Privacy

The Frontline Site has been developed and operated by and/ or on behalf of Uttlesford Citizens Advice Bureau (“UCA”) and Frontline Referrals Limited (”FRL”), both of Barnards Yard, Saffron Walden, Essex, CB11 4EB. References in this document to the  ‘Frontline Site’  or the “Site” refer to any or all of www.essexfrontline.org.uk, www.hertsfrontline.org.uk,  www.northumberlandfrontline.org.uk, associated sub-domains, the ‘Frontline Referrals’ mobile application and the marketing website www.frontlinereferrals.org.uk. “We” means FRL and UCA.

The Frontline Site helps local Service Providers promote themselves in one place and provides a platform for workers in both the Statutory and Voluntary sector a securely receive and send on-line referrals and monitor signpost activities to best address the wellbeing needs of people they are supporting. This is done by individuals registered to use the Site (“Registered Users”) on behalf of organisations making or receiving referrals through the Site or otherwise promoting services on the Site (“Service Providers”).  The public also have access to the Site, to search for information about local services and make secure call back requests to participating services. 

Please read the following carefully to understand how we treat personal data. You should also read our terms and conditions of Registered Users, our public access terms and conditions and our policy on how we use Cookies. By visiting any ‘Frontline’ Site you are accepting and consenting to the practices described in this policy and those documents.

 

Where we collect personal information from

Information you give us

For Registered Users we collect information by you filling in forms on the websites or apps or by corresponding with us by phone, e-mail or otherwise. Information stored may include:

• details that are held in your account for example; your name; organisation or Service Provider details; website; email; phone numbers;; your agreement to send, receive or accept signposts; opening hours; information on how to access your service; data field requirements to accept a referral
• personal details of the person that you are referring, together with the details of the service that you are referring to

For members of the public, we collect information by you filling in a call back request and by corresponding with us by phone, email or otherwise.

Information we collect about you

With regard to each of your visits to the Site we may automatically collect the following information:

• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet; your login information; browser type and version; time zone setting; browser plug-in types and versions; operating system and platform
• information about your visit, including the full Uniform Resource Locators (URL); clickstream to, through and from our site (including date and time); page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); methods used to browse away from the page; and any phone number used to call our customer service number.

If you choose not to give personal information to us

You may choose to use the Site as an on-line resource for service information only, however we will continue to collect information automatically using Cookies if you accept them, for more information please read our ‘How we use Cookies’ policy.

Types of personal information collected and categories

We categorise the data we collect into three groups;

1) Registered User information on Services in ‘Frontline’

• First Name
• Last Name
• Name of Service Provider/s (on whose behalf you are using the Site)
• Address of Service Provider/s
• Website
• Company/ Charity registration details
• Phone Number
• Email Address
• Security levels within the Site
• Visits and time on the Site
• Opt in to newsletter/service updates

 2) Service information 

• Number of Registered Users
• Referral activity by the Service
• Referral activity to a Service
• Signpost activity by the Service
• Signpost activity to a Service
• Activity of users (frequency and time using the sites)
• Service details (address, delivery methods, opening times etc)

3) Referred person information

(Personal data of someone being referred by a Registered User or shared by a member of the public)

Mandatory fields: 

• First Name
• Last Name
• Date of Birth
• Address
• Postcode
• Phone number
• Reason for referral

Additional discretionary fields for all referrals: 

• Email
• Additional telephone numbers
• Preferred method of contact
• Best time to call

A Registered User creating a Service Provider’s online referral form on the Site is also able to create additional mandatory or discretionary fields to ensure that they have the information they require to receive a good referral. This may potentially include a field that collects sensitive data if this is necessary (and authorised by FRL). Making a referral to an organisation, for example, a rape crisis service, a dementia support service or an LGBT support group may also indirectly communicate sensitive personal data. 

How we use your data

We will use data to:

• ensure that Registered Users can promote and maintain details of their Service Provider’s services in a format that is easily accessible to all users
• ensure that all users can identify local health and wellbeing services
• ensure that all users can securely send referrals or self-refer to services that allow this facility
• monitor a referral to ensure that it has been actioned
• contact all Registered Users when updating them on developments or changes in the Site
• produce client anonymised statistics about referral and signposting activity between services
• produce client anonymised statistics on the age and gender profile being referred through the Site.

The legal basis of processing your data

We securely transfer and monitor referrals and call back requests after a Registered User or member of the public has clicked the on-line box on the referral form to confirm that consent has been given to share this information.

