Privacy policy

1. Introduction

Tiny Hearts Family Contact Services is committed to maintaining the highest standards of privacy and data protection for all individuals who interact with our services. We recognize that the personal and sensitive information entrusted to us must be handled with the utmost care, diligence, and transparency. This Privacy Policy provides a detailed and comprehensive overview of how we collect, process, store, and share personal information, ensuring compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy laws. By using our services, staff members, service users, and stakeholders agree to the principles set forth in this document, which serve to protect individual rights and foster trust in our operations.

2. Purpose of This Privacy Policy

This Privacy Policy has been designed to ensure that all individuals associated with Tiny Hearts Family Contact Services fully understand:

  • The types of personal information we collect and the specific methods used to gather this data.
  • The reasons why we collect and process personal information and how it supports the delivery of safe and effective services.
  • The retention periods for different categories of information and the secure measures implemented for storing and disposing of personal data.
  • The legal basis for processing personal data, including legitimate interests, contractual necessity, legal obligations, and explicit consent where applicable.
  • The circumstances under which data may be shared with external parties, including safeguarding agencies, law enforcement authorities, and regulatory bodies.
  • The rights of service users, employees, and volunteers in relation to their personal data, including access, rectification, and erasure requests.
  • The safeguards in place to protect personal data from unauthorized access, misuse, loss, or disclosure.
  • How individuals can raise concerns about data privacy and the procedures for filing complaints with regulatory bodies such as the Information Commissioner’s Office (ICO).

By establishing clear guidelines, this policy ensures that all parties involved in our services understand their rights and responsibilities regarding data protection, reinforcing our commitment to confidentiality and legal compliance.

3. Information We Collect and How It Is Collected

To effectively provide our services and maintain a safe and regulated environment, Tiny Hearts Family Contact Services collects and processes a range of personal and sensitive data. The types of data we collect include, but are not limited to:

Personal Data:

  • Identifying Information: Full name, date of birth, gender, and relationship to the child or individual accessing our services.
  • Contact Information: Residential address, telephone number, email address, and emergency contact details.
  • Identity Verification: Photographic identification (passport, driver’s license), proof of address, and documentation required for safeguarding assessments.

Sensitive Personal Data (Special Category Data):

  • Health and Wellbeing Information: Mental health history, disability status, and medical conditions that may impact participation in services.
  • Safeguarding Information: Reports related to child protection concerns, risk assessments, and intervention plans from social services, law enforcement, or other safeguarding agencies.
  • Legal and Court-Ordered Information: Details of any court orders, child custody agreements, and legal instructions governing access to services.
  • Criminal Record Checks (DBS): Disclosure and Barring Service (DBS) certificates for staff and volunteers, ensuring compliance with child protection regulations.

Service Usage Data:

  • Attendance Records: Logs of sessions attended, reasons for absence, lateness, and any related concerns.
  • Referral Information: Data received from partner organizations, such as CAFCASS, social workers, legal representatives, and external agencies.
  • Communications Data: Emails, telephone calls, written correspondence, and recorded concerns that relate to service use and compliance.

How We Collect This Information:

Tiny Hearts Family Contact Service gathers information through various channels, including:

  • Referral Forms submitted by partner agencies, legal representatives, or individuals seeking access to services.
  • Direct Communications via telephone, email, or in-person interactions during initial consultations and ongoing service engagement.
  • Safe Referral System (SRS) Applications, a secure platform used for managing case files and service user information.
  • Supporting Documentation provided by professionals, such as social workers, family court representatives, or mental health specialists.
  • Observational Records and Safeguarding Reports maintained by staff members and volunteers in compliance with child welfare regulations.

All data collected is subject to strict confidentiality protocols and is used solely for lawful purposes in accordance with this Privacy Policy.

4. How We Use Personal Data

Tiny Hearts Family Contact Services processes personal information for several legitimate purposes, ensuring that all actions taken align with legal and ethical responsibilities. The information collected is used for the following key functions:

Service Provision and Operational Management:

  • To coordinate and deliver supervised contact sessions in accordance with court orders, legal agreements, or voluntary arrangements.
  • To create and maintain accurate service user records for monitoring progress, addressing concerns, and ensuring continuity of care.
  • To communicate with service users and stakeholders regarding session schedules, updates, and important notices.
  • To handle inquiries, feedback, and complaints effectively and maintain a responsive service framework.

Safeguarding and Risk Management:

  • To assess and mitigate risks associated with the contact sessions, ensuring child safety and well-being.
  • To report safeguarding concerns to relevant authorities when necessary, in accordance with statutory child protection procedures.
  • To monitor compliance with policies governing conduct within the contact centre, ensuring the safety of children, parents, and staff.

Legal and Regulatory Compliance:

  • To comply with legal obligations, such as reporting to courts, social services, and regulatory bodies.
  • To respond to data subject requests, including access, correction, and deletion requests in compliance with data protection laws.
  • To cooperate with external audits and inspections, particularly those conducted by the NACCC (National Association of Child Contact Centres) or other governing organizations.

Statistical and Service Improvement Purposes:

  • To conduct anonymous data analysis for improving services and identifying trends that inform best practices.
  • To evaluate staff and volunteer performance based on service feedback, attendance patterns, and incident reports.

We strictly prohibit the use of personal data for marketing purposes or any activities unrelated to the core functions of the contact centre.

5. Data Retention and Secure Storage

The retention periods for different categories of personal data are determined based on legal requirements and best practices in safeguarding and data management. The following retention schedule applies:

Appendix 1

File TypeRetention Period
Complaints against the Contact Centre1 year post-resolution
Family Files3 years post-involvement
Safeguarding/Child Protection RecordsIndefinitely (accessible until the child reaches age 25)
DBS Check RecordsRecord of date, reference number, and decision kept (not certificate)
HR Files (Staff & Volunteers)6 years after employment/volunteering ends
Parental Leave Records5 years (or 18 years if related to disability allowance)
Finance Records6 years from the end of the financial year
Accident Books & Safeguarding PaperworkIndefinitely
Unused Staff Records (over 3 years)Secure disposal

Sensitive information is stored using encryption and access-controlled systems to prevent unauthorized access, loss, or theft.

6. Data Sharing, Security, and Rights

  • We only share personal data with authorized individuals and external agencies when legally required or for safeguarding reasons.
  • We implement stringent security measures, including encrypted databases, secure storage facilities, and access restrictions for staff.
  • Service users have the right to access, amend, or request deletion of their data unless legal or safeguarding obligations require retention.

For further details on data rights, security policies, and how to submit a privacy request, please refer to Sections 6-10 of this policy.

By adhering to these principles, Tiny Hearts Family Contact Services ensures compliance with legal frameworks and ethical standards, fostering a secure and trusting environment for all individuals.