Your Chapter Ltd. (‘we’, ‘us’, and ‘our’) is committed to respecting and protecting the privacy of individuals and to fully complying with all the requirements of Data Protection Legislation.

We have appointed a Data Protection Officer (DPO) who can be contacted via


This policy applies to all our staff.

This policy, which is part of our suite of data protection related policies, must be followed in conjunction with those other policies

This policy applies to all of our business activities.


Data Protection Legislation means the UK General Data Protection Regulation, (‘UK GDPR’), the Privacy and Electronic Communications Regulations (‘PECR’) and (where applicable) the EU General Data Protection Regulation (‘EU GDPR’).

Personal data (aka Personal Information and Personally Identifiable Information or PII) means any information relating to an identified or identifiable person.

Personal data breach means a security incident that has affected the confidentiality, integrity or availability of personal data (whether accidental or deliberate).

Sharing means the disclosure of personal data by us to one or more third party organisations.

Staff means anyone working at or for us including:

  • Board members
  • Directors
  • Permanent, interim, and temporary employees and workers
  • Consultants
  • Contractors


  • To ensure all personal data is processed in accordance with Data Protection Legislation
  • To respect the privacy of individuals
  • To ensure personal data is shared by us in a consistent manner
  • To reduce the risk of a personal data breach
  • To provide guidance to staff about how to comply with Data Protection Legislation
  • To clarify responsibilities and roles for implementing this policy and monitoring compliance with it. 


Our Senior Management team have ultimate responsibility for ensuring compliance with Data Protection Legislation and this policy.

The Data Protection Officer (DPO), has responsibility to

  • Remind the Senior Management team of their responsibility for ensuring our compliance with Data Protection Legislation and this policy; and
  • Advise the Senior Management team how to exercise their responsibility for ensuring our compliance with Data Protection Legislation and this policy; and
  • Monitor our compliance with Data Protection Legislation and this policy

Our Data Protection Group (see Appendix) has responsibility to liaise with the DPO to help ensure we comply with the Data Protection Legislation and this policy.

All staff have a responsibility to comply with Data Protection Legislation and this policy when carrying out their duties.

Line managers are responsible for ensuring staff’s adherence with this policy.

Failure to comply with this policy may result in legal and/or disciplinary action.


Before deciding to share any personal data, the following should be taken into consideration:

  • What is the objective of the sharing (why share)?
  • Could the objective be achieved without sharing the data or by anonymising it?
  • What personal data needs to be shared?
  • Who requires access to the shared personal data?
  • When should it be shared?
  • How should it be shared?
  • What checks are there to ensure the sharing is achieving its objectives?
  • What risk(s) does the data sharing pose (to us and those whose personal data may be shared)?
  • Whether the recipient has appropriate and satisfactory security arrangements in place
  • Will any of the data be transferred outside of the UK?

Before sharing any personal data, you must be satisfied:

  • About the identity of the recipient (this includes with other members of Staff as well as third parties.
  • About the contact details of the recipient eg, email address, phone number etc

Although the general rule is that people should be aware that personal data about them has been or is going to be, shared, in certain limited circumstances personal data may be shared without the person concerned even knowing about it, e.g., when personal data is processed for:

  • The prevention or detection of crime
  • The apprehension or prosecution of offenders; or
  • The assessment or collection of tax or duty

In some circumstances the sharing of personal data is required by law, e.g., to prevent money laundering.

Staff in doubt about whether or not they should share personal data should seek advice from our Data Protection Group.


At the time this policy was last updated, the members of our Data Protection Group were:

  1. Ian Oatley, Finance Director,
  2. Pria Griffiths-Sen, Quality and Performance Manager,

This policy was last updated on 14/04/2023