Finding Harmony
Updated February 2024

This policy applies to all staff, volunteers, trustees and anyone working for Finding Harmony. Staff and volunteers in this organisation accept and recognise our responsibilities to develop awareness of issues, which cause children and young people harm.

The organisation does not undertake activities with children in the absence of their parents/carers, but has the opportunity to observe the young person’s/children’s welfare within their family setting.  Parents/carers remain responsible for their children’s welfare throughout all the work undertaken by the organisation.

This policy has been drawn up as a response to:

• Children Act 1989
• United Convention of the Rights of the Child 1991
• Data Protection Act 1998
• Sexual Offences Act 2003
• Children Act 2004
• Protection of Freedoms Act 2012
• Relevant government guidance on safeguarding children

We recognise that:

• the welfare of the child is paramount, as enshrined in the Children Act 1989
• all children, regardless of age, disability, gender, racial heritage, religious belief, sexual orientation or identity, have a right to equal protection from all types of harm or abuse
• some children are additionally vulnerable because of the impact of previous experiences, their level of dependency, communication needs or other issues
• working in partnership with children, young people, their parents, carers and other agencies is essential in promoting children’s welfare.

We will endeavour to safeguard children and young people by:

• Valuing them, listening to and respecting them.
• Adopting child protection guidelines through a code of behaviour for staff and volunteers.
• Sharing information about child protection and good practice with children, parents, staff and volunteers.
• Sharing information about concerns with agencies who need to know, and involving parents and children appropriately.
• Following carefully the procedures for recruitment and selection of staff and volunteers, ensuring all necessary checks are made.
• Providing effective management for staff and volunteers through supervision, support and training
• We are also committed to reviewing our policy and good practice at regular intervals.

Policy and Procedures 

Statement of Intent: 

It is the policy of Finding Harmony to safeguard the welfare of all children by protecting them from all forms of abuse including physical, emotional and sexual harm. Staff and volunteers should be committed to treating children with respect and dignity, always listening to what a child is saying.

Sharing Information about child protection and good practice with staff and volunteers:

Good communication is essential in any organisation. At Finding Harmony every effort will be made to ensure that, should individuals have concerns, they will be listened to and taken seriously.

It is the responsibility of the management to ensure that information is available to, and exchanged between all those involved in this organisation and its activities. Some information is confidential and should only be shared on a strictly need-to-know basis.

A copy of our Child Protection Policy will be made available to all staff, volunteers and any other appropriate body. It will also be placed on our website.

Definitions, Sign & Symptoms, and Types of Abuse

Abuse and neglect are forms of maltreatment. Somebody may abuse or neglect a child by inflicting harm or failing to act to prevent harm. Children may be abused in a family or in an institutional or community setting, by those known to them, or, more rarely, by a stranger. They may be abused by an adult or adults or another child or children.

Physical Abuse:
This may involve the hitting, shaking, throwing, poisoning, burning or scalding, drowning, suffocating, or otherwise causing physical harm to a child. Physical harm may also be caused when a parent or carer fabricates the symptoms of, or deliberately induces illness in a child.

Emotional Abuse:
This is the persistent emotional maltreatment of a child such as to cause severe and persistent adverse effects on the child’s emotional development. It may involve conveying to children that they are worthless or unloved, inadequate, or valued only insofar as they meet the needs of another person. It may include not giving the child opportunities to express their views, deliberately silencing them or ‘making fun’ of what they say or how they communicate. It may feature age or developmentally inappropriate expectations being imposed on children. These may include interactions that are beyond the child’s developmental capability, as well as overprotection and limitation of exploration and learning, or preventing the child participating in normal social interaction. It may involve seeing or hearing the ill-treatment of another. It may involve serious bullying (including cyberbullying), causing children frequently to feel frightened or in danger, or the exploitation or corruption of children. Some level of emotional abuse is involved in all types of maltreatment of a child, though it may occur alone.

Sexual Abuse:
This involves forcing or enticing a child or young person to take part in sexual activities, not necessarily involving a high level of violence, whether or not the child is aware of what is happening. The activities may involve physical contact, including assault by penetration (for example, rape or oral sex) or non-penetrative acts such as masturbation, kissing, rubbing and touching outside of clothing. They may also include non-contact activities, such as involving children in looking at, or in the production of, sexual images, watching sexual activities, encouraging children to behave in sexually inappropriate ways, or grooming a child in preparation for abuse. Sexual abuse can take place online, and technology can be used to facilitate offline abuse. Sexual abuse is not solely perpetrated by adult males. Women can also commit acts of sexual abuse, as can other children.

Neglect.
This is the persistent failure to meet a child’s basic physical and/or psychological needs, likely to result in the serious impairment of the child’s health or development. Neglect may occur during pregnancy as a result of maternal substance abuse. Once a child is born, neglect may involve a parent or carer failing to:

• provide adequate food, clothing and shelter (including exclusion from home or abandonment);
• protect a child from physical and emotional harm or danger;
• ensure adequate supervision (including the use of inadequate care-givers); or
• ensure access to appropriate medical care or treatment.

It may also include neglect of, or unresponsiveness to, a child’s basic emotional needs.

