DASH Data Protection Statement

This page sets out our commitment to protect your personal data.

Updated: April 2026

  • Definition of Personal Data: Details of the personal data that we collect can be found in our privacy policy. Personal data that we collect includes names, addresses, telephone numbers, email addresses. Where necessary and with consent we also collect information about physical and mental health as well as any diagnosis that has been obtained.
  • Purpose of Processing: We collect this personal data so that we can provide the best possible service to our clients.
  • Data Protection Principles: Your personal data will be collected and processed within the law. At all times we will act fairly and with transparency in our processing your personal data.
  • Data Minimization: We will only collect and process personal data that we need in order to provide our services.
  • Accuracy and Up-to-Date: We will do our best to ensure that personal data is accurate and kept up to date. We are dependent on our clients providing information that is accurate and been up to date.
  • Retention and Retrieval: Personal data will be kept for 3 years. Thereafter, if it is no longer being kept for legitimate purposes it will be destroyed.
  • Consent: Consent is required for processing sensitive data. We will always seek to get the consent of the client for processing their personal data but in exceptional circumstances may need to act under our safeguarding policy. If we need to act in a safeguarding capacity, the material we share would be with the safeguarding team of Swindon Council.
  • Sharing of Personal Data: Personal data will only be shared with necessary partners and in most cases will be with the consent of the client. Where there is a safeguarding concern we may need to pass over sensitive personal data to the safeguarding team of Swindon Council even if we do not have the consent of the client.
  • Rights of Data Subjects: Clients have the right to ask what personal data DASH has stored and to have that personal data deleted. We would aim to act within 10 days.
  • Security Measures: All personal data is protected in our sharepoint system which is only accessible to a limited number of staff via passwords. All staff have had an enhanced DBS which is renewed at 3-year intervals.
  • Compliance with Regulations: DASH confirms that we adhere to data protection regulations like GDPR