PRIVACY STATEMENT FOR OUR PROGRAMMES AND FELLOWSHIP
Who is this statement intended for?
This Privacy Statement applies to the following individuals:
Frontline Leadership Programme pre-registrants, registrants, applicants and participants
Firstline Leadership Programme registrants, applicants and participants
The Frontline Organisation regards the lawful and correct treatment of personal data as critical to successful working and to maintaining the confidence of those with whom we deal. To this end, we will adhere to the General Data Protection Regulations (GDPR) and any other current data protection or privacy legislation.
If you have any concerns about the privacy of your data or rights under GDPR then please contact Data Protection Lead, Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ or email@example.com
The Frontline Organisation is a data controller and delivers its training programmes by working alongside some key delivery partners. Although we may share your data with these partners (see below) they are also data controllers in their own right and may have new purposes for the data or wish to collect or process new personal data from you. They may, therefore, issue their own privacy notices at appropriate stages.
What personal data are collected and processed and for what purposes?
We may collect and process personal data on you for the purposes of attracting and recruiting individuals, creating and delivering Frontline’s training programmes, engaging and supporting participants within its programmes, to manage the Fellowship, and for improving, expanding and evaluating those programmes and Fellowship.
Frontline and Firstline programme applications and participation
Data we collect from you will include, but not be limited to, your name, contact details, date of birth. We also collect and process information regarding your prior educational and employment history and your on-going performance during the selection process. This can include online tests and recorded online video interviews.
When you apply we may ask you (at your entire discretion and only with your consent) to disclose to us certain sensitive personal information regarding (a) any disability you may have so that we can make any adaptations; (b) your ethnic origin, sexual orientation, religious affiliations or personal history so that we can monitor diversity and mobility; (c) information regarding your health (such as a known medical condition, medication that you are taking, etc.), which could be used by first aiders and emergency responders in case of you being taken ill whilst participating in Frontline’s selection process or as an enrolled participant (e) any other information to help to administer your application on the programme.
If you are invited to attend interviews, assessment or other selection events, or participate in training and coaching sessions we may capture video footage and photographs of you. This will be used for selection, assessment, training, venue provision or quality assurance purposes and for no other purposes.
We may also, with your consent, take photographic images or video/audio of you (e.g. at work, in training) for use in marketing, promotional and other materials. Video/audio captured for selection, assessment or training purposes will not be used for any marketing purposes.
Either to manage bursaries or other payments we will require your bank details and may also require benefits information, National Insurance Number and Tax Identification Number.
Frontline programme only
To prevent fraud or to carry out Disclosure & Baring Service checks we may also verify the authenticity of documents with a scanner and take copies of official certificates and proof of ID such as certificates, passport, visas, and/or your driving licence.
Any offer of a place on the Frontline Leadership Programme is conditional on suitability checks and we are required by the Health and Care Professions Council, or any successor, to collect from you certain sensitive personal information, namely about your physical and/or mental health (including reports from your GP and/or occupational health organisations), criminal or disciplinary records, and any previous history with social service departments. This will exclusively be used to evaluate (a) your suitability for social work training (all offers are always conditional upon satisfactory health and Disclosure and Baring Service checks), and/or (b) in limited circumstances, your suitability to continue with Frontline’s Programme.
We may also collect personal data about you from third parties, such as references supplied by former employers.
If you are accepted onto the Frontline Leadership Programme we will continue to gather and collect information about you via direct contact with you, and by receiving information on your progress from the University of Bedfordshire or Lancaster University and the local authority in which you are working.
We will collect your personal data in connection with your practical and academic experience for the purposes of assessing your progress and for teaching and research purposes. We may also maintain records and notes on Frontline participants to assess academic and professional conduct throughout the programme, as well as any pastoral or welfare needs.
We may also use your email address and/or phone number to identify other individuals on social media sites who might be interested in the Frontline programme and direct advertising to them. For example, we may create ‘lookalike’ audiences on Facebook. This involves providing your email address to Facebook so they can determine if you have a Facebook account. If you do, Facebook will then identify the common qualities and interests of those interested in or applying to the Frontline programme to find an audience of people who are similar to them.
