Re-engage supports some of the most vulnerable people in society who may be inherently prone to many forms of abuse and fraud. This is one of the reasons that we take great care about who we accept as volunteers and group coordinators. As part of our efforts to make sure that our older people are safe and sound, we need to ensure that we won’t expose their personal information to people who would use it for purposes which are not consistent with our aims, let alone criminals who would use it to attempt fraud against our older people.
If you are a group coordinator, you are a Data Processor under the GDPR, and therefore have a responsibility to ensure that the information that you collect on our older people is used within the scope and terms of the GDPR and dealt with in accordance with the charity’s aims (which we believe provide both you and Re-engage with a legitimate interest to process the information).
In order to ensure the security and confidentiality of personal data, any such data received by or otherwise created on behalf of Re-engage shall only be collected and processed for its stated charitable purposes, and in compliance with the material provisions of the GDPR and the Data Protection Act 2018.
Keeping personal information safe and using it with care
If you’re a group coordinator (GC), area organiser (AO) or call companion coordinator (CCC) for Re-engage, part of your role is to hold personal information of older people and volunteers in your group. This will include:
Some health-related information
Emergency contact/next of kin details for the older people.
This information is essential to you being able to carry out your role with us. As it’s part of your role, we as a charity are responsible for how you store and use the information. This is precious, private information that belongs to the volunteers and older people and it’s our duty to make sure that we are keeping it safe and secure at all times.
Any personal contact details of volunteers and older people that you keep should only be used for the purposes of Re-engage – we have to be sure we are all using people’s data in ways that they wouldn’t consider intrusive or which invade their privacy.
Keeping us up to date
If someone’s contact details change, or someone leaves your group please let us know as soon as reasonably practicable.
Please ensure any volunteers leaving your group destroy all information they hold on everyone in their group. This includes shredding all paperwork and deleting all electronic files. Send details to email@example.com if a volunteer or older person leaves your group, or their contact details change, so that we can update our records.
We need to have up to date information on everyone in your group, to ensure that your group is covered by our insurance and we can help if you need support.
Here are some FAQs about storing information and your role in keeping everyone safe and legal. Do let us know if you have any questions, comments, or suggestions that will help to improve this page.
How can I store information securely?
The safest way to keep documents with full information on them is:
- In electronic format on a password protected device (laptop, phone, iPad etc)
- The document should be password protected
- You should avoid printing information.
If you do need to make printed copies:
You should take steps to remove information that would make anyone identifiable. Remove references to Re-engage or people being older or alone.
Remove surnames or use initials.
Never print or carry around full application forms.
Shred any printed information when you no longer need it.
What do I do when details change, or people leave?
When any details change please let us know as soon as you can so that we have up to date information stored centrally. You can do this by emailing firstname.lastname@example.org. If someone leaves your group you must destroy their contact and personal details and delete any information you have on them straight away. This includes:
• updating any electronic lists you have on the group
• deleting their application form or any attachment with their application form or personal information from your devices
• disposing of paper copies in confidential waste, a shredder or with scissors
How should I send or share information?
You should send and receive applications, personal details, and group reports securely by email.
Please delete previous copies of group reports.
Do not keep multiple copies of the same information and ensure any extra copies are deleted and the master copy is saved on a password protected device.
When should I contact emergency contacts or next of kin?
When we contact anyone, we must first consider the reason for which we have collected their data. Re-engage collects emergency contact information for use in case of emergency such as if an older person or volunteer is taken sick. This means that it is not appropriate to contact the emergency contact in any other situation. If you have concerns about the safety of an older person, please use our safeguarding reporting process.
What if I have personal/health related information?
On occasion, an older person or relative of an older person will tell you and/or a Re-engage staff member health related information about themselves. This information can be vital to the safety of the older person and may need to be passed to other volunteers in a tea party/social gathering group or a member of staff if new information comes to light on a phone call.
When recording this information about the person in question, please make sure they are aware this information may be shared with other volunteers in the tea party/social activity or a Re-engage staff member.
Can my group use WhatsApp groups to share information?
We understand that many groups communicate with each other over WhatsApp. This is a great way to stay up to date, but we ask that you do not share any older person’s or volunteer’s personal or contact details on this platform. Please read ‘GDPR: who needs what information and who doesn’t’ to find out why.
Can I pass on older people’s details to other organisations that can help them?
The personal contact details of volunteers and older people that you keep
should only be used for the purposes of Re-engage. Please do not pass this information on to any third-party organisations/person. If an older person shows an interest in being referred to/joining another organisation’s activities or services, please pass the older person the details of the organisation so that they can make contact themselves.
Who needs what information and who doesn’t?
All volunteers and older people sign an application form when they join us confirming that they understand that certain information will be shared with other people. It is critical that this personal data is only shared with the right people – here’s how it works at Re-engage:
Level 1: group coordinators / area organisers – will receive all relevant information on other volunteers and guests in the group, including all contact details plus guests’ next of kin and emergency contacts. Emergency details should be used in an emergency only i.e. for health-related matters.
Level 2: drivers – will receive all relevant information on other volunteers in the group. They will also receive all contact details for the older person(s) that they are driving.
Level 3a: call companion coordinators - will receive the names, phone numbers for the volunteers and older people in your group, you will be given the emergency contact details for older people, the details should only be used in an emergency situation only i.e. if the volunteer reports to you that the older person has fallen sick.
Level 3b: call companions – should only receive contact details for their call companion coordinator and the name and phone number for the older person.
Level 4: hosts – group coordinator’s contact details, first names of guests, but not their addresses or contact details.
Level 5: older person – will receive a tea party/social activity schedule with the name of the host and dates of the tea parties/social activity. The telephone number and name of their GC and (optional) their regular driver. Older people who are part of the call companions service will have the telephone number and name of their CCC.
What do I do if personal information goes missing?
In the event of a known breach of the GDPR, the GC must report the matter to the CEO of Re-engage, who will ensure that steps are taken to recover any lost data, to assess the potential adverse consequences, limit any damage, and (if appropriate) to notify the supervisory authority, unless satisfied that the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Notification must be in accordance with Article 33 of the GDPR. We hope these guidelines will go some way to making sure that we all keep personal information as safe as possible.