1. General principles 

1.1 Artists Attic Trust  recognises that colleagues (employees, volunteers, trustees, secondees and students) gain information about individuals and organisations during the course of their work or activities. In most cases such information will not be stated as confidential and colleagues must exercise common sense and discretion in identifying whether this information should be communicated to others. Information given in confidence must not be disclosed without consent unless there is a justifiable reason e.g. a requirement of law or there is an overriding public interest to do so. 

1.2 Confidential information includes anything that contains the means to identify a person, e.g. name, address, post code, date of birth, National Insurance Number, passport and bank details. It includes information about sexual life, beliefs, commission or alleged commission of offenses and other sensitive personal information as defined by the Data Protection Act. It also includes information about organisations such as confidential business plans, financial information, contracts, trade secrets and procurement information 

1.3 Colleagues should seek advice from their line manager about confidentiality andsharing information as necessary 

1.4 Colleagues will avoid exchanging personal information or comments about individuals with whom they have a professional relationship. 

1.5 Talking about the private life of a colleague is to be avoided at all times, unless the colleague in question has instigated the conversation. 

1.1. Colleagues will avoid discussing confidential information about organisations or individuals in social settings. 

1.2. Colleagues will not disclose to anyone, other than their line manager, any information considered sensitive, personal, financial or private without the knowledge or consent of the individual, or an officer, in the case of an organisation. 

1.3. Where there is a statutory duty on Artists Attic Trust  to disclose information, the person or people involved will usually be informed that disclosure has or will be made unless this would put at risk the safety of any individual or jeopardise a potential criminal investigation. Details about disclosure of information and who has been informed will always be kept on record and stored securely with restricted access. 

1.4. Confidential information will be stored securely. It will not be left on desks but locked away. On computer it will be stored in password protected folders. 

2. Why information is held 

2.1. Most information held by Artists Attic Trust  relates to individuals, voluntary and community organisations, self-help groups, volunteers, students, employees, trustees or services which support or fund them. 

2.2. Information is kept to enable Artists Attic Trust  colleagues to understand the history and activities of individuals or organisations in order to deliver the most appropriate services.

2.3. Artists Attic Trust  has a role in putting people in touch with voluntary and community organisations and keeps contact details which are passed on to any enquirer, except where the group or organisation expressly requests that the details remain confidential. 

2.4. Information about students is given to the training organisation and the college, but to no one else. 

2.5. Information about protected equality characteristics of users is kept for the purposes of monitoring our equal opportunities policy and also for reporting back to funders. 

3. Access to information 

3.1. Information is confidential to Artists Attic Trust  as an organisation and may be passed to colleagues, line managers or trustees on a need to know basis to ensure the best quality service for users. 

3.2. Where information is sensitive, i.e. it involves disputes or legal issues, it will be confidential to the employee dealing with the case and their line manager. Such information should be clearly labeled ‘Confidential’ and should state the names of the colleagues entitled to access the information and the name of any individual or group who may request access to the information. 

3.3. Colleagues will not withhold information from their line manager unless it is purely personal. 

3.4. Users may have sight of Artists Attic Trust  records held in their name or that of their organisation. The request must be in writing to the Chief Officer giving 14 days’ notice and be signed by the individual, or in thecase of an organisation’s records, by the Chair or Executive Officer. Sensitive information as outlined in para 3.2will only be made available to the person or organisation named on the file. 

3.5. Employees may have sight of their personnel records by giving 14 days’ notice in writing to the Chief Officer. 

3.6. When photocopying or working on confidential documents, colleagues should ensure people passing donor see them. This also applies to information on computer screens. 

4. Storing information 

4.1. General non-confidential information about organisations is kept in unlocked filing cabinets and in computer files with open access to all Artists Attic Trust  colleagues. 

4.2. Personnel information on employees, volunteers, students and other individuals working within Artists Attic Trust  will be kept in lockable filing cabinets by line managers and will be accessible to the Chief Officer. 

4.3. Files or filing cabinet drawers bearing confidential information should be labeled ‘confidential’. 

4.4. In an emergency situation, the Chief Officer may authorise access to files by other people. 

5. Duty to disclose information 

5.1. There is a legal duty to disclose some information including: 

5.1.1. Child and vulnerable adult abuse will be reported to the relevant statutory services 

5.1.2. Drug trafficking, money laundering or acts of terrorism will be disclosed to the police. 

5.2. In addition, colleagues believing an illegal act has taken place, or that a user is at risk of harming themselves or others, must report this to the Chief Officer who will report it to the appropriate authorities.

5.3. Users should be informed of this disclosure unless this would put at risk the safety of any individual or jeopardise a potential criminal investigation. Details about disclosure of information and who has been informed will always be kept on record and stored securely with restricted access 

6. Disclosures 

6.1 Artists Attic Trust  complies fully with the DBS Code of practice (E File) regarding the correct handling, use, storage, retention and disposal of Disclosures and Disclosure information. 

6.2 Disclosure information is always kept separately from an applicant’s personnel file in secure storage with access limited to those who are entitled to see it as part of their duties. It is a criminal offense to pass this information to anyone who is not entitled to receive it. 

