The 4 documents below cover our Terms & Conditions, our Privacy, Cookie and Data Protection policies.

Terms & Conditions

If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern TVA’s relationship with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.

The term “Tandridge Voluntary Action”, "TVA", “us” or “we” refer to the owner of the website. TVA is a charity working  in the Tandridge district of Surrey.

The term “you” refers to the user or viewer of our website.

Registered Office

The Community Hub
1st Floor Library Building
14 Gresham Road
Oxted, RH8 0BQ

Charity registered in England and Wales number 1137664.

Changes to these Terms

We may revise these terms of use at any time by amending this page.

Please check this page from time to time to take notice of any changes we made, as they are binding on you as a user.

Accessing our Website

Our website is made available free of charge.

We do not guarantee that our website, or any content on it, will always be available or be uninterrupted. Access to our website is permitted on a temporary basis. We may suspend, withdraw, discontinue or change all or any part of our website without notice. We will not be liable to you if for any reason our website is unavailable at any time or for any period.

You are responsible for making all arrangements necessary for you to have access to our website.

You are also responsible for ensuring that all persons who access our website through your internet connection are aware of these terms of use and other applicable terms and conditions, and that they comply with them.

Account Log Ins and Passwords

If you choose, or you are provided with, a user account, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party.

We have the right to disable any user accounts or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of these terms of use.

If you know or suspect that anyone other than you knows your user identification code or password, you must promptly notify us at info@tva.org.uk

Use of site information

This website contains information which is owned by or licensed to us. These works are protected by copyright laws and treaties around the world. As such rights are reserved. This material includes, but is not limited to, the design, layout, look, appearance and the graphics. Reproduction is prohibited other than in accordance with the copyright.

Users are welcome to view, download and print information for their own personal use.

TVA should be credited if information is reproduced, information must not be reproduced for commercial purposes.

Users may not use our site in anyway that is illegal, fraudulent or harmful.

 

 

Liability

The content of the pages of this website is for your general information and use only. It is subject to change without notice.

Neither we or any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.

From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no control over the contents of those sites and accept no responsibility for the content of the lined website(s) or for any loss or damage that may arise from your use of them.

Nothing in these terms of use excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by English law.

Viruses

We do not guarantee that our website will be secure or free from bugs or viruses. You are responsible for configuring your information technology, computer programmes and platform in order to access our website. You should use your own virus protection software.

You must not misuse our website by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our website, the server on which our website is stored or any server, computer or database connected to our website. You must not attack our website via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our website will cease immediately.

Linking to our Website

You may link to our website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.

You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.

You must not establish a link to our website in any website that is not owned by you.

We reserve the right to withdraw linking permission without notice.

Privacy

All information about a person is processed in accordance with our privacy policy.

Privacy Policy

Terms & Conditions

If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern TVA’s relationship with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.

The term “Tandridge Voluntary Action”, "TVA", “us” or “we” refer to the owner of the website. TVA is a charity working in the Tandridge district of Surrey.

The term “you” refers to the user or viewer of our website.

Registered Office

The Community Hub
1st Floor Library Building
14 Gresham Road
Oxted, RH8 0BQ

Charity registered in England and Wales number 1137664.

Changes to these Terms

We may revise these terms of use at any time by amending this page.

Please check this page from time to time to take notice of any changes we made, as they are binding on you as a user.

Accessing our Website

Our website is made available free of charge.

We do not guarantee that our website, or any content on it, will always be available or be uninterrupted. Access to our website is permitted on a temporary basis. We may suspend, withdraw, discontinue or change all or any part of our website without notice. We will not be liable to you if for any reason our website is unavailable at any time or for any period.

You are responsible for making all arrangements necessary for you to have access to our website.

You are also responsible for ensuring that all persons who access our website through your internet connection are aware of these terms of use and other applicable terms and conditions, and that they comply with them.

Account Log Ins and Passwords

If you choose, or you are provided with, a user account, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party.

We have the right to disable any user accounts or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of these terms of use.

If you know or suspect that anyone other than you knows your user identification code or password, you must promptly notify us at info@tva.org.uk

Use of site information

This website contains information which is owned by or licensed to us. These works are protected by copyright laws and treaties around the world. As such rights are reserved. This material includes, but is not limited to, the design, layout, look, appearance and the graphics. Reproduction is prohibited other than in accordance with the copyright.