Child Sexual Exploitation:
This is a form of sexual abuse where children are sexually exploited for money, power or status. It can involve violent, humiliating and degrading sexual assaults. In some cases, young people are persuaded or forced into exchanging sexual activity for money, drugs, gifts, affection or status. Consent cannot be given, even where a child may believe they are voluntarily engaging in sexual activity with the person who is exploiting them. Child sexual exploitation does not always involve physical contact and can happen online. A significant number of children who are victims of sexual exploitation go missing from home, care and education at some point. Some of the following signs may be indicators of sexual exploitation:

• Children who appear with unexplained gifts or new possessions;
  • Children who associate with other young people involved in exploitation;
  • Children who have older boyfriends or girlfriends;
  • Children who suffer from sexually transmitted infections or become pregnant;
  • Children who suffer from changes in emotional well-being;
  • Children who misuse drugs and alcohol;
  • Children who go missing for periods of time or regularly come home late; and
  • Children who regularly miss school or education or do not take part in education.

Child criminal exploitation:
As set out in the Serious Violence Strategy, published by the Home Office, where an individual or group takes advantage of an imbalance of power to coerce, control, manipulate or deceive a child or young person under the age of 18 into any criminal activity (a) in exchange for something the victim needs or wants, and/or (b) for the financial or other advantage of the perpetrator or facilitator and/or (c) through violence or the threat of violence. The victim may have been criminally exploited even if the activity appears consensual. Child criminal exploitation does not always involve physical contact; it can also occur through the use of technology. Some of the following signs may be indicators of criminal exploitation:

• Persistently going missing from school or home and / or being found out-of-area;
• Unexplained acquisition of money, clothes, or mobile phones
• Excessive receipt of texts / phone calls
• Relationships with controlling / older individuals or groups
• Leaving home / care without explanation
• Suspicion of physical assault / unexplained injuries
• Parental concerns
• Carrying weapons
• Significant decline in school results / performance
• Gang association or isolation from peers or social networks
• Self-harm or significant changes in emotional well-being

County Lines:
This is a form of criminal exploitation whereby gangs and organised criminal networks involved in exporting illegal drugs into one or more importing areas within the UK, using dedicated mobile phone lines or other form of ‘deal line’. They are likely to exploit children and vulnerable adults to move and store the drugs and money, and they will often use coercion, intimidation, violence (including sexual violence) and weapons.

HBV/Forced Marriage or FGM:
So-called ‘honour-based’ violence (HBV) encompasses crimes which have been committed to protect or defend the honour of the family and/or the community, including Female Genital Mutilation (FGM), forced marriage, and practices such as breast ironing. All forms of so called HBV are abuse (regardless of the motivation) and should be handled and escalated as such. FGM involves cutting, and sometimes sewing the girl’s genitalia, normally without anaesthetic, and can take place at any time from birth onwards. It is sometimes referred to as ‘female circumcision’ but this misnomer belies the invasive and irreversible nature of the procedure. It is now more correctly termed female genital mutilation.

The procedure has a cultural, rather than religious, origin and is practised by disparate ethnic communities in many countries, including Ethiopia, Somalia, Sudan, Egypt, Nigeria, India, Pakistan, Yemen and Iraq. The Female Genital Mutilation Act 2003 makes it a criminal offence, not only to carry out FGM in England, Scotland and Wales on a girl who is a UK national or permanent resident, but also to take a girl out of the UK to have FGM performed abroad, even to countries where FGM is legal. The indicators of FGM may initially mirror those of sexual abuse. You may notice, for example, that a girl or young woman shows signs of pain or discomfort, needs to visit the toilet constantly, has vaginal blood loss or is unable to sit comfortably.

It is the personal duty of any staff member or volunteer who identifies FGM or receives a disclosure to make a crime report to the police.

• If a volunteer has either been told by a child/parent/carer that the child has had FGM s/he should personally report the matter to the police by calling 101.
• If you think the girl is at imminent risk or has recently been cut you should take immediate action which may involve calling 999.

Forced marriage:
Forcing a person into a marriage is a crime in England and Wales. A forced marriage is one entered into without the full and free consent of one or both parties and where violence, threats or any other form of coercion is used to cause a person to enter into a marriage. Threats can be physical or emotional and psychological. A lack of full and free consent can be where a person does not consent or where they cannot consent (if they have learning disabilities, for example). Nevertheless, some communities use religion and culture as a way to coerce a person into marriage.

Child trafficking and modern slavery:
Child trafficking and modern slavery are forms of child abuse where children are recruited, moved or transported and then exploited, forced to work or sold. Children are trafficked for sexual exploitation, benefit fraud, forced marriage, domestic servitude such as: cleaning, childcare, cooking, forced labour in factories or agriculture and criminal activity such as: pickpocketing, begging, transporting drugs, working on cannabis farms, selling pirated DVDs and bag theft.

Many children are trafficked into the UK from abroad, but children can also be trafficked from one part of the UK to another.

Trafficked children experience multiple forms of abuse and neglect. Physical, sexual and emotional violence are often used to control victims of trafficking. Children are also likely to be physically and emotionally neglected.

Children are tricked, forced or persuaded to leave their homes. Traffickers use grooming techniques to gain the trust of the child, family or community. They may threaten families, but this isn’t always the case, they may promise children education or persuade parents their child can have a better future in another place. Sometimes families will be asked for payment towards the ‘service’ a trafficker is providing e.g. sorting out travel documentation or transport. Traffickers make a profit from the money a child earns through exploitation, forced labour or crime. Often this is explained as a way for a child to pay off a debt they or their family ‘owe’ to the traffickers.

