PROJECT T.O.T - WHERE EVERY CHILD MATTERS.

  • Home
  • About us
  • The CEO
  • Services
  • Donate
  • CLOSE SITE
  • LEARNING
    • Domestic Abuse
    • Online Safety
    • Grooming
    • Bullying
    • Gang Culture
    • Knife Crime
    • The Care Act 2014
    • Child Act 1989 & 2004
    • Coercive Control Act 2015
  • More
    • Home
    • About us
    • The CEO
    • Services
    • Donate
    • CLOSE SITE
    • LEARNING
      • Domestic Abuse
      • Online Safety
      • Grooming
      • Bullying
      • Gang Culture
      • Knife Crime
      • The Care Act 2014
      • Child Act 1989 & 2004
      • Coercive Control Act 2015
  • Home
  • About us
  • The CEO
  • Services
  • Donate
  • CLOSE SITE
  • LEARNING
    • Domestic Abuse
    • Online Safety
    • Grooming
    • Bullying
    • Gang Culture
    • Knife Crime
    • The Care Act 2014
    • Child Act 1989 & 2004
    • Coercive Control Act 2015

Data Protection Policy

  

Data Protection Policy for Project T.O.T Community Interest Company

Effective from: 20thMay 2025

Approved by: Project T.O.T Board of Directors


1. Purpose

This policy sets out how Project T.O.T, a Community Interest Company registered in England and Wales (Company No:16461042), collects, stores, protects, and uses personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our organisation is committed to protecting the privacy and confidentiality of all individuals we work with, particularly survivors of trauma, who may share sensitive information.

2. Scope

This policy applies to:

  • All staff, volunteers, contractors, and board members.
  • All personal data processed by Project T.O.T
  • All data subjects, including clients, donors, partners, and employees.

3. Legal Basis for Processing

We process personal data under the following lawful bases:

  • Consent – where individuals have given clear permission.
  • Contractual necessity – where processing is required to deliver a service.
  • Legal obligation – to comply with relevant legal responsibilities.
  • Vital interests – where necessary to protect someone’s life.
  • Legitimate interests – where processing is necessary for the organisation’s interests, unless overridden by individual rights.

4. Types of Data Collected

We may collect and process the following types of personal data:

  • Identity data: name, date of birth, gender.
  • Contact data: address, phone number, email.
  • Health and wellbeing data: information relevant to trauma support and therapy      (with consent).
  • Safeguarding data: including concerns, disclosures, or incidents (only as necessary).
  • Service usage data: attendance records, case notes, referrals.

5. How Data Is Collected

We collect data through:

  • Referral forms and assessments
  • Direct communication (email, phone, or in person)
  • Online forms or service sign-ups
  • Partnership agencies and professionals (with consent)

6. Data Storage and Security

All personal data is stored securely, whether electronically or in paper form. We ensure:

  • Password-protected digital systems
  • Secure filing for hard copies
  • Access restricted to authorised personnel
  • Regular system reviews and data protection audits

7. Data Retention

  • Personal data is retained only as long as necessary.
  • Client records are kept for [e.g. 7 years] following last contact, in line with clinical and legal standards.
  • Data no longer needed is securely deleted or shredded.

8. Sharing of Data

We will never sell or misuse personal data. Data may be shared:

  • With external professionals (e.g. GP, safeguarding teams) with consent or legal justification.
  • With emergency services or safeguarding bodies where required for safety or  legal reasons.
  • With funders or evaluators, but only in anonymised form unless agreed otherwise.

9. Rights of Data Subjects

Individuals have the right to:

  • Be informed about how their data is used
  • Access their data
  • Request correction or deletion
  • Object to or restrict processing
  • Withdraw consent at any time
  • Lodge a complaint with the ICO

To exercise these rights, contact our Data Protection Lead at:

Address:3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE
Email: projecttotmcr@gmail.com
Phone: 07460644162
Website: www.project-tot.org

10. Data Breach Procedures

In the event of a data breach:

  • The breach will be reported to our Data Protection Lead immediately.
  • We will assess the risk to individuals and notify the ICO within 72 hours if required.
  • Affected individuals will be informed where there is a high risk to their rights and freedoms.

11. Training and Compliance

  • All staff and volunteers receive data protection training.
  • We regularly review this policy and our data handling practices.
  • Non-compliance with this policy may result in disciplinary action.

12. Policy Review

This policy will be reviewed annually or in response to changes in legislation or organisational practice.

Would you like this formatted as a downloadable Word or PDF document, or tailored to include digital tools (like CRM or secure case management software) that you use?

13. Contact Us

If you have any questions about this policy, please contact us at:

Address:3rd Floor, 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE

Email: projecttotmcr@gmail.com

Phone: 07460644162

Website: www.project-tot.org

Copyright © 2025 PROJECT T.O.T  - All Rights Reserved.

"I didn't come for fame. I came for change". - CEO

  • Privacy Policy
  • Terms & Conditions
  • Data Protection Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept