Privacy policy
This policy describes how and why Frontline uses your personal information, how we protect your privacy, and your rights and choices regarding this information.
1.1 Who we are
In this privacy policy, “The Frontline Organisation”, “Frontline”, “we”, or “our” means The Frontline Organisation (registered charity in England and Wales (116394), a company limited by guarantee in England (09605966).
Frontline is a charity with a mission to make life better for children at risk of harm by improving the services that support them.
You can contact our data protection officer directly at dpo@thefrontline.org.uk
Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ
1.2 Our lawful basis for processing your personal data
Frontline relies on the following legal bases for collecting and processing your personal data:
- Consent – where we require your consent we will provide you with clear guidance on the communications you will receive. You may withdraw your consent at any time by clicking ‘Update your preferences or Unsubscribe’ in the relevant communication.
- Legitimate interest – this includes the furtherance of our charitable interests for example notification of our programmes and training offers, participant administration on any of our programmes or the identification of donors.
- Contract – where you have entered into a contractual agreement with us, we will process your data according to those terms.
- Legal obligation – if the processing of your personal information is necessary for us to comply with a legal obligation. For example, in order to claim Gift Aid on a donation, His Majesty’s Revenue and Customs (HMRC) requires us to retain your Gift Aid declaration which includes personal details such as your name, home address and UK tax-payer status.
Either or multiple of these bases may apply to programme and job applicants, volunteers, or supporters (including potential supporters).
1.3 Collecting your personal information
Personal information means any information which could be used to identify an individual. It does not include information where the identity of the individual has been fully and effectively removed (anonymous data).
We will never sell your personal information to other organisations and will only ever share it in appropriate, legal or exceptional circumstances.
We may collect the following personal information about you:
- Identification information, such as your name.
- Contact information, such as your email address, telephone number and postal address.
- Demographic information, such as your gender, ethnicity or marital status.
- Financial information, such as payment details and billing address.
- Any other information you provide to us when you apply for a programme or tell us your story.
When we collect personal information, we will always explain clearly what information we are collecting, why we are collecting it and how we’ll use it.
There are a number of ways we could receive your personal information.
Directly
If you give us your information directly for any reason. For example, when you apply to any of our programmes, make a donation, fundraise for us or tell us your story.
Indirectly
If you give your information to a third-party to pass on to us. For example through third party recruiting partners such as Indeed, Greater Jobs, Prospects or regional job boards, or by using various fundraising or donation platforms or independent challenge event organisers. We may also work on marketing initiatives with third parties under which they may share your personal information. These independent third parties will only share your personal information with us if you’ve indicated that you’re happy for them to do so. You should check the privacy notices or policies of these third parties when you provide your personal information to them, in order to understand fully how they will process your personal information.
Supporter profiling and research
As a fundraising organisation, we undertake in-house research and from time to time engage specialist agencies such as Prospecting for Gold to gather information about you from publicly available sources, for example, Companies House, the Electoral Register, company websites, ‘rich lists’, social networks such as Linkedin, political and property registers and news archives.
We may also carry out wealth screening to fast track the research using our trusted third-party partners. You will always have the right to opt out of this processing. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. This may include people connected to our current major supporters, trustees or other lead volunteers. We also use publicly available sources to carry out due diligence on donors in line with the charity’s Gift Acceptance Policy and to meet money laundering regulations.
This research helps us to understand more about you as an individual so we can focus conversations we have with you about fundraising and volunteering in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you.
Opting out of supporter research and profiling
It is your right to opt-out of your information being used for any sort of profiling at any time – to do this please send a request to fundraising@thefrontline.org.uk
Website and applications
We also collect certain technical information from you when you interact with our website and other applications. This information includes, for example, your IP address, operating system, browser type and the amount of time you spend on web pages you visit. We collect this information using Cookies and via third-party tools such as Google Analytics. For more information about this, please see below. We sometimes use third-party applications on our website to provide a range of services. For a full list of third-party applications used on our website see below.
1.4 How we use your personal information
Frontline is a data controller under the UK General Data Protection Regulations (GDPR). We will only use your personal information for the purposes for which we stated when we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
We collect your personal information for one or more of the following purposes:
- Provide you with information about us and to communicate with you in general.
- Send you updates about Frontline and our activities, services and programmes.
- Administer your donation or support your fundraising, including processing Gift Aid.
- Administer and process legacies (including establishing entitlement and processing legacy payments).
- Invite you to attend or to organise events.
- Collect your story about your experience or why you chose to support Frontline to use within our communications, for example on our website or on social media channels.
- Report to third parties, such as statutory authorities or other funders, where we are contracted to provide a service on their behalf.
- Advertise to you on third party websites, such as Facebook.
- Create lookalike and remarketing audiences on Facebook and Google, including uploading your email address so we can advertise to people who are similar to you.
- Keep a record of your contact and relationship with us.
- Understand more about you as an individual so we can focus conversations we have with you about training, fundraising and volunteering in the most effective way.
- Cookies (see below).
- Research and evaluation (see below).
Research and evaluation
We continually conduct research and evaluation in order to improve and expand our programmes and Fellowship and contribute towards wider research into social work. For these purposes we collect data from individuals, including staff and participants on our programmes, to conduct statistical and qualitative research and evaluation. If shared outside of the team conducting the research, this data is aggregated and/or anonymised, removing personal identifiers and ensuring that no data can be attributed to any individual. Staff and programme participants can decline to take part and to request no further similar approaches are made.
1.5 How we store your data
Our information security policies and how we protect your data
The Frontline Organisation is certified to ISO27001 and Cyber Essentials Plus standards for managing its information security. The means we are externally audited to a recognised international standard to ensure we have in place appropriate technical and organisational measures to protect data from unauthorised access. In addition to a Data Protection Policy to which all staff must adhere to we have a number of policies to control how data is protected such as the use of encryption, security of data in transit, clear desk policy, mobile working policy, access control and password policy, information sensitivity policy, virus protection and network security.
International transfers of data
Data processors are third parties who provide elements of our services for us. We have contracts in place with our data processors some of whom are international companies. If the companies store your data within the EEA then this is deemed to provide adequate safeguards under EU law. If they do not and are not listed in an EU-approved third country list, then we follow GDPR guidance to ensure the individual processors in question have adequate safeguards to protect your data and this is formally agreed within the contract we hold with them. Below is a list of the third parties that assist us with processing your data:
1.6 Who we share your data with
Frontline will only use the data you have provided us for the purposes for which they were obtained. In some circumstances this necessarily involves our primary funder the Department for Education, and service providers who help us deliver projects. In all these cases, Frontline takes reasonable care to ensure that this processing is limited to what is required and done in accordance with the UK GDPR and contractual obligations.
If you make a donation on our website the payment will be processed by Stripe and if you have opted-in to Gift Aid your address and donation details may be shared with HMRC.
1.9 How long we keep your personal data
Frontline will send news and updates until you click an ‘unsubscribe’ link in relevant correspondence. The email address may be retained to ensure we block further news and updates being sent to you.
If you make a donation, we may need to retain a financial record and Gift Aid information for seven years to comply with HMRC regulations. Information on legacy pledges will be kept for up to 75 years due to the long-term nature of legacy pledges.
Responses to general enquiries will be kept for a period of time in compliance with Frontline’s data retention policy.
We retain data gathered for the purposes of research and evaluation for the minimum period required for the purposes for which it was collected. We may store data gathered for the purposes of research and evaluation indefinitely and reuse it in future research. Frontline has undertaken measures to safeguard this stored data including the secure storage and encryption of interview, pseudonymisation of names and anonymisation of any identifying features of the person being interviewed.
1.7 Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – in the event that The Frontline Organisation refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in Section 1.10 below.
Please send any data subject requests to dpo@thefrontline.org.uk.
1.8 Cookies
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device; for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. These pieces of information are used to improve services for you through, for example:
- enabling a service to recognise your device so you don’t have to give the same information several times during one task
- enabling a service to recognise your device so you don’t have to give the same information several times during one task
- measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast
The cookies do not contain any personal information about you and cannot be used to identify an individual user. If you choose not to accept the cookie, this will not affect your access to the majority of facilities available on our website.
How do third parties use cookies on the Frontline website?
Third party companies such as analytics companies and ad networks generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the Frontline website and other websites that you’ve visited.
You can choose to decline cookies using the pop us message when you first visit Frontline’s website. Additionally, you can decline or remove cookies using the privacy settings in your browser.
Cookies used on our website
Cookie preferences:
| biro_privacy_decision | Used to store your cookie preferences. |
Google (privacy notice):
| _ga | Use for the Google Analytics service, provided by Google, to determine that two distinct hits belong to the same user across browsing sessions. |
| __gtm_referrer | Used for the Google Tag Manager service, provided by Google, to track information for analytics. |
| LOGIN_INFO | Used for the YouTube video player, provided by Google. Used by the YouTube video service on websites with embedded YouTube videos. |
| PREF | Used for the YouTube video player, provided by Google, to to remember user preferences such as language settings, preferred page configuration and playback preferences like autoplay, shuffle content and player size. |
| __Secure-1PAPISID | Used by Google to store user preferences and information when viewing pages with Google maps on them. |
| __Secure-1PSIDTS | Used by Google for targeting purposes to build user profiles and deliver relevant ads. |
| __Secure-3PSID | Used by Google to authenticate users, store session preferences, and perform security measures. |
| __Secure-3PSIDCC | Used by Google to protect users’ data from unauthorised access. |
| __Secure-3PSIDTS | Used by Google to maintain user sessions and preserve their preferences and settings across various Google services and websites. |
| __Secure-ROLLOUT_TOKEN | Used for the YouTube video player, provided by Google, to manage the phased rollout of new features and updates. |
| __Secure-YEC | Used by Google to detect spam, fraud and abuse. |
| __Secure-YENID | Used by Google to prevent fraudulent login attempts. This also contains a Google user ID which can be used for statistics and marketing purposes following a successful login |
| SOCS | Used by Google to store a user’s state regarding their cookies choices. |
| VISITOR_INFO1_LIVE | Used for the YouTube video player, provided by Google, remember your preferences and other information such as your preferred language. Used to enable personalised recommendations on YouTube based on past views and searches and also to detect and resolve problems with the service. |
| VISITOR_PRIVACY_METADATA | Used for the YouTube video player, provided by Google, to store the user’s privacy and consent settings for embedded videos. |
| YSC | Used for the YouTube video player, provided by Google, to prevent spam, fraud, and abuse. |
Meta (privacy notice):
| _fbp | Used by Meta to track visits across websites to deliver a series of advertisement products such as real time bidding from third party advertisers. |
| sb | Used by Meta to identify user’s browsers securely. |
1.9 How to contact us as a data subject
In the event that you have a concern with how your personal data is being processed by The Frontline Organisation please contact the data protection team at
DPO
Frontline
Coram Campus
41 Brunswick Square
London
WC1N 1AZ
020 8629 5120
dpo@thefrontline.org.uk
If, after contacting Frontline, you need to contact a supervisory authority, you may contact the Information Commissioner