You can find more information below about what information we collect, how we collect it, what we do with it, how we protect it, how long we keep it for and how to get in touch with us regarding any personal data requests that you might want to raise with us.
You have a right to be informed, which means that we need to give you clear information about the way in which we use, share and store your personal information.
If you’d rather not read the whole of this document, here are the key things you might want to note about how we handle your information:
- We operate a strict information security policy appropriate to the nature of the work we do.
- We work with an external service provider, namely Invona, to make sure we do it right.
- We document what information we hold, what it’s held for and for how long.
- We are ready to look after any concerns you may have regarding information we hold related to you.
We use a number of third parties to securely store and/or process information for us to perform our operations as an organisation, which are summarised here:
- Invona for IT services including remote support and management of our systems, and web services;
- and Open Formula for the Attachment Lead Network website and TIE website;
- Microsoft Office 365 and DeliverySlip.com for secure online services such as email and file sharing and storage;
- Domain and website hosting and analytics;
There are also contact details at the end of this form if you need to get in touch with us regarding data protection.
The following definitions apply for this policy:Organisations:“TouchBase” means TouchBase Centre CIC, community number 10947146, registered in England as a Community Interest Company (CIC);“Invona” means Invona Limited, company number 08373485, registered in England;“Yola” means Yola, Inc., a company based in San Francisco, California, USA (www.yola.com).Other definitions:“DBS” means Disclosure and Barring Service (see gov.uk/government/organisations/disclosure-and-barring-service for more information).
Changes to this Privacy Notice
We update this privacy notice from time to time in keeping with how we handle your information. We also review it at least once a year (in May) to ensure it is maintained appropriately.
The key contributors are Keeley de Freese (TouchBase Co-Ordinator) and Louise Michelle Bomber (Clinical Lead of TouchBase Centre CiC).
The last time this privacy notice was updated was on Friday 25th May 2018.
How we use your personal information
This privacy notice tells you what to expect when TouchBase collects personal information. This applies to information we collect for the following, which are detailed in headings below:
- people who use our services, for example, who subscribe to communications, complete the 7-day Attachment Lead in Schools Courses, or engage with our therapy services or education services, including:
- Therapeutic Support Services for Brighton and Bristol;
- Training across the UK.
- visitors to our touchbase.org.uk website;
- visitors to our attachmentleadnetwork.net website;
- TouchBase employees, associates, interns and volunteers, or those who apply to work with us.Each of the above are explained specifically under headings below.
We only use the information you provide to us in keeping the UK data protection law, including the General Data Protection Regulation, an EU regulation.
How we protect your personal information
Any personal information is coded and then stored on an encrypted memory stick or on a secure encrypted cloud service using an encrypted laptop or iPad. Codes are stored securely on MyGlue, which is protected with multi-factor authentication (MFA). MyGlue is a product provided by ITGlue, a secure documentation vendor.
To keep your information secure, we have a clear information security policy to minimise risk related to any of your information, especially where it contains sensitive personal data (as defined by the GDPR), or other information which may have high risk associated with it (especially in the event of an inappropriate disclosure).
To achieve this we classify information and handle it with appropriate security measures in place for that information.
Here are some examples of things we do to keep your information safe where we are storing or processing it:
- use strong, unguessable passwords, updated at appropriate intervals;
- protect sensitive information with multi-factor authentication;
- encrypt every device with strong encryption;
- keep our software and devices up-to-date to minimise vulnerabilities;
- maintain up-to-date reputable malware protection.
Therapeutic Support Services for Brighton and Bristol
The information we hold
- Seguridad (SGD) – Child/young person’s, key adults’ and school’s contact details, reason for referral, other agencies involved with contact numbers; brief summary of traumas and losses experienced by the child; report and individual development plan written by TouchBase Associate.
- All therapeutic services we offer [Individual therapy (THY), Theraplay (TPL), DDP (DDP), Therapeutic parenting (TPA), Flying Free (FFR)] – contact details, reason for referral, areas that need support, other agencies involved, consent to work therapeutically, brief session notes, review report every 12 session phase, assessment results of mental health needs for children and young people, different assessment tools to inform the work, evaluation on close written by therapist.
- Team Pupil support groups (TPS) – Education staff’s names, roles, email addresses, school names and contact numbers, and a log of which groups they have attended for issuing certificates – only for those who have given consent.
- Plot 22 (P22) – Contact details, consent forms, and photo journal of the therapeutic day at Plot 22 allotment project.
- Adopters Supporting Education Groups (ASE) – Name, email address, contact number to log their participation in a group/workshop until the group/workshop has taken place. This information is kept on a secure spreadsheet for those who have consented to us contacting them about future events and groups we run.
