top of page

Confidentiality policy

Introduction and General Statement of Policy 


We are committed to ensuring all personal information and information concerning the internal operation of the Sunnybank Trust conforms to GDPR and Data Protection legislation.


Any information given by or about a service user, staff member, volunteer or supporter shall not be given directly or indirectly to any third party that is external to the staff, volunteers and trustees of The Sunnybank Trust without prior expressed consent or the consent of the responsible representative to disclose such information.


This policy should be read in conjunction with the Sunnybank Data Protection and Data Retention Policies and will reflect our responsibilities as set out in the GDPR legislation. 


1. Personal information 

The Sunnybank Trust recognises that information may be shared through staff, volunteers or Trustees where it is deemed necessary in supporting our service users and to aid staff and volunteer training and development. In these circumstances, all information concerning a service user and their supporters should only be discussed in a professional capacity. Information about service users and their circumstances should not be discussed by Sunnybank Trust personnel with the service users supporters, family, friends, or other service users or in any public setting without the service user’s permission or that of their responsible representative. 

The anonymous details of service users’ situations may be used for funding applications, administration and to campaign for better services for individuals with a learning disability and those who support them and for any other purpose that will be to their benefit. Details will be edited so that individuals cannot be recognised unless explicit permission is given to identify the service user or their associates. 

The right to confidentiality may be overridden where there is evidence that an individual may be at risk of injuring themselves, doing harm to another or committing a crime. 


2. Information relating to the organisation 

a. All information concerning the internal operation of The Sunnybank Trust should generally be treated as confidential.  

This includes: 

  • Financial reports and contracts details 

  • All personal records of staff, volunteers, service users, trustees and any others we may hold on the database. 

  • Unpublished financial information 

  • Data entrusted to us by external parties 

  • Documents and processes explicitly marked as confidential 

  • Unpublished goals, forecasts and initiatives marked as confidential 

  • Information relating to disciplinary or grievance procedures   


b. Incoming post marked “Personal” or “Private & Confidential” will be treated as such and will be passed on to the addressee unopened unless otherwise authorised. 


c. The provisions of the GDPR regulation will be observed for all information held. 


3. Committees 

Minutes of management team and trustee board meetings are public documents save for matters concerning individual members of staff and members. Management team members and trustees are reminded that all personnel matters must be minuted and distributed separately from the general minutes of meetings.  


4. Confidentiality Procedure 

Every Sunnybank Trust Trustee, member of staff and volunteer will be made aware of the confidentiality policy and its application to all issues concerning the services and internal affairs of the organisation. All staff members and volunteers are required to agree to the confidentiality requirements as stated in the volunteer agreements and/or staff contract. This will also be covered during the induction training.  

In exceptional cases where it is considered that it might be appropriate to breach confidentiality or divulge information for safety or safeguarding, the member of staff or volunteer concerned must consult their senior manager and only do so with his / her explicit prior approval.


Any unauthorised breach of confidentiality will be considered as a serious case of misconduct and could lead to disciplinary action. All breaches will be reported and follow the procedure outlined in point (10) of the Sunnybank Data Protection Policy.


In all cases concerned with breach of confidentiality in the media, the matter should be referred to CEO, who will inform the board of media involvement.  If breach involves CEO, then Chair to respond to media  


Nothing in The Sunnybank Trust’s confidentiality policy overrides the right of the Chair (or their nominee) or the Chief Executive to access all incoming and outgoing communications. This right will be exercised only in exceptional circumstances.  

  • Facebook
  • Twitter
  • Instagram
  • YouTube
bottom of page