Here at The Island, we’re proud of the work we have done with vulnerable children and young people living in York. As a local children’s charity, we have built up a reputation which is second to none and have helped so many children and young people to take positive steps forward.
Our mentoring services have
- Decreased anti-social and criminal behaviour
- Enhanced physical, emotional and social well-being
- Increased self-esteem, confidence and communication skills
- Improved application at school and approach to learning
We are committed to helping children and young people and you’ll see that in the way our team works to offer the best service possible.
If you would like to find out more about our policies then click on the links below.
Supervision Policy and Standards
Personal Safety Guidelines for Volunteer Mentors
Mentors’ Rights and Responsibilities
Mentoring Expenses Guidelines
Media and Publicity Guidelines
Managing Income and Expenditure Policy
Information-sharing Policy 1
Contract for Young People and The Island
Child Protection Policy Statement
Facebook Social Networking Policy
Health and Safety
Referral, Matching and Review Policy
Mentors’ Rights and Responsibilities
Data Protection Policy
The Island seeks to ensure peoples data is kept safe and secure and in accordance with policy and legislation.
Here you will find details or our Privacy Statements further links too our Data protection guidelines can be found in our ‘ Data Protection Policy’ attached below.
All personal information gathered and held by The Island relating to staff and service users and supporters is treated with the care and confidentiality required by the EU General Data Protection Regulation (GDPR) and associated UK Data Protection legislation. For these purposes The Island is the data “Controller”. The Islands Data Protection Officer is Emma Bewlay, who can be contacted at The Island 01904 628449 or 32 Priory Street, York, YO1 6EX or via email to firstname.lastname@example.org
Further information can be found in the Islands Data Protection Policy
Categories of personal data collected:
The categories of personal data we collect and use in relation to our staff, service users and funders can include:
• your name, address and contact details, including email address and telephone number;
• date of birth and gender;
• the terms and conditions of your employment;
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the University;
• information about your remuneration, including entitlement to benefits such as pensions;
• details of your bank account and national insurance number;
• information about your marital status, next of kin and emergency contacts;
• information about your nationality and entitlement to work in the UK;
• information about any relevant criminal convictions (this may include details of spent convictions if you work in certain roles);
• details of your working pattern, hours and attendance at work;
• details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
• details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
• assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence;
• information about medical or health conditions, including whether or not you have a disability for which the University needs to make reasonable adjustments; and
• equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, gender identity and religion or belief.
How we collect and store this information:
The Island may collect this information in a variety of ways. For example, data might be collected through application forms or CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of, and/or during, your employment; from correspondence with you; or through interviews, meetings or other assessments.
In some cases, the Island may collect personal data about you from third parties, such as references supplied by former employers, from our occupational health provider and information from Disclosure and Barring checks where permitted by law.
Staff and Service Users can make a request to update/ amend their personal information at any time during the course of employment by contacting email@example.com.
Hard-copy personnel files and electronically stored information are kept for every staff and service user member. These files will include the following documents:
• Application Form or Referral Form
• Two references or Assessment Paperwork
• Asylum and Immigration documentation (e.g. copy of passport or full birth certificate plus document containing National Insurance number)
• Appointment form including personal details, national insurance number, bank details and emergency contact
• Pre-employment fitness declaration including Occupational Health clearance where applicable and Health and Consent Forms
• Pension forms
• Copies of qualifications where applicable
• Medical/self-certificate forms
• Information relating to any family or special leave you have taken/ requested
• Occupational Health reports where applicable
• Copies of correspondence between you and the University
• Review Reports or Plans
These files will be stored in:
• A locked, secure filing cabinet in a locked office
• A online data system called Zurmo which is a password protected database used in line with all support offered to children and young people within the organization
Details may also be used in contact situations via:
• Our secure email system Zimbra. All employees have their own login to access this platform this is unique to them
• CYC Secure Email or Password Protected file for sharing information in relation to child protection or concerns. See further details on this in our data protection policy.
• Duty Phone – this is password protected and all individuals names are referenced using initials and last name only. This is password protected and only handled by a qualified member of the Island team at any one time.
