1. Purpose and Scope This policy outlines our commitment to safeguarding personal data in compliance with the UK GDPR and the Data Protection Act 2018. It applies to all personal information held about our staff, young people, and any other individuals associated with Agape4All Limited. 2. Data Collection and Processing We collect and process personal data solely for legitimate purposes, including: Providing care and support services to young people. Managing employment and HR-related matters for staff. Ensuring the safety and well-being of all individuals within our care. Complying with legal and regulatory obligations. All data collection is conducted transparently, with individuals informed about the purpose and use of their data. 3. Data Security and Storage We implement robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes: Secure storage systems with restricted access. Regular data backups and encryption protocols. Staff training on data protection and confidentiality. 4. Data Sharing and Disclosure Personal data is shared only when necessary and with appropriate safeguards in place. This may include sharing with: Healthcare providers, educational institutions, and social services for coordinated care. Regulatory bodies as required by law. Third-party service providers operate under strict data processing agreements. We ensure that any third parties handling personal data on our behalf comply with GDPR requirements. 5. Individual Rights Under GDPR, individuals have the following rights regarding their personal data: Right to access their data. Right to rectification of inaccurate data. Right to erasure (right to be forgotten). Right to restrict processing. Right to data portability. Right to object to processing. 6. Data Retention We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Once data is no longer needed, it is securely deleted or anonymized. 7. Training and Awareness All staff members receive comprehensive training on data protection principles and practices. This ensures that everyone understands their responsibilities and the importance of safeguarding personal data. 8. Policy Review This policy is reviewed annually or in response to significant changes in legislation or organizational practices to ensure ongoing compliance and effectiveness.