Data Protection Policy

Brainchild Developmental Program processes, uses and stores personal data of clients, employees and consultants and has therefore made a notification entry made with the ICO and this will be renewed annually.

To ensure compliance with the Data Protection Act 1998, all staff at Brainchild Developmental Program will adhere to the following good practice principles:

All staff will:

  • keep all passwords secure – change regularly, no sharing
  • lock / log off computers when away from their desks
  • dispose of confidential paper waste securely by shredding
  • prevent virus attacks by taking care when opening emails and attachments or visiting new websites
  • work on a ‘clear desk’ basis – by securely storing hard copy personal information when it is not being used
  • ensure that visitors are signed in and out of the premises, or accompanied in areas normally restricted to staff
  • position computer screens away from windows to prevent accidental disclosures of personal information
  • encrypt personal information that is being taken out of the office via laptops or pen drives, if it would cause damage or distress if lost or stolen
  • keep back-ups of information
  • use a dry and secure archive to prevent the risk of losing data to floods, fire or theft
  • collect only the personal information they need for their particular business purpose.
  • Only use any disclosed data for the specific purpose for which it was given to them
  • explain new or changed business purposes to clients and employees, and to obtain consent or provide an opt-out where appropriate
  • notify anyone before recording any telephone conversations what information will be stored and how.update records promptly – for example, changes of address, marketing preferences
  • delete personal information the business no longer requires once a year
  • not release any client or employee information without the written consent of Viv Hailwood
  • be aware that there are people who will try and trick them to give out personal information and to prevent these disclosures they should carry out identity checks before giving out personal information to someone making an incoming call
  • perform similar checks when making outgoing calls
  • understand that people have a right to have a copy of the personal information is held
  • pass any subject access requests to Viv Hailwood the same day
  • understand that the company has a maximum of 40 days to respond and that the maximum fee that can be charged is £10
  • sign and date their own copy of this policy to confirm that they have read and understood its contents.