In order to carry out their duties, line managers will also need to maintain their own personal records relating to staff members in their team. These may include return to work forms, PDR records and notes of meetings between you and your manager, as well as home visit assessments, evaluations and case notes relating to the individual child.
It is a requirement that where necessary these records, regardless of the media they are held in, are held securely and treated at all times with the appropriate levels of confidentiality.
All information held in local files in hard copy format will be shredded and disposed of when an staff member or service user leaves their role at The Island. This information will still be held electronically for 6 years in reference to Safeguarding and safe Practice. Following on from this The Island will place this information in the employee’s central personnel file, which will be kept in line with our retention schedule.
Why we process this information and our lawful basis for processing:
The personal information we keep about staff is used for processing the individuals recruitment as well as to create the most appropriate support for the young person contract, this also includes the administration of benefits and managing performance, as well as monitoring and reporting purposes.
The Island needs to process personal data before, during and after the end of the relationship. Processing personal data relating to staff and service users allows the Island to:
• run recruitment and promotion processes;
• adhere to Child Protection and Safeguarding legislation
• provide effective, monitored and compliant relationships for young people via volunteer mentors
• maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
• operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
• operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
• operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
• obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
• operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that The University complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
• ensure effective general HR and business administration;
• provide references on request for current or former employees;
• respond to and defend against legal claims; and
• maintain and promote equality in the workplace.
For these purposes our lawful basis for processing is covered by the exercise of our official authority as a Charity.
In a number of cases the Island needs to process data in order to comply with its legal obligations. For example it is required to check an employee’s entitlement to work in the UK https://www.gov.uk/check-job-applicant-right-to-work, to operate PAYE in line with HMRC regulations https://www.gov.uk/topic/business-tax/paye. It is also expected to conduct certain duties to ensure the safeguarding of the service users via DBS processes https://www.gov.uk/guidance/dbs-check-requests-guidance-for-employers#the-code-of-practice . In such cases the processing of personal data is necessary for compliance with a legal obligation (GDPR Article 6 Lawfulness of Processing Section 1 (c) processing is necessary for compliance with a legal obligation to which the controller is subject).
Who has access to the personal data:
Personal data may be shared internally where access to the data is necessary for performance of individual’s roles. This includes those working in The Island Office who have an invested interest in the person/person’s acting as a service user to The Island and the requirement to have access to the personal data is necessary to ensure an effective relationship with the Island.
If you are engaged as an employee, the Island will share your personal data with our Finance Treasurer for PAYE. The Island is also required to provide personal data about staff to HM Revenue and Customs in order to fulfill its obligations in relation to the processing of PAYE. Further information on the information collected by HMRC, and how they store this can be found on the HMRC website: https://www.gov.uk/government/organisations/hm-revenue-customs/about/personal-information-charter.
The Island is required by law to automatically enroll eligible staff into a pension scheme on commencement of employment and every three years thereafter http://www.thepensionsregulator.gov.uk/en/employers. In order to enroll staff into the appropriate pension scheme, some personal data will be shared.
Disclosure of personal data to any other third party will only occur with your express permission, unless the the Island has a statutory/legal obligation to disclose the information or it is necessary to protect your vital interests (e.g. where disclosing the data is required in a medical emergency).
Retention of personal data:
The Island is duty bound to store information for 6 years in accordance with guidelines from Child Protection and safeguarding. The Island will however dispose in the appropriate was of any paper copies of documents after each individual service user finishes their time with us and this information will be restored on our secure Database, Zurmo.
Data subject’s rights:
Under data protection legislation, all service users have the right to request access to information about them that we hold.
For details of how to make a request for your personal information, please see our Data Protection Policy.
You also have the right to:
• object to processing of personal data that is likely to cause, or is causing, damage or distress
• prevent processing for the purpose of direct marketing
• object to decisions being taken by automated means
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the Data Protection regulations
The right to lodge a complaint with a supervisory authority:
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you have any queries relating to this privacy notice or the way your data is processed by The Island then please contact firstname.lastname@example.org