Forward Trust app – privacy notice
This privacy notice tells you how and why The Forward Trust app processes your personal information. It also explains what rights (such as the right of access) you have in relation to your data, and we listed other information you may find useful.
As a service provider, The Forward Trust (Forward) must meet our contractual, statutory and administrative obligations. We are committed to ensuring that personal data is handled in accordance with the principles set out in the Information Commissioner’s Office (ICO) Guide to Data Protection.
Forward uses several third party services to make the app work, these are listed below. However, Forward is the ‘controller’ for the information stored in the app. In plain English, Forward remains responsible to ensure that your data is only used in ways you would reasonably expect. Our Data Protection Officer is Tom Rottinghuis. You can contact us at dataprotection@forwardtrust.org.uk.
How we get your information
We get information about you from the following sources:
- Directly from you
- Forward client databases
What personal data we process and why
We process the following categories of personal data:
- Basic details such as your name, date of birth, username and personal email address.
- Your relationship with The Forward Trust – e.g. Forward Connect membership, referral route, programme
- Engagement data around the use of the Forward Trust app; the time, frequency and duration of your activities on our app.
- The ‘activity’ data of our app’s members, this type of data is often referred to as “user generated data” and includes for instance the content you create such as post, comments, ‘likes’, uploads, and the messages you send.
Lawful bases for processing your personal data
The Forward Trust relies on multiple lawful bases for processing your personal data, such as:
- Your consent: UK GDPR Article 6(1)(a)
- Under the responsibility of a public authority: UK GDPR Article 6(1)(e)
- Legitimate Interest: UK GDPR Article 6(1)(f)
For the app itself we normally only process your personal data on the basis of your consent, this means that your information will only be added to the app after you consented to it, and that your data will be removed if you ask us to do so.
However, we may record on your client file if you choose to use the app, and we may record some of the information from the app onto our client databases based on another lawful basis. For instance if a user of the app said something that makes us believe they may be at risk to themselves or another person.
Users of the app might choose to share information on the app about their beliefs, sexual orientation, health (including their recovery journey), racial or ethnic origin, or lived experiences. Such types of information may be considered sensitive and will generally have special protections under UK data protection laws. You may choose to share your confidential information, but not the confidential information of others. Crucially, The Forward Trust itself will never add the confidential information of its clients to the app, and we will never ask you to do so.
Where we store your information and our use of sub-processors
We use Discourse “CDCK” as a community platform to host this service. The Forward Trust is the Forum administrator and operates as the data controller, but CDCK collects and processes data every time you provide information, read or use the Forward app. Just like Forward, CDCK is subject to the UK’s data protection laws. For more information about CDCK please see Discourse’s Privacy Notice. For the Forward Trust Community App, besides Discourse, we use the following (sub)processors, which are bound by the same data protection obligations as Discourse themselves as detailed in the signed Data Protection Agreement / Addendum. Forward may from time to time, and without notice, change its processors, but we will always do our due diligence and ensure that all appropriate steps to secure your data have been taken.
Name | Address | Description of processing |
Amazon Web Services | One Burlington Plaza, Burlington Rd, Dublin 4 | Hosting Services – processed in EU West (Dublin, Ireland) |
SendGrid
|
(Twilio) 375 Beale St suite 300 San Francisco CA 94105 USA
|
SMTP Relay email notifications – this may include very limited data transfers through servers located in the USA, these are covered under the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner, Version B1.0, in force 21 March 2022.
|
Heroku, Inc.
|
The Landmark @ One Market, Suite 300, San Francisco, CA 94105, USA. | Hosting Services- processed in EU West (Ireland) |
Sentry.io
|
Functional Software, Inc.
45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. |
Error Tracking Services – EU (Frankfurt, Germany) |
How long we keep your personal data
For information about how long we hold your personal data please contact us at info@forwardtrust.org.uk and request a copy of our Records Management Policy.
Your rights in relation to this processing
As an individual you have certain rights regarding our processing of your personal data, these include:
- Your right of access: you have the right to ask us for copies of your personal information.
- Your right to rectification: you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure: you have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing: you have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing: you have the right to object to processing if we are able to process your information because the process in our legitimate interests.
- Your right to data portability: this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
Data sharing
We don’t normally share your personal data except where this has been agreed with you. However, in some circumstances, such as under a court order, there is a legal obligation or overriding legitimate interest for us to do so. We also have a duty to share information with or without your permission if we believe you may be at risk of self-harm or risk of harm to any person.
When it’s reasonable to do so we will always inform you when we have to share your personal data
More information, and what to do if you’re not happy
If you would like more information, or if you have any questions, suggestions or concerns about how The Forward Trust and its service suppliers process your personal information please contact dataprotection@forwardtrust.org.uk
We will always try to resolve any problem or query, and we learn from the feedback we receive.
You have the right to contact the UK’s data protection regulator, the Information Commissioner’s Office “ICO”. For further information on your rights and how to complain to the ICO, please refer to the ICO website.