This privacy notice and website policy explains the data we collect, where, why and how we collect it and how it is used. You should read this policy to understand the process of data collection and its use by Headway.
We consider the safety of the data we collect and process highly important; as such, Headway is registered with the ICO as further evidence of our commitment to ensure all data is treated safely and stored securely. We have a designated Data Protection Officer, who has also obtained a Level 2 qualification: GDPR in Education.
Interpretation and Definitions:
- Company: referred to as either “Headway” “the Company”, “We”, Us “Our” in this Policy refers to Headway Mental Health, Wellbeing & Education Services: Vulcan House, Foundry Street, Brighouse, HD6 1LT.
- You/Service User: or equivalents including “Your”, means the individual accessing or using the service or website, or a company, or any legal entity on behalf of which such individual is accessing or using Our services or website, as applicable.
- Website refers to Headway, accessible from www.tomakeprogress.co.uk.
1. What data do we collect?
We collect the following personal information data when any individual accesses our community-based services:
- Name(s) of individual (and parent(s)).
- Contact details including: phone number(s) email address (es) and postal address (es) for parents/carers of school-age service users.
- Age/date of birth.
- School year.
- Current/future school or college attended/to be attended.
- SEN status, including any diagnoses of SEN conditions (where applicable).
- Service user performance data (where completing any form of assessment).
- Safeguarding information (where a disclosure is made to Our staff).
- Data through cookies on visiting our website. We collect and/or process the following personal information data when working, via contract, for schools or other organisations:
Last updated: August 8th 2022.
Name(s) of students.
- Location data (including school name, year group, form group and other such data which could make a student identifiable).
- Behaviour data provided by the school (where applicable).
- Attendance data provided by the school (where applicable).
- Student attainment data provided by the school (where applicable).
- Student pastoral and/or safeguarding data provided by the school (where applicable).
- SEN status of students provided by the school (where applicable).
- Parental contact details (including name(s) address, telephone number(s) and email addresses) where ‘outreach’ work is undertaken as part of a contract.
We may also collect and/or process data in the content of student ‘profiles’ where reference, however explicit, is made to: religious and philosophical beliefs, political or moral views, ethnicity, race, health data and sexual orientation.
2. How we collect data?
We collect data from:
- You/the service user (via our website contact page, initial meeting and work undertaken).
- You/the parents/carers (via our website contact page and/or initial meetings).
- Schools (where a contract is in place). We collect data through:
- Initial meetings/assessments with the service user and/or their parents/carers.
- The contact page on Our website.
- Our website cookies and the use of Google Analytics (see Our Cookies policy).
- Communication with schools where an agreed contract is in place for work to commence and relevant consents are received (where required). Please see section 4: how do We store your data for more information. Where any service is provided to a school:
- It is the school’s responsibility to inform You (the parent/carer) of any work which We may undertake in a school setting or externally to the school site but in school time under the direction or at the request of the school, including the sharing of relevant data (where required).
- It is the responsibility of the school to seek necessary consent from You before work is undertaken (where required) and any data shared with Us.
- Schools may seek consent from you as parents/carers to provide any data to Headway where work may be undertaken as an external contactor through their organisation to ensure adequate support to the service user. This will be done in a way which satisfies GDPR legislation. Where personal data is collected via Our Website:
- When visitors leave comments on the website We collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
here: https://automattic.com/privacy/. After approval of your comment, Your profile picture is visible to the public in the context of your comment.
3. How will we use your data?
We collect, record and store data to use for the following reasons:
We will also do
To help provide appropriate and relevant services to service users in the form of age and/or ability related intervention content.
To support learning and provide appropriate ongoing support to service users.
To report to the service user’s education setting (if applicable) assessment results/outcomes (where parental/carer consent is provided).
To assess and improve the quality of Our services.
To contact You in response to a query made, whether by telephone, email or other source or to inform You of other services We provide. We keep personally identifiable information associated with Your message, such as Your name and contact details so as to be able to track Our communications with You to provide a high-quality service.
share data where there is a legal obligation to do so, such as a court order or warrant, but will so where:
The service user or those with parental responsibility in the case of school-age service users has requested Us to share data and provided written consent.
It is necessary to protect/safeguard the service user, their family or others from harm (such as
in an emergency).
More details regarding the above can be found in Our safeguarding policy.
4. How do we store your data?
We are committed to ensuring any data You provide and stored electronically is kept safe from loss, theft or misuse. For private service users:
- Your data is stored on secure systems, in accordance with GDPR legislation.
- Storage systems require twin authentication access.
- Electronically stored data is accessed from devices with up-to-data antivirus and firewall protection provided by Bitdefender. For hard copies of data which cannot be stored on secure servers, for private service users:
- Data stored is secured by lock with the proprietor having sole access to this location.
- The location room of storage is kept locked when not otherwise being accessed by Headway staff. Removal or deletion of data, for private service users:
• Electronically stored data is stored for the duration of any work undertaken with a service user
before being safely removed unless the service user or parent/carer requests otherwise for a period of up to 6 months beyond the close of the work undertaken.
- Paper-based or hard copy data is stored for the duration of any work undertaken with a service user before being safely destroyed unless the service user or parent/carer requests otherwise for a period of up to 6 months beyond the close of the work undertaken.
- Data can be amended, changed, requested or removed, under certain conditions under Your data protection rights. Note: should You request the removal of data; this may reduce the effectiveness of Our ability to conduct work with You/the service user. Please see section 5: what are Your data protection rights for further information. Where any service is provided to a school:
- Recording of the school’s information, such as contact details, contracts or emails will be securely stored on Headway systems. The school may also keep copies of any information and it is the school’s responsibility to store such information safely on the school’s preferred storage systems.
- Any data gathered on a service user, whether in relation to student or parents/carers, is stored securely via the school’s preferred storage systems and as such is the property of the school and remains the school’s responsibility.
- Any data gathered throughout the duration of a contract may also be stored safely on Headway systems. Headway systems feature dual password protection and additional web security provided by Bitdefender.
- The school will make relevant provisions for Our staff to access data via an individual account or will share any relevant data in a way that acts in accordance with GDPR legislation.
- At the conclusion of any contracted work with a school – and where a contract is not extended into the next academic year – any data garnered via work undertaken by Our staff will remain at the school. The school has responsibility for the storage and safe keeping of any data gathered in this way. All data held on students in a school setting will be permanently deleted from Headway systems once a successful and safe data transfer has been completed.
5. Analytics and Cookies:
Please see our Cookies Policy for further details on Our use of analytics and cookies.
6. What are your data protection rights?
We would like to make sure You are fully aware of all your data protection rights. Every service user, including children, is entitled to the following:
• The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
• The right to rectification– You have the right to request that Headway correct any information You believe is inaccurate. You also have the right to request us to complete the information You believe is incomplete.
- The right to erasure – You have the right to request that Headway erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that Headway restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to Headway’s processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that Headway transfer the data that we have collected to another organisation, or directly to You, under certain conditions.
It is Your responsibility to ensure that you update us on any personal information we may hold.
If You make a request, we have one month to respond to You. If you would like to exercise any of these rights, please contact Us:
Tel: 01484 212101
7. Privacy policies of other websites
9. How to contact us
Tel: 01484 212101
10. How to contact the appropriate authority
Should You wish to make a complaint or if you feel We have not resolved your privacy concern in a
satisfactory manner, You may contact the Information Commissioners Office.