Users are welcome to view, download and print information for their own personal use.

TVA should be credited if information is reproduced, information must not be reproduced for commercial purposes.

Users may not use our site in any way that is illegal, fraudulent or harmful.

Liability

The content of the pages of this website is for your general information and use only. It is subject to change without notice.

Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.

From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no control over the contents of those sites and accept no responsibility for the content of the lined website(s) or for any loss or damage that may arise from your use of them.

Nothing in these terms of use excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by English law.

Viruses

We do not guarantee that our website will be secure or free from bugs or viruses. You are responsible for configuring your information technology, computer programmes and platform in order to access our website. You should use your own virus protection software.

You must not misuse our website by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our website, the server on which our website is stored or any server, computer or database connected to our website. You must not attack our website via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our website will cease immediately.

Linking to our Website

You may link to our website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.

You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.

You must not establish a link to our website in any website that is not owned by you.

We reserve the right to withdraw linking permission without notice.

Privacy

All information about a person is processed in accordance with our privacy policy.

Privacy Policy

 Tandridge Voluntary Action ("TVA", “We” or “Us”) is committed to protecting and respecting your privacy.  This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We take seriously the protection of your personal privacy and confidentiality.  All information and personal data will not be used for any unintended purpose and will not accidentally fall into the hands of a third-party.

The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.  We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org/

For the purpose of the EU General Data Protection Regulation and the Data Protection Act 2018 (the “Act”), the data controller is Tandridge Voluntary Action, The Community Hub, 1st Floor Library Building, 14 Gresham Road, Oxted, RH8 0BQ

 

TVA’s Policy objective

We will process any personal data lawfully, fairly and in a transparent manner in relation to individuals.  Personal data will be collected only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.  All personal data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.  Best efforts will be made to ensure that it is accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.  Personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest in order to safeguard the rights and freedoms of individuals.  All personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

Security

TVA is committed to ensuring that your information is secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

 

Information we may collect from you

We may collect and process the following data about you:

  • To enable us to provide a voluntary service for the benefit of the public as specified in our governance document;
  • To administer membership records;
  • To fundraise and promote the interests of the charity;
  • To manage our employees and volunteers;
  • To maintain our own accounts and records.

 

We may also collect information that you provide TVA by filling in forms on this website (our site). This would include information provided at the time of registering with our site, subscribing to our services, posting material or requesting further services.  We may also ask you for information when you report a problem with our site.

If you contact us, we may keep a record of that communication.

We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

We may also collect details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data.

Internet e-mail

Messages sent over the Internet cannot be guaranteed to be completely secure as they are subject to possible interception or loss or possible alteration.  We are not responsible for them and will not be liable to you or anyone else for any damages or otherwise in connection with any message sent by you to TVA or any message sent by TVA to you over the Internet.

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk.  While all reasonable precautions will be undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third-party antivirus software or similar applications.  We accept no responsibility for third-party downloads and downloads provided by external third-party websites and advise users to verify their authenticity using third-party antivirus software or similar applications.

Cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.  Cookies allow web applications to respond to you as an individual.  The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not.  A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We use traffic log cookies to identify which pages are being used.  This helps us analyse data about webpage traffic and improve our website in order to tailor it to customers’ needs.  We only use this information for statistical analysis purposes, it is non-personal and it is subsequently deleted.

You can choose to accept or decline cookies.  Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer, although this may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest.  Once you have used these links to leave our site, however, you should note that we do not have any control over that other website.  We cannot be responsible, therefore, for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.  You should exercise caution and look at the privacy statement applicable to the website in question.

Our website uses cookies to distinguish you from other users of our website.  This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.  For detailed information on the cookies we use and the purposes for which we use them see our cookie policy above.

Uses made of the information

We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your communication device;
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
  • To carry out our obligations arising from any contracts entered into between you and us;
  • To allow you to participate in interactive features of our service, when you choose to do so;
  • To notify you about changes to our services.

 

We may also use your data to provide you with information about services in the charitable sector which may be of interest to you.  If you are an existing volunteer or service user, we will only contact you by e-mail with information concerning services similar to those which were the subject of a previous contact.

