MASTERING DIVERSITY CIC's POLICIES

 Purpose

The purpose of this policy is to ensure Mastering Diversity CIC complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 by safeguarding the personal data of all staff, service users, volunteers, and stakeholders. This policy outlines how we collect, use, store, and protect personal data to ensure privacy and data security. We are committed to protecting individuals' rights to data privacy and maintaining transparency in all data processing activities.

This policy applies to all personal data processed by Mastering Diversity CIC, regardless of how it is collected, stored, or shared. It covers data processing by staff, volunteers, contractors, and any third-party partners. We ensure that any party we collaborate with aligns with the principles and practices of this policy.

1. Lawfulness, Fairness, and Transparency
   Personal data will be processed lawfully, fairly, and in a transparent manner. All individuals will be fully informed about how their data is collected, used, and shared, in line with Article 6 of the GDPR. Where appropriate, consent will be obtained before data processing begins.
2. Purpose Limitation
   Data will be collected for specific, explicit, and legitimate purposes only. It will not be further processed in a manner incompatible with those purposes unless further consent is obtained. Our data usage aligns with GDPR Article 5(1)(b) and data protection requirements for social enterprises.
3. Data Minimisation
   Only data necessary for the specified purposes will be collected. We ensure that the data collected is adequate, relevant, and limited to what is required for the purposes for which it is processed, per GDPR Article 5(1)(c).
4. Accuracy
   Personal data held by Mastering Diversity CIC will be kept accurate and, where necessary, up to date. Inaccurate data will be corrected or deleted without delay, following GDPR Article 5(1)(d).
5. Storage Limitation
   Data will not be kept longer than necessary for the purposes for which it was collected. We adhere to GDPR guidelines on storage limitation, ensuring regular audits and securely deleting or anonymising data no longer needed.
6. Integrity and Confidentiality (Security)
   Appropriate technical and organisational measures will be implemented to protect personal data from unauthorised or unlawful processing, accidental loss, destruction, or damage, as required by GDPR Article 5(1)(f). This includes encryption, restricted access controls, and regular security assessments.

Individuals have the following rights concerning their personal data under the GDPR:

1. Right to Access: Individuals can request access to their personal data held by Mastering Diversity CIC and receive a copy of that data within one month of the request (Article 15 GDPR).
2. Right to Rectification: Individuals have the right to request correction of any inaccurate or incomplete data (Article 16 GDPR).
3. Right to Erasure ("Right to be Forgotten"): Individuals can request the deletion of their data where it is no longer necessary for the purposes for which it was collected or if they withdraw consent (Article 17 GDPR).
4. Right to Restrict Processing: Individuals can request that the processing of their data be restricted in certain circumstances (Article 18 GDPR).
5. Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format (Article 20 GDPR).
6. Right to Object: Individuals have the right to object to their data being processed for specific purposes, including direct marketing (Article 21 GDPR).

1. Data Collection
   Consent will be obtained before collecting any personal data unless there is a legal or contractual obligation to process such data. Individuals will be informed of the specific purposes of data collection, how long their data will be retained, and how it will be processed. Data will be collected only if necessary, in line with our lawful basis for processing.
2. Data Security
   We ensure that personal data is stored securely, whether electronically (with encrypted, password-protected systems) or in physical formats (in locked filing cabinets). Access is restricted to authorised personnel only, with regular audits conducted to ensure data security measures are effective.
3. Third-Party Processing
   Where Mastering Diversity CIC engages third-party processors, we ensure that they comply with GDPR standards and that contracts are in place to ensure the lawful and secure processing of data.
4. Data Breach Reporting
   In the event of a data breach, we will follow the procedures set out by the Information Commissioner's Office (ICO), ensuring the breach is reported to the ICO within 72 hours if it poses a risk to individual rights. We will also notify affected individuals without delay if there is a high risk to their rights and freedoms.
5. Data Protection Officer (DPO)
   If necessary due to the scale or nature of our data processing activities, we will appoint a Data Protection Officer to oversee data protection compliance.

This policy will be reviewed annually to ensure continued compliance with GDPR and other relevant data protection laws, including the Data Protection Act 2018. Any updates to legislation or significant incidents will prompt a review and possible revision of this policy. We will also ensure that all staff and volunteers receive regular training on data protection principles and practices.

This policy aligns Mastering Diversity CIC with the highest standards of data protection, ensuring both the privacy of individuals and the integrity of our operations.

Purpose

This policy aims to ensure that Mastering Diversity CIC provides a safe and supportive environment for all individuals, particularly vulnerable adults and children, who participate in our activities or events. Our safeguarding framework adheres to best practices outlined in national safeguarding legislation, including the Social Services and Well-being (Wales) Act 2014 and Keeping Learners Safe 2022. We are committed to ensuring that everyone associated with our organization—staff, volunteers, partners, and participants—understands their responsibility to safeguard those at risk.

This policy applies to all staff, volunteers, contractors, and partners working with or on behalf of Mastering Diversity CIC. It includes all activities, events, and outreach efforts where vulnerable individuals may be involved. We expect our partners, collaborators, and stakeholders to also align with these safeguarding principles.

1. Protection
   We are fully committed to protecting vulnerable people from harm, abuse, or exploitation. This extends to emotional, physical, sexual, and financial abuse, as well as neglect. Our safeguarding measures ensure we meet the requirements set out in the Children Act 2004 and the Social Services and Well-being (Wales) Act 2014.
2. Responsibility
   It is the responsibility of all staff, volunteers, and partners to ensure the safety and well-being of vulnerable individuals. We emphasize individual accountability for identifying potential risks and responding appropriately.
3. Transparency
   We maintain a zero-tolerance approach to any form of abuse. All concerns, disclosures, or allegations will be taken seriously, carefully recorded, and acted upon in accordance with our safeguarding procedures and legal obligations under the Wales Safeguarding Procedures 2019.
4. Empowerment
   We will ensure that vulnerable individuals, particularly children and adults at risk, are empowered to express their concerns, participate in decision-making, and know their rights. We will support their right to feel safe and respected in all interactions.

1. Recruitment
   All staff, volunteers, and partners who work directly with vulnerable individuals will undergo background checks (DBS in the UK), in accordance with The Disclosure and Barring Service (DBS) Code of Practice, to verify their suitability. We will ensure that recruitment processes are rigorous and designed to protect those at risk.
2. Reporting
   Any safeguarding concerns must be reported immediately to the designated Safeguarding Lead, who will ensure appropriate action is taken. Where necessary, this will include liaising with external safeguarding bodies such as Social Services or the Police, following the correct referral procedures outlined in Keeping Learners Safe and Wales Safeguarding Procedures 2019.
3. Safeguarding Lead
   The Safeguarding Lead is responsible for coordinating responses