Child First Trust

Privacy Policy

At Child First we provide support to disadvantaged Child and Young People from 21 member schools. All member schools are based in NE Colchester, Essex.

As a charity we aim to exceed your expectations in all we do and seek to operate within a ‘privacy by design’ framework that reflects best practice.

At Child First, in relation to privacy, we are committed to:

Transparency | Simplicity | Control

OUR AIM: We work to ensure that:

  • We are fully transparent in all we do.
  • We communicate effectively, using simple, easy-to-understand language. We want all involved with Child First to be clear about what we do, how we do it and why we work the way we do.
  • You have full control over your data.
  • You are confident in our ability to work safely and with full regards to the law.

Your trust and confidence is a key priority for us.

BACKGROUND: At Child First we understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who comes in contact with our charity including those who visit our website; (“Our Site”) as well as those who access our services either as a beneficiary or as a team member. As a charity we only collect and use personal data in the ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site or at the time of consenting to a referral to our services. If you do not accept and agree with this Privacy Policy, you must stop using Our Site or services immediately. If you would like clarification or reassurance on any aspect of our Privacy Policy please do not hesitate to contact us. Academy House, 39 Hazel Close, Thorrington, Essex.

DEFINITIONS AND INTERPRETATION: In this Policy, the following terms shall have the following meanings:

“Personal data” Means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, this means personal data that you give to Us via Our Site or via an external referral form that you submit to access Child First services. It also includes data provided to us by potential team members during a recruitment process and that provided by team members to undertake their roles with us. This definition shall, where applicable, incorporate the definitions provided in EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).
“We/Us/Our” Means Child First Trust, a limited charity registered in England under charity number 1158410 whose registered address Howletts Accountants, Old Forge Court, Elmstead Market, Colchester, Essex.
“Cookie” Means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out below;

ABOUT US: Our website is operated by Child First Trust (Charity details above) and hosted by

Enquiries in relation to our charity, and in relation to our data processing, can be sent to Child First Trust, C/O Sacha Brakenbury. Sacha can be contacted by email at, by telephone on 0845 463 1342 or by post at Academy House, 39 Hazel Close, Thorrington, Essex, CO78HJ.

SCOPE OF THIS POLICY:  This Privacy Policy applies only to your use of Our Site and the delivery of Our Services. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

LEGAL FRAMEWORK: At Child First we work in full compliance with the General Data Protection Regulation 2018 and Data Protection Act 2018. This came into force on 25th May 2018, building upon the foundations of the previous Data Protection Act 1998. GDPR updates processes and procedures and aims to simplify compliance by providing a single law applicable to businesses in all EU countries, rather than having 28 different laws. GDRP will still apply post-Brexit.

OUR RESPONSIBILITIES: At Child First we will

Only collect and retain relevant and essential data.
Store your information safely and securely, protecting it from loss, misuse, unauthorised access and disclosure.
Ensure that appropriate technical measures are in place to protect personal data.
Destroy your information securely when this is no longer required.
Work hard to keep your personal data up to date
Comply fully with our obligations under the GDPR.

YOUR RIGHTS: As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:

The right to be informed about Our collection and use of your personal data;
The right of access to the personal data We hold about you.
The right to rectification if any personal data We hold about you is inaccurate or incomplete. (Please contact Us using the details outlined above).
The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, but if you would like Us to delete it sooner, please contact Us using the details above);
The right to restrict (i.e. prevent) the processing of your personal data;
The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
The right to object to Us using your personal data for particular purposes; and
Rights with respect to automated decision making and profiling.


Child First Trust maintains a website ( built and hosted on Like most website operators We collect non-personally identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. We collect this information in order to better understand how our visitors use the website. E.g in order to see which pages are most popular and the sort of information visitors find particularly useful.

Our website is ‘open to all,’ with no membership/sign in required. General visitors to Our site will receive a third party cookie on their computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. We use third party Cookies on Our Site for tracking visits to our site using Google Analytics. All Cookies used by and on Our Site are used in accordance with current UK and EU Cookie Law.

If visitors choose to leave comments on our website then this will potentially allow Child First to access potentially personally-identifying information such as Your Internet Protocol (IP) address. Child First will only disclose commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that blog commenter IP addresses are visible and disclosed to the administrators of the blog where the comment was left.

Please also see the section below entitled ‘Our Use of Cookies and Similar Technologies’ and Our Child First Cookie Policy

You may, if you wish, deny consent to the placing of Cookies.

WHAT DATA DO WE COLLECT IN RELATION TO THE SERVICES PROVIDED BY CHILD FIRST TRUST? Personal data is collected when you complete, or consent to the completion of, a referral form to access one or more of the Child First Services.

We also collect information when you voluntarily provide feedback and evaluations of the services you have received. Furthermore, we collect personal data in order to manage and deliver our programmes and commissioned services. E.g. during the recruitment process and for the on-going management of the services delivered.

