Our privacy policy

At The Children’s Trust we are committed to protecting your privacy. We will only use the information that we collect about you in accordance with data protection and privacy legislation, regulations and guidance.










This page was last updated: 25/05/2018

Introduction

In this privacy policy we set out details of the data that we may collect from you and how we may use that information.  It is important that you take your time to read this privacy policy and associated notices so that you are fully aware of how and why we are using your data. This privacy policy is in addition to the other privacy notices and is not intended to override them. 

If you provide personal information to us about other individuals, for example if you are the parent of a child accessing our brain injury services or an agent representing one of our major donors,  we will process such information in accordance with this privacy policy.  

We have set out our privacy policy using a layered format so you can quickly and easily click through to the specific areas of interest. We have provided a glossary to help you understand the meaning of some of the terms used in this privacy policy.

About us

The Children’s Trust is a registered charity (number 288018) incorporated under the Companies Act (number 1757875).  The Children’s Trust is the data controller for the information we collect about you (collectively referred to as the "Charity", "we", "us" or "our" in this privacy policy).  We are a UK-based charity, headquartered in the south-east of England, providing residential and community-based brain injury rehabilitation and neurodisability services for children and young people.    

Our data protection officer and how to contact us

Our Data Protection officer ("DPO") is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Email: dpo@thechildrenstrust.org.uk

Postal address: Tadworth Court, Tadworth, Surrey, KT20 5RU

Telephone number: 01737 36 5000

Complaints about how we handle your information

You have the right to make a complaint at any time to the Information Commissioner's Office (the "ICO"), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.  If you wish to contact us to make a complaint about how we handle your personal data, you can do so through our Data Protection Officer (whose contact details are above).

Changes to the privacy policy and our purposes for processing

This policy was last updated on the date shown at the top of the document.

We will only use your personal data for the purposes for which we collected it, or for reasons which we believe are compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the DPO using the contact details provided.

We reserve the right to make changes to this policy from time to time.  However, if we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we will not process your personal data without your knowledge or consent unless this is required or permitted by law. In such cases, we will do so only in compliance with the law.  It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

The data we collect about you

Personal data, or personal information, means any information which can be used to identify an individual.  It includes pseudonyms such as unique identifiers (e.g. customer, supporter, patient, employee number), but excludes data from which a person cannot be identified from (anonymised data).

The information that we collect will depend on your relationship with us.  

To find out more about the type of data we collect about you, how and why we collect it, our legal bases for processing your data and who we share it with, please click the relevant headings below to view the specific privacy notices:

Beneficiaries

Our beneficiaries are the children and young people and their families to whom we provide health, care and education services.  This privacy notice covers how we process data of our beneficiaries and of their guardians/ families.  It is aimed at the parents and other legal guardians of the children and young people in our care, as it covers their data as well as the data of the child (who may find it difficult to understand this policy and privacy notice either by virtue of their young age or lack of mental capacity).

Supporters

Supporters and ambassadors who make a donation to the charity, take part in fundraising events and activities, or support our campaigns. 

Professionals and Corporate Partners

This privacy notice is aimed at external health, social care and educational professionals with an interest in the services we provide including; our events and research into brain injury and neurodisability.  It also applies to external colleagues employed by our suppliers and corporate partners.

Candidates & Prospective Volunteers

Prospective employees and volunteers (when you apply for vacancies or register for opportunities through our website).

Third-party links

Our website includes links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Children

Although we provide clinical and education services for children and young people, our website and online services are not intended for children directly and we do not knowingly collect children’s data without parental consent.  For more details about the type of data we process about children and how we collect it, see our Beneficiaries privacy notice. 

International transfers

From time to time we may use data processors who process your personal data outside of the European Economic Area (EEA).  In these cases, we will always ensure a similar degree of protection is afforded to your data by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. 
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. 
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. 

Please contact the DPO if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

How long will you keep my personal data?

We will only retain your personal data for as long as reasonably necessary to fulfil the relevant purposes set out in this privacy notice and in order to satisfy our legal, statutory, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

How we protect your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Click to find out more:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you or your child and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Object to automated decision making or profiling. This enables you to ask us not to subject your personal data to automated decision-making or profiling with legal or similarly significant effects.

If you wish to exercise any of your rights above, please contact the DPO 


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We shall respond to all legitimate requests within one month unless your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated and may take longer to respond.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.  We hope that you will be happy for us to send you news about the work of the charity and our fundraising campaigns but you are free to change your mind at any time.  
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.  You may receive marketing communications from us if you have given us your contact details when ordering a product, buying a ticket to an event or signing up for a service from us and have not opted out.  In other cases, we will ask you for your consent to receive marketing from us when the law requires it.

Third-party marketing

The Children’s Trust will never share your data with third parties for their direct marketing purposes without your consent.

Opting out

You can withdraw your consent (if given) or ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting our Supporter Care team at supportercare@thechildrenstrust.org.uk or telephone us on 01737 364 349.