Where you have consented to receiving electronic marketing communications we may also use your email address and/or phone number to match to your account on Facebook or other social media sites in order to show you Frontline content while using these services.
You can choose to prevent the use of your data for such marketing purposes by contacting firstname.lastname@example.org. Please note that updating your preferences with Frontline will not guarantee that you never see Frontline content on social media, as the social media site may select you based on other criteria. Objecting to processing for marketing purposes will not affect your application to or place on the Frontline programme.
Firstline programme only
We may collect feedback from your colleagues as part of the 360 diagnostic.
When you complete one of our programmes you will automatically become part of the Fellowship. You will receive more information when you become a fellow and existing fellows can opt out by contacting email@example.com. As a fellow we may collect some further information from you such as career destinations, professional interests, fellowship activity, mentoring notes and survey responses. We may use data collected from surveys to invite you to specific events. We sometimes film Fellowship events and will do so in line with Frontline policy ensuring consent is obtained if appropriate. We may also process data about you if it is already publicly available. Frontline also at times invites fellows to apply for certain opportunities and we will process data relating to this. To enable professional networking we may use social media sites such as Facebook Workplace and invite you to participate.
The Frontline Organisation continually conducts research and evaluation in order to improve and expand its programmes and Fellowship and contribute towards wider research into social work. We will, therefore, use your data to conduct statistical research and, if shared, it will be anonymised so that personal identifiers are removed. Frontline may have a need to collect new data from you via a survey for research purposes. If you are approached you can decline to take part and to request no further similar approaches are made to you.
On what lawful basis do we collect and process your data?
For (non-sensitive) personal data we rely on our legitimate interests.
This means that The Frontline Organisation has made a careful assessment on the most appropriate lawful means to collect and process the data. This decision is based on the following: we have identified a lawful business objective; processing is not likely to result in unwarranted harm or distress to you; the processing is in your interest; the processing would be expected by you. You can object to this processing at any time and we will no longer process your personal data unless we can demonstrate compelling legitimate or legal grounds. You should be aware that to stop processing may affect your ability to complete your application or participate in a programme or the Fellowship and if so we will explain our reasoning.
For special categories of data (sensitive data) we rely on your consent.
This includes racial or ethnic origin, political opinions, religious of philosophical beliefs, sexual orientation, mental and physical health. Your consent is also sought for processing criminal record checks we carry out. You can withdraw consent and we will inform you if this will have an impact on your application or continuing participation.
If we send you material that is explicitly for marketing purposes we shall rely on your prior consent which you can withdraw at any time. Photography or video used for marketing or publicity will also rely on your prior consent. If you register or participate in one of our programmes we apply our legitimate interest to send you our programme related information newsletters (‘UpFront’) to which you can unsubscribe at any time.
Who will your information be shared with?
Whenever we share your information, we always require strict compliance with data protection legislation from the third party and we ensure appropriate controls are in place to protect it.
Frontline Leadership Programme
We share data with our programme partners to assess your eligibility and suitability, to support you whilst on the training programme, to facilitate your participation, and to evaluate the Programme. To help us illustrate and prove our impact we may use anonymised feedback data and include it on our website and in published or unpublished reports.
If you receive a conditional offer or enrol onto the Frontline programme these are the organisations that we may share your information with:
Statutory or funding bodies e.g. the Department for Education
University of Bedfordshire
Bedfordshire Students’ Union (Beds SU)
Occupational Health Providers e.g. Maitland Medical
Warwick Conferences, University of Warwick and other venue providers
Frontline’s external and internal auditors.
Trusted third parties that Frontline works with to deliver or evaluate its programmes
If you register or apply for the Frontline programme, we may share your data in an encrypted format with social media companies for the purpose of identifying other individuals who might be interested in the Frontline programme (see above). We may also share your data with our partner media agencies who may also share your data with social media companies on our behalf.
