Data Usage & Information Handling Policy

Data Usage & Information Handling Policy

Protecting People with Care & Integrity

[ 1 ] Purpose and Scope

The Sacred Grove Foundation is committed to creating a safe, respectful, and trustworthy environment for all participants, volunteers, teachers, trustees, and beneficiaries.

This policy explains how the Foundation collects, uses, stores, and shares personal information to:

• Support charitable activities and programme administration

• Uphold safeguarding responsibilities

• Ensure compliance with UK data protection law

• Support ethical conduct consistent with the Foundation's Code of Conduct

This policy supports trustee duties to protect people from harm and maintain appropriate safeguarding systems as required by the Charity Commission for England and Wales.

Protecting people from harm and handling information responsibly are central to the culture and governance of The Sacred Grove Foundation.

[ 2 ] Legal and Governance Framework

Data is processed in accordance with:

• UK GDPR and the Data Protection Act 2018

• Charity Commission safeguarding expectations for charities and trustees

• Safeguarding and right conduct obligations established by the Foundation

Trustees retain overall responsibility for safeguarding governance and accountability, even when responsibilities are delegated

[ 3 ] Core Principles for Data Handling

All personal data is processed according to the following principles:

3.1 Lawfulness, Fairness and Transparency

Personal information is processed only where there is a lawful basis and where individuals are informed about how their data is used.

3.2 Purpose Limitation

Data is collected only for clear and legitimate purposes, including safeguarding, programme administration, and regulatory compliance.

3.3 Data Minimisation

Only the minimum amount of information necessary for the stated purpose will be collected.

3.4 Accuracy

Reasonable steps are taken to maintain accurate and up-to-date records.

3.5 Storage Limitation

Data is retained only for as long as necessary for operational, legal, or safeguarding purposes.

3.6 Integrity and Confidentiality

Appropriate technical and organisational safeguards are used to prevent unauthorised access, misuse, or loss.

[ 4 ] Categories of Personal Information

The Foundation may process:

• Contact details and registration information

• Attendance and participation records

• Volunteer or teacher role information

• Communications relating to programmes

• Donation or payment records

• Photographs or recordings (where authorised)

• Identity verification documents (see Section 8)

• Safeguarding reports, allegations, or incident records

Some safeguarding information may include special category personal data, which requires additional legal protections under UK GDPR

[ 5 ] Lawful Basis for Processing

Processing is carried out under one or more lawful bases, including:

• Legitimate interests (running safe programmes)

• Legal obligations (safeguarding responsibilities)

• Vital interests (protecting individuals from serious harm)

• Consent (where appropriate, e.g., recordings or optional communications)

Where special category data is processed, additional legal conditions under UK GDPR and the Data Protection Act 2018 are identified and documented.

[ 6 ] Safeguarding Data Handling

6.1 Purpose

Safeguarding information may be collected and recorded when necessary to:

• Protect participants, teachers, trustees or volunteers from harm

• Investigate concerns or allegations

• Reduce ongoing risks

• Demonstrate responsible governance

6.2 Recording Standards

Safeguarding records must be:

• Factual and respectful

• Relevant and proportionate

• Securely stored and access-controlled

6.3 Confidentiality

Access is restricted to authorised safeguarding personnel or trustees on a strict need-to-know basis.

[ 7 ] Serious Misconduct & Safeguarding Risk

7.1 Safeguarding First Principle

Where serious misconduct, boundary violations, abuse, or behaviour creating risk of harm is identified, the Foundation may process and share relevant information where necessary to:

• Protect individuals from further harm

• Prevent repeated misconduct across programmes

• Fulfill safeguarding duties and trustee responsibilities

UK GDPR does not prevent appropriate sharing where safeguarding or legal responsibilities require action.

