The Frontline Site has been developed and operated by and/ or on behalf of Uttlesford Citizens Advice Bureau (“UCA”) and Frontline Referrals Limited (”FRL”), both of Barnards Yard, Saffron Walden, Essex, CB11 4EB. References in this document to the ‘Frontline Site’ or the “Site” refer to any or all of www.uttlesfordfrontline.org.uk, www.harlowfrontline.org.uk, www.eppingforestfrontline.org.uk, www.broxbournefrontline.org.uk, www.easthertsfrontline.org.uk, www.northumberlandfrontline.org.uk the ‘Frontline Referrals’ mobile application and the marketing website www.frontlinereferrals.org.uk. “We” means FRL and UCA.
The Frontline Site helps local Service Providers promote themselves in one place and provides a platform for workers in both the Statutory and Voluntary sector a securely receive and send on-line referrals and monitor signpost activities to best address the wellbeing needs of people they are supporting. This is done by individuals registered to use the Site (“Registered Users”) on behalf of organisations making or receiving referrals through the Site or otherwise promoting services on the Site (“Service Providers”). The public also have access to the Site, to search for information about local services and make secure call back requests to participating services.
Where we collect personal information from
Information you give us
For Registered Users we collect information by you filling in forms on the websites or apps or by corresponding with us by phone, e-mail or otherwise. Information stored may include:
- details that are held in your account for example; your name; organisation or Service Provider details; website; email; phone numbers;; your agreement to send, receive or accept signposts; opening hours; information on how to access your service; data field requirements to accept a referral
- personal details of the person that you are referring, together with the details of the service that you are referring to
For members of the public, we collect information by you filling in a call back request and by corresponding with us by phone, email or otherwise.
Information we collect about you
With regard to each of your visits to the Site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet; your login information; browser type and version; time zone setting; browser plug-in types and versions; operating system and platform
- information about your visit, including the full Uniform Resource Locators (URL); clickstream to, through and from our site (including date and time); page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); methods used to browse away from the page; and any phone number used to call our customer service number.
If you choose not to give personal information to us
Types of personal information collected and categories
We categorise the data we collect into three groups;
1) Registered User information on Services in ‘Frontline’
- First Name
- Last Name
- Name of Service Provider/s (on whose behalf you are using the Site)
- Address of Service Provider/s
- Company/ Charity registration details
- Phone Number
- Email Address
- Security levels within the Site
- Visits and time on the Site
- Opt in to newsletter/service updates
2) Service information
- Number of Registered Users
- Referral activity by the Service
- Referral activity to a Service
- Signpost activity by the Service
- Signpost activity to a Service
- Activity of users (frequency and time using the sites)
- Service details (address, delivery methods, opening times etc)
3) Referred person information
(Personal data of someone being referred by a Registered User or shared by a member of the public)
- First Name
- Last Name
- Date of Birth
- Phone number
- Reason for referral
Additional discretionary fields for all referrals:
- Additional telephone numbers
- Preferred method of contact
- Best time to call
A Registered User creating a Service Provider’s online referral form on the Site is also able to create additional mandatory or discretionary fields to ensure that they have the information they require to receive a good referral. This may potentially include a field that collects sensitive data if this is necessary (and authorised by FRL). Making a referral to an organisation, for example, a rape crisis service, a dementia support service or an LGBT support group may also indirectly communicate sensitive personal data.
How we use your data
We will use data to:
- ensure that Registered Users can promote and maintain details of their Service Provider’s services in a format that is easily accessible to all users
- ensure that all users can identify local health and wellbeing services
- ensure that all users can securely send referrals or self-refer to services that allow this facility
- monitor a referral to ensure that it has been actioned
- contact all Registered Users when updating them on developments or changes in the Site
- produce client anonymised statistics about referral and signposting activity between services
- produce client anonymised statistics on the age and gender profile being referred through the Site.
The legal basis of processing your data
We securely transfer and monitor referrals and call back requests after a Registered User or member of the public has clicked the on-line box on the referral form to confirm that consent has been given to share this information.