[Back to top]

PRIVACY NOTICE FOR OUR BENEFICIARIES

Introduction

This privacy notice is aimed at the parents and other legal guardians (collectively referred to hereon in as “you”, “your”) of the children and young people under the care of The Children’s Trust (collectively referred to hereon in as “controller”, “we”, “us”, “the charity”) who are unable to read, either by virtue of their young age or a lack of mental capacity.  Where appropriate, we will be happy to provide a child-friendly version of this privacy notice and our broader privacy policy. 

This privacy notice explains how we collect, use and share you and your child’s personal data when you and your child access our clinical and family services including:

  • brain injury rehabilitation at our national specialist centre
  • community-based and online brain injury services (including our Brain Injury Hub)
  • residential care and education for children and young people with neurodisability at our children’s care home and at The Children’s Trust School.

The data we collect about you, your child and your family 

We may collect, use, store and transfer different kinds of personal data grouped together and categorised as follows:

Identity Data
  • Data about your child: forename, surname, date of birth, age, gender, NHS number and pupil number.  We may also take photos and videos of your child for clinical, administrative, training or marketing purposes.  Please see the section “Our lawful bases and purposes for processing your and your child's data” for more information.
  • Data about you: forename, surname, title, marital status
  • Data about your family: name and age of any siblings your child has
Contact Data
  • Data about you and your child: home address
  • Data about you: email address, telephone and/or mobile number.
Financial Data
  • Data about you if you are funding your child’s placement at The Children’s Trust privately: bank account and payment card details.
Transaction Data
  • Data about you if you are funding your child’s placement at The Children’s Trust privately:  details or services received, invoice and payment history.
Sensitive Data
  • Data about your child: race/ethnicity, religious or philosophical beliefs, health information, genetic data.
  • Data about you, your child and your family: social care/ safeguarding information.
Criminal Records and Convictions Data
  • Data about you, your child and your family: any information disclosed to us from you or from third party sources about you in relation to criminal records and convictions.
Care and Education Data
  • Data about your child: therapies, medications and interventions received, photos and video images (to record clinical outcomes and for training purposes), clinical appointments, results from medical tests and assessments, attendance at school/specific sessions, reasons for absence and educational reports (attainment and outcomes).
Technical Data
  • About you or your family when accessing any of our online services: internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices the data subject uses to access our website.

NOTE: it is prohibited for children under the age of 13 to submit their data via any of our online services without parental consent. 
Profile Data
  • Data about you:  your acceptance or otherwise in sharing your child’s personal story of recovery from brain injury, your acceptance or otherwise of allowing your child’s data to be used in brain injury or neurodisability research. 
Usage Date
  • Data about you: information about your use of our website and services.
Marketing and Communications Data
  • Data about you: your acceptance or otherwise in receiving marketing communications from us and your communication preferences.

The nature of the services we provide requires us to collect Sensitive Data about you and your child.  We want you to reassure you that your privacy and the confidentiality of your child’s medical information is of paramount important to us.  Furthermore, we will continue to respect confidentiality and consent to treatment rules when dealing with your health data in accordance with our Clinical Policies and all applicable medical confidentiality guidelines.  Copies of our Clinical Policies can be made available to you on request.

If you do not provide personal data

If our agreement for the provision of services for your child is with you directly, rather than with a public authority or private organisation then performance of that contract may be dependent on the provision of certain personal data, including special categories of data. If you fail to provide data when requested, we may not be able to provide our services effectively or perform the contract we have or are trying to enter into with you.  

How is your personal data collected?

We use different methods to collect data from and about you as outlined below.

Direct interactions

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email, face to face or otherwise. This includes personal data you provide when you:

  • submit an enquiry form, application or referral for our brain injury rehabilitation or neurodisability services (including The Children’s Trust School); 
  • enter into a contract with the Children's Trust for the provision of our services;
  • undergo clinical screening and medical assessments
  • receive therapies 
  • create an account on our online Brain Injury Hub
  • submit a post on our brain injury forum;
  • subscribe to our brain injury newsletter;
  • request marketing communications to be sent to you;
  • take part in our publicity and marketing activities;
  • make a general enquiry or a complaint 

We also collect data about you when you undergo clinical screening, medical tests and assessments and through our observations of you whilst you are in our care.  

Automated technologies or interactions

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.  We may use these technologies to customise content and advertising, including delivering advertisements about the charity, its news and events, on third party websites or services not owned or operated by The Children’s Trust, to provide social media features and to analyse traffic to our website site. We also share information about your use of our site with trusted social media, advertising and analytics partners.

