- TACT (The Adolescent and Children’s Trust) takes your privacy seriously. This policy outlines the use of personal data under the Data Protection Act 2018 (DPA) and the General Data Protection Regulations (GDPR).
- For the purpose of DPA and GDPR we are the Data Controller and any enquiry regarding the collection or processing of your data should be addressed to Data Controller, TACT, The Courtyard, 303 Hither Green Lane, London SE13 6TJ.
Under the GDPR : Personal Data is defined as “any information relating to an identified or identifiable natural person (‘data subject’); by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
- Consent: you have given TACT clear consent for your personal data to be processed for a specific purpose.
- Contract: the processing is necessary for a contract you have with TACT has asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for TACT to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for TACT to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for TACT legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
The Information We Collect
We collect personal data only if it is directly provided to us by you (the user). The data we collect will only be in relation to the service you are requesting from us.
We collect information that you provide by completing forums, blogs or comments.forms in writing, email, through our web site or in person.
We use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
How We Collect Your Personal Data
There are two main ways in which we collect your personal data:
- directly from you
- from third parties.
Personal data that you give to us may be through one of a number of ways. These may include:
- directly via our website (http://www.tactportal.org.uk/)
- via a form which could be online as part of our website or a form provided to us as a hard copy or electronically.
- via the forum
- contacting us with enquiries or comments by telephone, email or hard copy correspondence.
Personal data may be given to us through another organisation with which you have registered, and we may be required to process that data in order to fulfil services that you expect of us.
This could include one of the following:
- via another authorised body with whom joint education or professional development takes place
- via professional bodies with whom there is a sharing of registration for events or activities.
Use of your information
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations, for the following reasons: to provide you with the services you have requested; to comply with applicable laws and regulations; for administrative purposes; to assess enquiries; and to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at [email protected].
The information that we collect and store relating to you is used to enable us to provide our services to you, and to meet our contractual commitments to you. Where you have consented to us contacting you, we may do so by post, email, phone or text.
Disclosure of your information
We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property, or safety of the organisation, or others. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
Controlling the use of your data
You can revoke or vary consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 above or email us at [email protected] at any time
We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
We do not use your personal data for marketing purposes.
Your data subject rights are listed below:
- The right of access.
- The right to rectification.
- The right to erasure or right to be forgotten.
- The right to restriction of processing.
- The right to be informed.
- The right to data portability.
- The right to object.
- The right not to be subject to a decision based solely on automated processing.
The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in point 2 of the introduction above, or by email to [email protected]. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email to [email protected].
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting Your Personal Data
The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that TACT has instructed.
If Personal Data is transferred outside the UK or EEA to a country without a designated adequacy rating TACT will request the data subject’s consent before processing the data. Consent will not be sought where the Processor’s Binding Corporate Rules, an adequacy decision or Standard Contractual Clauses stipulate that the data will be processed in accordance with GDPR.
We will hold your data in line with our data retention policy or until you opt out, whichever is the sooner.
All data hosted remains within the European Union. All data backups are encrypted at the time of creation, during transmission and in storage. Our lifecycle policies remove old backups after a set period of time. Backups are used only to restore data in the event of data loss either through system failure or by client request.
There are daily MYSQL backups that run each night at midnight, encrypted on the server and kept on a 60-day lifecycle policy.
The content management system, WordPress, provides weekly backups. These backups are encrypted during creation and during transmission. These backups are kept on a 60-day lifecycle policy.
Third party links
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever.
We welcome any queries, comments or requests you may have regarding these policies. Please do not hesitate to contact us at Data Controller, TACT, The Courtyard, 303 Hither Green Lane, London SE13 6TJ or by emailing: [email protected].
Last Updated: October 2019
For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate)
Cookies used by TACT on our website
Last Updated: March 2020