The data collected for each of the core Child First Services is provided via a referral form. The referral forms for each project can be downloaded on this website and, when completed, these are sent directly to the relevant service lead/provider. Where an external organisation is commissioned for the delivery of a service a copy of their Privacy Policy is included on the Data Protection Page of this website and is made available at the time of consenting to a referral.

All those working on behalf of Child First Trust, be it in a commissioned or freelance role, have agreed to work in full compliance with this Privacy Policy. Where an organisation other than Child First Trust, is the data processor/controller then the corresponding referral form includes a direct link to the relevant Privacy Policy. As a minimum any commissioned organisations will meet the standards outlined in this Policy and Child First Trust Data Protection Policy v1.2

Personal Information (Special Category Personal Information)
Family Support Service: Freelance Workers delivered by Child First Trust
Referrer Details: Name of person completing form, organisation, telephone, Email, best time to contact, alternative contact.

Family Details: Name, relationship to YP, signature of main family contact, telephone, address Inc. postcode, Email, siblings details, any specific learning, heritage, cultural or religious needs that should be considered to improve access to the service. Reason for referral. Actions previously taken to address this issue. Other help in place, now or in the past. Other help requested. Views of the person being referred. Concerns/risks associated with the family. Consent to access and share information.

Speech and Language Support Service: C and D Independent Speech and Language Commissioned by Child First Trust
Family Details: Child’s Name, gender, DOB, address, postcode, parent/guardian’s telephone number, GP name and address, any associated NHS Speech Therapist (if applicable), details relating to any current communication programmes, school and class, key worker and reasons for referral.

The Referral Form also asks whether the child is a Looked After Child, Subject to any order under child care legislation and, if yes, the name of their social worker.

Referrer’s Details: Name, address, job role, contact number,

Parent/Guardian Agreements: Parents are asked to sign their consent for the referral to be made and their agreement for the commissioned service provider to use and store information in line with GDRP. This explicitly includes their consent to share reports with others where necessary.

1:1 Counseling (Primary and Secondary)
Referrer’s Details: Name, contact details, relationship to YP, contact details, address.

Young Person’s Details: Young person’s name, DOB, home address inc postcode, details of any previous therapeutic interventions and other support agencies. YP’s level of school attendance, confirmation of any drug, alcohol, self-harm or violent behaviour. Next of Kin, Relationship to YP, address, postcode and contact phone numbers. Parent and YP’s consent to the referral. Signatures of referrer and young person.


Personal Information (Special Category Personal Information)
Application Forms and CVs

Personal details on Application Form and CV

Essential to ensure safe recruitment. Application Forms are thorough and enable us to recruit effectively and knowledgeably.
Pre-Recruitment Checks
Checks on eligibility to work in the UK. We collect data in accordance with HM Guidance on pre-employment checks. This involves the sighting of original documents such as passports.
DBS Checks and verification of original documents We collect key identification details in accordance with DBS requirements. We do this in order to verify identity. All original certificates are given to the relevant team member and remain in their personal possession. We record the numbers of cleared certificates, the level of check and date of check on a secure, central database.
References We ask for the details pertaining to two referees and request that the candidate confirms that they have the permission of the referees to pass on their details to us.
Ongoing Data
Emergency Contacts This enables us to contact a team member’s family/friend in the case of an emergency.
Training and CPD Information We are required to keep a single central register of key training information that will be shared with partner schools as and when required. This includes DBS numbers, safeguarding training, first aid qualifications and other relevant training.


We collect and use you information in accordance with the GDPR legal basis as defined in Article 6 and Article 9 below:

Article 6 Lawful Processing: Processing shall be lawful only if and to what extent that the below requirements apply: The individual whom the personal data is about has consented to the processing, or in the case of a child the parent/guardian has given consent.

The processing is necessary: in relation to a contract that the individual has entered into; or because the individual has asked for something to be done so they can enter into a contract.

Article 9 Lawful Processing : Explicit consent of the data subject [or in the case of the child, the parent/guardian has given consent] see consent form.

HOW DO WE USE YOUR DATA?  All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply fully with Our obligations and safeguard your rights under the GDPR at all times.

Our use of your personal data will always have a lawful basis. Primarily this is to enable Child First Trust to procure, deliver, manage, monitor and evaluation a range of service – all of which are designed to support disadvantaged children and young people. Specifically, We may use your data for the following purposes:

  • Supplying Our services to you (please note that We require your personal data and consent in order to enter into a contract with you);
  • Personalising and tailoring Our service to meet your needs;
  • Replying to emails from you;
  • Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by emailing
  • Monitoring and evaluating the effectiveness of our services.
  • With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email, telephone, text message and/or post with information, news, and offers on Our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  • Confirming training details with partner schools.

HOW WE ENABLE YOU TO WITHDRAW CONSENT.  You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it. To withdraw your consent you should email

HOW LONG WILL WE KEEP YOUR DATA? Child First will keep data only for so long as it is necessary in light of the reason(s) for which it was first collected and in accordance with funding organisation requirements. Wherever possible data processed by those commissioned through Child First Trust is handed over to the child’s school to be stored in accordance with school policy. Where data remains with the professional service commissioned (e.g. Speech and Language Therapists) it is stored and retained in accordance with governing professional guidelines.