- Adopters Supporting Education Clinics (ASC) – Name, email address, contact number to log their participation at a clinic until the clinic has taken place. This information is kept on a secure spreadsheet for those who have consented to us contacting them about future events and groups we run. A brief summary of the issues discussed and advice shared by Anne Henderson is kept on file in a locked filing cabinet.
What we do with your information
- Seguridad (SGD) – To enable arrangements to be made for the intervention to take place; to enable the best possible advice to be given; to enable the report, fact file and an individual development plan to be written specifically for the child to help their adaption and recovery.
- All therapeutic services we offer [Individual therapy (THY), Theraplay (TPL), DDP (DDP), Therapeutic parenting (TPA), Flying Free (FFR)] – To inform the therapy work, to assess progress and to inform commissioners of the therapy work for further funding if needed.
- Team Pupil support groups (TPS) – To keep education staff up to date about groups this academic year, next academic year and/or as they remain in Year 3 for ongoing support. To track attendance for issuing certificates.
- Plot 22 (P22) – In case of repercussions from the day such as food allergies. Photos are to journal the day and are given to the child and their key adult after the day. To inform therapy work and to inform commissioners if further support needed. To support Team pupil with information on how to best relate to the child.
- Adopters Supporting Education Groups (ASE) – To keep in touch with parents about the workshops they have signed up for or to inform them about future events and groups we will run that may be of interest to them.
- Adopters Supporting Education Clinics (ASC) – To keep in touch with parents about the clinics they have signed up for or to inform them about future events and clinics we will run that may be of interest to them.
How we manage your consent
- Seguridad – Education staff, social worker, parents/carers are asked to complete a consent form before the Seguridad commences/at the first meeting.
- Therapy service – Clients (+13) are asked to complete an agreement and consent form during the first couple of sessions
- Plot 22 – Parents/Carers or the child’s Key Adult from school are asked to complete a consent form before attending Plot 22.
- Support groups and clinics – Education staff and parents are asked to complete a consent form when they attend their first group or clinic with TouchBase.
Who has access to this information
- Seguridad – A member of the TouchBase Education team, the TouchBase editor who is also a therapist, one of the therapy team for the education supervision and the Clinical Lead. Local services co-ordinator will see referral form only.
- Therapy service – A member of the TouchBase therapy team, the TouchBase editor who is also a therapist and the Clinical Lead (if appropriate). The TouchBase Co-ordinator who co-ordinates the local services sees the referral form only.
- Plot 22 – A member of the TouchBase Education team and the Therapy team. Clinical lead as and when necessary. The TouchBase Co-ordinator who co-ordinates the local services only sees the referral form.
- Support groups and clinics – A TouchBase Associate delivering the Support Group and clinic. The TouchBase Co-ordinator would see names and email addresses of those making enquiries. The Support Group Host volunteer would see the names of those attending as registers guests.
Who has access to this information
Children (5 to 18 years old) do not have access. They only have access when they are 18.
Adults (18 years old and above) can have access to their personal data, as long as there are not any other implications, for example safeguarding or mental health concerns. They would need to talk to their therapist about this or email firstname.lastname@example.org.
Training across the UK
The information we hold
- Foundational courses (FOC) – Booking Forms including contact details for the event is kept on file until the event, and then shredded securely afterwards. Booking contracts are kept on file and securely shredded after the event has been paid for.
- Attachment Lead course (ALC) – Booking Forms (with contact details) and students application forms are kept on file until the course is completed and then shredded securely afterwards. Booking contracts are kept on file and securely shredded after the event has been paid for. Student assignments are kept for marking and moderating purposes and then returned to the student or securely destroyed. Consent forms, registers, evaluation forms, grading sheets and course marks are kept on file and after three years these are shredded securely. Consent forms are signed for these purposes.
- Key Notes (KNO) – Booking Forms including contact details for the event is kept on file until the event, and then shredded securely afterwards. Booking contracts are kept on file and securely shredded after the event has been paid for.
- Attachment Lead Website (ALN) – Attachment Leads contact details are added to the website if they have completed a consent form.
What we do with your information
- Foundational courses (FOC) – To enable the training event to be co-ordinated and organised; and to enable the trainer’s preparation for the event. To guarantee payment for the event.
- Attachment Lead course (ALC) – To enable the training event to be co-ordinated and organised; and to enable the trainer’s preparation for the event. To guarantee payment for the event. To enable students to be registered on the University of Brighton’s database for enrolling, marking and moderation of results. To enable students to attend and successfully complete the course.
- Key Notes (KNO) – To enable the training event to be co-ordinated and organised; and to enable the trainer’s preparation for the event. To guarantee payment for the event.
