Confidentiality and Data Protection Policy
Acme Games is committed to providing a safe environment for young people and volunteers. Acme Games recognises that trust is essential for good youth work and is the foundation for all relationships within our games club. Maintaining confidences is an integral part of building trust between young people, volunteers and the organisation and will be respected at all times, apart from where it conflicts with reporting child protection concerns.
In addition, the Data Protection Act places an obligation on all organisations to implement the 8 guiding principles when obtaining, handling and storing personal information.
Acme Games therefore states:
- Acme Games is committed to ensuring that young people are able to share information with workers in a confidential manner.
- Young people can expect that any information they give to a worker is treated as sensitive and confidential and will not be shared UNLESS:
- The worker believes that the young person, or another young person, is in danger or is being harmed. In this case the young person will be told that the information has to be shared with the appropriate agencies and encouraged to agree with this.
- The young person discloses that they are involved, or plan to become involved in acts of terrorism.
- All workers at Acme Games are expected to uphold the organisations commitment to confidentiality. This means that workers are expected to:
- Keep records, files and documents stored in a safe and secure manner
- Not discuss any information given by a young person in confidence, unless they have a child protection concern or the young person gives their permission
- Tell a young person when information cannot be kept confidential (ie. a child protection concern)
- Encourage a young person to talk to other people (e.g. parents or guardians) or professionals where they feel it would be in the young person's interest
- Workers can expect that the organisation will:
- Provide them with a suitable means for storing confidential documents
- Ensure that their own information (e.g. medical or emergency contact information, information contained in their PVG Scheme Record) is stored securely, is kept confidential and only seen by colleagues in relation to their role
- Safely destroy personal information when the worker ceases to work for the organisation
- Take disciplinary action where the Confidentiality Policy is not upheld (unless due to child protection concerns or a court order has been issued)
- Parents/Guardians of young people attending games club can expect that the information they provide (e.g. medical information, contact information) will:
- Be kept in a secure, confidential manner and only used for the purpose provided (i.e. to safeguard the health and wellbeing of the young person)
- Enable the club to ensure that parents receive information from the club that is necessary e.g. newletters, letters and emails regarding information about upcoming events, fundraising activities, and club activities.
- Not be sold
- Will not shown to organisations without prior consent
Acme Games will only collect the following data:
- Emergency contact information for customers using the gaming space under the age of 13, so we can contact parents should it be required
- Contact information for customers requesting pre-orders or updates on product lines
- Order information for online orders where postage is required
Pre-order information is stored on a Google document, which can only be accessed by members of staff and can be deleted remotely. Emergency contact information is stored on a password protected phone that can only be accessed by staff and can be deleted remotely should the phone get lost or stolen. Order information will be deleted within 30 days of delivery to cover return requests; once this window has passed all paperwork will be disposed of in a secure way.
All breaches of data loss will be reported to the police and relevant bodies.
Fair Processing Notice
Data collected is only used to contact customers directly about requests and events. Once a pre-order has been collected the contact details will be deleted and have to be re-collected should the same customer place another order.
Should the business be sold or ownership changed the data will be transferred, but will not be used in a different way to how initially discussed once collected.