Report a concern
You are in:

Data management & Flow Chart

Say So Revised Data Management Policy incorporating UK GDPR (2021) principles - March 2024

1. Lawfulness, fairness and transparency

Lawful: Data processing will be fully UK GDPR compliant.

Transparency: Data obtained and managed by Say So will be processed so that workplace concerns, risks or issues can be identified and managed to improve workplaces and workplace cultures. The data processing will include, where necessary, the sanitising (or removal) of information capable of leading to the identification of the originator. It will therefore by necessity include the enabling of secure transfer of the processed reports to the client organisation(s). This policy will be posted on Say So website.

Fair: The data will not be used for any other reason and all persons providing data will be informed explicitly of how their data will be used and consent sought wherever possible. (ie they will be signposted to this policy).

2. Purpose limitations

Personal data will only be sought on a voluntary basis for the explicit purpose of assisting or supporting the identification and resolution of workplace issues, concerns and risks including any safeguarding concerns. Data will only be used for these specific processing purposes and data subjects are hereby made aware of those purposes in addition to being reminded/refreshed at point of access Say So online reporting (Say So Sherlock) and/or at recorded greeting message during telephone reporting process. Data will not be used or processed for any further purpose without consent.

3. Data minimisation

Data collected on a subject should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. In other words, no more than the minimum amount of data will be kept for specific processing.

4. Accuracy

Data will be accurate and where necessary kept up to date. Where known, outcomes will be added to the data collected for completeness. Reviews of stored information will take place to ensure compliance.

5. Storage limitations

Personal data is kept securely in a form which permits identification of data subjects for no longer than necessary. Data will be subject of weeding, archiving and deletion reviews. Say So remove personal data according to the following protocol: Where applicable, personally identifiable data will be removed from our database 1) where such data is no longer required for the purpose for which it was collected or 2) where requested in writing by the originator

6. Integrity and confidentiality

Data will be managed in a manner that affords appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage. Consent for data to be managed for the purposes explained will be sought. No data capable of identifying an originator will be passed to client companies or organisations without explicit consent. Reviews of data security including malware scanning, penetration testing, website interruption/shutdown events and business continuity arrangements will be carried out.

7. Security of Data

Say So has put in place stringent technical and organisational measures to maintain a high level of security. These measures will be the subject of training of all new Say So employees and are reviewed bi-annually or at trigger points.

 

 

Shaun Keep
Director - Say So Ltd
25/03/2024

*We are constantly making updates to the Say So website, if it looks a little off please try doing a hard refresh by pressing Ctrl F5 on a PC or holding down CMD and Shift and then pressing R on a Mac, that should update your view.

Site Navigation

Legal Compliance & Policies

Follow Us

Follow us on:

Get in Touch

0800 321 3546

Our Supporters

  • Care Campaign For the Vulnerable

Latest News

Registered Address: Unit 11, Diddenham Court, Lambwood Hill,Grazeley, Reading, Berks, RG7 1JQ | Company Number: 10549832

© 2025 Say So. All rights reserved. Website design by MAW Associates Ltd

Report a concern