Although these are methods used by traffickers, coercion, violence or threats do not need to be proven in cases of child trafficking – a child cannot legally consent so child trafficking only requires evidence of movement and exploitation.

The organisation should know how to recognise and act upon indicators of abuse or potential abuse involving children.  There is an expected responsibility for all members of the organisation to respond to any suspected or actual abuse of a child in accordance with these procedures.

Additional information can be found at: https://www.nspcc.org.uk/preventing-abuse/child-abuse-and-neglect/

What to do if children talk to you about abuse or neglect

It is recognised that a child may seek you out to share information about abuse or neglect, or talk spontaneously individually or in groups when you are present.  In these situations you must:

• React calmly and listen carefully to the child.DO NOT directly question the child.
• Give the child time and attention.
• Allow the child to give a spontaneous account; do not stop a child who is freely recalling significant events.
• Make an accurate record of the information you have been given taking care to record the timing, setting and people present, the child’s presentation as well as what was said.Do not throw this away as it may later be needed as evidence.
• Use the child’s own words where possible.
• Explain that you cannot promise not to speak to others about the information they have shared.Never guarantee absolute confidentiality, as Child Protection will always have precedence over any other issues.
• Reassure the child:
• you are glad they have told you;
• they have not done anything wrong;
• what you are going to do next.
• Explain that you will need to get help to keep the child safe.
• Do NOT ask the child to repeat his or her account of events to anyone.
• It is not our responsibility to decide whether abuse has taken place or not, however it is our responsibility to pass on any concerns to the appropriate person / authority immediately.

You may become concerned about a child who has not spoken to you, because of your observations of, or information about that child. It is good practice to ask a child why they are upset or how a cut or bruise was caused, or respond to a child wanting to talk to you.  This practice can help clarify vague concerns and result in appropriate action.

If you are concerned about a child you must share your concerns.  Initially contact the founder Holly King holly@findingharmony.co.uk who will contact the relevant services.You may also call the Integrated Access and Referral Team (iART) or the Emergency Duty Team (EDT) for help and advice. Alternatively you can call the police.

The team can be contacted 8.30am to 5pm from Monday to Thursday and 8.30am – 4.30pm on Friday.

If you have an urgent concern outside these hours, or over a bank holiday, please call the Emergency Duty Team (out of hours) on 01244 977277

Alternatively call Cheshire Police: 0845 458 0000/01244 350000  (999 in an emergency)

Emergency action – In some cases you may need to protect a child immediately – in these situations dial 999. The police are the only agency with statutory powers for the immediate protection of children.

Be prepared to give as much of the following information as possible

• Your name, telephone number, position and request the same of the person to whom you are speaking.
• Full name and address, telephone number of family, date of birth of child and siblings.
• Gender, ethnicity, first language, any special needs.
• Names, dates of birth and relationship of household members and any significant others.
• The names of professionals’ known to be involved with the child/family eg: GP, Health Visitor, School.
• The nature of the concern; and foundation for them.
• An opinion on whether the child may need urgent action to make them safe.
• Your view of what appears to be the needs of the child and family.
• Whether the consent of a parent with parental responsibility has been given to the referral being made.

Action to be taken following the referral

• Ensure that you keep an accurate record of your concern(s) made at the time.
• Put your concerns in writing to Social Services if requested by them to do so following the referral.
• Accurately record the action agreed or that no further action is to be taken and the reasons for this decision.

Extremism/Radicalisation/Prevent Policy and Procedures

The government has defined extremism as:

Extremism is the vocal or active opposition to our fundamental values, including democracy, the rule of law, individual liberty and the mutual respect and tolerance of different faiths and beliefs. We also regard calls for the death of our armed forces as extremist.

Confidentiality

Finding Harmony will ensure that any records made in relation to a referral will be kept confidentially and in a secure place. Only the designated Persons will have access to these files.

Information in relation to child protection concerns should be shared on a “need to know” basis.  However, the sharing of information is vital to child protection and, therefore, the issue of confidentiality is secondary to a child’s need for protection.

We are committed to maintaining high standards across all aspects of our work. However, we recognise that there is always the possibility that we may fail to meet the high standards that we set for ourselves.

Please tell us as soon as possible. If we do not know about a problem, we cannot begin to resolve it for you and take action to ensure it doesn’t happen again.

In particular, as a children’s charity, we take child protection extremely seriously. If you have any concerns about the behaviour of one of Finding Harmony’s staff, volunteers, or beneficiaries in any situation, it is vital that you tell us about it immediately so that appropriate action can be taken.

All complaints are dealt with by the Founder, Holly King holly@findingharmony.co.uk 

What we will do on receiving your complaint

• We’ll listen, record your complaint and advise you how it will be handled.
• If the complaint involves a member of staff or volunteer, this person will have the opportunity to express their point of view, accompanied by a friend. We will not divulge the name of the person who has made the complaint during an investigation unless you give us permission to do so.
• We’ll take action to resolve the problem and tell you what that action is.
• We’ll take steps to avoid a repeat occurrence or if necessary exclude a person/persons.
• At all times we will treat you with understanding and respect. We ask that you do the same for our staff and volunteers.
• Confidential information in relation to your complaint will be handled sensitively.
• We are not able to respond to anonymous complaints.
• We cannot deal with matters for which Finding Harmony is not directly responsible unless it involves a child protection or safeguarding issue.