 

Disclosure of your information

We may disclose your personal information to a charity/voluntary organisation where you have indicated an interest and agreement for this to be shared.

We may disclose your personal information if we are under a duty to disclose it in order to comply with any legal obligation imposed on TVA, or to protect the rights, property or safety of TVA, its staff, volunteers, service users or others.

Your rights

Under the ACT you have a number of rights with regard to your personal data.

 

  • You have the right to be informed, request from us access to and rectification or erasure of your personal data (the right to be forgotten), the right to restrict processing, object to processing as well as in certain circumstances the right to data portability, from one environment to another.
  • If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

 

  • You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the Act with regard to your personal data.

 

  • Although it would not be TVA’s intention to use data in such a manner, you have the right to ask us not to process your personal data for marketing purposes, although we will specifically inform you (before collecting your data) if we intend to use your data for such purposes. You can also exercise your right to prevent such processing by not sharing your personal data with us.

You can also exercise the right at any time by contacting us at info@tva.org.uk

Retaining and deleting personal data

Personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.  Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving reasons and records management or statistical analysis.

We will hold your personal data on our systems for as long as you are associated with TVA and for as long afterwards as it is in TVA’s legitimate interest to do so or for as long as is necessary to comply with our legal obligations.  We will review your personal data every year to establish whether we are still entitled to process it.  If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations, if applicable, otherwise it will be deleted.

Accuracy and relevance

We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained.  We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

Individuals may ask that we correct inaccurate personal data relating to them.  If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the TVA’s General Manager: info@tva.org.uk.

Links to other web sites

This website may contain links to other relevant web sites.  These will typically be served through our charity partners who will also have detailed privacy policies relating directly to their activities.

Clicking on any such sponsored links will send you to the partners’ website through a referral program which may use cookies and will track the number of referrals sent from this website.  This may include the use of cookies which may in turn be saved on your Internet based communication device.  Users should therefore note they click on sponsored external links at their own risk and we cannot be held liable for any implications caused by visiting any external links mentioned.

Contact & Communication with us

Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk.  Your personal information is kept private and stored securely until a time it is no longer required or has no use.

Where we have indicated stated and been made you aware of the fact, and where you have given your express permission, we may use your details to send you information about the charity and the sector in general through a mailing list system.

Data Processing

While TVA will be the data controller for any personal information supplied, we will work with selected partners that provide data processing services to us.  Examples of these organisations include our website host, volunteer database system and IT support.  In each case we take steps to ensure our suppliers are GDPR compliant and are only acting as a data processor and not a data controller.  This ensures that our service suppliers cannot make use of any personal data they are holding on behalf of TVA.

External Website Links & Third Parties

Although we only look to include quality, safe and relevant external links, users are advised to adopt caution before clicking any external web links mentioned throughout this website.

Shortened URLs; URL shortening is a technique used on the web to shorten URLs (Uniform Resource Locators) to something substantially shorter.  This technique is especially used in social media.  Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.

We cannot guarantee or verify the contents of any externally linked website despite our best efforts.  Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Policy & Usage

We ensure that TVA and its staff conduct themselves accordingly online.  While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles.  We will never ask for personal details, such as passwords, on social media platforms.  Users are advised to conduct themselves appropriately when engaging with us on social media.

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms.  You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.

Changes to our privacy policy

TVA may update this policy from time to time by publishing a new version on our website and you should check this page occasionally to ensure you are happy with any changes to this policy.  Any changes we may make to our privacy policy in the future will be posted on this page.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@tva.org.uk

 

Cookie Policy

What is a cookie?

A cookie is a small data file that is downloaded to your computer when a website is visited. Normally this is a text file that can be opened on Notebook and will contain a reference number identifying the website and unique visitor code. This code is then used to identify repeat visitors to a site and in some cases can avoid repetitive input of data, retain user settings and preferences or remember purchases.

Cookies are not programmes and cannot contain virus’s or malware.

How does TVA use cookies?

First Party Cookies

These are cookies that are set by this website directly.

Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

You can find out more about Google’s position on privacy as regards its analytics service at https://support.google.com/analytics/answer/6004245

WordPress: Our websites runs the popular WordPress CMS and cookies are used to store basic data on your interactions with WordPress, and whether you have logged into WordPress. We use a session cookie to remember your log-in for you if you are a registered user and we deem these as being strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken.

More information on session cookies and what they are used for at http://www.allaboutcookies.org/cookies/session-cookies-used-for.html

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information

Turning Off Cookies

Cookies are in the large part harmless as they are not programmes and cannot make changes to your computer. However if you have any concerns you can opt to turn off cookies from your browser or receive a prompt if a website would like to download a cookie. How this is done will depend on the browser you are using. A good guide for more information is on the about cookies website

http://www.aboutcookies.org/Default.aspx?page=1

More Information

If you would like to read more about Cookies and their purpose the below sites may be of interest

Data Protection Policy

 

TVA’s Policy on Data Protection

Policy Statement

  • Tandridge Voluntary Action (TVA) collects and uses information about people within the community and with whom it communicates. This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer or portable electronic device, or recorded on other material – and there are legal safeguards to protect information in the Global Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) (the Acts) and any equivalent subsequent regulation.
  • TVA regards the lawful and correct treatment of personal information as important to the successful and efficient performance of its functions and to maintain confidence between those with whom it deals.
  • To this end TVA endorses and adheres to the Principles of Data Protection, as set out in the Acts and subsequent legislation.
  • This Policy should be read in conjunction with (1) the TVA’s web-based Privacy Policy and (2) TVA’s Policy on Business Continuity Management, which specifically refers to data storage and IT security.

Purpose

  • The purpose of this policy is to ensure that the staff, volunteers and Trustees of TVA are clear about the purpose and principles of Data Protection and to ensure that TVA has guidelines and procedures in place which are consistently followed.
  • Failure to adhere to the Acts and subsequent legislation is unlawful and could result in legal action being taken against TVA or its staff, volunteers or Trustees.
  • Everyone who works for or with TVA has some responsibility for ensuring data is collected, stored and handled appropriately.

 

Principles

  • The Acts regulate the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information and covers electronic records as well as manual filing systems, including card indexes.
  • Data users must comply with the data protection principles of good practice which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
  • To do this TVA follows the eight Data Protection Principles outlined in the Acts, which are summarised below:
  1. Personal data will be processed fairly and lawfully
  2. Data will only be collected and used for specified purposes
  • Data will be adequate, relevant and not excessive
  1. Data will be accurate and up to date
  2. Data will not be held any longer than necessary
  3. Data subject’s rights will be respected
  • Data will be kept safe from unauthorised access, accidental loss or damage
  • Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

The Principles apply to “personal data” which is information held on electronic or in manual filing systems from which they are identifiable.  TVA’s employees, volunteers and Trustees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.

 

The Risks

This policy is aimed to protect TVA from actual data security risk, including:

  • Breaches of confidentiality – information being given out inappropriately;
  • Failing to offer choice – individuals should be free to choose how a corporate uses data relating to them, and
  • Reputational damage - if an unauthorised third-party gained access to sensitive data.

Procedures

  • The following procedures have been developed in order to ensure that TVA meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by TVA falls into two broad categories:
  1. TVA’s internal data records - staff, volunteers and Trustees
  2. 2. TVA’s external data records - members, customers, clients.
  • TVA as a body is a DATA CONTROLLER under the Act, and the Board of Trustees is ultimately responsible for the policy’s implementation.

General staff guidelines

  • TVA operates a “Clear Desk Policy” at all times.
  • The only people able to access data covered by this policy should be those who need it for their work.
  • Data should not be shared informally. When access to confidential information is required, employees can request it from their line manager.
  • TVA will provide training to all employees to help them understand their responsibilities when handling data.
  • Employees should keep all data secure by taking sensible precautions and following the guidelines contained in this policy.
  • Strong passwords must be used and they should never be shared.
  • Personal data should not be disclosed to unauthorised people, either within TVA or externally.
  • Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of in accordance with the schedule detailed below.
  • Employees should request help and advice from the General Manager if they are unsure about any aspect of data protection.
  • The contact details of staff, volunteers and Trustees will only made available to other staff, volunteers and Trustees. Any other information supplied on application will be kept in a secure filing cabinet or data-file and is not accessed during the day-to-day running of the charity.
  • Contact details of staff, volunteers and Trustees will not be passed on to anyone outside the organisation without their explicit consent.
  • A copy of staff, volunteer, Trustee emergency contact details will be kept in the Business Continuity Management Policy dossier and by the General Manager.
  • Upon request, staff, volunteers and Trustees will be supplied with a copy of their personal data held by the charity.
  • All confidential post must be opened by the addressee only.

