top of page

Data protection policy


Data Protection covers "manual" records held in searchable filing systems, electronic computer data and electronic images (CCTV).


TAB processes sensitive personal data regarding service users, staff and volunteers as part of its operation. Personal data is any information about a living identifiable individual. TAB shall take all reasonable steps to process data in accordance with the Data Protection Act guidelines. To achieve this, TAB endeavours to comply with the Data Protection Principles ('the Principles") contained in the Data Protection Act 1998 and GDPR regulations 25th May 2018 and any other subsequent updates.


The Principles

TAB will ensure that all data is:-

  1. Processed fairly and lawfully.

  2. Obtained for specified purposes and only processed in accordance with those purposes.

  3. Adequate, relevant, and not excessive

  4. Accurate and up to date

  5. Not kept for longer than necessary

  6. Processed in accordance with the data subject's rights.

  7. Kept securely.


Personal Data

Personal data covers both facts and opinions about an individual. It includes information necessary for service users, staff, and volunteers, such as name and address; it may also include information about the person’s health.


Processing of Personal Data

An individual's consent may be required for the processing of personal data. Any information which falls under the definition of personal data will remain confidential and will only be disclosed to third parties with the consent of the individual. However, no consent is required where data have been stripped of all personal identifiers, such that it is no longer possible to single out an individual.

Sensitive Personal Data

TAB may, from time to time, be required to process sensitive personal data regarding service users, staff and volunteers.

Sensitive personal data includes:

  • medical information

  • religious or other beliefs

  • education and training details

  • family lifestyle and social circumstances

  • financial details

  • physical or mental health or condition

  • the commission or alleged commission of an offence

Rights of Access to Information

Individuals have a right of access to some of the information held by TAB. Any individual wishing to access his/her personal data should make a request in writing to the Centre manager (or in the case of the Centre manager, to the Chair of the Trustees). TAB will respond to any such written request within 10 days.



Certain data are exempted from the provisions of the Data Protection Act & GDPR. These include the following:

  • The prevention or detection of crime

  • Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon TAB

  • Employment and other references given by TAB.

  • Handwritten notes



TAB will endeavour to ensure that all personal data held in relation to service users, staff and volunteers is accurate. An individual has the right to request that inaccurate information about them be erased.



If anyone believes that TAB has not complied with this Policy or acted in accordance with the Data Protection Act, the individual should notify the Centre manager.


Information Security

  • No personal or sensitive personal data can be disclosed without authorisation from the individual.

  • All information kept on authorised computers will be password-protected.

  • Personal and sensitive personal data will only be kept as long as is necessary.

  • All personnel involved in any way with the handling of personal and sensitive personal data will be trained on TAB’s data protection policies, security systems and procedures.

  • All breaches of security will be investigated should they occur.


DBS Disclosure Information - Handling and Storage

General principles

As an organisation using the Disclosure and Barring Service (DBS) to help assess the suitability of applicants for positions of trust, TAB complies fully with the DBS Code of Practice regarding the correct handling, use, storage, retention and disposal of Disclosures and Disclosure information. It also complies fully with its obligations under the Data Protection Act 1998 and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of Disclosure information.


Storage and access

Disclosure information is kept securely in lockable, non-portable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties.



In accordance with section 124 of the Police Act 1997, Disclosure information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom Disclosures or Disclosure information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it.



Disclosure information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.



Once a recruitment (or other relevant) decision has been made, we do not keep Disclosure information for any longer than is necessary. This is generally for a period of up to six months, to allow for the consideration and resolution of any disputes or complaints. If, in very exceptional circumstances, it is considered necessary to keep Disclosure information for longer than six months, we will consult the DBS about this and will give full consideration to the data protection and human rights of the individual before doing so. Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail.



Once the retention period has elapsed, we will ensure that any Disclosure information is immediately destroyed by secure means, i.e. by shredding, pulping or burning. While awaiting destruction, Disclosure information will not be kept in any insecure receptacle (e.g. waste bin or confidential waste sack). We will not keep any photocopy or other image of the Disclosure or any copy or representation of the contents of a Disclosure. However, notwithstanding the above, we may keep a record of the date of issue of a Disclosure, the name of the subject, the type of Disclosure requested, the position for which the Disclosure was requested, the unique reference number of the Disclosure and the details of the recruitment decision taken.


Policy Originally Approved on the 1st June 2017 by the Trustees.


Date of Last Review 31st January 2021.

bottom of page