Complaint response times
We would appreciate your understanding that, with limited resources, we cannot always respond to your complaint immediately. However, we will act as promptly as we can.

You will receive an initial acknowledgment and/or response within five working days of receipt of your complaint and we expect to resolve most problems in that time.

Where a more in-depth investigation is required, we aim to provide a full response within 20 working days. If there are exceptional circumstances, where that is not possible, we will advise you.

What if our response does not satisfy you?
If you are not happy with our response, please let us know and your complaint will be reviewed by one of our trustees. Ultimately, you have recourse to the online complaint form at the Charity Commission www.charitycommission.gov.uk

Finding Harmony is committed to a policy of protecting the rights and privacy of individuals. Finding Harmony needs to collect and use certain types of data to carry out our work. We recognise the importance of the correct and lawful treatment of personal data.

All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards and good practice as specified in the General Data Protection Regulation 2018. Finding Harmony will remain the Data Controller for the information held. Finding Harmony and volunteers will be personally responsible for processing and using personal information in accordance with the GDPR.

We fully endorse and adhere to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Trustees, staff and volunteers running Finding Harmony who have access to personal information, will be expected to read and comply with this policy.

We collect information such as your name, contact details and that required to fulfil a referral.

Information is collected by the completion of forms, either manually or electronically, by (or on behalf of by a qualified professional) the person the data relates to.

Why is it being collected and how will it be used?

For the administration of the charity, for communication with you and for statistical analysis.

Who will it be shared with?

Our trustees, staff and volunteers only.

The purpose of this policy is to set out Finding Harmony’s commitment and procedures for protecting personal data. We regard the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those whom we deal with.

• We want to collect limited personal information of clients to fulfil a referral request.
• We want to collect personal information from our referral partners and volunteers so that our service ensures good communication.
• We want to claim gift aid on a person’s donations.
• We want to maintain accurate records of clients in order to anonymise data to use in funding applications and publicity.
• We want to use the limited personal data we collect and store for 5 years before anonymising for long term use in order to assess the impact of our services.

The GDPR 

In line with the GDPR principles, Finding Harmony will ensure that personal data will:

• Be obtained fairly and lawfully and shall not be processed unless certain conditions are met
• Be obtained for a specific and lawful purpose
• Be adequate, relevant but not excessive
• Be accurate and kept up to date
• Not be held longer than necessary
• Be processed in accordance with the rights of data subjects
• Be subject to appropriate security measures

Where collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.

The definition of ‘processing’ is obtaining, using, holding, amending, disclosing, destroying, and deleting personal data. This includes paper based personal data as well as that kept on computer.

The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. The organisation will seek to abide by this code in relation to all the personal data it processes, i.e.

• Accountability:those handling personal data follow publicised data principles to help gain public trust and safeguard personal data.
• Visibility:Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data.
• Consent:The collection and use of personal data must be fair and lawful. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.
• Access:Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data.
• Stewardship:Those collecting personal data have a duty of care to protect this data throughout the data life span.

Type of Information Processed 

Some examples of Personal Data:

• Name
• Address
• Telephone number
• E-mail Address
• Family Relationship

Some examples of Sensitive Personal data:

• Gender
• Ethnic Origin
• Disability
• Marital Status
• Volunteer and donor name, address, email and contact number
• Referrer name, email address and contact number
• Client name, email address, contact number, postcode, address (if given specifically for delivery purposes), gender and age of children, ethnicity.
• Information required by HMRC in relation to financial donations subject to Gift Aid.

Personal information may be in the form of paper copies of referral forms, or digital referral forms saved on a computer. Paper copies are held on file with a list of items provided. The file is kept in a locked box. Digital files are saved on a password protected user account.

Groups of people within the organisation who will process personal information are:

• Trustees, staff, treasurers, and volunteers.

Applying the GDPR within Finding Harmony

In such circumstances we will let people know why we are collecting their data and it is our responsibility to ensure the data is only used for this purpose.

Correcting data

Individuals have a right to have data corrected if it is wrong, to prevent use which is causing them damage or distress or to stop marketing information being sent to them.

Responsibilities 

Finding Harmony is the Data Controller under the GDPR, and is legally responsible for complying with the GDPR, which means that it determines what purposes personal information held will be used for.

