1. General

1.1 These terms and conditions apply to any use of www.essexfrontline.org.uk, www.hertsfrontline.org.uk,  www.northumberlandfrontline.org.uk, their sub-domains, the Frontline Referrals Mobile Application and www.frontlinereferrals.org.uk (the “Site”).  The Site has been developed by and/or on behalf of Uttlesford Citizens Advice Bureau (Registered office: Barnards Yard, Saffron Walden, Essex, CB11 4EB Company Registration No: 3771142 Charity Registration No: 1078222) (“UCA”) and Frontline Referrals Limited (Registered office: Barnards Yard, Saffron Walden, Essex, CB11 4EB Company Registration No: 13459209) (“Frontline”).  Frontline is wholly owned and controlled by UCA. 

1.2 The Site is a simple, secure tool that allows workers in Statutory and Voluntary organisations access to a managed, web-based referral and signposting solution.  This allows Registered Users to:

• Identify what local community based services best address the wellbeing needs of people they are supporting.
• Print or email details of a service to share, with the knowledge that information on the service is regularly updated by the Service’s on the Sites.
• Make a secure referral for vulnerable clients or patients to a service and see that it is acknowledged and actioned in real time.

1.3 References in these Terms of Use to:

(A) “Data Protection Legislation” means all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR (which has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018); the Data Protection Act 2018 (and regulations made thereunder)  and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).

(B) Each of the terms “Controller, Data Subject, Processor, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures” has the meaning given to it in the Data Protection Legislation

(C) “Registered User” means an individual who has been registered to use the Site pursuant to clause 2;

(D) “Service Provider” means any organisation making or receiving referrals through the Site (or otherwise promoting services on the Site) and on whose behalf a Registered User is acting (whether as an employee, volunteer, contractor or otherwise) in its use of the Site;(E) “you” means a Registered User or Service Provider  as the context requires.

1.3 By using this Site in any manner you agree (on behalf of yourself and the Service Provider on whose behalf you are using the Site) to be bound by these Terms of Use. These Terms of Use apply to all Registered Users of the Site, in whatever capacity they may use the Site. 

1.4 Your use of the Site is subject to our Privacy Policy . These Terms of Use also incorporate all other rules policies and procedures that may be published from time to time on the Site, each of which is incorporated by reference and each of which may be updated from time to time without notice to you.

1.5 These Terms of Use may be revised from time to time by updating this page. The revised terms of use will take effect when they are posted.

1.6 These Terms of Use only cover the Site; other websites linked from this Site are not covered by these Terms of Use and once another website has been accessed via one of the links from the Site users will be subject to the security and privacy policy of that site.

1.7 If any part of these Terms of Use is held to be unenforceable, the unenforceable part shall be given effect to the greatest extent possible and the remainder will remain in full force and effect.

1.8 These Terms of Use and any non-contractual obligations arising from or connected with them will be governed by the laws of England and Wales and these Terms of Use shall be construed in accordance with the laws of England and Wales. You irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms of Use.

2. Registration

2.1 Use of the Site is subject to receipt and acceptance by Frontline of accurate, complete and updated registration information. Failure to do so shall constitute a breach of these Terms of Use, which may result in immediate termination of use of the Site.

2.2 Each Registered User authorises Frontline to assume that any person using the Site with theiruser name and password is the relevant Registered User and is authorised to act for their Service Provider.

2.3 Registered Users must not:

(A) select or use as a username a name of another person with the intent to impersonate that person; or

(B) use as a username a name that is offensive, vulgar or obscene.

2.4 Frontline reserves the right to refuse an application for registration or to cancel the registration of a Registered User in its sole discretion. Registered Users are solely responsible for activity that occurs on their account and shall be responsible for maintaining the confidentiality of their passwords.  Registered Users must never use another user’s account. Registered Users must immediately notify Frontline in writing of any unauthorised use of their account, or other account related security breach of which they are aware.

2.5 Frontline may (without prejudice to Clause 2.4) cancel the registration of a Registered User in the event of any breach by that Registered User of these Terms of Use.

2.6 Each Service Provider is responsible for ensuring that its Registered Users comply with these Terms of Use.

2.7 Registered Users and Service Providers accept that Frontline:

(A) may change, suspend or discontinue access to the Site at any time; and

(B) has no obligation to store, maintain or provide copies of any content or information that is provided by you or others, except to the extent required by applicable law or our Privacy Policy.

2.8 A Registered User may cancel their registration by written notice to Frontline.

3. Eligibility to join the ‘Library of Services’ as a Service Provider

3.1 The Site contains information relating to services available from Service Providers. Frontline expressly excludes any liability for, or in respect of, any services provided or agreed to be provided or offered by a Service Provider.

3.2 Any charity, not-for-profit organisation, statutory service or social enterprise can request to join the ‘Library of Services’ within the Site as a Service Provider if they deliver a service that is considered by Frontline to improve the health or wellbeing of residents within the relevant geographical area.  Applications by any other organisations wishing to join the Library of Services will be considered on a case by case basis by Frontline. Acceptance to join (and continued participation in) the ‘Library of Services’ is at the sole discretion of Frontline, who has the right to refuse a request (or to remove a Service Provider from the Library of Services) for any reason.

3.3 Acceptance to join the ‘Library of Services’ does not imply any endorsement or otherwise by Frontline on the suitability of a Service Provider or the safety or quality of a service provided by a Service Provider.  Registered Users and Service Providers are responsible for satisfying themselves of the suitability of Service Providers, or the safety or quality of a service provided by a Service Provider. Frontline does not warrant the accuracy or completeness of information on the Site relating to the services available from a Service Provider and excludes any liability to Registered Users, Service Providers or any third party in respect of such information.  Service Providers are solely responsible for all information provided by (or on behalf of) them to Frontline and agree to indemnify Frontline in respect of any liability incurred by Frontline in respect of such information.