7.2 Lawful Basis for Serious Cases

Processing in serious safeguarding cases may rely on:

• Legitimate interests in protecting participants

• Vital interests where safety is at risk

• Substantial public interest or safeguarding conditions where special category data is involved

7.3 Data Sharing in Serious Misconduct Cases

Where necessary and proportionate, information may be shared with:

• Statutory safeguarding agencies

• Law enforcement or regulatory authorities

• Trusted affiliated centres or organisers for the prevention of further harm, following risk assessment and legal review

All sharing decisions will be:

• Documented

• Proportionate

• Limited to what is necessary

7.4 Protection of Victims and Reporters

The identity of individuals reporting safeguarding concerns will be protected wherever possible and only disclosed where legally required or necessary for safety or investigation.

[ 8 ] Identity Verification and Fraud Prevention

8.1 Purpose

To maintain a safe environment and prevent misuse of programmes, the Foundation may verify identity for certain events or roles.

8.2 Documents That May Be Requested

Where necessary, the Foundation may request:

• Passport, driving licence, or other government photo ID

• Student ID cards

• Proof of enrolment from school, college, or university

8.3 Use of Identity Information

Identity information is used only to:

• Confirm identity

• Prevent impersonation or fraud

• Support safeguarding and participant safety

• Verify eligibility for student access

8.4 Data Minimisation and Retention

• ID verification is carried out only when necessary

• Documents are retained only for as long as required for safeguarding or audit purposes

• Information is securely deleted when no longer needed

8.5 Security

Identity documents are treated as highly sensitive information and access is strictly restricted.

[ 9 ] Recording, Photography & Media Usage Policy

1. Participant Recording Restrictions

Participants are not permitted to make audio recordings, video recordings, screenshots, or photographs during workshops or events unless explicit permission has been granted by the Foundation.

This rule supports safeguarding, privacy, and respectful participation.

2. Foundation Recording and Photography

The Sacred Grove Foundation may capture photographs and video recordings during in-person and online programmes for:

• Educational and archival purposes

• Programme improvement

• Publication on Foundation communication channels, including websites and social media

Recordings are conducted only with the prior consent of participants, as indicated in registration materials or event notices.

3. Consent and Transparency

Where consent is required, it will be obtained through clear, informed, and specific consent requests during registration or before recording begins.

Participants will be informed:

• That recording or photography is taking place

• The purposes for which images or recordings may be used

• Where content may be published

Consent may be withdrawn at any time, and withdrawal requests will be respected where reasonably possible.

4. Options for Participants

Participants who prefer not to appear in recordings may:

• Keep cameras switched off during online sessions where permitted

• Choose seating or positioning outside designated photo/video areas at in-person events

• Notify organisers before or during the event

The Foundation will make reasonable efforts to accommodate such preferences while balancing practical event needs.

5. Unintentional Appearance in Media

Occasionally, participants may appear incidentally in event photos or recordings.

Where media is intended for public use:

• Participants may request removal or non-publication by contacting the Foundation in writing

• The Foundation will make reasonable efforts to comply where technically and practically feasible

6. Use and Publication of Media

Photos and recordings captured by the Foundation may be used for:

• Website and social media communication

• Educational or informational publications

• Promotion of Foundation activities consistent with charitable purposes

Media will never be used in a way that is misleading, exploitative, or inconsistent with safeguarding principles.

7. Safeguarding and Respectful Use

Recording and photography practices must always:

• Respect personal dignity and boundaries

• Avoid capturing sensitive situations

• Align with safeguarding duties and the Foundation's Code of Conduct

Where safeguarding concerns arise, recording may be restricted or stopped.

8. Prohibition on Unauthorised Use

Foundation recordings and photographs:

• Must not be copied, distributed, or reused for personal, commercial, or unauthorised purposes

• Must not be altered or shared in a way that could misrepresent individuals or the Foundation

Unauthorised use may be treated as a breach of safeguarding or conduct policies.

9. Retention and Security

Media files are stored securely and retained only for as long as reasonably necessary for the stated purposes.

Access is limited to authorised personnel.

[ 10 ] Ownership, Copyright and Volunteer Responsibilities

10.1 Ownership of Recordings and Photographs

All photographs, videos, audio recordings, and media captured during Foundation programmes for or on behalf of The Sacred Grove Foundation are considered Foundation materials.

