CSP Volunteer Confidentiality and Data Protection Agreement

The Chartered Society of Physiotherapy (CSP) is a member-led organisation, built on an extensive network of highly valued CSP Member Volunteers (‘CSP volunteers’).

Some CSP volunteers need to use members’ personal details (e.g. names and email addresses) as part of their role. In addition, their own personal details (names, e mails and contact numbers), may need to be shared as part of fulfilling their role e.g. membership of WhatsApp groups or appearing on lists of contact details shared with other similar volunteers. Further information on how the CSP uses personal data is available in our Privacy Policy. 

This agreement sets out the expectations and key requirements of the CSP (including UK General Data Protection Regulations requirements), in relation to data protection processes when dealing with personal information.

Members must trust the CSP to use their personal details appropriately and keep them safe and secure and Data Protection is everyone’s responsibility. The CSP supports all our Volunteers through induction and training relevant to their specific roles. Ultimately the CSP is liable for any data beaches and will carry out all the necessary regulatory practices to ensure this is avoided. Volunteers may be liable for data breaches if they have acted maliciously or contrary to this agreement.

Purpose

This document is for CSP Members and others who make an unpaid, professional contribution to the work of the CSP (‘CSP Volunteers’). Volunteers may process personal information relating to CSP employees, CSP Members, CSP organisational activities, CSP Committees members, or any other contacts on behalf of CSP. For the purposes of this agreement, The CSP is the ‘data controller’ and the CSP Volunteer is the ‘data processor’.

This document applies to all personal data and business information you process in the course of your voluntary activity with the CSP.

Terms of Volunteer Confidentiality and Data Protection Agreement

1. I will only process data relevant to my Volunteer role, in line with any instructions or purposes agreed with the CSP
2. I will not engage or ask anyone else to process the personal data (other than with another CSP volunteer in a related role) without the prior written agreement of the CSP.
3. I will assist the CSP in processing Subject Access Rights, which allow data subjects to exercise their rights under GDPR.
4. I will use my own personal electronic devices (mobile phones, laptops, tablets, personal computers) in accordance with the terms of the CSP Data Security & Confidential Information Policy, see point 6 below . In particular, I understand the requirements for encryptions and passcodes to be in place in all my devices. (CSP IT guidance can be provided to Volunteers as required).
5. I will not use, nor share, any confidential information relating to or received from CSP for any reason unless authorised by CSP, or required by law.
6. I understand my own responsibilities about the use of personal and sensitive information as set out by the UK General Data Protection Regulation and I have access to the CSP Data Security & Confidential Information Policy and any specific guidance related to my Volunteer role.
7. I will keep all data securely, and will take all practical steps to do so.
8. I will delete or return all personal data to the CSP as requested at the end of my role or when requested by the CSP.
9. I understand that all information and personal data supplied by CSP, used directly or indirectly in the performance of my duties as a CSP Volunteer remains at all times the property of CSP.
10. I undertake to refresh my Data Protection Training every two to three years, in line with CSP Policy.