Consent can be removed at any time by the Registered User updating their account or by contacting us (see details below).

We may contact all Registered Users to update them on important developments or changes in ‘Frontline’ if we believe we have a legitimate reason to do so. 

We will produce client anonymised statistics about referral and signposting activity between services and client anonymised statistics on the age and gender profile being referred through the system. 

Control of information and data

Services on ‘Frontline’ are created and managed by the Service Providers that use the system – as Data Controllers, they are responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of the information stored and transmitted. We are not responsible or liable for the deletion, correction, destruction, damage, loss or failure to store data within your Account. 

Although referral information has been shared with consent, data is still controlled by the Data Controller providing the information to us as a Data Processor.

If a member of the public uses Frontline, we will act as a Data Controller in respect of all personal data provided by that person to us. 

Client anonymised data and information about the use and activity of ‘Frontline’ by Services and the public is owned by us.

Who we share your personal information with

Under the instruction of a Data Controller or consent of a member of the public we share personal referral information only with the Service Provider that has been selected to receive that referral.  

However to provide Frontline – we do share need to share your personal data as required or permitted by law by using a third party providers as described below:

Hosting Services: We host the Frontline Sites and operate the platform using third parties, including MongoDB Atlas and Microsoft Azure. Sites are hosted from data centers in the UK.

Website functionalities: We may use third-party services either embedded into our website (such Google® Analytics) or outside of it (such as Brevo) to communicate with you or to enhance the function of the website and the services. 

Customer engagement: We use third-party service providers and platforms (such as Google Workspace and Wix) for customer engagement and product feedback.

We share client anonymised data and information about the use and activity of ‘Frontline’ by Registered Users and the public with anyone who we consider to have a legitimate reason to review the data.  This may include funders, health and wellbeing boards, Registered Users and prospective organisations considering use or funding of the Site.

How we keep your information safe

The Frontline Site has been designed as a secure, multi-agency referral system and here are some of the ways we ensure that your data is safe and that we are GDPR compliant:

• ‘Frontline‘ Sites are hosted on Microsoft Azure and data is stored within the UK
• Registered users of the system have individual passwords and enter the system using a secure login area, protected by an SSL certificate. We also utilise two-factor authentication.
• Registered Users allocate individual users only the authorities required to access the data necessary for the role they undertake
• System training emphasises the importance of password security, confidentiality, client consent and only sharing information that is relevant to an effective referral
• A referral can only be made if a consent box is ticked
• Registered Users can only see activity related to their own organisation
• Identifiable information about an individual is only held for a maximum of 90 days; after this time personal data is deleted and rendered unrecoverable.
• ‘Frontline Referrals’ app communicate with the website using a secure REST based API, which is read-only for the library of services, and write only for submitting referrals so the app is not involved in any sensitive data transfer
• Everyone working or volunteering for or on behalf of ‘FRL that is able to access to and/or process Personal Data held within the Frontline Site are subject to confidentiality requirements and annual Information Assurance Training and work in organisations with embedded safeguarding policies
• Information held about Service Providers can be edited and deleted on-line by Registered Users with administration rights at any time
• Personal information on a referral can be amended or corrected after transmission by a Registered User, with access rights to referral information, until the point that information is accessed by the service that is receiving the referral
• We back up information over night and keep disaster recovery files for a 2 days.

Although we make every effort to ensure the security and integrity of the Frontline Site and our associated communications and activities, unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we use strict procedures and security features to try to prevent unauthorised access, we cannot ensure or guarantee the security of information when it is being transmitted. 

Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Contact us about your information

If you have any questions about how your information is collected or used, you can contact us by:

Telephone - 01799 618855, open Monday to Friday 9am-4pm

Email - info@frontlinereferrals.org.uk

You can contact us to:

• find out what personal information we hold about you
• correct your information if it’s wrong, out of date or incomplete
• request we delete your information
• ask us to limit what we do with your data - for example, ask us not to share it if you haven’t asked us already
• ask us to give you a copy of the data we hold in a format you can use to transfer it to another service
• ask us to stop using your information

You can find out more about your data rights on the Information Commissioner’s website. 

Note: This privacy policy only covers the websites essexfrontline.org.uk, hertsfrontline.org.uk, northumberlandfrontline.org.uk, frontlinereferrals.org.uk and the ‘Frontline Referrals’ Mobile Application. Other websites and services not managed by Frontline are not covered by this policy. Once you have accessed another site or service you will be subject to the security and privacy policy of that site or service.