Our social media, advertising and analytics partners are:

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Third party sources

  • NHS organisations, local authorities, insurers, foreign embassies and other third parties if they refer you or your child for our services; 
  • Surrey Teaching Centre
  • your family;
  • social services, local authorities and the police;
  • web analytics providers;

Our lawful bases and purposes for processing you and your child’s data

We will only use your and/or your child’s data when the law allows us to.  Most commonly we will use your and/or your child’s your personal data in the following circumstances.  Click for details:

  • Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.  Most of the services we provide are publicly funded, commissioned by NHS England, Clinical Commissioning Groups, Local Authorities and Local Education Authorities.  This legal basis is relied upon in the following circumstances:
    • To undertake assessments across education, health, therapies and care pertinent to our services as part of the referrals process (including referrals for placements at The Children’s Trust School) from statutory authorities; 
    • For the provision of healthcare, education and related services to your child; 
    • For the purpose of sharing information with health, education and social care organisations and professionals who are providing or will in the future be providing services to your child.
  • Necessary for the performance of a contract we are about to enter into- or have entered into with you.  We collect your and/or your child’s data for this reason in limited circumstances, if our agreement for the provision of services for your child is with you directly, rather than with a public authority or private organisation.  Specific purposes for processing under this lawful basis include:
    • For the administration and clinical assessment of referrals for our services (including placements at The Children’s Trust School);
    • For the provision of healthcare, education and related services to your child in accordance with the contract we have in place with you;
    • For the purpose of discharging your child from our services and making onward referrals to other health, education and social care organisations and professionals as required.
  • Necessary for compliance with a legal obligation that we are subject to.   We rely on this legal basis in the following circumstances:
    • Sharing of aggregated and pseudonymised patient-level data with health and social care commissioners (as directed by Secretary of State Health via NHS England) for statistical analysis and monitoring purposes;
    • Sharing of data with the Department of Education to meet reporting requirements under the Education Regulations 2013 (Information About Individual Pupils).  We also collect and use pupil information under the Education Act 1996 and the Children Act 1989;
    • To investigate, record and report incidents that may impact you or your child to health and social care professionals in compliance with the Care Quality Commission and Ofsted Health and Education;
    • To conduct compliance audits and service evaluations in compliance with the Care Quality Commission and Ofsted Health and Education. 
  • Necessary for the purpose of our legitimate interests or those of a third party. We may process your data for a number of legitimate interests in circumstances where these interests are not overridden by your privacy rights:
    • To monitor and report to you the clinical and educational services your child is receiving, the progress they are making and any concerns we may have (note: this might include the processing of photo or video images of your child strictly for this purpose);
    • Sharing information with the statutory authorities responsible for funding your child’s placement at The Children’s Trust or other services;
    • Brain injury community services onward referral of your child either to local community services or to our specialist multi-disciplinary team;
    • Provision and administration of our online Brain Injury Discussion Forum;
    • Processing and publication of brain injury stories on Brain Injury Hub Blog;
    • Administration of subscriptions to our monthly Brain Injury newsletter;
    • As part of our discharge process, we collect data from you about your communication preferences and your consent to further uses of your child’s personal data as follows:
      • Your acceptance or otherwise of being contacted in future about sharing your child’s personal story of recovery from brain injury for marketing and publicity purposes;  
      • Your acceptance or otherwise of your child’s data being used for research into brain injury and neurodisability (approved by Research Ethics Service, part of the NHS Health Research Authority);
      • Your agreement to being added to our Long Term Register (an extension of our brain injury services) so that we can contact you at key transition points in the future to understand the progress your child is making and whether you and your child require any further support;
      • Your acceptance or otherwise of being contacted by the charity’s fundraising and marketing teams to bring you news from the charity and information about fundraising campaigns.  Marketing carried out for the purpose of our legitimate interests includes communications by post and on occasion, email or text communications if you have given us your contact details as part of a sales transaction in one of our shops or online, in accordance with the law;  
    • We archive personal data and conduct historical data analysis in order to evaluate and improve our services.  We take steps to anonymise or minimise personal data used for this purpose (for example by removing Identify Data altogether or through the use of pseudonyms such as patient number instead of your child’s name);  
    • To teach and train health, care and education professionals.  We minimise and anonymise data as far as possible for this purpose;
    • To investigate, record and report incidents that may impact you or your child and to manage risks, monitor compliance and improve service quality;
    • To conduct compliance audits and service evaluations.  We minimise and anonymise data for this purpose as far as possible;
    • To send you limited marketing communications by post outlining the work of the charity and our fundraising campaigns
  • With your consent.  We rely on this legal basis in limited circumstances and where required by law as follows:
    • To use your child’s personal data, including Sensitive Data for research into brain injury (approved by Research Ethics Service, part of the NHS Health Research Authority).
    • To send you marketing communications by email or text promoting the work of the charity and our fundraising campaigns.
    • To take photos or video images of your child for marketing, publicity or training purposes. 
    • To contact you and invite you to share your child’s story through our website or newsletter, or with journalists, third party publishers and other local or national media organisations.
  • Where it is essential for the vital (life or death) interests of any individual.  We would rely on this legal basis for the intervention in emergency or life threatening situations where you or your child are physically or legally unable to give consent as defined under the Mental Capacity Act (2005).

In addition to the lawful bases set out above, when we process Special Categories of personal data, we must identify an additional lawful basis for processing.  At The Children’s Trust and in relation to our clinical and education services we rely on the following legal bases:

  • The processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services.
  • The processing is necessary to protect the vital interests (i.e. life or death) of the data subject or of another individual where the data subject is physically or legally incapable of giving consent.
  • The data subject has given explicit consent to the processing of those personal data (we rely on this basis when we use your child’s data for marketing and publicity or research purposes).
  • The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (we rely on this basis for statistical analysis purposes to help us evaluate and improve our brain injury and neurodisability services).
  • The processing relates to personal data which are manifestly made public by the data subject (we rely on this basis if you post Sensitive Data on our Brain Injury Hub).

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you want further details about the specific legal ground we are relying on to process your personal data.

Disclosures of your personal data

There are a number of third parties with whom we share your child’s personal data in order to provide and monitor our services and to comply with our contractual and legal obligations with the statutory authorities who commission these services.

Where we regularly share data with processors and other controllers, we have data sharing agreements in place.  We do not allow processors to use your personal data for their own purposes. We only permit processors to use your and your child’s data for specified purposes and in accordance with our instructions.

We use processors who are commonly based in the EU but occasionally we use processors with operations in the US or Canada.  For further details about international transfers of personal data and the safeguards in place, please see International Transfers. 

The list below sets out the possible third party recipients of your child’s data:

  • NHS organisations (including NHS England, hospitals, GPs, clinical commissioning groups, NHS common services agencies such as dentists, ophthalmic and ambulance services etc.), Department of Education, local authorities, social services
  • Surrey Teaching Centre where they are providing education for children receiving our residential brain injury rehabilitation and neurodisability services
  • Foreign embassies in the case of privately funded international referrals
  • Pharmacies and other suppliers of products or services required for your child’s direct care
  • Private hospitals, care homes, domiciliary agencies, hospices, contractors providing services to the NHS
  • Approved assessors of regulatory compliance and providers of certification schemes
  • Regulatory bodies and supervisory authorities who may audit our data processing activities
  • Insurers if your child’s placement is funded privately through insurance
  • Approved research partners such as universities and hospitals (where we have your consent)
  • Journalists, publishers and other media organisations (with your consent)
  • Insurers and legal professionals for the purpose of bringing or defending legal claims.

[Back to top]

PRIVACY NOTICE FOR OUR SUPPORTERS

Introduction

This privacy notice is aimed at our supporters and ambassadors who make a donation to the charity, take part in fundraising events and activities, or support our campaigns. 

This privacy notice explains how we collect, use and share your personal data when you make a donation, buy a ticket for one of our fundraising events, sign-up to take part in a sponsored event such as the London Marathon, join us as an ambassador, visit our website, buy products from us online or in our charity shops, take part in our weekly lottery, sign-up for our newsletters and request marketing communications to be sent to you or make a general enquiry or complaint.

The data we collect about you 

We may collect, use, store and transfer different kinds of personal data grouped together and categorised as follows: 

Identity Data
  • Forename, surname, date of birth and age.  We may need to verify your age for a number of reasons including; to ensure we are not unknowingly collecting children’s data online; to comply with the Gambling Commission in respect of our lottery and in relation to your application to any of our events that are age-restricted. 
  • We may also take photos and videos of your child for clinical, administrative, training or marketing purposes.  Please see the section “Our lawful bases and purposes for processing your data” for more information.
Contact Data
  • Billing address, home address, email address, telephone and/or mobile number.
Financial Data
  • Bank account and payment card details.
Special Categories of Data
  • In limited circumstances we collect data about your race/ethnicity, religious or philosophical beliefs and health information.  Most commonly this might apply if you are one of our major donors so that we can develop a more personal relationship with you and communicate with you appropriately and at the right times.  We would only process this information with your explicit consent or if you had made the data publicly available.
  • We may also collect health information about any of our supporters if it is necessary for ensuring your comfort, safety and well-being when you attend our fundraising events, for example we may need to make special arrangements for you if you are disabled.
Transaction Data
  • Details of donations you have made, products or tickets you have purchased, fundraising events or volunteering activities you have been involved in.  
Technical Data
  • Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when you access our website.

NOTE: it is prohibited for children under the age of 13 to submit their data via any of our online services without parental consent. 
Profile Data
  • Your username and password if you have an online account, information about your interests and preferences.
  • Information about your background, experience, interests and family where we have a close personal relationship with you e.g. if you are a major donor or ambassador. 
Usage Data
  • Data about you: information about your use of our website and services.
Marketing, Publicity and Communications Data
  • Your acceptance or otherwise in receiving marketing communications from us and your communication preferences. 
  • Your acceptance or otherwise of us using your data in relation to our marketing and publicity campaigns in the future, including the publishing of articles and photos in our newsletter or in local or national press.

If you do not provide personal data

Some of the data we collect is necessary for the performance of a contract we have entered or are trying to enter into with you.  For example, we can’t take payment from you unless you share your billing address with us and we might need your email address or telephone number in order to send you important administrative information, such as changes to the timings for a fundraising event.

Other data may be required by law, for example we need to verify your age when you access our online services to ensure we are not unknowingly collecting children’s data without parental consent.  

If you do not provide data when requested, we may not be able to provide our services effectively or perform the contract we have or are trying to enter into with you.  

How is your personal data collected?

We use different methods to collect data from and about you as outlined below.

Direct interactions

You may give us your personal data by filling in paper-based or online forms or by corresponding with us by post, phone, email, face to face or via social media.  We may also collect your personal data when you attend our events or take part in fundraising activities. 

Automated technologies or interactions

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.  We may use these technologies to customise content and advertising, including delivering advertisements about the charity, its news and events, on third party websites or services not owned or operated by The Children’s Trust, to provide social media features and to analyse traffic to our website site. We also share information about your use of our site with trusted social media, advertising and analytics partners.

Our social media, advertising and analytics partners are:

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Third party sources

We also collect your data from third party sources as follows:

  • Organisations who provide services to us such as payment services and electronic point of sale, and ticket handling;
  • Web analytics providers;
  • Data analytics and insight providers who may combine data we have collected about you with other data they have collected about you from publicly available sources;
  • Providers of online fundraising platforms e.g. Just Giving;
  • Agencies we may use from time to time to undertake fundraising activities on our behalf.

Publicly available sources

We may collect personal data about you from publicly available sources including information obtained through internet search engines results and social media sites to identify individuals with a public profile who may have an interest in supporting the charity.

Our lawful bases and purposes for processing your data

We will only use your data when the law allows us to.  Most commonly we will use your personal data in the following circumstances:

  • Necessary for the performance of a contract we are about to enter into- or have entered into with you.  We collect your data for this reason in the following circumstances:
    • for the administration of applications to participate in sponsored fundraising events and of subsequent “pledge” forms.  E.g. London Marathon, Great North Run (where a registration fee is payable to guarantee a place);
    • for the sale and fulfilment of tickets for fundraising events and for the subsequent event administration;
    • for the sale of goods and raffle tickets online and in our charity shops;
    • to enter you for our weekly lottery and to process your payment;
    • to notify you of changes to our terms or privacy policy;
  • Necessary for compliance with a legal obligation that we are subject to.   We rely on this legal basis in the following circumstances:
    • to verify your age if you access our online services including registering to take part in our lottery;
    • to comply with record retention obligations e.g. the requirement to retain Gift Aid declarations for six years as required by Her Majesty’s Revenue and Customs (HMRC);
    • to notify you of changes to our terms or privacy policy;
    • for information security monitoring;
    • where we identify a crime and have a duty to report it to the relevant authorities;
    • where we are obliged to share data with regulators such as the ICO for audit and breach reporting purposes;
    • if we investigate, record and report incidents or accidents that may involve you;
    • to handle any requests you make when you exercise your legal rights as outlined in this policy;
    • to conduct audits to assess regulatory compliance including in relation to the Code of Fundraising Practice and General Data Protection Regulation.  
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.  We collect your data for this reason in a number of circumstances including:
    • to process your donation or sponsorship of an event e.g. our Golf Day including sending you an administrative “thank you” letter, text or email;
    • to understand your marketing and communicating preferences so we can keep you informed of the work of the charity and how you can support us in the way you choose;
    • to manage our relationship with you and respond to your queries or complaints;
    • for the set-up and ongoing administration of your online account;
    • to sign-up up to one of our newsletters or mailing lists;
    • to undertake analysis, including profiling and develop insight into your interests and preferences for marketing purposes (so we can send you tailored communications);
    • to send you direct marketing communications about the work of the charity, fundraising appeals, events and other opportunities for you to get involve;
    • to seek your feedback or undertake customer research to improve our products, events and services;
    • for supporter relationship management purposes;
    • for information security including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
    • to monitor, understand and continuously improve your online experience when you browse and transact with our website; 
    • for the purpose of making or defending a legal or insurance claim;
    • in order to run our business, for the provision of IT services;
    • for training and quality purposes. 
  • We rely on your consent to process your personal data in limited circumstances and where required by law as follows:
    • to send you marketing communications by telephone, email or text promoting the work of the charity and our fundraising campaigns;
    • to capture a photo image or video footage of you for future marketing purposes;
    • to use images of you and/or information about you in our marketing materials and publicity campaigns or in local or national press;
    • to record special categories of data in relation to you, for example details of your religious or political beliefs for relationship management purposes, where this data has not already been made public by you.

In addition to the lawful bases set out above, when we process Special Categories of personal data, we must identify an additional lawful basis for processing.  At The Children’s Trust and in relation to data processing we carry out linked to our Supporters, we rely on the following legal bases:

  • The data subject has given explicit consent to the processing of those personal data (we rely on this basis when we use your child’s data for marketing and publicity or research purposes).
  • The processing relates to personal data which are manifestly made public by the data subject (we rely on this basis if you post Sensitive Data on our Brain Injury Hub).

