Beacon Invicta Youth Project

Data Protection and Privacy Policy

Reviewed: November 2025
Next review due: November 2026

1. Purpose of this Policy

Beacon Invicta Youth Project (“the Project”) is committed to protecting the privacy and security of all personal data we collect from children, young people, parents, volunteers, committee members, and partners.

This policy explains how we collect, use, store, and share personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Legal Framework

This policy complies with the following legislation:

• UK General Data Protection Regulation (UK GDPR)
  
  

• Data Protection Act 2018
  
  

• Human Rights Act 1998
  
  

• Children Act 1989 and 2004
  
  

• Freedom of Information Act 2000 (where applicable)
  
  

3. Principles of Data Protection

We adhere to the seven key principles of data protection:

1. Lawfulness, fairness and transparency
   
   

2. Purpose limitation
   
   

3. Data minimisation
   
   

4. Accuracy
   
   

5. Storage limitation
   
   

6. Integrity and confidentiality
   
   

7. Accountability
   
   

4. Data We Collect

We may collect and process:

• Personal details (name, date of birth, address, contact details)
  
  

• Emergency contact information
  
  

• Medical or health details relevant to activities
  
  

• Attendance records and participation notes
  
  

• Safeguarding records (where relevant)
  
  

• Volunteer and committee member information
  
  

• Photography/media consent forms
  
  

• Feedback or evaluation forms
  
  

5. How We Use Personal Data

We process data to:

• Deliver safe and effective youth work, mentoring, and activities
  
  

• Contact parents/carers in emergencies
  
  

• Meet safeguarding and child protection duties
  
  

• Maintain attendance and progress records
  
  

• Meet funding, auditing, and legal obligations
  
  

• Promote activities using photos/success stories (with consent)
  
  

• Manage volunteers and committee members, including DBS checks and references
  
  

The lawful bases include: consent, legitimate interests, legal obligation, and vital interests.

6. Photography and Media

Photographs and videos may be taken during activities for promotional use (website, social media, printed materials).

Images are never used without written parental consent.
Consent can be withdrawn at any time.

7. Data Security

We use appropriate measures to protect data, including:

• Password-protected files and devices
  
  

• Locked storage for paper records
  
  

• Restricted access on a need-to-know basis
  
  

• Regular reviews of data handling practices
  
  

Paper documents are transferred to secure digital storage as soon as possible.

8. Sharing Information

We share information only when lawful and necessary:

• If required by law or statutory duty
  
  

• If there are safeguarding concerns
  
  

• With funders, auditors, insurers (anonymised where possible)
  
  

• With parental/guardian consent
  
  

We do not share data outside the UK.

9. Data Retention and Disposal

We keep data only as long as needed:

• Safeguarding records: until the young person reaches age 25
  
  

• General records: up to 7 years after activity completion
  
  

• Governance/committee records: minimum 7 years
  
  

Data is securely deleted or shredded when no longer required.

10. Individual Rights

Individuals have the right to:

• Access personal data
  
  

• Request corrections
  
  

• Request deletion (where appropriate)
  
  

• Withdraw consent for specific uses
  
  

• Complain to the Information Commissioner’s Office (ICO)
  
  

11. Contact and Complaints

Data Protection Lead: Matthew Johnson
Email: matthew@beaconinvicta.org
Location: Gravesend, Kent

If you are not satisfied with how we handle your data, you may contact the ICO:
www.ico.org.uk | 0303 123 1113

12. Review

This policy will be reviewed annually by the Committee Members or the Data Protection Lead.

Last updated on: November 2025