The Board of Trustees will take into account legal requirements and ensure that it is properly implemented, and will through appropriate management, strict application of criteria and controls:

• Observe fully conditions regarding the fair collection and use of information,
• Meet its legal obligations to specify the purposes for which information is used,
• Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements,
• Ensure the quality of information used,
• Ensure that the rights of people about whom information is held, can be fully exercised under the GDPR.   These include:
  • The right to be informed that processing is being undertaken
  • The right of access to one’s personal information
  • The right to prevent processing in certain circumstances and
  • The right to correct, rectify, block or erase information which is regarded as wrong information
• Take appropriate technical and organisational security measures to safeguard personal information,
• Ensure that personal information is not transferred abroad without suitable safeguards,
• Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information,

The Data Protection Officer will be responsible for ensuring that the policy is implemented and will have overall responsibility for:

• Ensuring that everyone processing personal information understands that they are contractually responsible for following good data protection practice
• Ensuring that everyone processing personal information is appropriately trained to do so
• Ensuring that everyone processing personal information is appropriately supervised
• Ensuring that anybody wanting to make enquiries about handling personal information knows what to do
• Dealing promptly and courteously with any enquiries about handling personal information
• Describing clearly how Finding Harmony handles personal information
• Regularly reviewing and auditing the ways we hold, manage and use personal information
• Regularly assessing and evaluating Finding Harmony’s methods and performance in relation to handling personal information
• Ensuring that all staff and volunteers are aware that a breach of the rules and procedures identified in this policy may lead to action being taken against them

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the GDPR.

In case of any queries or questions in relation to this policy please contact the Data Protection Officer.

Training 

Training and awareness raising about the GDPR and how it is followed in this organisation will take the following forms:

On induction: all volunteers are given a copy of our data protection policy and asked to sign the Volunteers’ Agreement to show they have read and understood it. Only the Data Protection Officer has access to passwords and locked files.

Data collection

Before personal information is collected, we will consider:

• What information we need in order to deliver our service efficiently
• What information we need in order to show the impact of our service
• How long we will keep the information on record –
  • We will keep data on clients for a maximum of 5 years from the client’s last use of our service.
  • We will keep volunteer data for 1 year after their last contact with us, then it will be deleted.
  • We will keep data on Gift Aid declarations for 6 years, in accordance with HMRC regulations.
  • Anonymised data and aggregate totals will be maintained beyond the destruction of individual records so we can assess the impact of our services.

We will inform people whose information is gathered about the following:

• That we need key information in order to deliver our service
• That the information provided will be held securely
• That by completing the referral form, they consent to Finding Harmony using the anonymised data.
• That staff will have relevant financial and personal information held in order to enable Finding Harmony to meet legal and contractual obligations.

Data Security 

Once received, all correspondence containing ‘personal’ or ‘sensitive personal’ data must immediately be either securely processed, stored, or destroyed; or immediately passed on to another member of staff or a volunteer for secure processing, storing or destruction.

• No visible, unattended data

All versions of any ‘personal’ or ‘sensitive personal’ data must be handled in a timely and secure fashion and at no time left unattended.

• Electronic Copies

Electronic copies should at no time be left open and unattended on a computer monitor, and never should be unnecessarily distributed.

Computer screens should be locked if they are left unattended for any time.

All electronic correspondence containing ‘personal’ or ‘sensitive personal’ data should be deleted, and then deleted from any electronic ‘trash’ bin once it has been processed.

• Paper Copies

Paper copies should exist in only one of three states; being securely processed, being securely stored, or being securely destroyed.

The organisation will take steps to ensure that personal data is kept secure, at all times, against unauthorised or unlawful loss or disclosure. The following measures will be taken:

• All referrals are emailed to a secure email address which only team members have access to or supplied direct to team members as paper copies and then stored in a locked file.
• Any paper copies of volunteer agreements are kept in a locked file.
• A record of the DBS numbers registered.

Data Breach

Any unauthorised disclosure of personal data to a third party may result in disciplinary action being taken.

The trustees are accountable for compliance of this policy. A trustee could be personally liable for any penalty arising from a breach that they have made.

Any unauthorised disclosure made by a volunteer may result in the termination of the volunteering agreement.

If a volunteer or member of staff is made aware of a data breach they should notify the Data Protection Officer.

Any serious data breaches or data loss will be reported to the Information Commissioners Office and the Charity Commission. This includes:

• Charity data that has been accessed by an unknown person and/or deleted.
• A charity device, containing personal details of beneficiaries or staff, has been stolen or gone missing and it’s been reported to the police;
• Charity funds lost due to an online or telephone ‘phishing scam’, where trustees were conned into giving out bank account details;
• A Data Protection Act breach has occurred and been reported to the ICO.

Data Subject Access Requests

Anyone whose personal information we process has the right to know:

• What information we hold and process on them
• How to gain access to this information
• How to keep it up to date
• What we are doing to comply with the Act.

They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.

Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files.  Any person wishing to exercise this right should apply in writing to Holly King holly@findingharmony.co.uk

The following information will be required before access is granted:

• Full name and contact details of the person making the request
• Relationship with the organisation and applicable timescales

We may also require proof of identity before access is granted. The following forms of ID may be required: passport, birth certificate.

Queries about handling personal information will be dealt with swiftly and politely.

We will aim to comply with requests for access to personal information as soon as possible but will ensure it is provided within the 28 days required by the GDPR from receiving the written request.

Disclosure

Finding Harmony may need to share data with other agencies such as the local authority, funding bodies and other voluntary agencies.

The data subject will be made aware in most circumstances how and with whom their information will be shared.  There are circumstances where the law allows us to disclose data (including sensitive data) without the data subject’s consent.

These are:

• Carrying out a legal duty or as authorised by the Secretary of State
• Protecting vital interests of a data subject or other person
• The data subject has already made the information public
• Conducting any legal proceedings, obtaining legal advice or defending any legal rights
• Monitoring for equal opportunities purposes – i.e. race, disability or religion
• Providing a confidential service where the data subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. a safeguarding concern for the welfare of a child or adult

Finding Harmony regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.

