Skip to content
Home » Privacy Policy

Privacy Policy

Index 

  1. General information 
  1. Personal data that we collect on adults 
  1. Storage and retention of information 
  1. How to access the personal information we hold on you 
  1. Sharing of data 
  1. Cold Calling 
  1. Communications and social media 
  1. Information held about children and young people 
  1. Insight+ 
  1. Recruitment processes 
  1. Data Protection Officer 

General Information 

We at Direct Education Business Partnership (DEBP) CIO love our jobs, working with business volunteers, young people, teachers, and young people. To do that effectively, we need to know a little bit about you. 

However, your privacy is important to us. This privacy statement explains what personal data DEBP CIO collects from you, through our interactions with you and how we use that data. 

DEBP offers a wide range of volunteering opportunities, some of which are against specific needs, others which are more general.

Our website is www.debp.org  

All staff use Microsoft Office 365, a secure cloud-based system. 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing information are: 

  1. Your consent. You are able to remove your consent at any time. You can do this by contacting our Data Protection Officer by emailing business.manager@debp.org 
  1. We have a contractual obligation  

Please read the specific details in this privacy statement, which provide additional information about some of DEBP’s activities. 

Personal Data that we collect on adults 

For all the business people we deal with, we collect the information you would normally find on a business card: 

Name / Organisation / Organisation address / Job role / Telephone number(s) / Email address / website / social media.  

In addition, particularly useful information to us might include your areas of interest, including your business sector or curriculum subject. This enables us to match you to the most appropriate opportunities to inspire and support young people. 

As much of our funding comes from contracts, occasionally we are asked by the contractor to gather other information about people. If we are offering you an opportunity to get involved with a contract that requests more data, we will let you know exactly what we are asked to collect, how we will handle and store the data 

Storage and retention of Information 

We store all the personal information we gather on secure cloud based systems. 

At any time, you can ask us to return or remove all the data we hold on you. Please do this in writing and present your ID documents to our Chesterfield Office. We will do this within 30 days of seeing your identification. 

We will delete all personal data that has not been updated in the previous 3 full years every August, which is when our activities allow us time to do this effectively. 

Some contracts we work on however, ask that we store the information so that it can be audited for a significant length of time. This can be 7 or even 10 years. We will only keep your data if required to by our funders. 

How to access the personal information we hold on you 

You can make a request at any time for us to gather the personal information we hold on you. To do this, we will ask you to bring two things to our Chesterfield Office: 

  • Your passport or UK driving licence (or suitable ID documents from another country) 
  • An official proof of address sent through the post during the last 3 months 

We will pull together all the data we hold within a period of 30 days from the date we receive the identification documents. 

Sharing of data 

When you get involved in an activity we share your basic data – name, school, year group, contact details (sometimes) and possibly a little about your interests with the people and organisations involved. This may be done on an Excel spreadsheet. If it is sent by email, our staff are instructed to encrypt, or password protect the file before sending it. 

We would never sell or transfer your information to 3rd parties.  

Cold Calling 

Sometimes we are asked to work in new areas, either geographically or in a new business sector, or have localised opportunities which we would like you to know about. In that case, we may use searches to find new telephone numbers and email addresses. We will record that we have contacted you on our database, and if you choose not to be contacted again, we will also record this, so that we do not bother you again. 

Where you do consent to be contacted again, we will record this on our database, and if the current opportunity is not suitable, we will be in touch when we find something that might pique your interest. 

Communications and social media 

We like to tell people about the great work that volunteers are doing with young people, and what schools are doing to prepare their students for the world of work. We have active X (formerly known as Twitter) feeds and may post on LinkedIn, Instagram, or Facebook. If you tell us that you do not want to be mentioned on these feeds – we will not do it! 

To celebrate achievements on our website, we write case studies about the work that is happening. If you are featured in one of our case studies, you will have been asked for permission for us to use information about you, including any photographs. This gives you chance to redact anything you do not want us to say. 

