Pershore Riverside Centre CIO Privacy notice

PRC is fully committed to compliance with the requirements of the General Data Protection Regulation 2018 (GDPR)

We are required to maintain certain personal data about individuals for the purposes of satisfying our operational and legal obligations but we recognise the importance of correct and lawful treatment of personal data so these principles lie at the heart of our approach to processing personal data.Therefore, we:

  • only collect information that is needed for a specific purpose

  • keep it securely

  • ensure it is relevant and up to date

  • make corrections promptly when individual’s request them to be made

  • only hold as much as is needed, and only for as long as it is needed

  • enable individuals to access their own personal information upon request

All personal data is stored either on a computer using strong passwords oron paper in a locked filing cabinet. Computer records are be treated in the same way as paper records, ie historic records are only kept if made anonymous, eg for management statistics.

Information about young people is only available to staff, volunteers and contracted providers for activities attended by the child, and will only be shared when appropriate, and in line with permissions given. Any breach will be taken seriously and may result in formal disciplinary action. Any person who considers that the policy has been breached in any way should raise the matter with the Chair of Trustees.

Information will not usually be kept after the end of a contract, activity or event but may be retained for a maximum of 2 years from date of last contact with PRC

Any person requesting access to the personal information that we hold about them must apply to the Chair of Trustees. Permission will not be unreasonably withheld.

Feedback or a complaint can be made verbally, in writing or by email to The Centre Development Manager or a Trustees respond in a timely manner.


We keep the following personal information:

  • Young people–emergency information provided on the consent forms to attend sessions& activities.The details of parents or carers of young people who use the activities at PRC (or run for PRC) need to be collected in case of an accident, emergency or consent to be obtained for an activity.

  • External contractors, activity providers and hirers – information provided on contracts, correspondence or booking forms specifically to facilitate communication between the relevant parties.

  • People applying for jobs – information provided on application forms.

    • Staff – references, proof of identity information, National Insurance Number, DBS number and date, bank details, training, supervision and appraisal records, details of allegations and/or disciplinary proceedings

    • Volunteers, including Trustees – information provided on the volunteer registration form, references, training, supervision and appraisal records, details of allegations and/or disciplinary proceedings


Young people’s emergency information typically includes:

  • Young person’s personal details

  • Any medical, dietary or physical information such as medication taken, allergies, serious illnesses that might affect their participation at PYRC

  • Parent/carer personal details

  • Any special instructions regarding the young person,egonly one parent is authorised to collect them

If a hirer or an organised group is coming to PRC, it will be the responsibility of the group leaders and coordinators to gather that information. The group leader will have to confirm they have all the necessary details and consent forms from their group and/or parents. The group leader is responsible for the behaviour and conduct of their group at all times whilst they are on site.

Information relating to young people will only be shared among the staff/volunteer team if it is considered to be relevant, for example medical issues in relation to an activity or the taking of medication. Staff, Trustees and other volunteers who require access to personal information for the purposes of their role will be made aware of the restrictions of the GDPR and PRC policy,

We will treat all information shared with us in confidence. If we are made aware that there may be a safeguarding issue, we have a responsibility to share this information with the appropriate agency.