You can find more information below about what information we collect, how we collect it, what we do with it, how we protect it, how long we keep it for and how to get in touch with us regarding any personal data requests that you might want to raise with us.
You have a right to be informed, which means that we need to give you clear information about the way in which we use, share and store your personal information.
If you’d rather not read the whole of this document, here are the key things you might want to note about how we handle your information:
We use a number of third parties to securely store and/or process information for us to perform our operations as an organisation, which are summarised here:
There are also contact details at the end of this form if you need to get in touch with us regarding data protection.
The following definitions apply for this policy: Organisations: “TouchBase” means TouchBase Centre CIC, community number 10947146, registered in England as a Community Interest Company (CIC); “Invona” means Invona Limited, company number 08373485, registered in England; “Yola” means Yola, Inc., a company based in San Francisco, California, USA (www.yola.com). Other definitions: “DBS” means Disclosure and Barring Service (see gov.uk/government/organisations/disclosure-and-barring-service for more information).
We update this privacy notice from time to time in keeping with how we handle your information. We also review it at least once a year (in May) to ensure it is maintained appropriately.
The key contributors are Keeley de Freese (TouchBase Co-Ordinator) and Louise Michelle Bomber (Clinical Lead of TouchBase Centre CiC).
The last time this privacy notice was updated was on Friday 25th May 2018.
This privacy notice tells you what to expect when TouchBase collects personal information. This applies to information we collect for the following, which are detailed in headings below:
We only use the information you provide to us in keeping the UK data protection law, including the General Data Protection Regulation, an EU regulation.
Any personal information is coded and then stored on an encrypted memory stick or on a secure encrypted cloud service using an encrypted laptop or iPad. Codes are stored securely on MyGlue, which is protected with multi-factor authentication (MFA). MyGlue is a product provided by ITGlue, a secure documentation vendor.
To keep your information secure, we have a clear information security policy to minimise risk related to any of your information, especially where it contains sensitive personal data (as defined by the GDPR), or other information which may have high risk associated with it (especially in the event of an inappropriate disclosure).
To achieve this we classify information and handle it with appropriate security measures in place for that information.
Here are some examples of things we do to keep your information safe where we are storing or processing it:
Seguridad (SGD) – Child/young person’s, key adults’ and school’s contact details, reason for referral, other agencies involved with contact numbers; brief summary of traumas and losses experienced by the child; report and individual development plan written by TouchBase Associate.
All therapeutic services we offer [Individual therapy (THY), Theraplay (TPL), DDP (DDP), Therapeutic parenting (TPA), Flying Free (FFR)] – contact details, reason for referral, areas that need support, other agencies involved, consent to work therapeutically, brief session notes, review report every 12 session phase, assessment results of mental health needs for children and young people, different assessment tools to inform the work, evaluation on close written by therapist.
Team Pupil support groups (TPS) – Education staff’s names, roles, email addresses, school names and contact numbers, and a log of which groups they have attended for issuing certificates – only for those who have given consent.
Plot 22 (P22) – Contact details, consent forms, and photo journal of the therapeutic day at Plot 22 allotment project.
Adopters Supporting Education Groups (ASE) – Name, email address, contact number to log their participation in a group/workshop until the group/workshop has taken place. This information is kept on a secure spreadsheet for those who have consented to us contacting them about future events and groups we run.
Seguridad (SGD) – To enable arrangements to be made for the intervention to take place; to enable the best possible advice to be given; to enable the report, fact file and an individual development plan to be written specifically for the child to help their adaption and recovery.
All therapeutic services we offer [Individual therapy (THY), Theraplay (TPL), DDP (DDP), Therapeutic parenting (TPA), Flying Free (FFR)] – To inform the therapy work, to assess progress and to inform commissioners of the therapy work for further funding if needed.
Team Pupil support groups (TPS) – To keep education staff up to date about groups this academic year, next academic year and/or as they remain in Year 3 for ongoing support. To track attendance for issuing certificates.
Plot 22 (P22) – In case of repercussions from the day such as food allergies. Photos are to journal the day and are given to the child and their key adult after the day. To inform therapy work and to inform commissioners if further support needed. To support Team pupil with information on how to best relate to the child.
Adopters Supporting Education Groups (ASE) – To keep in touch with parents about the workshops they have signed up for or to inform them about future events and groups we will run that may be of interest to them.
Seguridad – Education staff, social worker, parents/carers are asked to complete a consent form before the Seguridad commences/at the first meeting.
Therapy service – Clients (+13) are asked to complete an agreement and consent form during the first couple of sessions
Plot 22 – Parents/Carers or the child’s Key Adult from school are asked to complete a consent form before attending Plot 22.
Seguridad – A member of the TouchBase Education team, the TouchBase editor who is also a therapist, one of the therapy team for the education supervision and the Clinical Lead. Local services co-ordinator will see referral form only.
Therapy service – A member of the TouchBase therapy team, the TouchBase editor who is also a therapist and the Clinical Lead (if appropriate). The TouchBase Co-ordinator who co-ordinates the local services sees the referral form only.
