Policy on the Handling of Gender-Based Violence Screening Information 

1. Purpose 

This policy outlines how information collected through the Gender-Based Violence Screening Form (“the Screening Form”) will be received, stored, assessed, and used by the organisation. The purpose of collecting this information is to support a safe, respectful, and inclusive workplace and to comply with organisational safeguarding responsibilities. 

2. Scope 

This policy applies to: 

• All job applicants 

• All employees 

• All contractors, consultants, and temporary workers 

• Any third-party providers supplying personnel to the organisation 

3. Principles 

Yugo is committed to the following core principles when handling sensitive information: 

• Confidentiality: Information will be accessed only by authorised personnel with a legitimate business need. 

• Privacy Compliance: All handling of information will align with applicable privacy, employment, and human rights laws in relevant jurisdictions. 

• Fairness: Information will not be used to unfairly discriminate but may be considered in assessing role suitability, consistent with organisational safeguarding obligations. 

• Data Minimisation: Only information strictly necessary for safety and suitability assessments will be collected and retained. 

• Security: Information will be securely stored and protected from unauthorised access. 

4. Collection of Information 

Information is collected through the Screening Form at the point of employment, engagement, or relevant role change. 
Individuals will be informed of: 

• Why the information is being collected 

• How it will be used 

• Their rights regarding access, correction, and confidentiality 

Completion of the Screening Form is a mandatory part of the recruitment or engagement process unless prohibited by local law. 

5. Use of Information 

The information provided will be used solely for the purpose of: 

• Assessing suitability for employment or engagement 

• Determining whether any substantiated findings or relevant investigations pose a risk to colleagues, residents, customers, or the organisation 

• Supporting safeguarding, risk-management, and duty-of-care obligations 

The information will not be used for any unrelated purpose, such as marketing or performance management. 

Decision-making that relies on this information will be: 

• Documented, 

• Fair and evidence-based, and 

• Reviewed by P&C or another authorised function. 

6. Access and Disclosure 

Access is strictly limited to: 

• Members of the People & Culture team responsible for recruitment or case management 

• Hiring managers (where necessary) 

• Legal or compliance personnel (if required) 

• Senior leadership only where a significant risk assessment is needed 

Information will not be disclosed externally except: 

• When required by law 

• When necessary to protect the safety of individuals 

• With the explicit written consent of the individual 

• When handing over to authorised third-party investigators or regulators 

All disclosures will be documented. 

7. Storage and Security 

Screening Form records will be stored: 

• Separate from general personnel files where appropriate  

• With access controls and audit trails 

Only authorised personnel may view or update the records. 

8. Retention and Destruction 

Information will be retained only for as long as necessary to fulfil the purposes of assessment and organisational risk management, and in line with: 

• Local retention laws 

• Organisational document retention schedules 

When no longer required, information will be securely destroyed using approved methods (e.g., secure digital deletion or certified document destruction). 

9. Accuracy and Correction 

Individuals have the right, as permitted by law, to: 

• Access the information held about them 

• Request corrections if information is incomplete, outdated, or inaccurate 

• Seek clarification about how information has been used 

Requests will be handled promptly and fairly. 

10. Review and Audit 

This policy will be reviewed annually, or sooner if required by legal, regulatory, or operational changes. 
Internal audits may be conducted to confirm compliance with privacy and safeguarding requirements. 

11. Non-Compliance 

Breaches of this policy may result in disciplinary action, up to and including termination, and may carry legal consequences.