Risk Management  

The consequences of breaching Data Protection can cause harm or distress to service users if their information is released to inappropriate people, or they could be denied a service to which they are entitled. Volunteers should be aware that they can be personally liable if they use clients’ personal data inappropriately.  This policy is designed to minimise the risks and to ensure that the reputation of Finding Harmony is not damaged through inappropriate or unauthorised access and sharing.

Further information  

If members of the public/or stakeholders have specific questions about information security and data protection in relation to Finding Harmony please contact the Data Protection Officer.

The Information Commissioner’s website (www.ico.gov.uk) is another source of useful information.

Finding Harmony is committed to a policy of protecting the rights and privacy of individuals. Finding Harmony needs to collect and use certain types of data to carry out our work. We recognise the importance of the correct and lawful treatment of personal data.

All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards and good practice as specified in the General Data Protection Regulation 2018. Finding Harmony will remain the Data Controller for the information held. Finding Harmony and volunteers will be personally responsible for processing and using personal information in accordance with the GDPR.

We fully endorse and adhere to the eight principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Trustees, staff and volunteers running Finding Harmony who have access to personal information, will be expected to read and comply with this policy.

We collect information such as your name, contact details and that required to fulfil a referral.

Information is collected by the completion of forms, either manually or electronically, by (or on behalf of by a qualified professional) the person the data relates to.

Why is it being collected and how will it be used?

For the administration of the charity, for communication with you and for statistical analysis.

Who will it be shared with?

Our trustees, staff and volunteers only.

The purpose of this policy is to set out Finding Harmony’s commitment and procedures for protecting personal data. We regard the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those whom we deal with.

• We want to collect limited personal information of clients to fulfil a referral request.
• We want to collect personal information from our referral partners and volunteers so that our service ensures good communication.
• We want to claim gift aid on a person’s donations.
• We want to maintain accurate records of clients in order to anonymise data to use in funding applications and publicity.
• We want to use the limited personal data we collect and store for 5 years before anonymising for long term use in order to assess the impact of our services.

The GDPR 

In line with the GDPR principles, Finding Harmony will ensure that personal data will:

• Be obtained fairly and lawfully and shall not be processed unless certain conditions are met
• Be obtained for a specific and lawful purpose
• Be adequate, relevant but not excessive
• Be accurate and kept up to date
• Not be held longer than necessary
• Be processed in accordance with the rights of data subjects
• Be subject to appropriate security measures

Where collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.

The definition of ‘processing’ is obtaining, using, holding, amending, disclosing, destroying, and deleting personal data. This includes paper based personal data as well as that kept on computer.

The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. The organisation will seek to abide by this code in relation to all the personal data it processes, i.e.

• Accountability:those handling personal data follow publicised data principles to help gain public trust and safeguard personal data.
• Visibility:Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data.
• Consent:The collection and use of personal data must be fair and lawful. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.
• Access:Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data.
• Stewardship:Those collecting personal data have a duty of care to protect this data throughout the data life span.

Type of Information Processed 

Some examples of Personal Data:

• Name
• Address
• Telephone number
• E-mail Address
• Family Relationship

Some examples of Sensitive Personal data:

• Gender
• Ethnic Origin
• Disability
• Marital Status
• Volunteer and donor name, address, email and contact number
• Referrer name, email address and contact number
• Client name, email address, contact number, postcode, address (if given specifically for delivery purposes), gender and age of children, ethnicity.
• Information required by HMRC in relation to financial donations subject to Gift Aid.

Personal information may be in the form of paper copies of referral forms, or digital referral forms saved on a computer. Paper copies are held on file with a list of items provided. The file is kept in a locked box. Digital files are saved on a password protected user account.

Groups of people within the organisation who will process personal information are:

• Trustees, staff, treasurers, and volunteers.

Applying the GDPR within Finding Harmony

In such circumstances we will let people know why we are collecting their data and it is our responsibility to ensure the data is only used for this purpose.

Correcting data

Individuals have a right to have data corrected if it is wrong, to prevent use which is causing them damage or distress or to stop marketing information being sent to them.

Responsibilities 

Finding Harmony is the Data Controller under the GDPR, and is legally responsible for complying with the GDPR, which means that it determines what purposes personal information held will be used for.

The Board of Trustees will take into account legal requirements and ensure that it is properly implemented, and will through appropriate management, strict application of criteria and controls:

• Observe fully conditions regarding the fair collection and use of information,
• Meet its legal obligations to specify the purposes for which information is used,
• Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements,
• Ensure the quality of information used,
• Ensure that the rights of people about whom information is held, can be fully exercised under the GDPR.   These include:
  • The right to be informed that processing is being undertaken
  • The right of access to one’s personal information
  • The right to prevent processing in certain circumstances and
  • The right to correct, rectify, block or erase information which is regarded as wrong information
• Take appropriate technical and organisational security measures to safeguard personal information,
• Ensure that personal information is not transferred abroad without suitable safeguards,
• Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information,

The Data Protection Officer will be responsible for ensuring that the policy is implemented and will have overall responsibility for:

• Ensuring that everyone processing personal information understands that they are contractually responsible for following good data protection practice
• Ensuring that everyone processing personal information is appropriately trained to do so
• Ensuring that everyone processing personal information is appropriately supervised
• Ensuring that anybody wanting to make enquiries about handling personal information knows what to do
• Dealing promptly and courteously with any enquiries about handling personal information
• Describing clearly how Finding Harmony handles personal information
• Regularly reviewing and auditing the ways we hold, manage and use personal information
• Regularly assessing and evaluating Finding Harmony’s methods and performance in relation to handling personal information
• Ensuring that all staff and volunteers are aware that a breach of the rules and procedures identified in this policy may lead to action being taken against them

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the GDPR.