Data storage

These rules describe how and where data should be safely stored.

  • When data is stored on paper, it should be kept in a secure place where unauthorised personnel cannot see it.
  • These guidelines also apply to data that is usually stored electronically but has been printed out for some reason.
  • When not required, the paper or files should be kept in a locked drawer or locked filing cabinet.
  • Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer or photo-copier.
  • Data printouts should be shredded and disposed of securely when no longer required.
  • When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.
  • Data should be protected by strong passwords that are changed regularly and never shared between employees.
  • If data is stored on removable media (like a thumb-drive), these should be encrypted and kept locked away securely when not being used.
  • Data should only be stored on designated drives and servers, and should only be uploaded. Storage in the “Cloud” is not permitted with the exception of the “QuickBooks” application.
  • Servers containing personal data should be sited in a secure location, away from general office space.
  • Data should be backed-up frequently. Those backups should be tested regularly, in line with the company’s standard back-up procedures.
  • Personal data should never be saved directly to mobile devices like smart phones.
  • All servers and computers containing data should be protected by approved security software and a firewall.

Data use

  • Personal data is of no value to TVA unless the charity has a specific use for it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
  • When working with personal data, employees and volunteers should ensure the screens of their computers are always locked when left unattended.
  • Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
  • Data must be encrypted before being transferred electronically. The General Manager can explain how to send data to authorised external contacts.
  • Personal data should never be transferred outside of the European Economic Area.
  • Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.

Data accuracy

  • The law requires TVA to take reasonable steps to ensure data is kept accurate and up to date.
  • The more important it is that the personal data is accurate, the greater the effort TVA should put into ensuring its accuracy.
  • It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
  • Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
  • Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
  • The staff of TVA will make it easy for data subjects to update the information it holds about them. For instance, via the website.
  • Data should be updated as and when inaccuracies are discovered. For instance, if a volunteer can no longer be reached on their stored telephone number, it should be removed from the database.
  • TVA will take reasonable steps to keep personal data up to date and accurate. Personal data will be stored for 20 years after an employee, volunteer or Trustee has worked for the organisation and brief details for longer.  Unless the organisation is specifically asked by an individual to destroy their details it will normally keep them on file for future reference.  The General Manager has responsibility for destroying personnel files.

Subject access requests

All individuals who are the subject of personal data held by TVA are entitled to:

  • Ask what information the charity holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how the company is meeting its data protection obligations.

If an individual contacts TVA requesting this information, this is called a Subject Access Request.  Subject access requests from individuals should be made by email, addressed to the General Manager at info@tva.org.uk.  The General Manager can supply a standard request form, although individuals do not have to use this.  Individuals will be charged £10 per subject access request.  The General Manager will aim to provide the relevant data within 14 days, who will, of course, verify the identity of anyone making a subject access request before handing over any information.

Disclosing data for other reasons

  • In certain circumstances, the Acts allow personal data to be disclosed to law enforcement agencies without the consent of the data subject.
  • Under these circumstances, TVA will disclose requested data. However, the General Manager will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Providing information

TVA aims to ensure that individuals are aware that their data is being processed, and that they understand:

  • How the data is being used;
  • How to exercise their rights;
  • To these ends, TVA has a web-based privacy statement, setting out how data relating to individuals is used by the charity.
  • Internal data records.

Purposes

TVA obtains personal data (names, addresses, telephone numbers, email addresses), application forms, and references and in some cases other documents from staff, volunteers and Trustees.  This data is stored and processed for the following purposes:

  • Recruitment;
  • Equal Opportunities monitoring;
  • The objectives of TVA including volunteering opportunities;
  • To distribute relevant organisational material, e.g. meeting papers;

 

Storage

  • Personal data is kept in paper-based systems and on a password-protected computer system. Every effort is made to ensure that data is stored in organised and secure systems.
  • TVA operates a clear desk policy at all times.

