Data Protection Policy and Procedure - Parentline

Parentline

GDPR and Data Protection Policy.

The purpose of the policy is to enable Parentline to follow all provisions of the Data Protection Acts 1988, 2003 and the GDPR Act 2018. The purpose of the Acts is to protect employees, volunteers, and clients whose personal data may be held on computer or in manual files.

Parentline provides a national, confidential, non-judgemental helpline for all parents and those involved in the care of children. It offers support, information, and guidance on all parenting matters. It is the national helpline for those suffering from post-natal depression and is a facilitator of the Non-Violent Resistance Programme for responding to child to parent violence.

Principles of Policy:

It is Parentline’s policy to adhere to the data protection principles to avoid repercussions, such as complaints to the Commissioner.
The Data Controller (CEO) and Data Processor (admin staff member) are familiar ith the provisions of the Acts. Employees and volunteers who process personal data are informed of their duties and obligations under the Acts. Parentline will only allow authorised persons access to files containing personal information.

Client information:

Volunteers do not record the phone numbers of our callers unless they are making a referral for the Nonviolent Resistance Programme and with the permission of the parent or caller; our phone system does not display numbers. If a caller chooses to leave contact details on our system, they are erased as soon as contact is made.
Generic data is kept for research purposes, such as, gender, age range, problem, gender of child, age range of children, county of residence, relationship to child.
If a parent emails us, the only people with access to those e-mail are the CEO and Office Administrator, who deal with the content of the e-mail in an entirely confidential manner and subsequently deletes any identifying information. If a parent wants a face-to-face meeting or Zoom meeting it is organised through the office and telephone contact is held on file until after the session or sessions are finished.
Parentline facilitates the Non-Violent Resistance Programme – this is a one-to-one service, undertaken over the phone, on a weekly basis for approximately 8 weeks. The CEO or Office Administrator (who is also the NVR programme administrator) liaises with the family and places the parent with a volunteer to work through the programme. Personal details and relevant information on the nature of the issue, the age and gender of child, the family circumstances, email, telephone number, county of residence. This information is held on a secure database and is accessible to the CEO Only or the person acting in that capacity. In each individual case the parents first name and telephone number is given to the NVR facilitator for the duration of the programme. All identifying information is deleted when the programme has been completed.

Staff and Volunteer information:

Parentline holds basic personal information on staff and volunteers including name, address, contact number, contact email, and next of kin details.
Staff members PPS numbers are held on file.
All staff and volunteer details are held on a secure database and in a locked filing cabinet. The CEO and admin staff have the only access. Access to Parentline office computers and to the database is with valid password only.
Where hard copy details are stored, they are in a secure filing cabinet. The CEO and admin staff have only access.

Member information:

Parentline holds basic details on its members, who have all consented to being members. Name, address, telephone, email and next of kin details only. All members of Parentline are volunteers, ex volunteers or Board members. The membership list is refreshed every three years or if there is an explicit request from a member to be removed from it.

Procedure:

Parentline retains basic personal information only. It is not envisaged that it will be necessary to register with the Data Protection Commissioner. This will be reviewed regularly.

Should an employee, volunteer, member or client request details, in writing, of the information Parentline holds about them, they will be supplied with a description of such personal data and the purpose for which it is being kept. This will be done free of charge and as soon as possible (within 21 days).

If they require, by written request, a copy of all information stored pertaining them will be provided with a copy of such data as it appears in the computer files and manual files on the date of the request. This will be done as soon as possible (within 40 days). Right of access can only be refused in specific circumstances. A small fee may be charged for the data.

Employees/volunteers/clients have the right to have inaccurate personal data rectified or erased within 40 days of making a request. It is Parentline’s policy to rectify such errors immediately.

Updating the data:

Data will be checked periodically, to ensure that it is up-to-date, relevant, accurate, retained no longer than necessary and not excessive in relation to its purpose. If the data is not adequate and accurate, additional information or amendments will be obtained from data subjects. The data will be held securely.

Disposal of Information:

Disposing of documents which are no longer relevant must receive as much attention as their storage. If disciplinary documents are removed from files, they should be shredded, then incinerated or otherwise disposed of in a safe and secure manner. Similarly, financial information which is no longer relevant should be disposed of carefully. Accidental disclosure of personal information can occur as a result of improper disposal of personal files.

Updated and ratified by the Parentline Board and Management.

March 2023