In case of any queries or questions in relation to this policy please contact the Data Protection Officer.

Training 

Training and awareness raising about the GDPR and how it is followed in this organisation will take the following forms:

On induction: all volunteers are given a copy of our data protection policy and asked to sign the Volunteers’ Agreement to show they have read and understood it. Only the Data Protection Officer has access to passwords and locked files.

Data collection

Before personal information is collected, we will consider:

• What information we need in order to deliver our service efficiently
• What information we need in order to show the impact of our service
• How long we will keep the information on record –
  • We will keep data on clients for a maximum of 5 years from the client’s last use of our service.
  • We will keep volunteer data for 1 year after their last contact with us, then it will be deleted.
  • We will keep data on Gift Aid declarations for 6 years, in accordance with HMRC regulations.
  • Anonymised data and aggregate totals will be maintained beyond the destruction of individual records so we can assess the impact of our services.

We will inform people whose information is gathered about the following:

• That we need key information in order to deliver our service
• That the information provided will be held securely
• That by completing the referral form, they consent to Finding Harmony using the anonymised data.
• That staff will have relevant financial and personal information held in order to enable Finding Harmony to meet legal and contractual obligations.

Data Security 

Once received, all correspondence containing ‘personal’ or ‘sensitive personal’ data must immediately be either securely processed, stored, or destroyed; or immediately passed on to another member of staff or a volunteer for secure processing, storing or destruction.

• No visible, unattended data

All versions of any ‘personal’ or ‘sensitive personal’ data must be handled in a timely and secure fashion and at no time left unattended.

• Electronic Copies

Electronic copies should at no time be left open and unattended on a computer monitor, and never should be unnecessarily distributed.

Computer screens should be locked if they are left unattended for any time.

All electronic correspondence containing ‘personal’ or ‘sensitive personal’ data should be deleted, and then deleted from any electronic ‘trash’ bin once it has been processed.

• Paper Copies

Paper copies should exist in only one of three states; being securely processed, being securely stored, or being securely destroyed.

The organisation will take steps to ensure that personal data is kept secure, at all times, against unauthorised or unlawful loss or disclosure. The following measures will be taken:

• All referrals are emailed to a secure email address which only team members have access to or supplied direct to team members as paper copies and then stored in a locked file.
• Any paper copies of volunteer agreements are kept in a locked file.
• A record of the DBS numbers registered.

Data Breach

Any unauthorised disclosure of personal data to a third party may result in disciplinary action being taken.

The trustees are accountable for compliance of this policy. A trustee could be personally liable for any penalty arising from a breach that they have made.

Any unauthorised disclosure made by a volunteer may result in the termination of the volunteering agreement.

If a volunteer or member of staff is made aware of a data breach they should notify the Data Protection Officer.

Any serious data breaches or data loss will be reported to the Information Commissioners Office and the Charity Commission. This includes:

• Charity data that has been accessed by an unknown person and/or deleted.
• A charity device, containing personal details of beneficiaries or staff, has been stolen or gone missing and it’s been reported to the police;
• Charity funds lost due to an online or telephone ‘phishing scam’, where trustees were conned into giving out bank account details;
• A Data Protection Act breach has occurred and been reported to the ICO.

Data Subject Access Requests

Anyone whose personal information we process has the right to know:

• What information we hold and process on them
• How to gain access to this information
• How to keep it up to date
• What we are doing to comply with the Act.

They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.

Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files.  Any person wishing to exercise this right should apply in writing to Holly King holly@findingharmony.co.uk

The following information will be required before access is granted:

• Full name and contact details of the person making the request
• Relationship with the organisation and applicable timescales

We may also require proof of identity before access is granted. The following forms of ID may be required: passport, birth certificate.

Queries about handling personal information will be dealt with swiftly and politely.

We will aim to comply with requests for access to personal information as soon as possible but will ensure it is provided within the 28 days required by the GDPR from receiving the written request.

Disclosure

Finding Harmony may need to share data with other agencies such as the local authority, funding bodies and other voluntary agencies.

The data subject will be made aware in most circumstances how and with whom their information will be shared.  There are circumstances where the law allows us to disclose data (including sensitive data) without the data subject’s consent.

These are:

• Carrying out a legal duty or as authorised by the Secretary of State
• Protecting vital interests of a data subject or other person
• The data subject has already made the information public
• Conducting any legal proceedings, obtaining legal advice or defending any legal rights
• Monitoring for equal opportunities purposes – i.e. race, disability or religion
• Providing a confidential service where the data subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. a safeguarding concern for the welfare of a child or adult

Finding Harmony regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.

