Data Protection Policy

Communication Access UK

Communication Access UK is partnership between Communication Matters, the Royal College of Speech and Language Therapists (RCSLT), the Stroke Association, the Motor Neurone Disease Association, Headway – the brain injury association, the National Network of Parent Carer Forums, the Business Disability Forum, Disability Rights UK and the Makaton Charity.

While this initiative is a partnership, Communication Matters will be body administrating the initiative and as such Communication Matters’ data protection policy will apply.

Introduction

Communication Matters needs to collect and use certain types of information about individuals who are involved with using, assisting, or supporting the use of communication aids, or who may have an interest or professional involvement in such use. This data is collected to enable the charity to provide a service to individuals or to lead or support research that might improve the rights and lives of individuals. This personal information must be collected and dealt with appropriately whether it is collected on paper, digitally, or recorded on other material. There are safeguards to ensure this under the Data Protection Act 2018.

Communication Matters fully endorses and adheres to the seven principles of the Data Protection Act (ref: ICO). These principles specify the legal conditions and best practice that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Employees, Trustees, Sub-Contractors and any others who obtain, handle, process, transport and store personal data for Communication Matters must adhere to these principles.

Principles

  • Specifically, the Principles require that personal information is:
  • Managed fairly, lawfully, and transparently.
  • Obtained and used only for limited and specified purposes.
  • The minimal data collected to fulfil the purpose.
  • Accurate and, where necessary, kept up to date.
  • Stored for a limited and specified time.
  • Managed securely with integrity and confidentiality.
  • The Charity is accountable for the data it holds.

Satisfaction of Principles

  • In order to meet the requirements of the principles, Communication Matters will:
  • Observe fully the conditions regarding the fair, lawful and transparent collection and use of personal data.
  • State the purposes for collection and use of personal data.
  • Only collect and process required personal data to fulfil stated purposes.
  • Ensure the quality of personal data collected, stored and processed.
  • State and apply limits to the length of time personal data is held.
  • Ensure that the rights of individuals about whom the personal data is held, can be fully exercised.
  • Take the appropriate technical and organisational security measures to safeguard the security of held personal data.
  • Ensure that personal data is not transferred without suitable safeguards.
  • Have clear procedures for responding to requests for information.

Data Collection and Disclosure

Communication Matters will ensure that data is collected within the boundaries defined in this policy. Data may be collected through paper or digital formats.

The justification for collection and use of this data is stated on the tools used to collect the data such as registration forms. Further information about this can be found in our Privacy Policy.

For minors, a parent or an appointed guardian must give their consent for data to be held. For those without the mental capacity, where appropriate, consent will be sought from a suitable representative with the required legal authority.

All reasonable measures will be sought to ensure that appropriate consent for the data collection and use is gained.

The Data Subject will be made aware in most circumstances how and with whom their information will be shared. However, there are circumstances where the law may allow or request Communication Matters to disclose data (including sensitive data) without the data subject’s consent, for instance in carrying out a legal duty. In this case only the minimum data that is legally required to be given will be disclosed.

Data Storage

Information and records will be stored securely and will only be accessible to authorised staff and Trustees. Information will be stored as per the purposes and length of time stated at collection. All held data will be disposed of appropriately.

Communication Matters will ensure all stored data is non-recoverable from any system (electronic or otherwise) used within the organisation, which is being passed on/sold to a third party.

All reasonable measures will be taken to ensure the security of the data held and processed by the Charity and any third-party services.

Data Access and Accuracy

All Data Subjects have the right to access the information Communication Matters holds about them. Communication Matters will also take reasonable steps to ensure that this information is kept up to date and accurate. It will regularly review and audit the way it holds, manages and uses personal information.

All Data Subjects have the right to request the removal of the data held about them by Communication Matters unless retention is required to be kept by law.

A Data Subject can be removed from a Communication Matters’ marketing contact list at any time on their request.

The Charity has a data retention schedule which is monitored and kept up to date in line with legislation. Once the relevant retention period has elapsed, we will ensure that any information is destroyed by secure means, i.e., by digital shredding.

Data Controller

Communication Matters’ Data Protection Officer (the Charity Manager) is responsible for ensuring compliance with the Data Protection Act and implementation of this policy on behalf of the Board of Trustees. The Data Protection Officer may be contacted at: Communication Matters, 3rd Floor, University House, University of Leeds, Leeds, LS2 9JT / Tel: 0113 343 1533.

Any questions or concerns about the interpretation or operation of this policy should be taken up in the first instance with the Data Protection Officer or, if that is not appropriate or possible, with the Chair of the Trustees.

Status of the Policy

Communication Matters regards the lawful and correct treatment of personal data as paramount to successful working, and to maintaining the confidence of the individuals who have contact with the charity. Communication Matters will adhere to the Data Protection Act 2018 and this policy will be updated to ensure compliance with any changes or amendments in that act and to reflect best practice in data management, security, and control.

This policy has been approved by the Board of Trustees and any breach will be taken seriously and may result in formal action. Any Trustee, Employee, Sub-Contractor, or third-party service provider who considers that the policy has not been followed in respect of personal data should raise the matter with the Data Protection Officer.

Handling and Storing of Disclosure and Barring Service (DBS) Certificate Data

General principles

As an organisation using the Disclosure and Barring Service (DBS) to help assess the suitability of applicants for positions of trust, Communication Matters complies fully with the DBS Code of Practice (ref: UK) regarding the correct handling, use, storage, retention and disposal of Certificates and Certificate information.

It also complies fully with its obligations under the Data Protection Act 2018 and other relevant legislation pertaining to the safe handling, use, storage, retention, and disposal of Certificate information and has a written policy on these matters above.

Storage and access

Certificate information will be kept securely in a digital format on a password protected hard-drive and OneDrive.

In accordance with section 124 of the Police Act 1997, Certificate information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom Certificates, or Certificate information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it.

Usage

Certificate information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.

Retention

Once a recruitment (or other relevant) decision has been made, we do not keep Certificate information for any longer than is necessary. This is generally for a period of up to six months, to allow for the consideration and resolution of any disputes or complaints.

If, in very exceptional circumstances, it is considered necessary to keep Certificate information for longer than six months, we will consult the DBS about this and will give full consideration to the Data Protection of the individual before doing so. Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail.

Disposal

Once the retention period has elapsed, we will ensure that any DBS information is immediately destroyed by secure means, i.e., by digital shredding.

However, notwithstanding the above, we may keep a record of the date of issue of a Certificate, the name of the subject, the type of Certificate requested, the position for which the Certificate was requested, the unique reference number of the Certificate and the details of the recruitment decision taken.

Dated 19 March 2026

Login
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.

Register

Don’t have an account? Register one!

Sign up as an individual Sign up as an organisation