Privacy Policy



VCA aims to keep members and users as fully informed as possible about its work and practices in a spirit of openness in all its dealings with staff, users, members, suppliers and partners. The VCA is, however, committed to uphold the confidentiality of personal information which is held about its staff, applicants for employment, Board Members, users, partners, contractors and suppliers.

This policy aims to protect and promote the rights of individuals, the VCA and those with whom it works. It identifies information that is to be treated as confidential and the procedures for collecting, storing and disclosing such information. This policy covers all records, both manual and computerised, held by the VCA.



All staff, Board and committee members are required to treat all commercially sensitive information concerning the VCA, its partners, contractors and suppliers and all personal information about its users and applicants in the strictest confidence.

A breach of confidentiality, either verbally or in writing, about the VCA, its users or staff, without the prior approval of either the Management Committee or Chair, as appropriate, will be the subject of disciplinary action either through the disciplinary procedures or the rules and governance procedures.

It is the responsibility of all staff to inform a senior manager when they become aware of a breach of confidentiality. The senior manager is responsible for taking appropriate action when made aware of a breach of confidentiality. The Chair is responsible for ensuring that Board Members comply with this policy.


The Data Protection Officer for the purposes of the Data Protection Act is the Centre Manager. It is her/his responsibility to make sure that the VCA complies with the data protection principles when collecting and processing personal data. Users will be informed of the need to collect and process information about them. Consent should be obtained from individuals when collecting personal and sensitive data from them for the first time, to ensure data is collected fairly and lawfully. Data will be accurate and kept up to date and not kept for longer than necessary. Confidential information will be stored either manually or in a computerised system and will be accessible only to those who have a legitimate right to know. Staff handling this information will ensure that it remains confidential.

Confidential information relating to all staff is held in their personnel files. This information will be securely filed to prevent access by others. Line managers will have access to this information. Some further detailed information relating to payroll, pensions, etc. may be held by the Finance Committee. Members of staff or users will be offered a private place to discuss information of a personal or confidential nature, if requested.

Information relating to applications made by prospective staff will be held for a period of time not exceeding six months from closing date set out in the advertisement. After this period, application forms and additional information from candidates not selected for employment will be destroyed. Anonymous information will be retained, including equal opportunities and statistical information on candidates for each position.

Information relating to users will be held as long as is necessary for the VCA to perform its business functions or as legislation dictates.

Employment application forms will contain a paragraph outlining how the application form will be used and seeking consent from the applicant.

Non essential information relating to ex-staff will be destroyed when they leave the VCA. Contact details will be retained with their consent.

All information held by the VCA will be relevant for the purpose for which it is required and will be kept securely. Manual information should always be filed securely and the VCA positively promotes a clear desk policy for this purpose. Computers which are linked to a Network are accessed by means of a password. This password is known only to the relevant staff member. The VCA has also introduced a series of security levels, which allows certain levels of access to files.

Individuals will be aware of the reasons why personal information is required and held on record and the people likely to have access to it. Consent to disclose such information will be obtained from each individual, other than in exceptional circumstances (see below), and they will be informed of the implications of giving their consent.


Confidential information held will only be passed to other parties on a need to know basis and with the individual‘s consent unless there are exceptional circumstances. Exceptional circumstances include:

  •   Where there is clear evidence of fraud.

  •   To comply with the law.

  •   In connection with legal proceedings.

  •   Where it would be essential to enable the VCA to carry out its duties, e.g. where the health and safety of an individual would be at risk by not disclosing the information or where there is a legal requirement to do so.

  •  Anonymously for statistical or research information Information will only be given to third parties upon written request or in the case of a person claiming to telephone on behalf of the police, when the Centre Manager has telephoned them back to verify their claim. In cases where staff members are unsure of their right to disclose information, they should consult their line manager. In the case of a request to view information by a third party on behalf of an individual, this should be accompanied by a written consent from the individual concerned.



Members of staff have the right to see the information held on their personnel files, excluding references prepared by the VCA and information disclosing third party data. The individual’s line manager will make the necessary arrangements upon written request (three days notice will be required). The accuracy of any information held may be challenged and a written record kept on the personnel file.

Users have the right to see the information held on file about them. Any request should be made in writing to the Centre Manager (see appendix 2 for a sample access request form). The VCA’s staff will make the necessary arrangements, upon request, within three working days. The accuracy of the information held may be challenged and a written record kept on the file. Users may not be given access to personal data if it involves giving information about another individual (e.g. a third party who has made allegations of complaint them.). Users should not be allowed access to files unless staff have verified their identity. The VCA also reserves the right to make a small charge to cover administration costs to provide this access. The VCA is not able to allow access to confidential letters from third party such as doctors or social workers.


It is made clear to any consultants or contractors appointed by the VCA that any work undertaken for them must be treated with respect and confidentiality. Any person working on behalf of the VCA will be issued with our Code of Conduct which outlines this requirement.

If any personal or sensitive data is disclose to an Agent of the VCA for example in the case of a health & safety risk, then a record of the information disclosed should be kept on the users file. The Agent should always destroy this data once it is no longer relevant to the contract.

The VCA’s prior approval, in writing, must be obtained before details are published about any works/development, proposed about our users, staff, committees or the VCA in general.


Members of the Board are aware of the need to ensure that confidential information is kept safety and securely. They are also aware that personal information concerning any user or employee must not be discussed outside of committee membership. Where possible, user information being presented to the Board or committees should be done so anonymously using user’s codes or initials. Board members are also required to ensure that commercially sensitive information about the VCA , for example about new developments or initiatives, or information received from partners, contractors or suppliers which is given on a commercial in confidence basis, is not disclosed to a third party.


Staff must not disclose any confidential information without authority from the Management Committee. Any breach of this requirement may be treated as gross misconduct leading to summary dismissal.


Any data no longer required will be destroyed securely. In most cases the VCA will do this in house. If external shredding companies are used, the VCA will obtain a certification of destruction.



All staff, Board Members and users will be informed of this policy as appropriate.

Any complaints of breach of confidentiality should be reported using the VCA’s complaints/grievance policy.

We Need Your Support Today!