How we collect, use and protect your personal information
Privacy Policy
Document Ref: FE-POL-001
Version: 1.0 — Initial Issue
Effective Date: 1 May 2025
Review Data: 1 May 2026
Approved By: Director, Family Engage UK
Applies To : All service users, referrers, staff and visitors
1. Introduction
Family Engage UK (“we”, “us”, “our”) is committed to protecting the privacy and security of all personal information we hold. This Privacy Policy explains what personal data we collect, why we collect it, how we use it and your rights under applicable data-protection law.
We operate as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our ICO registration number is ZC115997
2. Who We Are
Family Engage UK is a specialist provider of supervised contact, family time and assessment services across England and Wales. Our registered address is:
Family Engage UK
[Registered Address: 128 City Road, London, United Kingdom, EC1V 2NX
Email: info@familyengage.co.uk
3. Personal Data We Collect
3.1 Service Users and Family Members
- Full name, date of birth, gender and contact details
- Family relationships and household composition
- Court orders, care plans and referral documentation
- Health, medical or disability information relevant to contact
- Safeguarding history and risk assessments
- Session records, observations and progress reports
- Photographs used solely for identification during sessions
3.2 Referring Professionals and Agencies
- Name, job title, organisation and contact details
- Professional registration numbers where relevant
- Correspondence and case-management communications
3.3 Staff and Volunteers
- Employment and identity documentation
- DBS disclosure information
- Training records and supervision notes
- Payroll and pension data
3.4 Website Visitors
- IP address, browser type and access times (via cookies — see Cookie Policy FE-POL-002)
- Enquiry-form submissions
4. How and Why We Use Personal Data
We process personal data on the following lawful bases under UK GDPR:
| Purpose | Lawful Basis | Applies To |
|---|---|---|
| Delivering supervised contact and family time services | Contract / Legitimate Interests | Service users, families |
| Fulfilling statutory safeguarding duties | Legal Obligation / Vital Interests | All individuals |
| Preparing and submitting court reports | Legal Obligation / Legitimate Interests | Service users, referring agencies |
| Managing staff employment and DBS checks | Contract / Legal Obligation | Staff and volunteers |
| Responding to professional enquiries | Contract / Legal Obligation | Referring professionals |
| Improving service quality and training | Legitimate Interests | All data subjects |
5. Special Category Data
Where we process special category data (including health information, ethnic origin and criminal records), we do so under Article 9(2)(b) UK GDPR (employment, social protection) or Article 9(2)(g) (substantial public interest) and Schedule 1 of the Data Protection Act 2018 — specifically Condition 18 (safeguarding of children and individuals at risk).
6. Data Sharing
We share personal information only where necessary and lawful, including with:
- Local authorities, children’s services and social work teams
- CAFCASS and the Family Court
- Legal representatives acting in proceedings
- Police or other statutory bodies where safeguarding requires it
- Commissioned service providers under appropriate data-processing agreements
We never sell, rent or trade personal data to third parties for marketing purposes.
7. Data Retention
We retain personal data for as long as required by our statutory obligations and in line with our Data Retention Schedule (FE-POL-008). As a guide:
- Case files relating to children: retained until the child’s 25th birthday (or 26th where proceedings conclude after age 17)
- Staff employment records: seven years after termination of employment
- Financial records: six years in accordance with HMRC requirements
8. Your Rights
Under UK GDPR you have the right to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate or incomplete data
- Erasure (‘right to be forgotten’) where no overriding legal basis exists
- Restrict processing in certain circumstances
- Data portability for data processed by automated means
- Object to processing based on legitimate interests
- Not be subject to solely automated decision-making
To exercise any right, contact: dataprotection@familyengage.co.uk. We will respond within one calendar month.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including encrypted storage, role-based access controls, staff training and regular security reviews. In the event of a data breach that poses a risk to individuals, we will notify the ICO within 72 hours and affected individuals without undue delay.
10. Complaints
If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk | 0303 123 1113.
11. Changes to This Policy
We review this Privacy Policy at least annually. Significant changes will be communicated to service users and published on our website. The version number and effective date at the top of this document reflect the current iteration.