Disclosures of your personal data

There are a number of third parties with whom we share your personal data in order to provide and monitor our services and to comply with our contractual and legal obligations.

Where we regularly share data with processors and other controllers, we have data sharing agreements in place and do not allow processors to use your personal data for their own purposes. We only permit processors to use your data for specified purposes and in accordance with our instructions.

We use processors who are commonly based in the EU but occasionally we use processors with operations in the US.  For further details about international transfers of personal data and the safeguards in place, please see International Transfers.

The list below sets out the possible third party recipients of your data:

  • Payment services providers;
  • Ticketing agencies;
  • Event organisers;
  • Professional fundraising agencies;
  • HMRC in relation to Gift Aid declarations;
  • Other IT services and data hosting providers;
  • Approved assessors of regulatory compliance and providers of certification schemes; 
  • Regulatory bodies and supervisory authorities who may audit our data processing activities;
  • Journalists, publishers and other media organisations (with your consent);
  • Insurers and legal professionals for the purpose of bringing or defending claims;
  • Other providers of professional services that we may use from time to time.

[Back to top]

PRIVACY NOTICE FOR PROFESSIONALS AND CORPORATE PARTNERS

Introduction

This privacy notice is aimed at external professionals in the fields of health, social care and education with an interest in the services we provide including; our events, clinical education and training and research into brain injury and neurodisability.  It is also aimed at external colleagues employed by our corporate partners.

This privacy notice explains how we collect, use and share your personal data during the course of our professional relationship with you, whether you represent an organisation who supports our causes or are a healthcare professional interested in understanding more about our services and research into brain injury and neurodisability, or are referring / have referred a child or young person to our services.      

The data we collect about you 

We may collect, use, store and transfer different kinds of personal data grouped together and categorised as follows: 

Identity Data
  • Forename, surname, job title.
Contact Data
  • Email address (ordinarily this will be your professional email address), postal address (if requesting information by post).
Financial Data
  • Payment card data (note some of our events and conferences for professionals are free and therefore don’t require you to submit card data).
Transaction Data
  • Details of conferences you have attended, information you have requested, fundraising activities you have taken part in, placement referrals you have made for our services and the nature of your involvement with the children and young people in our care. 
Technical Data
  • Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when you access our website.
Profile Data
  • Username and password if you have created an online account.
Usage Data
  • Information about your use of our website and services.
Marketing, Publicity and Communications data
  • your marketing and communication preferences
  • your acceptance or otherwise of us using your data in relation to our marketing and publicity campaigns in the future, including the publishing of articles and photos in our newsletter or in local or national press.

If you do not provide personal data

Some of the data we collect is necessary for the performance of a contract we have entered or are trying to enter into with you.  For example, we can’t take payment from you unless you share your billing address with us and we can’t send you important administrative information, such as changes to the timings for a fundraising event without your Contact Data.

If you do not provide data when requested, we may not be able to provide our services effectively or perform the contract we have or are trying to enter into with you.  

How is your personal data collected?

We use different methods to collect data from and about you as outlined below.

Direct interactions

You may give us your personal data by filling in paper-based or online forms or by corresponding with us by post, phone, email or face to face.  We may also collect your personal data when you attend our events and conferences or take part in fundraising activities. 

Automated technologies or interactions

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.  We may use these technologies to customise content and advertising, including delivering advertisements about the charity, its news and events, on third party websites or services not owned or operated by The Children’s Trust, to provide social media features and to analyse traffic to our website site. We also share information about your use of our site with trusted social media, advertising and analytics partners.

Our social media, advertising and analytics partners are:

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Third party sources

We also collect your data from third party sources as follows:

  • Organisations who provide services to us such as payment services and electronic point of sale, and ticket handling;
  • We collect personal data about professionals (healthcare, social care and education) registered with third parties, including but not limited to membership bodies and database providers, for networking, collaboration and marketing purposes; 
  • Web analytics providers; 
  • Providers of online fundraising platforms e.g. Just Giving;
  • Your employer;
  • Conference and event hosts if you have attended an event and agreed to your data being shared with us. 

Publicly available sources

We may collect personal data about you from publicly available sources including information obtained through internet search engine results, websites and directories to identify professionals who may have an interest in supporting the charity or in receiving news and information about our services.