Use of Photographs

Where practicable, TVA will seek consent from individuals before displaying photographs in which they appear.  If this is not possible (for example, a large group photo), the organisation will remove any photograph if a complaint is received.  This policy also applies to photographs published on TVA’s website or in our publications.

Use of the Cloud and International Access

  • The Board of Trustees has agreed not to use Cloud-Computing for storage. The exception to this rule is the use of the finance application “QuickBooks”, which is used as the accounting package for TVA and contains no personal information.
  • In accordance with the Acts no electronic data relevant to TVA should be stored internationally.

 

External data records

 

Purposes

  • TVA obtains personal data (such as names, addresses, and telephone numbers) from members/clients. This data is obtained, stored and processed solely to assist staff and volunteers in the efficient running of services.  Personal details supplied are only used to send material that is potentially useful.  Most of this information is stored on the organisation’s database.
  • TVA obtains personal data and information from clients and members in order to provide services. This data is stored and processed only for the purposes outlined in the agreement and service specification signed by the client/member.

Consent

  • Personal data is collected over the telephone by correspondence and using other methods such as e-mail. During this initial contact, the data owner is given an explanation of how this information will be used, in accordance with the Acts.
  • Personal data will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case the General Manager will discuss and agree disclosure with the Chair/Vice Chair. Only if consent has been given will contact details held on TVA’s database be made available to groups/individuals outside of the organisation. Individuals must be made aware of when their details are being collected for the database and their written consent given.

Access

  • Only TVA’s staff, volunteers and Trustees will normally have access to personal data. All staff, volunteers and Trustees are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.
  • Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service.
  • Information will not be passed on to anyone outside of TVA without their explicit consent, except under legal requirement, e.g. the Inland Revenue.
  • Individuals will be supplied with a copy of any of their personal data held by TVA if a request is made.
  • All confidential post must be opened by the addressee only.

Accuracy

  • TVA will take reasonable steps to keep personal data up to date and accurate. Personal data will be stored for as long as the data owner/client/member uses our services and normally longer.  Where an individual ceases to use our services and it is not deemed appropriate to keep their records, their records will be destroyed.  Records will be destroyed in accordance with the Acts requirements.
  • If a request is received from an organisation/individual to destroy their records, TVA will remove their details from the database and request that all staff holding paper or electronic details for the organisation destroy them.

Storage

  • Personal data may be kept in paper-based systems and on a password-protected computer system. Paper-based data are stored in organised and secure systems.
  • TVA operates a clear desk policy at all times.

Use of Photographs

  • Where practicable, TVA will seek consent of members/individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), TVA will remove any photograph if a complaint is received.  This policy also applies to photographs published on TVA’s website or publications.

Disclosure and Barring Service

  • TVA will act in accordance with the Disclosure and Barring Service’s (DBS) code of practice.
  • Copies of disclosures are kept for no longer than is required. In most cases this is no longer than six months in accordance with the DBS Code of Practice. There may be circumstance where it is deemed appropriate to exceed this limit e.g. in the case of disputes.

Responsibilities of staff, volunteers and Trustees

  • During the course of their duties with TVA, staff, volunteers and Trustees will be dealing with information such as names/addresses/telephone numbers/e-mail addresses of members/clients/volunteers. They may be told or overhear sensitive information while working for TVA.  The Acts and subsequent legislation give specific guidance on how this information should be dealt with.  In short, to comply with the law, personal information must be collected and used fairly, stored securely and not disclosed to any other person unlawfully.  Staff, paid or unpaid must abide by this policy.

Compliance

  • Compliance with the Act is the responsibility of all staff, paid or unpaid. TVA will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action.  Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct.  Any such breach could also lead to criminal prosecution.
  • Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the General Manager.

Retention of Data (see schedule below)

  • No documents or personal data will be stored for longer than is appropriate.
  • All documents containing personal data will be disposed of securely in accordance with the Data Protection principles.

