Genuine Futures CIC – Data Protection & Image Use Policy
1. Policy Statement
Genuine Futures CIC is committed to protecting the privacy, safety, and dignity of all children, young people, and adults we work with. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant safeguarding legislation.
This policy sets out how we collect, process, store, and use personal data, including images of children and young people (C&YP). It also outlines the safeguards in place to prevent misuse, exploitation, or inappropriate display of images.
2. Principles
We adhere to the following principles:
Lawfulness, fairness, and transparency – personal data will only be collected and used with appropriate legal basis and transparency.
Purpose limitation – data will only be used for the purposes for which consent has been obtained.
Data minimisation – we only collect and retain what is strictly necessary.
Accuracy – we ensure data is kept accurate and up to date.
Storage limitation – data and images will only be kept for as long as necessary.
Integrity and confidentiality – data will be stored securely and protected against unauthorised access.
Accountability – we will evidence compliance through records, policies, and regular review.
3. Use of Images of Children & Young People
Genuine Futures CIC recognises the risks associated with displaying images of children and young people online, including safeguarding and exploitation risks.
Our commitments:
We do not publish identifiable images of children and young people on our website, social media, or promotional materials without written, informed consent from: the young person (where age-appropriate), their parent/carer, and their school or local authority (if the child is referred through these services).
Consent forms clearly state how the image will be used, where it will be displayed, and the right to withdraw consent at any time.
Images are stored securely and access is restricted to authorised staff.
Images used will, wherever possible, avoid identifying details (e.g., name tags, school uniforms, personal locations).
If consent cannot be verified, images will not be used.
4. Safeguarding & Oversight
Our Safeguarding Policy works alongside this policy and is available on request.
All staff and volunteers receive safeguarding and GDPR training.
We seek written confirmation from schools, local authorities, and parents/carers that approval has been granted before publishing any images of C&YP.
We conduct regular reviews of the website and social media content to ensure ongoing compliance.
5. Data Storage & Security
Personal data and images are stored on encrypted, password-protected systems.
Access is restricted to staff who require it for legitimate purposes.
Data will not be shared with third parties without explicit consent or legal requirement.
Data is retained only for the duration agreed on consent forms and securely deleted afterwards.
6. Rights of Children, Young People, and Families
Under UK GDPR, individuals (and parents/carers on behalf of children under 13):
Have the right to know what data is being held.
Can request access to their data.
Can request correction or deletion of their data.
Can withdraw consent for use of images at any time.
7. Accountability & Review
This policy is reviewed annually by the Genuine Futures Board of Directors.
Any breaches will be reported in line with UK GDPR and safeguarding procedures.
Images currently displayed online are subject to immediate review, and any without verified consent will be removed.
For any questions, concerns, or to exercise data rights:
Data Protection Lead: Sam Smith
Genuine Futures CIC Genuine Futures Youth Enterprise Hub, Metro Business Park, 228 Waterloo St, Bolton BL1 8HU hello@genuinefutures.co.uk
Genuine Futures Youth Enterprise Hub, Metro Business Park, 228 Waterloo St, Bolton BL1 8HU
hello@genuinefutures.co.uk