a need to know (for example, regulatory bodies).
We may give third parties access to the personal information we hold about you in order to comply with our regulatory obligations (for example, CQC, probation).
We warn that transmission of information to Kairos via the internet is never completely secure and therefore we cannot guarantee the security of your electronic information emailed to us.
We will put in place procedures to deal with any suspected data security breach. We will tell you about such breaches and any regulator of a suspected breach where we are legally required to do so.
Data Retention and Deletion
By law, Kairos is obliged to retain a client’s personal files for three years.
You have a right to rectify or erase personal information if it is no longer needed for the purposes for which it was collected, you can withdraw your consent, following a successful right to object or it has been processed unlawfully or you ask us to transfer your personal information to another person or organisation.
Queries, complaints, issues should be addressed to Kairos management.
We inform you that you have a right to make a complaint at any time to the Information Commissioners Office, the UK authority responsible for data protection, regarding any data protection issues.
The trustees, through the operations director, are responsible for the implementation of the policy.
Managers, under supervision of the director, will ensure the implementation, monitoring, reviewing and updating of the policy for services which they manage.
Any changes, following reviews, will be ratified by the trustees.
Kairos will provide training to all staff on the policy and on associated/inter-linking Kairos policies. This training will be carried out by external and internal leads (for example, IT providers, police and internal managers).