6.3 Documents will be kept for a year and then destroyed by secure means. Photocopies will not be kept. However, Artists Attic Trust  will keep a record of the date of issue of a Disclosure, the name of the subject, the type of Disclosure requested, the position for which the Disclosure was requested, the unique reference number of the Disclosure and the details of the recruitment decision taken. 

7. Data Protection Act 

7.1. Information about individuals, whether on computer or on paper, falls within the scope of the Data Protection Act and must comply with the data protection principles. These are that personal data must be: 

  • Obtained and processed fairly and lawfully. 

  • Held only for specified lawful purposes. 

  • Adequate, relevant and not excessive. 

  • Accurate and where necessary kept up to date. 

  • Not kept longer than necessary, for the purpose(s) it is used 

  • Processed in accordance with the rights of the data subject under the Act. 

  • Appropriate technical and organisational measures are to be taken to

  • ard against loss or destruction of, or damage to, personal data 

  •  Not transferred to countries outside the European Economic Area without an adequate level of protection in place. 

8. Breach of confidentiality 

8.1. Misuse of personal data and security incidents must be reported to line managers so that steps can be taken to rectify the problem and ensure that the same problem does not occur again. This includes unauthorized access to person-identifiable information where a member of staff, or third party, does not have a need to know. It also includes incidents of information lying around in a public area, theft and loss of information Date: 30th September 2021 

Data Protection 

Artists Attic Trust  recognises the need to comply with the various laws regulating the processing of personal data. It is our desire that employees recognise the risks involved when dealing with such information and fully understand the steps that must be taken in order to minimise such risks. It is policy that Artists Attic Trust  educate and inform employees about the dangers of inappropriate and illegal use of the personal data they may have access to. 

Whenever you are involved in processing any personal data, you must ensure that all associated procedures have been sanctioned by your manager. You must only operate within sanctioned procedures:- 

  • If for any reason registration of the information is withdrawn you must stop using the particular data immediately. Your manager will advise you of this ᄋ You must ensure that your appropriate records are maintained and safe and are only used to perform your particular job 

  • You must ensure that all personal data is used, held and disclosed only for the registered purpose: you should not use any of the systems outside of this criteria

  • Information must be collected and processed in a prudent and lawful manner and should be kept up to date and accurate at all times 

  • Information must not be transferred to countries outside the EU without authorisationfrom your Line Manager 

  • The information should only be retained for the period necessary, and for the purpose for which it is held 

If you have any concerns or questions regarding the processing or use of personal data you should contact your manager as soon as possible. If in any doubt you should cease to process the information. 

If you are required to use electronic equipment such as a computer or data-holding device your actions should comply with this and the ICT Use Policy. It is your responsibility to ensure that reasonable measures are taken to ensure the security of information contained within them. Such measures include keeping equipment in a lockable location when not in use and/or using password protection for files containing information covered by data protection legislation. 

A breach of the data protection regulations or failure to adhere to Artists Attic Trust ’s policies could have serious repercussions for Artists Attic Trust  and for yourself, if you are found responsible. It may also be treated as a serious disciplinary matter and may result in termination of your employment. 

If you are aware of any breach of Data Protection you must bring it to the attention of your Line Manager immediately. Any failure to do this may result in disciplinary action against you. 

If you have access to or are responsible for collecting personal information that relates to any of Artists Attic Trust  clients or employees, the above guidelines should be strictly adhered to. 

As a member of staff, you need to be aware that Artists Attic Trust  will hold details pertinent to your employment on file as part of its personnel records. This may include sensitive information. This information may be processed for administrative or legal purposes or as required by your continued employment. This may include passing certain employment related data to third parties such as government authorities, suppliers or contractor organisations supplying services which require the use or creation of employee data(for example, payroll). Your data may also be used in emergency situations, to protect the legal interests and other rights of Artists Attic Trust  or in other situations where you have consented to the disclosure of such information. 

The following are examples of information which may be retained by Artists Attic Trust  as part of its personnel records. The list is not exclusive or exhaustive:- 

  • References obtained during recruitment 

  • Details of terms of employment 

  • Payroll, tax and National Insurance information 

  • Performance information 

  • Details of grade and job duties 

  • Health records

  • Absence records, including holiday records and self-certification forms ᄋ details of any disciplinary investigations and proceedings ᄋ Training records 

  • Contact names and addresses 

It should also be noted that Artists Attic Trust  might hold the following information about you, for which disclosure will be made only when strictly necessary for the purposes set out below:- 

  • Your health, for the purposes of compliance with our health and safety and our occupational health obligations 

  • For the purposes of personnel management and administration, for example, to consider how your health affects your ability to do your job and, if you are disabled, whether you require any reasonable adjustment to be made to assist you at work ᄋ The administration of insurance, pension, sick pay and other related benefits in force from time to time 

  • In connection with unspent convictions to enable us to assess your suitability in employment for relevant roles 

Artists Attic Trust  will endeavour to update personnel files on a regular basis. It is your responsibility to ensure that any changes in personal details are communicated in writing  to Artists Attic Trust immediately, or as soon after the change as is practicable; and to inform your next of kin(or whoever you give as an emergency contact) that their details may be held on a personnel file. 

Enter your text here...

The website

Our website address is: http://artistsattictrust-co-uk


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.