HOW AND WHERE DO WE STORE YOUR DATA? We only keep your personal data for as long as We need to in order to use it as described above and/or for as long as We have your permission to keep it. No data is stored on our website (with the exception of the cookies aforementioned).

Speech and Language: No personal data in regards to Speech and Language interventions is stored or held by Child First Trust, with the exception of non-attributable general project management data. Data pertaining to this field of work is held by the professional therapists commissioned and shared with each child’s school. Speech and Language Data is stored in accordance with C and D Therapy’s Privacy Policy (also accessible on the Child First website). Professional case notes are stored securely on Clinico until the child’s 25th birthday).

Family Support Work:In the case of Family Support Data is kept on Microsoft’s secure One Drive, accessible only by the Family Support Workers, Project Manager and relevant Headteacher. When a family has completed its FS time, case notes are marked as closed. Closed folders should be downloaded by the relevant Headteacher for inclusion within the child’s school records. Data on the One Drive is reviewed on an annual basis. Files over one year old are deleted.  Further information pertaining to our use of OneDrive can be found HERE

1:1 Counselling: No personal data in regards to 1:1 Counselling is stored or held by Child First Trust, with the exception of non-attributable general project management data. Data is held by the professional counsellors and stored in accordance with their professional requirements. Interim and Post-counselling reports are given directly to the Head teachers.

HOW DO WE KEEP YOUR DATA SAFE? At Child First we take the safe collection and handling of your data very seriously. We have a number of safeguards in place to prevent personal information about you, and your family, from being lost and to prevent cyber-attacks, phishing, or other malicious activity. We have a clear Data Breach Procedure to follow in the unlikely event of our protocols not being fully followed. (Please see the Child First Data Breach Policy).

Secure Booking Form Data provided via referral form is emailed directly to the service provider. Such data is not held or shared at this point with Child First Trust.

Receiving Email Accounts The email account to which your data is sent is secure. It is password protected and, in addition, the hardware used to access the email is also password protected. No data is stored on memory sticks.

System Backups Our service providers are required to ensure they maintain reliable access to your data and have processes to back up all data on a regular basis. All Child First Back Up systems are secure.

Accidental Deletions Child First’s secure time capsule backups are designed to enable us to retrieve any key details that may have been accidentally deleted.

Needs Only Basis We only share your data with those who need it and only with those organisations and individuals we fully trust and, without whom, we would be unable to provide you with an effective service. Further details are shared in the section below.

WHO MIGHT WE SHARE YOUR DATA WITH? We will not share any of your data with any third parties for any purposes unless this is essential to the effective delivery of our service. E.g. if we are working in partnership with a school. Where organisations are working in partnership to deliver a service this will be made clear on the relevant referral form.

We recognise that, in exceptional circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.

There may be times when we may wish to compile statistics about the use of Our website including data on traffic, usage patterns, user numbers etc. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. Data will only be shared and used within the bounds of the law.

HOW CAN YOU CONTROL YOUR DATA? We aim to give you strong controls on Our use of your data. We will never send you ‘general marketing’ and commit to sending only information and opportunities that are relevant to the services you access. If you wish to withdraw your consent for us to access and use the data you provide you should simply email or write to Child First Trust, Academy House, 39 Hazel Close, Thorrington, Essex. Please note that all processing of your personal data will cease once you have withdrawn consent but this will not affect any personal data that has already been processed prior to this point.

YOUR RIGHT TO WITHOLD INFORMATION All Child First services are accessed via a referral form. You have the right to withhold any information that you do not wish to provide. That said, we strongly encourage you to complete the referral in full as the information shared is directly linked to the service provided. If you would like to discuss any aspect of the referral form prior to completion please call 01206 252 152 and a member of our team will be happy to help.

HOW CAN YOU ACCESS YOUR DATA? You have the right to ask for a copy of any of your personal data held by Us (where such data is held). In accordance with GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us at

HOW CAN YOU CONTACT US? If you have any questions about Our Site or this Privacy Policy, please contact Us by email at, by telephone on 0845 3631342 or by post at Academy House, 39 Hazel Close, Thorrington, Essex. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you.

 WHAT IF WE WANT TO CHANGE OUR USE OF YOUR DATA? If we need to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. We will always gain your consent to the new processing.

 WHAT HAPPENS IF WE WANT TO MAKE CHANGES TO OUR PRIVACY POLICY? We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check Our website regularly to keep up-to-date.

WHAT CAN YOU DO IF YOU HAVE CONCERNS? If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided above and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.

 Those wishing to work with Child First, as well as those wishing to access services commissioned by our charity are required to sign the Consent Form that accompanies this Privacy Policy. It expands upon the privacy outline shared in the Referral Forms.