Empowering People, Launching lives

Privacy Policy

1. Introduction

BeyondAutism is committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by a third party acting on behalf of an individual. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting it.

Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process that data. This can be for a number of purposes; the means of collection, lawful basis of processing, use, disclosure and retention for each purpose is set out in this policy.

Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference can be made to this privacy statement.


2. Security

We take the security of all the data we hold seriously. Staff are trained on data protection, confidentiality and security.

We have a framework of policies and procedures which ensure we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

All information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online. However, once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


3. Data that we hold

3.1 Our services

We provide services to individuals as well as organisations. The exact data held will depend on the service being provided. Where we engage with individuals, we may collect and process personal data in order to assess the needs of a child or young person and their parent(s)/carer(s). We will only ask for personal data that is required for us to fulfil our contractual or operational obligation.

3.1.1. Why do we process this data?

Where data is collected for admissions into one of our services, it is used for a number of purposes, as follows;

Delivery of service:

  • Admission – We may process your data if you have enquired about our services, have a child at one of our services, or are planning on sending your child to our services. If applying to attend a service, we may process your data and that of your child to assess your application, and if successful, to grant admission to our services. If your child(ren) is currently attending one of our services, we will process your data throughout the duration of their attendance, and to provide you appropriate support…
  • Promotion of services – we may also process your data to offer you information, courses or other services we feel may be applicable to you.

Individual needs: When communicating with and assessing the needs of the child and the parent(s)/carer(s), personal data may be processed in order to ensure that we are appropriately satisfying their needs.

Administration: In order to manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal records of the child and maintaining internal safeguarding processes.

Regulatory: For us to carry out our role, we may from time to time be required to collect and process personal data in order to fulfil regulatory, legal or ethical requirements. This may include (but is not limited to) the verification of identity of individuals.

3.1.2. What data is processed?

This is dependent on the service that is being provided and on the recipient of this service.

Services to customers: Child’s names, date of birth, address, medical history, questionnaires, consent forms, unique pupil number, religion, ethnicity, siblings’ data.

Parent / Carer / Power of Attorney: Emergency contacts, names, legal guardians and power of attorneys, criminal cases, marital status, financial data, religion, ethnicity, and data captured from other third parties.

Local authorities: Names, email, contact details, job titles.

3.1.3. How long do we hold data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. There may also be occasions which will require data to be kept for longer, however this will typically be for legal purposes. We will periodically review this data, to ensure that it is still relevant and necessary.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. We will periodically review this data, to ensure that it is still relevant and necessary.

3.2. Training

We collect and process personal data about those involved in our training – this includes parents, carers and professionals within the industry. The data is held to provide you with training, to manage the relationship, and to ensure your needs are fulfilled.

3.2.1. Why do we process this data?

We have different services which you may have enquired about, are currently attending or previously attended. These include:

  • Training: We provide ABA/VB training to parents and professionals on how to identify behavioural traits, alongside other behaviour-based training.
  • Outreach: We work with other education settings and parents/carers to offer support to parents and professionals with their children with autism.

Complying with any requirement of law: we are subject to legal, regulatory and professional obligations. We need to keep certain records to show we comply with those obligations and those records may contain personal data.

Administration: In order to manage and administer our business and these services, we may collect and process personal data.

3.2.2. What data do we hold?

We will hold names, email address, contact details, addresses, photos, and videos where consent has been given.

3.2.3. How long do we hold this data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights. We will periodically review this data, to ensure that it is still relevant and necessary.

3.3. Fundraising and marketing

We process personal data for fundraising and marketing purposes. We will only do this when we have your explicit consent, or we believe we have a legitimate purpose to do so.

3.3.1. Why do we process this data?

We have different ways we carry out fundraising and marketing. This includes:

  • Receiving donations and raising awareness on how to donate to us
  • Requesting Gift Aid to enhance donations where applicable
  • Events – if you registered or expressed an interest in attending one of our events
  • Charity news – if you registered to hear about the charity and the work we are doing

3.3.2. What data do we hold?

We will hold names, email address, contact details, address, photos, and videos where consent has been given.

3.3.3. How long do we hold this data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights. We will periodically review this data, to ensure that it is still relevant and necessary.


4. People who use our website

Personal data may be collected when individuals fill in forms on our websites or by corresponding with us by phone, e-mail or otherwise. This includes information provided when an individual registers to use our websites, subscribes to our services, or makes an enquiry.


5. Sharing personal data

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

  • Local Authorities – we may share data with a local authority, when we have your consent. We may also be required to share data to prove that we are using the funds they have given us for the purposes agreed contractually.
  • Social workers – we will share data with social workers who will be providing on- going assistance and support.
  • External course leaders, agency staff and volunteers – we will share data with external course leaders who we will assign to deliver a service on our behalf that you have chosen to attend.

We use third parties to support us in providing our services and to help provide, run and manage our internal database.

We may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.


6. Locations of processing

The data that we collect from you may be transferred to, and stored at, a destination inside the European Economic Area (“EEA”) or within a cloud-based system. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.


7. Individual’s rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:

  • Individuals can request access to their personal data held by us as a data controller.
  • Individuals can request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
  • Individuals can request that we erase their personal data.
  • Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
  • Individuals have other rights to restrict or object to our processing of personal data and the right to data portability.
  • Individuals can request information about any automated data processing that we may undertake.

If you wish to exercise any of these rights, please send an email to info@beyondautism.org.uk


8. Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to info@beyondautism.org.uk – we will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website (https://ico.org.uk/concerns).


9. Data controller and contact information

The data controller for BeyondAutism Charity is BeyondAutism Charity. If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

BeyondAutism
305 Garratt Lane
London
SW18 4EQ


10. Changes to our privacy statement

This privacy statement will be kept up to date with the latest developments required.

This privacy statement was last updated on 15/06/2018.

Registered Charity No. 1082599. Registered in England and Wales Ltd by guarantee No. 4041459 Registered Office: Ashurst, Broadwalk House, 5 Appold Street, London, EC2A 2HA