07398 905221 FOR ANY ENQUIRIES

Facebook Instagram X-twitter

Data Protection & GDPR

Policy Statement

Regenerate Mentoring is committed to protecting the privacy and rights of all individuals whose data we collect and process. We comply with the requirements of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any relevant local authority contractual requirements.

This policy outlines how we collect, store, use, share and protect personal data, ensuring that information is handled fairly, lawfully and transparently.

Principles of Data Protection

We follow the seven principles of UK GDPR:

  1. Lawfulness, fairness and transparency – Data is processed lawfully and openly.

  2. Purpose limitation – Data is collected for specified purposes only.

  3. Data minimisation – Only relevant data is collected and retained.

  4. Accuracy – Data is kept accurate and up to date.

  5. Storage limitation – Data is kept only as long as necessary.

  6. Integrity and confidentiality – Data is stored securely and protected from unauthorised access.

  7. Accountability – We take responsibility for complying with data protection obligations.

Scope

This policy applies to:

  • Staff, mentors, and volunteers of Regenerate Mentoring

  • All personal data collected in connection with our services, including children, young people, families, employees, contractors, and partner organisations

Data Protection Principles

Regenerate Mentoring will adhere to the following principles outlined in Article 5 of the GDPR:

  1. Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Data will be collected for specific, explicit, and legitimate purposes and not processed for incompatible purposes.
  3. Data Minimisation: Only data necessary for the intended purpose will be collected and processed.
  4. Accuracy: Personal data will be accurate and kept up to date.
  5. Storage Limitation: Data will be retained no longer than necessary for its intended purpose.
  6. Integrity and Confidentiality: Personal data will be processed securely to protect against unauthorised access, loss, or damage.

Roles and Responsibilities

  • Data Protection Officer (DPO): Johan Heyns (Business Support Manager)

  • DSL (for safeguarding-related data): Jonny Doidge

  • Deputy DSL: Amy Doidge

  • All staff and mentors must comply with this policy, complete data protection training, and report breaches immediately.

Categories of Data We Process

  • Children and young people: names, contact details, school information, mentoring records, safeguarding information

  • Parents/carers: contact details, consents, relevant background information

  • Staff and mentors: employment records, training records, safeguarding checks (including DBS), payroll information

  • Partners/agencies: contact details and contractual information

Legal Basis for Processing

We process data on the following lawful bases:

  • Consent (e.g., use of images for publicity with parental/carer agreement)

  • Contractual necessity (e.g., employment records)

  • Legal obligation (e.g., safeguarding records, DBS checks)

  • Legitimate interests (e.g., monitoring service quality)

  • Vital interests (e.g., in a safeguarding emergency to protect someone from harm)

Data Storage and Security

  • Data is stored electronically on secure, password-protected systems.

  • Paper records are kept securely in locked cabinets with controlled access.

  • Safeguarding records are stored separately and securely with limited access.

  • Devices used to access data must be encrypted and password-protected.

Data Sharing

We may share information with:

  • Local authorities, schools, and safeguarding partners where required for safeguarding and service delivery.

  • External agencies (e.g., health or social care professionals) when necessary to protect a child or adult.

  • Regulatory bodies where legally required.
    We will not share personal data with third parties for marketing purposes.

Data Subject Rights

Individuals have the right to:

  • Be informed about how their data is used

  • Access their personal data (subject access request)

  • Rectify inaccuracies

  • Erase data (where appropriate)

  • Restrict or object to processing

  • Data portability (where applicable)

Requests should be made in writing to the Data Protection Officer and will be responded to within one month.

Data Breaches

Any data breach must be reported immediately to the Data Protection Officer.
Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours in line with statutory requirements.

Training and Awareness

Regenerate Mentoring will ensure all stakeholders receive adequate training to understand their responsibilities under this policy and data protection laws.

Contact Information

For questions, concerns, or complaints about data protection, please contact the Data Protection Officer:

This Data Protection Policy has been approved by the Board of Trustees and will be reviewed annually or as necessary to ensure compliance with current legislation.

Last Reviewed: September 2025
Next Review Date: September 2026

Scroll to Top