Our lawful bases and purposes for processing your data

We will only use your data when the law allows us to.  Most commonly we will use your personal data in the following circumstances:

  • Necessary for the performance of a contract we are about to enter into- or have entered into with you.  We collect your data for this reason in the following circumstances:
    • for the sale and fulfilment of tickets for our events and conferences for subsequent event administration;
    • to register you for a place on one of our training programmes;
    • to notify you of changes to our terms or privacy policy.
  • Necessary for compliance with a legal obligation that we are subject to.   We rely on this legal basis in the following circumstances:
    • to comply with record retention obligations e.g. the requirement to retain Gift Aid; declarations for six years as required by Her Majesty’s Revenue and Customs (HMRC) if you take part in corporate fundraising;
    • for information security monitoring;
    • where we identify a crime and have a duty to report it to the relevant authorities;
    • where we are obliged to share data with regulators such as the ICO for audit and breach reporting purposes.
    • if we investigate, record and report incidents or accidents that may involve you;
    • to handle any requests you make when you exercise your legal rights as outlined in this policy;
    • to conduct audits to assess regulatory compliance including in relation to the Code of Fundraising Practice and General Data Protection Regulation.  
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.  We collect your data for this reason in a number of circumstances including:
    • to process your donation or sponsorship form including sending you an administrative “thank you” letter, text or email;
    • to understand your marketing and communicating preferences so we can keep you informed of the work of the charity and how you can support us in the way you choose;
    • to manage our relationship with you and respond to your queries or complaints;
    • for the set-up and ongoing administration of your online account;
    • to undertake analysis and develop insight into your interests and preferences for marketing purposes;
    • to send you direct marketing communications about the work of the charity, fundraising appeals, events and other opportunities for you to get involved;
    • to seek your feedback or undertake customer research to improve our products, events and services;
    • for relationship management purposes;
    • for information security including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
    • to monitor, understand and continuously improve your online experience when you browse and transact with our website; 
    • for the purpose of making or defending a legal or insurance claim;
    • in order to run our business, for the provision of IT services;
    • for training and quality purposes. 
  • We rely on your consent to process your personal data in limited circumstances and where required by law as follows:
    • to capture a photo image or video footage of you for future marketing purposes;
    • to use images of you and/or information about you in our marketing materials and publicity campaigns or in local or national press.

Disclosures of your personal data

There are a number of third parties with whom we share your personal data in order to provide and monitor our services and to comply with our contractual and legal obligations.

Where we regularly share data with processors and other controllers, we have data sharing agreements in place.  We only permit processors to use your data for specified purposes and in accordance with our instructions.  Occasionally and where you have given your consent, we may share your data with trusted partners for their direct marketing purposes.  You can withdraw your consent at any time by contacting the relevant data controller.   

We use processors who are commonly based in the EU but occasionally we use processors with operations in the US.  For further details about international transfers of personal data and the safeguards in place, please see International Transfers. 

The list below sets out the possible third party recipients of your data:

  • Payment services providers;
  • Ticketing agencies;
  • Event organisers;
  • HMRC in relation to Gift Aid declarations;
  • Other IT services and data hosting providers;
  • Approved assessors of regulatory compliance and providers of certification schemes; 
  • Regulatory bodies and supervisory authorities who may audit our data processing activities;
  • Journalists, publishers and other media organisations (with your consent);
  • Insurers and legal professionals for the purpose of bringing or defending claims;
  • Other providers of professional services that we may use from time to time.

[Back to top]

PRIVACY POLICY FOR PROSPECTIVE CANDIDATES AND PROSPECTIVE VOLUNTEERS

Purpose

The Children’s Trust is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you.  You are being sent a copy of this Privacy Policy, because you are applying for work with us (whether as an employee, worker, contractor or volunteer).  It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for.  It provides you with certain information that must be provided under the General Data Protection Regulation (EU 2016/679).

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about, and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely.

The kind of information we hold about you

In connection with your application to volunteer or work with us, we will collect, store, and use the following categories of personal information about you:

  • As a job candidate, the information you have provided to us in your curriculum vitae and covering letter
  • As a candidate or volunteer, the information you have provided on our application form, such as: name; title; address; telephone numbers; personal email addresses; date of birth; gender; employment history; and qualifications
  • As a candidate or volunteer, any information you provide to us during interview
  • As a candidate, any information produced as a result of interview tasks and/or tests (if any).


We may also collect, store and use the following "special categories" of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, or sexual orientation
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offences.

How is your personal information collected?

We collect personal information about candidates from the following sources:

  • You, the candidate or prospective volunteer (either directly or indirectly via our third party recruitment and volunteering sites)
  • Specified recruitment agencies
  • Disclosure & Barring Service, in respect of criminal convictions
  • Your named referees, from whom we collect the following information: name, job title, employment dates, sickness rates over a two year period, safeguarding concerns, disciplinary information, and performance summary (where applicable).

How we will use information about you

We need to process your personal information to decide whether to enter into a contract with you.

For candidates, having received your CV and Covering Letter, and/or your application form, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role.  If you do, we will decide whether your application is strong enough to invite to interview.  If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role.  If we decide to offer you the role, we will then take-up references, and carry out a criminal records check, as well as all other pre-employment, compliance checks, in order to satisfy regulatory requirements, before confirming your appointment.