Firstline Leadership Programme
We share necessary data with our programme partners to facilitate your participation and to evaluate the programme. To help us illustrate and prove our impact we may use anonymised feedback data and statistics and include it on our website and in published or unpublished reports.
If you obtain a place on the Firstline programme these are the organisations that we may share your information with:
Venue providers eg. Crowne Plaza
External evaluators eg. King’s College
In addition we send Firstline Leaders’ anonymised demographic data, work and career information, and feedback on the programme to the Department for Education, funders or trusted third parties.
We may share your personal data with external parties where the data is needed for Fellowship activity but we will request your permission before doing so. To help us illustrate and prove our impact we may use anonymised feedback data and statistics and include it on our website and in published or unpublished reports.
Our information security policies and how we protect your data
The Frontline Organisation is certified to ISO27001 standard for managing its information security. The means we are externally audited to a recognised international standard to ensure we have in place appropriate technical and organisational measures to protect data from unauthorised access. In addition to a Data Protection Policy to which all staff must adhere to we have a number of policies to control how data is protected such as the use of encryption, security of data in transit, clear desk policy, mobile working policy, access control and password policy, information sensitivity policy, virus protection and network security.
International transfers of data
Data processors are third parties who provide elements of our services for us. We have contracts in place with our data processors some of whom are international companies. If the companies store your data within the EEA then this is deemed to provide adequate safeguards under EU law. If they do not, and are not listed in an EU-approved third country list, then we follow GDPR guidance to ensure the individual processors in question have adequate safeguards to protect your data and this is formally agreed within the contract with hold with them. Below is a list or processors we use that involve international transfers and information relating to the safeguards.
Salesforce/Sage/Form Assembly/Survey Monkey/Microsoft Office
Either directly, or indirectly via the software applications we use (Sage People, Form Assembly and Microsoft Office), your personal data is stored in a Salesforce database or with Microsoft. Data includes application forms, survey responses, assessment results, academic and professional data and contact management including emails. Salesforce, Sage, Form Assembly and Microsoft are international companies but your personal data are only stored in data centres within the EU. These companies can, with our agreement, move data outside of EU data centres providing GDPR rules are followed. For example, Salesforce complies with the EU recognised US Privacy Shield and Binding Corporate Rules to legitimise international transfers. Sage and Microsoft provide inter-company Global Data Processing and Transfer Agreements, which incorporate the requirements of the GDPR and include the use of the EU Standard Contractual Clauses for transfers of data outside the EEA. These agreements facilitate the secure movement of personal data internationally whilst ensuring that all processing activities comply with the GDPR. Survey Monkey is an international company and has data centers in the US, Ireland and Canada. It is certified under and complies with the EU-US Privacy Shield.
If we have made a payment to you, some of your data will also be stored in Xero. Xero ensures that this data remains protected by appropriate safeguards in line with EU law.
For further safeguards information here are links to Salesforce, Sage, Form Assembly, Survey Monkey and Microsoft:
In selecting further third party international processors in the future we will ensure that we follow the same GDPR safeguards as above and amend the online versions of this privacy statement to reflect any changes.
Frontline will follow GDPR principles regarding data minimisation both in terms of the volume of data stored on you and how long it is retained for. Personal data shall be kept for no longer than is necessary for the purposes for which it is being processed. There are some circumstances where personal data may be stored for longer periods (e.g. legal, regulatory, archiving or research purposes). The period for which the personal data is stored will be limited to a strict minimum and that time limits are established by Frontline for deletion of the records or for a periodic review.
We will therefore ensure personal data is securely disposed of when no longer needed in line with our data retention policy which is subject to periodic change.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you providing it does not infringe the rights of others.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling.
Right to judicial review: in the event that Frontline refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
In the event that you wish to make a complaint about how your personal data is being processed please contact Data Protection Lead, Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ or firstname.lastname@example.org. If you are not satisfied how your compliant is handled by Frontline you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel 0303 123 1113.