Privacy Policy

This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

We want you to be fully informed about your rights, how The Forward Trust uses your data, and how we protect your privacy. We promise to respect any of your personal information which is under our control and to keep it safe. We aim to be clear when we collect your information about what we will do with it.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.



In this Privacy Policy, “Forward Trust”, “FT”, “we”, or “our” means:

  • The Forward Trust (Registered Company (2560474) and Registered charity in England and Wales (1001701)
  • Vision Housing
  • Forward Trust Enterprise Fund
  • BlueSky Services

Depending on your interactions with us we collect information from a variety of sources such as:

  • When you use our services
  • When you visit our websites
  • When you provide information to us directly
  • When you provide it to us indirectly via a third party - such as via professional referrals or professional fundraising agencies, where you’ve given them permission to share the information they hold about you with us
  • Other sources (such as social media or information available in the public domain)
  • When you choose to complete any surveys we send you
  • When you ask one of our partners to email you information about a product or service
  • When you contact us by any means with queries, complaints etc.

 

Data protection laws mean that each use we make of personal information must have a “legal basis”. The relevant legal bases are set out in the General Data Protection Regulation (EU Regulation 2016/679) and in current UK data protection legislation.

 

Specific consent
Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example when you engage with our services).  Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time.

Legal obligation
We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations. For example, a court order may require us to process personal data for a particular purpose and this also qualifies as a legal obligation.

Performance of a contract / take steps at your request to prepare for entry into a contract
We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract. Examples of this would be if you are applying to work/volunteer with us, or being funded to undertake research.

Vital interests
We have a basis to use your personal information where it is necessary for us to protect life or health. For instance if there were to be an emergency impacting one of our service users / clients which required us to contact people unexpectedly or share their information with emergency services.

Legitimate interests
We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).

An example not mentioned under the other bases above where we are relying on legitimate interests is analysis and profiling of our supporters using personal information we already hold.

Special Category Data / Criminal Convictions or Offences
In some circumstances we will need to process information around Special Category Data. These could include race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

In relation to criminal convictions or offences we have a lawful basis as well as be processing the data in an official capacity; or we will meet a specific condition contained in the Data Protection Act 2018.

Information we may collect about you includes:

Website visitors
When someone visits forwardtrust.org.uk we collect data about their behaviour. This is to enable us to find out things such as the number of visitors to our site and what areas are of interest to people. When collecting this information we do not gather any ways to identify anyone. We do not attempt to find out the identities of those visiting. We will not associate any data gathered from this site with any personally identifying information from any source.

If we want to collect personally identifiable information through our website, we will make sure that you are fully aware of this when we ask for your information and we will explain what we intend to do with it.

Cookies
Cookies are small data files which are placed on your computer when you visit certain websites. We use cookies to help improve our website by measuring things like number of visitors we have and if they have visited before. The cookies do not give us access to any personal data.

When you first visit our site, we tell you that it used cookies and give you the opportunity to give your consent. If you don not want to give your consent to this, you can stop browsing our website, or update settings in your browser in order to block cookies from being collected. If you change your mind you can still block them at a later time.

Search engines
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Forward Trust or a third party.

Security and performance
Forward Trust uses a third party service to help maintain the security and performance of the Forward Trust website. To deliver this service it processes the IP addresses of visitors to the Forward Trust website.

Individuals who email us
Any email sent to us, including any attachments, might be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Individuals who send complaints / Data Protection enquires / Freedom of information enquires
When we receive a complaint we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved. We will only use the personal information to investigate the complaint. Under normal circumstances we have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. Although, it may not be possible to handle a complaint on an anonymous basis.

Service Users / Clients
It is necessary for us to process the information of people who have requested our services in order to provide it. We will ask for consent to process this information and only use the information for which the person has agreed too. This information is covered by data protection principles (including GDPR) and compliance to Information Commissioner’s Office (ICO) standards.

For those who use our prison based services we will hold records for 6 years from release date or 2 years from date of death. If the individual is serving a life or ISPP sentence, records are retained for 99 years from date of last contact. For those using community services we will hold records for 5 years from date of last contact or 2 years from date of death. Lastly, in relation to clinical files we will retain these for 20 years from date of last contact, 8 years from date of death. After this time files will be deleted or destroyed.

Applications to Forward Enterprise Fund
For a more detailed description on how Forward Trust process information in relation to the Forward Trust Enterprise Fund please see: https://www.forwardenterprise.org.uk/privacy-policy/

Service Providers reporting a breach

We are required to consider reporting serious security breaches to the Information Commissioner’s Office (ICO). We use the ICO process in order to do this. In relation to all breaches we use the information to inform the actions we need to undertake.

In line with our retention policy we retain logs and breach reports for 10 years unless there is regulatory actions being taken. All information is stored securely and access is restricted according to the ‘need to know’ principle.

We know how much data security matters to all of us and with this in mind we treat your data with the utmost care and take all appropriate steps to protect it. We ensure that there are appropriate technical and organisational controls (including physical, electronic and managerial measures) in place to protect your personal details.

Forward Trust has specific criteria to determine how long we will retain your information for, which are determined by legal and operational considerations. Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and planning.

We have a duty to share information with or without your permission under certain circumstances. Wherever possible, we will discuss this with you first. We have a duty to share information:

  • If the safety/security of other service users, staff or the community is compromised by not revealing information
  • If your Forward team believes you may be at risk of self-harm or risk of harm to any person
  • If your Forward team has concerns for the welfare of any child or children

We ask for your consent to share information with other services or professionals who are important to your care or who hold important information about you.

We will never sell or rent your information to third parties for marketing purposes. However we may disclose your information to third parties in connection with the other purposes:

  • business partners, suppliers and sub-contractors who may process information on our behalf;
  • analytics and search engine providers;
  • IT service providers.

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • The deletion of the data we hold about you, in specific circumstances; for example, when you withdraw consent or object, and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
  • A computer file in a common format (CSV or similar) containing the personal data that you have previously provided to us, and the right to have your information transferred to another entity where this is technically possible.
  • Restriction of the use of your personal data, in specific circumstances, generally while we are deciding on an objection you have made.
  • That we stop processing your personal data, in specific circumstances; for example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal data after you withdraw that consent.
  • Review of any decision made based solely on automatic processing of your data (so where no human has yet reviewed the outcome and criteria for the decision).

You can contact us to request to exercise these rights at any time by contacting us via:

forward.feedback@forwardtrust.org.uk or write to us at:

Governance and Quality Assurance Department,
The Forward Trust
Unit 106-7, Edinburgh House
170 Kennington Lane
London SE11 5DP

If we choose not to action your request, we will explain the reasons for our refusal.

Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office (ICO).

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.

 

If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you, please email us at lorna.cox@forwardtrust.org.uk or write to us at:

Data Protection Officer
Governance and Quality Assurance Department
The Forward Trust
Unit 106-7
Edinburgh House
170 Kennington Lane
London SE11 5DP

If you are unhappy with any aspect of how we are using your personal information we’d like to hear about it. We appreciate the opportunity this feedback gives us to learn and improve. Please email us at forward.feedback@forwardtrust.org.uk or write to us at:

Data Protection Officer
Governance and Quality Assurance Department
The Forward Trust
Unit 106-7
Edinburgh House
170 Kennington Lane
London SE11 5DP

 

You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office, the UK data protection regulator.

 

We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear to you.

Change log

  • 13 November 2019 Policy updated
  • 20 March 2019 Policy updated
  • 14 September Policy published