- Attachment Lead Website (ALN) – To enable the Attachment Lead’s contact details to be added to the website so that others can approach them for possible research, enquiries and employment purposes. To enable a TouchBase administrator to contact them to let them know about the Attachment Lead Network meetings going on around the UK.
How we manage your consent
- Foundational Courses – We don’t hold personal data for course participants.
- Attachment Lead course – Students are asked to complete a consent form prior to the start of the course.
- Key Notes – We don’t hold personal data for conference participants.
- Attachment Lead Website – Attachment leads are asked to complete a consent form upon completion of the Attachment Lead course.
Who has access to this information
- Foundational Courses – We don’t hold personal data for conference participants. TouchBase Co-ordinator, Training Event Co-ordinator and TouchBase Associates delivering the training courses have access to the Booking Forms and/or Booking Contracts.
- Attachment Lead course – TouchBase Associates who are the course tutors delivering the courses and marking assignments. TouchBase Co-ordinator, Training Event Co-ordinator Administrator and Intern.
- Key Notes – We don’t hold personal data for conference participants. TouchBase Co-ordinator, Training Event Co-ordinator and TouchBase Associates delivering the training courses have access to the Booking Forms and/or Booking Contracts.
- Attachment Lead Website – Open Formula to input the data onto the website, TouchBase Co-ordinator, Administrator and Intern. However this is all consented to by individuals and so the personal data is in the public domain.
Who has rights to access the personal data we hold for them
Course attendees can have access to their personal data. They would need to talk to email email@example.com to ask for access.
Visitors to our touchbase.org.uk website
When someone visits touchbase.org.uk, no personal data is processed. At present, this site doesn’t handle any personal information. Also, we don’t analyse traffic on this site, so no information about your visit is stored.
Visitors to our attachmentleadnetwork.net website
When someone visits attachmentleadnetwork.net, as our site is built and hosted using a third party service provided by Yola, they in turn use another third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Where we do ask for personally identifiable information, we make this clear, such as in our contact form.
It is important that you don’t submit any sensitive personal information through this site. Personal data submitted through the contact form will be used by us to fulfil any related obligations or expected work, such as handling any requests raised through the form, and will then be removed after these obligations and/or work have been completed.
- Some cookies used on this website collect information about how visitors use it, such as which pages are visited most often, and if error messages are displayed. These particular cookies keep these two rules:
- None of these cookies collect information that identifies a visitor;
- All information these cookies collect is aggregated and therefore anonymous;
- Disabling cookies on this website may affect your experience on this website and other websites, or prevent them from working;
- Some cookies are essential to provide the ability to navigate around this site;
- Some cookies used on this website allow it to remember choices you make (such as your username, language or region) and provide enhanced, more personal features.
- They can also be used to remember customisations regarding how the site is displayed, or to hold information when posted information on the site (for those who are permitted to).
By continuing to use this website without disabling cookies in your browser, you agree that we can place these cookies on your device.
If you did not see the “Accept Cookies” pop up box when visiting this site, you have either previously accepted or given implied acceptance of our cookies through ignoring this message and continuing to use the site.
As with many websites, your IP address, browser type, referring/exit pages and operating system may be used to monitor server errors, server administration or to monitor visitor behaviour. It is not possible for this to be disabled on a per user basis, so you must not continue using this website if you do not agree with this happening. We also use your IP address and sometimes the country the connection is sourced from to maintain the security of our servers.
Most websites allow some control of most cookies through the browser settings. To find out more about cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.
People who email us
We use an email service that requires Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We also monitor any emails sent to us, including attached files, for malware (such as viruses and ransomware among others). Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who work with us
TouchBase has an employed Director and Co-ordinator, volunteers, intern, and a team of self-employed Associates based in Brighton, Bristol and across the UK.
For those applying to work with us on an employed or contractual basis, we will use your information only for progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for up to 6 months from the closure of the recruitment process for the position applied for.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.
Current and former employees
If you are employed by TouchBase (at the moment we only have 2 employees), the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment with us, and for 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
DBS checks for contractors and employees, associates, interns and volunteers
For all TouchBase employees, associates, interns and volunteers we work with, we will need to check your criminal record by way of an enhanced DBS check with a clean result before you are able to start working with us to protect the sensitive work we do.
Links to other resources
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
How to contact us
TouchBase Centre CIC have also engaged Invona Ltd to provide some of the content for these policies, and are therefore permitted to use this internally for the purpose it was created for. Beyond that, Invona Ltd maintain the copyright for any parts of this document that are their own work, and not directly taken from the ICO website and therefore not covered under the open license detailed above.
Keeley de Freese and Louise Bombér also contributed, especially the details regarding how personal information is used by their services.