Approved by:                                                   Chair of Trustees, TVA

 

Date of Approval:

 

Date of Review:

 

 

 

DOCUMENT RETENTION   Reference to Archive means scanned and electronically filed
       
Type Description Retention period Disposal action
Governance      
Board and sub-committee agendas, supporting papers and minutes Provides an audit trail of statutory compliance, a corporate memory of decisions and is of historical value to the organisation Permanent Archive
Corporate business plans and annual reports Provides an audit trail of statutory compliance, a corporate memory of decisions and is of historical value to the organisation Permanent Archive
General      
Registration Details of corporate registrations and organisational links Current year plus 6 Archive
General Enquiries If record taken 6 months Destroy
Procedure      
Procedure Manuals Process documentation When superseded Destroy
Policy Documents Part of supporting governance Permanent Archive
Disclosure and Barring Service   6 Months Archive
Human Resources      
Recruitment, appointment and/or promotion papers   1 year Archive
Personnel Files (Job History) Written particulars of employment, Contracts of employment, changes to terms and conditions, including change of hours letters Current year plus 20 Archive
Qualifications and references   Current year plus 6 Destroy
Staff address details   6 years after employment has ended Destroy
Pay History Personal payroll history, including record of pay, performance pay, overtime pay, allowances, pay enhancements, other taxable allowances, payment for untaken leave, reduced pay, no pay, maternity leave Current year plus 20 Archive
Annual Leave records   2 years Destroy
Other Leave Records   Current year plus 20 Destroy
Training History   6 years Destroy
Performance Reviews and/or Assessments Reports or summary of Performance papers for last five years of service 15 Years after Service Destroy
Notice of end of employment letter Resignation, termination and/or Retirement letters 15 years after service Destroy
Leaver files   15 years after service Destroy
Health      
Health Declarations   Current year plus 20 Archive
Sickness Absence records   Current year plus 20 Archive
Records relating to workplace injury   Current plus 20 years Archive
Finance      
Summaries of daily banking and statements Daily reports of transactions Current year plus 2 Destroy
Petty cash records Records/books/sheets and receipts Current year plus 2 Destroy
Staff expenses Reimbursement forms for travel etc. Current year plus 6 Destroy
Invoices Invoices/debit notices rendered on debtors (invoices paid, unpaid, registers of invoices, debtors ledgers etc) Current year plus 6 Destroy
Refunds Records relating to unrecoverable revenue, debts and overpayments Current year plus 6 Destroy
VAT Receipt Books/Records for Imposts (Stamp Duty/VAT) Current year plus 6 Destroy
Employee Pay history   Current year plus 6 Destroy
Salaries/wages payroll   Current year plus 2 Destroy
Employee pay history   Current year plus 6 Destroy
Salary/Wages payroll sheets   Current year plus 2 Destroy
Budgets & formal interim reports   Current year plus 6 Destroy
Financial Statements Statements prepared for inclusion in quarterly or annual reports Current year plus 6 Destroy
Budget working papers Draft papers or material for creating yearly or quarterly budgets Current year plus 3 Destroy
Final Budget Reports   Current year plus 10 Destroy
Other financial documents   Current year plus 3 Destroy
Financial working papers   Current year plus 2  
Theft      
Theft/Fraud (resolved internally) Relating to serious matters of theft, fraud, misappropriation, irrecoverable debts and overpayments, write-offs, recovery of debt, wavering of debt where the matter was resolved internally 6 years after closure Archive
Theft/Fraud (resolved Externally) Relating to serious matters of theft, fraud, misappropriation, irrecoverable debts and overpayments, write-offs, recovery of debt, wavering of debt where external action was taken 10 years from closure Archive
Audit Reports Internal   Current year plus 3 Archive
Working papers and reports   Current year plus 3  
Annual Audit report external (These include interim reports) where audit has included the examination of long-term contracts Current year plus 6  

 

Contact Us

Phone: 01883 722593

Email: info@tva.org.uk

Address The Community Hub
1st Floor Library Building
14 Gresham Road
Oxted, RH8 0BQ

See all locations
Upcoming Events
Latest Tweets

Grants of up to £2000 can be applied for by not-for-profit community and voluntary sector organisations that go towards projects that directly benefit Tandridge district residents. Apply by midnight on 16 Nov. ow.ly/JpP230m6fiP pic.twitter.com/4dyx…