Privacy Statement.

Advocacy for Race Equality in Schools Scotland (AdRESS) is committed to providing a confidential service to its clients. This includes upholding clients’ data protection rights.

For details of our commitment to and protocols regarding our duties under the Data Protection Act 2018, please see CRER’s Data Protection Statement.

For information on how AdRESS will store, use and protect information disclosed to us, please see our Privacy and Confidentiality policy:

Privacy and Confidentiality Policy

Advocacy for Race Equality in Schools Scotland (AdRESS) is committed to providing a confidential service to its clients. This includes upholding clients’ data protection rights.

All clients who provide information which will be stored and used by CRER will be directed to CRER’s Data Protection Statement.

AdRESS privacy and confidentiality principles

  1. AdRESS is a non-judgmental and confidential service committed to treating clients’ information with respect and ensuring that processing complies with the conditions set out in data protection legislation

  2. AdRESS Advisers will not confirm a client’s use of the service to a third party without their expressed consent to do so. Additionally, no details of any matter clients discuss will be released to any third party. The only exclusions are detailed in the safeguarding section.

  3. Clients will be offered a confidential space for exchange of information online by email or video platform, or by telephone.

  4. On occasion, it may be necessary for AdRESS staff to discuss cases with colleagues. The information discussed will be treated confidentially to the minimum necessary and never with external individuals or third parties unless permission is secured.

  5. All statistical recordings will be anonymous.

  6. Case files, including case notes and copies of correspondence, will be held in lockable offices or password-protected computer drives. We maintain case notes and information on CasePatron, a secure online casework recording system.

  7. Documentation will be kept in a secure archive for a maximum of seven years, after which time it will be destroyed using appropriate confidential waste procedures in line with data protection legislation.

  8. Staff will clarify with clients their preferences in terms of contact and will record on the case file where clients have indicated that certain forms of contact are insecure or unacceptable.

  9. When leaving voice messages for clients, staff will not identify themselves as working for an advice service.

  10. Where clients request that no contact be made with certain parties, this will be recorded and adhered to.   

Collection and use of data

AdRESS is required to collect and record clients’ personal information, details of enquiries and any advice given. Information is processed when any record of contact with a client or actions taken on their behalf is made, and in all instances, will comply with legal requirements and CRER’s GDPR statement.

Records are maintained for quality and statistical purposes.

AdRESS will never use clients’ data for direct marketing purposes without permission (for example, a sign-up for email lists).

Mandates

Some types of information sharing require a mandate to indicate the client’s agreement to share.

Where AdRESS is contacted by a third party, e.g., a friend or family member, seeking advice on behalf of a pupil and parent / carer, the parent / carer in question will be asked to complete a Third-Party Mandate form to confirm their identity and permission to share information with a named third party to be verified. This will also be recorded on their digital case file.

Information storage

Data (including case records) is stored electronically within CRER systems, and only staff involved in delivering AdRESS (including administrative and management functions) have access to this information.

Emails received from clients and other parties related to the service and associated replies are only accessible through password-protected email platforms to staff involved in delivering AdRESS.

All physical paperwork and notes relating to a case that has not yet been recorded on the case file will be kept in a secure place accessible only to staff involved in delivering AdRESS.

Cases will be stored for no longer than is legitimately reasonable and will be automatically deleted from the system after seven years of the case closure. The justification for this storage is to enable the resumption of service provision if required. After this time, all records are deleted, retaining only anonymised statistical information.

Data protection and safeguarding

Where an Adviser believes that safeguarding requirements create a legitimate basis to disclose information, this may be carried out in line with the safeguarding policy (see Terms of Service).

How data is used

Clients’ data will be used for monitoring and statistical purposes. Personal and demographic data is anonymised to ensure that clients cannot be directly identified. The data is used to identify trends/patterns for the improvement of project and organisational development, campaigns and policy work. This includes monitoring who is using the service to help AdRESS improve. The lawful bases for processing client data are:

  • Consent received

  • Legal obligations (including exceptional circumstances where CRER may be required by law or safeguarding policy to share information relating to a client)

  • Legitimate interest: clients reasonably expect us to process their data when they approach us in order to access services