Plot 22 – A member of the TouchBase Education team and the Therapy team. Clinical lead as and when necessary. The TouchBase Co-ordinator who co-ordinates the local services only sees the referral form.
Children (5 to 18 years old) do not have access. They only have access when they are 18.
Adults (18 years old and above) can have access to their personal data, as long as there are not any other implications, for example safeguarding or mental health concerns. They would need to talk to their therapist about this or email email@example.com.
Foundational courses (FOC) – Booking Forms including contact details for the event is kept on file until the event, and then shredded securely afterwards. Booking contracts are kept on file and securely shredded after the event has been paid for.
Attachment Lead course (ALC) - Booking Forms (with contact details) and students application forms are kept on file until the course is completed and then shredded securely afterwards. Booking contracts are kept on file and securely shredded after the event has been paid for. Student assignments are kept for marking and moderating purposes and then returned to the student or securely destroyed. Consent forms, registers, evaluation forms, grading sheets and course marks are kept on file and after three years these are shredded securely. Consent forms are signed for these purposes.
Key Notes (KNO) - Booking Forms including contact details for the event is kept on file until the event, and then shredded securely afterwards. Booking contracts are kept on file and securely shredded after the event has been paid for.
Foundational courses (FOC) – To enable the training event to be co-ordinated and organised; and to enable the trainer’s preparation for the event. To guarantee payment for the event.
Attachment Lead course (ALC) - To enable the training event to be co-ordinated and organised; and to enable the trainer’s preparation for the event. To guarantee payment for the event. To enable students to be registered on the University of Brighton’s database for enrolling, marking and moderation of results. To enable students to attend and successfully complete the course.
Key Notes (KNO) - To enable the training event to be co-ordinated and organised; and to enable the trainer’s preparation for the event. To guarantee payment for the event.
Foundational Courses – We don’t hold personal data for course participants.
Attachment Lead course – Students are asked to complete a consent form prior to the start of the course.
Key Notes – We don’t hold personal data for conference participants.
Foundational Courses – We don’t hold personal data for conference participants. TouchBase Co-ordinator, Training Event Co-ordinator and TouchBase Associates delivering the training courses have access to the Booking Forms and/or Booking Contracts.
Attachment Lead course – TouchBase Associates who are the course tutors delivering the courses and marking assignments. TouchBase Co-ordinator, Training Event Co-ordinator Administrator and Intern.
Key Notes – We don’t hold personal data for conference participants. TouchBase Co-ordinator, Training Event Co-ordinator and TouchBase Associates delivering the training courses have access to the Booking Forms and/or Booking Contracts.
Course attendees can have access to their personal data. They would need to talk to email firstname.lastname@example.org to ask for access.
When someone visits touchbase.org.uk, no personal data is processed. At present, this site doesn’t handle any personal information. Also, we don’t analyse traffic on this site, so no information about your visit is stored.
When someone visits attachmentleadnetwork.net, as our site is built and hosted using a third party service provided by Yola, they in turn use another third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Where we do ask for personally identifiable information, we make this clear, such as in our contact form.
It is important that you don’t submit any sensitive personal information through this site. Personal data submitted through the contact form will be used by us to fulfil any related obligations or expected work, such as handling any requests raised through the form, and will then be removed after these obligations and/or work have been completed.
By continuing to use this website without disabling cookies in your browser, you agree that we can place these cookies on your device.
If you did not see the “Accept Cookies” pop up box when visiting this site, you have either previously accepted or given implied acceptance of our cookies through ignoring this message and continuing to use the site.
As with many websites, your IP address, browser type, referring/exit pages and operating system may be used to monitor server errors, server administration or to monitor visitor behaviour. It is not possible for this to be disabled on a per user basis, so you must not continue using this website if you do not agree with this happening. We also use your IP address and sometimes the country the connection is sourced from to maintain the security of our servers.
Most websites allow some control of most cookies through the browser settings. To find out more about cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
We use an email service that requires Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We also monitor any emails sent to us, including attached files, for malware (such as viruses and ransomware among others). Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
TouchBase has an employed Director and Co-ordinator, volunteers, intern, and a team of self-employed Associates based in Brighton, Bristol and across the UK.
For those applying to work with us on an employed or contractual basis, we will use your information only for progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for up to 6 months from the closure of the recruitment process for the position applied for.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.
If you are employed by TouchBase (at the moment we only have 2 employees), the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment with us, and for 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
For all TouchBase employees, associates, interns and volunteers we work with, we will need to check your criminal record by way of an enhanced DBS check with a clean result before you are able to start working with us to protect the sensitive work we do.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
TouchBase Centre CIC have also engaged Invona Ltd to provide some of the content for these policies, and are therefore permitted to use this internally for the purpose it was created for. Beyond that, Invona Ltd maintain the copyright for any parts of this document that are their own work, and not directly taken from the ICO website and therefore not covered under the open license detailed above.
Keeley de Freese and Louise Bombér also contributed, especially the details regarding how personal information is used by their services.