Policies & Information Governance

How we use your information

What is information governance?

Information Governance is the way in which we handle information about you, in particular personal and special category information relating to service users, volunteers and employees.

Why is it important?

It provides a framework to ensure that personal information is dealt with legally, securely efficiently and effectively in order to deliver the best possible care.

The Data Protection Act 2018 (Data Protection legislation) give individuals (data subjects) certain rights regarding information held about them (personal data). The Data Protection legislation also places obligations on those who process personal data (data controllers).

The definition of ‘personal data’ means any information relating to an identified or identifiable person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to a name, an identification number such as NHS number, an address, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person

Anyone processing personal data must comply with the data protection principles set out in the data protection legislation.

Personal data

Personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Data Protection legislation sets out the right of an individual to access personal data held about them. However, this right of access is subject to a number of exemptions that are set out in the Data Protection Act 2018.

The ICO’s website contains further information on the Data Protection legislation and the right of access.

To learn more about Freedom of information please click here – link to sub page Freedom of Information

Onside policy and practice

Onside fully complies with the Data Protection Act 1998.

Onside is registered with the Office of the Information Commissioner for those purposes for which personal information is collected on this web site.

Onside will only collect personal information when you specifically and knowingly provide it to us.


What information Onside hold about the people who use our services, our employees and volunteers

Examples of personal information are:

1. your name

2. your address

3. your telephone number

4. your e-mail address

5. date of birth


What we do with this information and who we share it with

  • This information remains confidential and will only be shared with those directly involved in your support. 
  • We may also use general statistical information about you that has been anonymised in order to report back to the funders of the service and for internal monitoring purposes. 
  • We will not disclose your information to any other third parties without your permission unless there is a legal requirement to do so, or there is a safeguarding concern for which we are required by law to share information with the relevant Local Authority (this can be without your consent).  However, we will always endeavour to inform you beforehand. 

Safeguarding Policies

ONSIDE Adults Safeguarding Policy

ONSIDE Childrens Safeguarding Policy

How long we hold your information? 

  • Your information will be held securely for 7 years after which it will be safely destroyed. 

  • During this time, you have the right to request a copy of any personal information we hold about you.

To make a request to see the information we hold about you click here.

Our full Privacy Policy is available to view here: Privacy Policy

Our full Complaints policy is available to view here: Complaints Policy