Risk Management  

The consequences of breaching Data Protection can cause harm or distress to service users if their information is released to inappropriate people, or they could be denied a service to which they are entitled. Volunteers should be aware that they can be personally liable if they use clients’ personal data inappropriately.  This policy is designed to minimise the risks and to ensure that the reputation of Finding Harmony is not damaged through inappropriate or unauthorised access and sharing.

Further information  

If members of the public/or stakeholders have specific questions about information security and data protection in relation to Finding Harmony please contact the Data Protection Officer.

The Information Commissioner’s website (www.ico.gov.uk) is another source of useful information

This policy applies to all trustees, staff, volunteers, service users and the general public.

No child, individual, or family should be excluded from the charity’s activities on the grounds of age, gender, health or disability, pregnancy, maternity, sexuality, class, family status, means, ability, colour, ethnic origin, culture, religion, or belief. We aim to ensure that all who wish to work in, or volunteer to help with, our charity should have an equal chance to do so. We aim to create effective partnerships within all parts of our community and provide services that are accessible according to need.

Finding Harmony is committed to:

• Tackling social exclusion, inequality, discrimination and disadvantage
• Ensuring all people are treated with dignity and respect, valuing the diversity of all;
• Promoting equality of opportunity and diversity;
• Delivering services that are accessible, appropriate and delivered fairly to all;
• Working together with the community to provide accessible and relevant service provision that responds to service users’ needs;
• Providing fair resource allocation

For this policy to be successful, it is essential that everyone is committed to and involved in its delivery. Finding Harmony’s goal is to work towards a just society free from discrimination, harassment and prejudice. We aim to embed this in all its policies, procedures, day-to-day practices and external relationships.

Responsibility for Implementation
Overall responsibility for ensuring adherence to and implementation of this policy lies with the trustees, staff and operating committee.

Methods of Implementation

• Ensuring that trustees, operating committee members, staff and volunteers are made aware, understand, and are willing to implement this policy. All staff and volunteers will be given a copy of this policy as part of their induction;
• Monitoring the services, publicity and events provided by Finding Harmony, to ensure that they are accessible to all sections of the population and do not discriminate, and taking reasonable steps to ensure that participation is representative.
• Continuing to learn and adapt to ensure this policy is upheld. Any person who feels that this policy has not been upheld can make a complaint, which will be dealt with in line with our complaints procedure.

Monitoring and Reviewing
Finding Harmony is committed to establishing, developing, implementing and reviewing a policy of equality of opportunity. Effective record keeping and monitoring, and acting on information gathered, are essential in order to measure effectiveness and plan progress. The trustee board will review the policy annually.

Finding Harmony is committed to ensuring that its activities are safe and it will do whatever it can to provide for the health, safety and welfare of all staff, volunteers, service users and visitors ensuring that risks are minimised at all times. It will observe the Health and Safety at Work Act 1974 (“HASAWA”) and all relevant regulations and codes of practice made under it.

The Founder has overall responsibility for health and safety on the premises, and for ensuring that Finding Harmony fulfils its legal responsibilities. We recognise that it is the duty of all staff and volunteers to uphold this Policy and to provide the necessary funds and resources to put it into practice.

This policy will be reviewed annually by the Board of Trustees.

All accidents or unsafe incidents will be investigated as soon as possible.

Finding Harmony is responsible for

• Assessing the risk to the health and safety of staff, volunteers, service users and visitors and identifying what measures are needed to comply with its health and safety obligations;
• Ensuring that venues or vehicles used for events and donating are safe and minimising risk to health including safe ways of entering and leaving;
• Ensuring that equipment is safe and well maintained;
• Providing information, instruction, training and supervision to volunteers in safe working methods and procedures as required;
• Ensuring that all staff and volunteers interacting with the public are Disclosure & Barring Service (“DBS”) checked and making all volunteers aware of our Child Protection Policy;
• Encouraging volunteers and service users to co-operate in ensuring safe and healthy conditions and systems by effective joint consultation;
• Establishing emergency procedures as required.

Volunteer Responsibilities
Finding Harmony Volunteers are responsible for ensuring that:

• They are aware of the contents of this safety policy
• They comply with this policy
• They take care of themselves and others who may be affected by their actions or omissions
• They report all accidents, or unsafe situations, and any near misses (things which could have led to an accident), to a member of staff at once.
• They are aware of the precautions they need to take as noted on the relevant risk assessments.
• They record accidents or near misses at work in the accident book.
• They are aware of all fire procedures for the area in which they are working.
• If they identify anything which they think could be in any way unsafe, they will report it.

Risk Assessments

Finding Harmony will ensure that the premises and tasks are assessed in line with the current relevant legislation. Assessments will be repeated when there is:

• An event to organise
• change in legislation
• change of premises
• significant change in work carried out
• transfer to new technology

or any other reason which makes the original assessment not valid.

Training
To comply with legislation and to promote the health, safety and welfare of volunteers, health and safety training will be provided as follows:

• at inductions
• on the introduction of new technology
• when changes are made to venues
• when training needs are identified during risk assessments.

Resolving health and safety problems
Any volunteer with a health and safety concern must first tell our founder. If, after investigation, the problem is not corrected in a reasonable time, it’s believed that no action is required but the volunteer is not satisfied with this, the volunteer may then refer the matter to the board of trustees. This must be in writing. The matter will be entered on the agenda for the next meeting of the trustees.