Consent can be removed at any time by the Registered User updating their account or by contacting us (see details below).
We may contact all Registered Users to update them on important developments or changes in ‘Frontline’ if we believe we have a legitimate to do so.
We will produce client anonymised statistics about referral and signposting activity between services and client anonymised statistics on the age and gender profile being referred through the system.
Control of information and data
Services on ‘Frontline’ are created and managed by the Service Providers that use the system – as Data Controllers, they are responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of the information stored and transmitted. We are not responsible or liable for the deletion, correction, destruction, damage, loss or failure to store data within your Account.
Although referral information has been shared with consent, data is still controlled by the Data Controller providing the information to us as a Data Processor.
If a member of the public uses Frontline, we will act as a Data Controller in respect of all personal data provided by that person to us.
Client anonymised data and information about the use and activity of ‘Frontline’ by Services and the public is owned by us.
Who we share your personal information with
Under the instruction of a Data Controller or consent of a member of the public we share personal referral information only with the Service Provider that has been selected to receive that referral.
However to provide Frontline – we do share need to share your personal data as required or permitted by law by using a third party providers as described below:
Hosting Services: We host the Frontline Sites and operate the platform using third parties, including MongoDB Atlas and Microsoft Azure. Sites are hosted from data centers in the UK.
Website functionalities: We may use third-party services either embedded into our website (such Google® Analytics) or outside of it (such as SendinBlue) to communicate with you or to enhance the function of the website and the services.
Customer engagement: We use third-party service providers and platforms (such as Google Workspace and Wix) for customer engagement and product feedback.
We share client anonymised data and information about the use and activity of ‘Frontline’ by Registered Users and the public with anyone who we consider to have a legitimate to review the data. This may include funders, health and wellbeing boards, Registered Users and prospective organisations considering use or funding of the Site.
How we keep your information safe
The Frontline Site has been designed as a secure, multi-agency referral system and here are some of the ways we ensure that your data is safe and that we are GDPR compliant:
- ‘Frontline‘ Sites are hosted on Microsoft Azure and data is stored within the UK
- Registered users of the system have individual passwords and enter the system using a secure login area, protected by an SSL certificate. We also utilise two-factor authentication.
- Registered Users allocate individual users only the authorities required to access the data necessary for the role they undertake
- System training emphasises the importance of password security, confidentiality, client consent and only sharing information that is relevant to an effective referral
- A referral can only be made if a consent box is ticked
- Registered Users can only see activity related to their own organisation
- Identifiable information about an individual is only held for a maximum of 90 days; after this time personal data is deleted and rendered unrecoverable.
- ‘Frontline Referrals’ app communicate with the website using a secure REST based API, which is read-only for the library of services, and write only for submitting referrals so the app is not involved in any sensitive data transfer
- Everyone working or volunteering for or on behalf of ‘FRL that is able to access to and/or process Personal Data held within the Frontline Site are subject to confidentiality requirements and annual Information Assurance Training and work in organisations with embedded safeguarding policies
- Information held about Service Providers can be edited and deleted on-line by Registered Users with administration rights at any time
- Personal information on a referral can be amended or corrected after transmission by a Registered User, with access rights to referral information, until the point that information is accessed by the service that is receiving the referral
- We back up information over night and keep disaster recovery files for a 2 days.
Although we make every effort to ensure the security and integrity of the Frontline Site and our associated communications and activities, unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we use strict procedures and security features to try to prevent unauthorised access, we cannot ensure or guarantee the security of information when it is being transmitted.
Contact us about your information
If you have any questions about how your information is collected or used, you can contact us by:
Telephone - 01799 618855, open Monday to Friday 9am-4pm
Email - firstname.lastname@example.org
You can contact us to:
- find out what personal information we hold about you
- correct your information if it’s wrong, out of date or incomplete
- request we delete your information
- ask us to limit what we do with your data - for example, ask us not to share it if you haven’t asked us already
- ask us to give you a copy of the data we hold in a format you can use to transfer it to another service
- ask us to stop using your information
Frontline is a community project. Thank you to all services and users of this site who are actively improving local joint working.