For prospective volunteers, having received your application form, we will use the information provided to us to contact you for an informal chat. If you decide to continue with your application, we will then take up references. We may carry out a criminal record check, in accordance with the law, as well as all other compliance checks, in order to satisfy regulatory requirements before confirming your start date.

We will only use your personal information when the law allows us to.  Most commonly, we will use your personal information in the following circumstances:

  • Where it’s necessary for the performance of a contract we have entered into or are trying to enter into with you:
    • Communicate with you about the recruitment process
    • Making a decision about your recruitment or appointment
    • Determining the terms on which you work for us
    • Administering the contract we have entered into with you.
  • Where we need to comply with a legal obligation:
    • To carry out background and reference checks, where applicable
    • Assessing qualifications, skills, suitability, and Professional Registrations (where applicable) for a particular role or task
    • Keep records related to our hiring processes.
  • Where it is necessary for the legitimate interests of The Children’s Trust (or those of a third party) in carrying out our work as a registered charity and your interests, and fundamental rights do not override those interests:
    • To conduct data analytics studies to review our service;
    • Equal opportunities monitoring;
    • To carry out background and DBS checks (for safeguarding purposes if you are likely to be in contact with children or vulnerable adults as part of your role) To understand the volunteering opportunities you may be interested in and your communication preferences
  • In limited circumstances we will process your data where we have your consent as follows:
    • To keep in touch with you about volunteering news and opportunities.

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your vital (life or death) interests (or someone else's vital interests).
  • Where it is needed in the public interest or for official purposes.

We strive to provide you with choices regarding certain personal data uses, particularly around relevant recruitment and/or volunteer opportunities, but you are free to change your mind at any time. 

You can change your contact preferences, or ask us to stop sending you these opportunities, at any point, by contacting the People Operations Team: 01737 365 880.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history) we will not be able to process your application successfully.  For example, if we require a credit check or references for this role, and you fail to provide us with relevant details, we will not be able to take your application further.

How we use particularly sensitive personal information

We will use your particularly sensitive personal information in the following ways:

  • We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example, whether adjustments needs to be made [during a test, interview or informal chat]
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Information about criminal convictions

We will collect information about your criminal convictions history if we would like to offer you the role (conditional on pre-employment checks for candidates and any other conditions, such as references, being satisfactory).  We are required to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role.  In particular:

  • We are legally required by our Regulatory Body to carry out criminal record checks
  • If the role is one which is listed on the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (SI 1975/1023) and is also specified in the Police Act 1997 (Criminal Records) Regulations (SI 2002/233) so is eligible for a standard or enhanced check from the Disclosure & Barring Service
  • The role requires a high degree of trust and integrity, since it involves dealing with, for example: vulnerable children and adults who work with us, and so we would like to ask you to seek a Basic disclosure of your criminal records history.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

Data sharing

Why might you share my personal information with third parties?

We may have to share data with third parties, including third-party service providers, such as: MyPeopleBiz; NHS Jobs; GBG; and Better Impact, for the purposes of processing your application.  All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.  We do not allow our third-party service providers to use your personal data for their own purposes.  We only permit them to process your personal data for specified purposes and in accordance with our instructions.

If you are a prospective volunteer we share your data with processors who send marketing communications about volunteering opportunities on our behalf. 

The Children’s Trust will never share your data with third parties for their direct marketing purposes without your consent.

International transfers

From time to time we may use third-party service providers who process your data outside of the European Economic Area (EEA), in the US or Canada.  In these cases, we will always ensure a similar degree of protection is afforded to your data by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please contact the Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know.  They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.  Details of these measures may be obtained from The Children’s Trust Data Protection Officer: dpo@thechildrenstrust.org.uk

We have put in place procedures to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach, where we are legally required to do so.

Data retention: how long will you use my information for?

If unsuccessful in your application for employment, we will retain your personal information for a period of six months after we have communicated to you our decision.  We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds, and that we have conducted the recruitment exercise in a fair and transparent way.  After this period, we will securely destroy your personal information, in accordance with our IG004 Record Retention & Disposal Policy & Procedure.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period.

Rights of access, correction, erasure and restriction

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you, and to check that we are lawfully processing it

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected

Request erasure of your personal information. This enables you to ask us to delete or remove personal information, where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal information, where you have exercised your right to object to processing (see below)

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it

Request the transfer of your personal information to another party.

If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact The Children’s Trust Data Protection Officer in writing.

Right to withdraw consent

When you applied for this role, you provided consent by submitting your application to us, enabling us to process your personal information for the purposes of the prospective employee/volunteer recruitment exercise.  You have the right to withdraw your consent for processing for that purpose at any time.  To withdraw your consent, please contact the People Operations Team.  Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our IG004 Record Retention & Disposal Policy & Procedure, we will dispose of your personal data securely.

Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice.  If you have any questions about this Privacy Notice or how we handle your personal information, please contact the DPO: dpo@thechildrenstrust.org.uk.  You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues but we would appreciate the opportunity to try to resolve your complaint before you approach the ICO.

[Back to top]