​​

​

1. Policy Statement

​

AMBIT Youth Ltd is committed to protecting the privacy, dignity, and personal data of all children and young people, parents and carers, staff, volunteers, trustees, and partners. We recognise that trust is fundamental to effective youth work and to building safe, supportive relationships.

​

This policy explains how AMBIT Youth Ltd collects, uses, stores, and shares personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, while also outlining our approach to confidentiality in youth work and safeguarding contexts.

​

Where confidentiality conflicts with safeguarding or legal duties, the welfare of children and young people will always take precedence.

 

​

2. Legal Framework

​

This policy is informed by and complies with:

• UK General Data Protection Regulation (UK GDPR)

• Data Protection Act 2018

• Children Act 1989 and 2004

• Safeguarding Vulnerable Groups Act 2006

 

​

3. Data Protection Principles

​

AMBIT Youth Ltd processes personal data in accordance with the UK GDPR principles. Personal data will be:

1. Processed lawfully, fairly, and transparently

2. Collected for specified, explicit, and legitimate purposes

3. Adequate, relevant, and limited to what is necessary

4. Accurate and kept up to date

5. Kept only for as long as necessary

6. Processed securely to protect against unauthorised access, loss, or damage

7. Processed in a way that demonstrates accountability

​

 

4. Confidentiality and Safeguarding

​

Confidentiality is central to the work of AMBIT Youth Ltd. Children and young people are encouraged to share information in a safe and supportive environment.

However, confidentiality cannot be guaranteed where:

• There is a concern that a child or young person is at risk of harm

• There is a concern that another person may be at risk of harm

• A disclosure relates to serious criminal activity, including terrorism

• Information is required to be shared by law or court order

In these circumstances, information will be shared on a need-to-know basis with appropriate safeguarding leads and statutory agencies. Wherever possible, the individual will be informed that information must be shared and supported through this process.

 

​

5. Children and Young People

​

Children and young people engaging with AMBIT Youth Ltd can expect that:

• Information shared with mentors, coaches, or youth workers will be treated sensitively and respectfully

• Personal information will be handled confidentially and securely

• Information will not be shared without their knowledge unless there is a safeguarding or legal reason to do so

Staff will explain the limits of confidentiality clearly and in an age-appropriate way.

 

​

6. Staff and Volunteers

 

All staff and volunteers are required to uphold this policy and must:

• Handle personal data and confidential information responsibly

• Store records securely, whether electronic or paper-based

• Only access information necessary for their role

• Avoid discussing confidential matters in inappropriate settings

• Share information only where there is a safeguarding concern, legal obligation, or consent

• Inform a child or young person when information cannot remain confidential

• Encourage appropriate information sharing with parents, carers, or professionals where this is in the individual’s best interests

​

Staff Data

​

Staff and volunteers can expect that the organisation will:

• Store personal information securely and confidentially

• Limit access to personal data to authorised personnel only

• Use staff data solely for legitimate organisational purposes

• Retain information in line with data retention requirements

• Securely dispose of personal data when it is no longer required

Failure to comply with this policy may result in disciplinary action, unless disclosure was required for safeguarding or legal reasons.

 

​

7. Parents and Carers

​

Parents and carers can expect that personal information provided to AMBIT Youth Ltd, including contact details and medical information, will:

• Be stored securely and treated confidentially

• Be used only for the purposes for which it was provided, such as safeguarding, communication, and programme delivery

• Enable AMBIT Youth Ltd to share relevant information about activities, events, and opportunities

• Not be sold or shared with third parties without consent, unless there is a safeguarding or legal requirement to do so

 

​

8. Data Sharing

​

Personal data will only be shared with third parties where:

• Consent has been provided

• There is a safeguarding concern

• There is a legal obligation

• It is necessary to protect vital interests

Any data sharing will be proportionate, secure, and documented.

 

​

9. Individual Rights

​

Under UK GDPR, individuals have the right to:

• Be informed about how their data is used

• Access their personal data

• Request correction of inaccurate data

• Request erasure (where applicable)

• Restrict or object to processing (in certain circumstances)

• Data portability (where applicable)

• Raise concerns with the Information Commissioner’s Office (ICO)

Requests relating to data protection should be made in writing to the organisation.

 

​

10. Data Security and Breaches

​

AMBIT Youth Ltd has appropriate technical and organisational measures in place to protect personal data.

Any actual or suspected data breach must be reported immediately to the Service Delivery Manager. Where required, breaches will be reported to the Information Commissioner’s Office (ICO) within statutory timescales.

 

​

11. Policy Review

​

This policy will be reviewed regularly and updated in line with changes to legislation and best practice.

​

Last Review Date: September 2025