We sometimes communicate via e-newsletters etc using outlook or via software which carry an unsubscribe option. This is to tell you of the opportunities for either volunteering or enrichment activities and to thank you for the work you are doing.  

Information held about Children and Young People  

(Definition: Children up to the age of 13; Young People from the age of 14 up to the age of 19 and up to the age of 25 for young people with special needs and disabilities) 

We work closely with lots of fantastic children and young people. It helps then if we at least know their name, school and year group and have it on a register for monitoring attendance and celebrations. An ongoing record of activities and contact, including issues faced by the young person, will normally be held by the person working with them and on a need-to-know basis by our other staff. All information is stored securely when not in use.  

By the nature of our one-to-one support, we may have information on medical conditions or family situations which have been shared by the school, parents or carers which will always be on a need-to know basis. 

For young people on our Project Search Programmes, personal information is shared with the Department for Work and Pensions (for Access to Work claims), host employer(s) and education provider(s). Under the UK GDPR, the lawful basis we rely on for processing this information is consent. 

Where we are looking at distance travelled during our programmes we may hold: 

  • Self-evaluations  
  • CV’s and application forms 
  • Likes and dislikes  

We will use this information to give them bespoke support.  

When we have finished working with the young person, we will shred paper copies and ensure we delete anything sent to us electronically which contains personal information. 

We will only store information on young people if our contract asks us to do so. Where it can be anonymised, we will do so.  

Irrespective of the age of the young person, if they are in compulsory education phases then DEBP seek consent from a parent/carer as well as the young person directly. We ensure that young people are aware they have the same rights as adults over their personal data and explain why we require the data and how it will be used. This explanation is delivered clearly and is accessible by the young person. When there is not capacity to understand this, DEBP ensure that the information is communicated effectively with parents/carers.  

For intensive support programmes, where a long-term relationship is in place between DEBP and the young person, parent/carer consent is sought, and their personal contact details are retained by DEBP. These are not shared with anyone external to DEBP and will be destroyed in line with the end of any contracts and our document retention policy.  

When DEBP are contracted by another organisation to work with the young people, DEBP are contractually obliged to share information with the funders. This information can include name; date of birth, home postcode, school attending, year group, ethnicity and learning support needs. A student or their parent/carer can decline to share this. Where consent is provided, this data is transferred to the third party securely.  

Our new Directions service was launched in April 2020. Staff involved in this delivery undertake support via remote methods including video conferencing. The recording of interventions may sometimes be required for training and monitoring purposes, but we will only do this if we have your consent. Any recordings will be saved onto a confidential area of our system and will be deleted after 10 working days. Information that will be stored on an Excel spreadsheet will only include Name/School/Year Group. 

Insight+ 

 DEBP sometimes undertake research and evaluation under our Insight+ arm of the organisation. DEBP’s work with the Youth Futures Foundation means that we collect information about young people and their parents/carers through one-to-one interviews, online surveys and group discussions.  Personal information collected includes name, address, contact details, date of birth, gender, ethnicity, employment details, school and year group, /Health diagnoses – either Autistic Spectrum Conditions (ASC) and/or Learning Disability (LD) 

All information is stored securely on our Microsoft 365 platforms, including recordings of interviews. No personal data is shared outside of DEBP.  

Personal information will be deleted in line with the contract end date in July 2025. 

Recruitment Processes 

When we recruit, we will ask candidates to fill out an application form which may be online or on paper. Some candidates choose to send us their Curriculum Vitae. We will keep these papers in our systems until the post is filled and then they will be deleted or shredded. We may wish to keep some information on file to contact candidates for future posts. If we wish to do that, we will ask for email consent from the candidate. Candidates are also welcome to ask us to keep their details on file by contacting us on email. 

Data Protection Officer 

If you have any questions about our work, please contact our Data Protection Officer using the email address: business.manager@debp.org