The Data Protection Act 1998 places responsibilities on any organisation to process personal information that it holds in a fair and proper way.  It covers such issues as the obtaining of information about workers and other persons, the retention of records, access to records and disclosure of them.


Failure to do so can ultimately lead to a criminal offence being committed.


The Employment Practices Data Protection code deals with the impact of data protection laws on the employment relationship.




This policy establishes the fundamental principle and commitments under which Dandelions Counselling will meet its various data protection and information management responsibilities whilst considering the needs of the individual.


Dandelions aims to balance the legitimate need to collect and use personal data against to respect for an individual’s right of privacy and use of their personal details.


Dandelions aims to ensure that no-one (either individuals or organisations) receives less favourable treatment on the grounds of age, gender, race, religion or belief, sexual orientation or disability by conditions or requirements which cannot be shown or justified.




Information about individuals, which is kept by an organisation on computers, will fall within the scope of the Data Protection Act.


Information that is kept in simple manual files will often fall outside the Act.  Where information falls outside the Act, Dandelions staff will implement best practice to ensure that information is obtained, retained, viewed and disclosed only in line with best practice and only when necessary to carry out the duties of a Dandelions member of staff.



  • Data Subject: An individual who is the subject of personal data.


  • Personal data:  Information which relates to a living individual who can be identified 


1.     from those data, or

2.     from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller


Data includes any expression of opinion about the individual.


Sensitive personal data means personal data consisting of information as to:


-       the racial or ethnic origin of the data subject

-       their political opinions

-       their religious beliefs or other beliefs of a similar nature

-       whether they are a member of a trade union

-       their physical or mental health or condition

-       their sexual life

-       the commission or alleged commission of any offence, or

-       any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings


Data controller: determines the purposes for which, and the manner in which, any personal data are processed.




Client and employee files will be kept securely in lockable filing cabinets and on electronic systems that can only be accessed by authorised users. Only in exception circumstances, with the prior agreement of a Partner, will files be taken outside the office. The Partners will be responsible for ensuring the security of files and their contents.


Data on clients and employees will be stored electronically and in paper files.


At the end of each working day, or prior to leaving the office for a period of time, a Partner will ensure that all confidential information is stored securely and that the computer screen is locked.


Information will only be disclosed under agreed procedures and, wherever possible, with the written consent of the person to whom the data relates.


Clients must submit a request in writing to access their personal information.


Dandelions staff, employees, and volunteers may view information held in their personnel files through a verbal or written request to either Partner.




A Data Controller will be identified who decides how personal data is to be handled.


Nominated Officers will take responsibility for requesting and disclosing information.


All staff will be made aware of the importance of the need to ensure data is kept safe and not disclosed inappropriately.




Information should not be sought from applicants unless it can be justified as being necessary to enable the recruitment decision to be made, or for a related purpose such as equal opportunities monitoring.


The scope of the information gathered must be proportionate to what the employer is seeking to achieve.


Criminal offences that are spent do not normally have to be declared on application forms or in answer to other requests for information about criminal convictions.  There are exceptions however, including those who work with children.  Those employed by, or working as a volunteer for Dandelions are subject of this exception and all applicants seeking to work with Dandelions Counselling will be required to disclose spent convictions.


All Dandelions staff will be subject of an enhanced Disclosure Barring Service (DBS) check.


The collection of personal information at interview, its recording, storage and use may well fall within the scope of the Act. Applicants will be entitled to have access to interview notes about them which are retained as part of the record of the interview.