Privacy Policy

Introduction

This site is provided and managed by TACT, registered charity numbers: England and Wales 1018963. Scotland SC 039052. This privacy policy refers to: www.tactcare.org.uk and applies solely to this website.

TACT (The Adolescent and Children’s Trust) takes your privacy seriously. This policy outlines the use of personal data under the Data Protection Act 2018 (DPA) and the General Data Protection Regulations (GDPR).
For the purpose of DPA and GDPR we are the Data Controller and any enquiry regarding the collection or processing of your data should be addressed to Data Controller, TACT, The Courtyard, 303 Hither Green Lane, London SE13 6TJ.

Personal Data

Under the GDPR : Personal Data is defined as “any information relating to an identified or identifiable natural person (‘data subject’); by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Lawful Processing

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:

Consent: you have given TACT clear consent for your personal data to be processed for a specific purpose.
Contract: the processing is necessary for a contract you have with TACT has asked you to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for TACT to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for TACT to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for TACT legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

The Information We Collect

We collect personal data only if it is directly provided to us by you (the user). The data we collect will only be in relation to the service you are requesting from us.

We collect information that you provide by completing forms in writing, email, through our web site or in person. This includes information provided at the time of registering with us, to use our Website (where applicable), to become a member of staff, to enter into a contract for our services, to support or subscribe to our services (where applicable), to request materials or to request further services or when you report a problem with any of our communication channels or services.

We collect the following classes of information:

Name(s) and address, email, phone number(s) and other relevant personal details and preferences
We may collect special category data, such as health information, race or religion so we can deal with sensitive cases appropriately. We only collect this information with your expressed content
Staff details relevant to their employment status with us
Records of donations
Records of fostering
Photographs, recordings (audio and video)
Information about our relationship with you, correspondence, meeting notes, attendance at events etc.
Financial information where relevant to our needs
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Details of transactions you carry out and of the fulfilment of your orders.

To help us improve our services, if you send us personal information which identifies you via email, we may keep your email, your email address and ‘screen’ name. We may also collect information that is available from your browser.

We use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).

How We Collect Your Personal Data

There are two main ways in which we collect your personal data:

directly from you
from third parties.

Personal data that you give to us may be through one of a number of ways. These may include:

directly via our website (https://www.tactcare.org.uk/)
emailing your CV to a TACT employee regarding a voluntary appointment
providing information via on-line forms or surveys
collecting your data through a contractual or commercial relationship with you e.g. attending a fee-paying event
via a form which could be online as part of our website or a form provided to us as a hard copy or electronically.
contacting us with enquiries or comments by telephone, email or hard copy correspondence.

Personal data may be given to us through another organisation with which you have registered, and we may be required to process that data in order to fulfil services that you expect of us.

This could include one of the following:

via another authorised body with whom joint education or professional development takes place
via professional bodies with whom there is a sharing of registration for events or activities.

Use of your information

We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations, for the following reasons: to provide you with the services you have requested; to comply with applicable laws and regulations; for administrative purposes; to assess enquiries; and to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at [email protected].

The information that we collect and store relating to you is used to enable us to provide our services to you, and to meet our contractual commitments to you. Where you have consented to us contacting you, we may do so by post, email, phone or text.

Disclosure of your information

We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property, or safety of the organisation, or others. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.

Controlling the use of your data

You can revoke or vary consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 above or email us at [email protected] at any time

We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.

Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.

We do not use your personal data for marketing purposes.

Data Rights

Your data subject rights are listed below:

The right of access.
The right to rectification.
The right to erasure or right to be forgotten.
The right to restriction of processing.
The right to be informed.
The right to data portability.
The right to object.
The right not to be subject to a decision based solely on automated processing.

The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in point 2 of the introduction above, or by email to [email protected]. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.

You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email to [email protected].

Security

The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Protecting Your Personal Data

The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that TACT has instructed.

If Personal Data is transferred outside the UK or EEA to a country without a designated adequacy rating TACT will request the data subject’s consent before processing the data. Consent will not be sought where the Processor’s Binding Corporate Rules, an adequacy decision or Standard Contractual Clauses stipulate that the data will be processed in accordance with GDPR.

Data Retention

We will hold your data in line with our data retention policy or until you opt out, whichever is the sooner.

All data hosted remains within the European Union. All data backups are encrypted at the time of creation, during transmission and in storage. Our lifecycle policies remove old backups after a set period of time. Backups are used only to restore data in the event of data loss either through system failure or by client request.

There are daily MYSQL backups that run each night at midnight, encrypted on the server and kept on a 60-day lifecycle policy.

The content management system, WordPress, provides weekly backups. These backups are encrypted during creation and during transmission. These backups are kept on a 60-day lifecycle policy.

Third party links

You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever.

Changes to the TACT Privacy Policy

This privacy policy was last updated on 28/10/19. TACT reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information to the TACT will be deemed to signify your acceptance to the variations.

We welcome any queries, comments or requests you may have regarding these policies. Please do not hesitate to contact us at Data Controller, TACT, The Courtyard, 303 Hither Green Lane, London SE13 6TJ or by emailing: [email protected].
Last Updated: October 2019

Complaints

For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns

Contact details

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)

Cookies used by TACT on our website

To learn more about the cookies that we use on our site, please read our cookie policy.

Last Updated: November 2019