Where applicable, copyright and usage rights are assigned or licensed to the Foundation for safeguarding, educational, archival, and communication purposes.

The Foundation retains exclusive rights to use, store, publish, and manage such media in accordance with its charitable purposes and safeguarding policies.

Media must never be retained or used in a manner that could create personal influence, private access, or unequal relationships with participants.

10.2 Volunteer and Staff Responsibilities

Volunteers, teachers, or organisers who record or capture media on behalf of the Foundation:

• Do not personally own the media created in their role

• Must not retain personal copies on private devices unless explicitly authorised

• Must not copy, distribute, or reuse media for personal, private, or commercial purposes

• Must transfer recordings promptly to authorised Foundation storage and delete local copies where required

10.3 Confidentiality and Safeguarding

Media captured during programmes may include participants or safeguarding-sensitive contexts. Therefore:

• Media must be handled confidentially

• Sharing through personal messaging groups, personal social media, or unofficial channels is strictly prohibited

• Unauthorised retention or distribution may be treated as a safeguarding or conduct breach

10.4 Copyright and Use Permissions

Use of Foundation media by any person, including volunteers, requires explicit permission from the Foundation.

Copying or sharing media without permission may infringe copyright law and Foundation policy.

Recording or photography must never be used to create pressure, influence, or spiritual authority over participants.

[ 10 ] Data Sharing

Data may be shared only when:

• Necessary for safeguarding

• Required by law

• Required for regulatory reporting

• Necessary to prevent serious harm

All sharing follows a documented lawful basis, as required under accountability principles

[ 11 ] Data Security and Access Control

The Foundation maintains reasonable safeguards including:

• Restricted access permissions

• Secure storage systems

• Password protection and role-based access

• Confidentiality obligations for trustees, teachers and volunteers

[ 12 ] Retention and Deletion

Retention periods are based on necessity and risk:

• Routine administrative records, retained only as operationally required

• Safeguarding and misconduct records are retained longer where necessary to protect individuals or demonstrate governance accountability

[ 13 ] Rights of Individuals

Individuals may request to:

• access their personal data

• correct inaccuracies

• request deletion, restriction, or objection to processing where legally applicable

• raise concerns about how their information is handled

The Foundation will respond to such requests in accordance with UK data protection law and within applicable legal timeframes.

However, certain information, particularly records relating to safeguarding concerns, serious misconduct, or legal obligations, may need to be retained in secure archival records where necessary to:

• protect individuals from harm

• maintain safeguarding continuity

• meet legal, regulatory, insurance, or governance obligations

• demonstrate responsible decision-making by trustees

Where records must be retained for safeguarding or legal reasons, access will be restricted and retention will be proportionate to the identified risk and purpose.

Where complying with a request would compromise safeguarding responsibilities, protection of others, legal obligations, or the establishment, exercise or defence of legal claims, the Foundation may limit, defer, or refuse the request to the extent permitted by law. Decisions will be made on a case-by-case basis and documented by the trustees.

The Foundation recognises that safeguarding responsibilities may require the careful retention and handling of certain records beyond normal operational periods. Trustees will balance individual data rights with their duty to protect people from harm and to ensure the safe and accountable operation of the charity.

[ 14 ] Relationship to Code of Conduct

All trustees, volunteers, teachers, and participants must:

• Respect confidentiality

• Not use personal data for unofficial groups or personal influence

• Not use contact details for unauthorised communications

• Report suspected misuse of information

Misuse of personal data may constitute a breach of safeguarding or right conduct policies.

[ 15 ] Spiritual Authority & Ethical Boundaries

Personal data must never be used to:

• Claim spiritual authority

• Influence or manipulate participants

• Establish dependency or private influence

Length of association or personal experiences do not grant authority to collect or use participant information outside authorised Foundation purposes.

[ 16 ] Trustee Supervision and Policy Review

Trustees will:

• Review this policy at least annually or after serious incidents

• Ensure policies remain fit for purpose

• Maintain accountability for safeguarding governance