3.4 Any Service Provider accepted onto the ‘Library of Services’ must ensure that the information it provides on the Site relating to its services is accurate and not misleading, complies with all applicable laws, including privacy and intellectual property laws and regulatory requirements and keep it updated with any changes, developments or termination of services covered within the Library in a timely manner.

3.5 Any Service Provider accepted onto the ‘Library of Services’ must use the Site only in the manner it has been designed for, not post anything that contains software viruses, worms or any other harmful code and not do anything that would interfere with the operation of the Site or place an unreasonable or disproportionately large load on the Site.

4. Eligibility to use the system for printing, emailing service information and making referrals

4.1 Any Registered User may use the Site to print or email information regarding the services available from a Service Provider or make referrals of an individual to a Service Provider.

4.2 Registered Users must not use the Site for any purpose or in any manner for which it was not (from any reasonable inference) designed or intended.

5. Obtaining consent from clients or patients

5.1 Each Service Provider must ensure that its Registered Users are fully aware of the need to obtain the relevant person’s  consent before using the Site for a referral. 

5.2 Each Registered User must obtain verbal or written consent from the relevant person before making a referral on their behalf.  When referring someone who is a child or young person (under 18 years) the Registered User must consider whether this complies with their organisation’s safeguarding policy.  Otherwise the referral should be made in the name of the parent or guardian. 

5.3 Each Service Provider must provide training to its Registered Users on the importance of asking for consent from the relevant person to participate in a satisfaction survey about the referral and service they will receive.

5.4 Each Registered User must seek consent from the relevant person to participate in a satisfaction survey about the referral and service they will receive.

6. Contacting the Administrator

6.1 Each Registered User must report any actual, suspected or potential security breaches of which it becomes aware to Frontline as soon as possible.  Contact details for Frontline are specified in the Privacy Policy.

6.2 Frontline will inform affected Service Providers in they are aware of any actual, suspected or potential security breach.

6.3 Each Registered User must use the Site appropriately and report any technical problems of which it becomes aware to Frontline as soon as possible.

6.4 Each Service Provider must maintain at least one Registered User with administration rights.

7. Password Management and access to data

7.1 Frontline has access to all records and data on the Site and has the right to amend, redact and delete data within their role to practise good information assurance and online security. 

7.2 Registered Users with administration rights have the ability to create/ amend and delete the services of their Service Provider on the Site.

7.3 Registered Users with administration rights have access to all data held on the Site that has been sent or received by their Service Provider’s Registered Users; clients’ personal data is deleted and rendered unrecoverable after a maximum of 90 days. Registered Users with administration rights can suspend Registered Users and accept or reject requests to become a Registered User for their Service Provider .

7.4 Registered Users with administration rights can set access levels for security for Registered Users that they authorise to work with their Service Provider. They can decide if someone can amend service details, create reports, add/ delete Registered Users, open referrals to their service and either see only their own referrals or all referrals from their Service Provider. They accept (on behalf of their Service Provider) responsibility for carrying out appropriate checks before adding and authorising new Registered Users.  .

7.5 Each Registered User with administration rights must ensure that all Registered Users authorised for their Service Provider are made aware of their responsibility to keep passwords confidential, safe and secure.  Passwords are created by individual Registered Users and must not be used by anyone other than the defined Registered User.

7.6 Each Registered User must ensure that their passwords remain confidential, safe and secure and are not shared with anyone.

7.7 Passwords should be at least 8 characters long and should contain a mixture of upper and lowercase letters and numbers, and use other characters such as # *@ $ etc. It is good practice and recommended that Registered Users change their password at regular intervals to maintain security.

7.8 If a Registered User leaves their Service Provider, the Registered User with administration rights for that Service Provider must be informed as soon as possible so that their login details can be deactivated from the Site. Registered Users with administration rights must carry out regular housekeeping to ensure that information on last visits to the Site is easily visible.

7.9 If a Service Provider receives a Subject Access Request (SAR) or a request to erase information for a client or patient, Frontline must be informed as soon as possible and will support you in this process within the Site in accordance with paragraph 15.4.

8. Confidentiality

8.1 Each Service Provider must ensure that the confidentiality of information disclosed to them by persons wishing to be referred through the Site is properly protected and shared only to the extent necessary for the purposes of ensuring a safe and effective referral to another Service Provider within the terms of the consent given by the person being referred.

8.2 Any information that is sent or received through the Site must not be disclosed or otherwise passed on unless the client has directly given express permission to do so.

8.3 Client or patient data must only be used by Registered Users to make a referral and/or (and then only where the client or patient has consented) to allow Frontline to obtain client or patient satisfaction feedback on the referral and the service obtained through the Site.

9. Making a referral

9.1 Any Registered User making a referral must ensure that it is relevant and useful to the client or patient and that there is sufficient information in the referral to ensure that the responding Service Provider can reasonably be expected to make contact with the client or patient.

9.2 Referrals must only be made with the full knowledge and consent of the client.

9.3 By submitting a referral using the Site, the Registered User is deemed to confirm (on behalf of themselves and their Service Provider) that the client or patient has given permission to make the referral and that they have taken appropriate steps to satisfy themselves of the suitability of the Service Provider to whom they are making the referral for the relevant client or patient.

10. Receiving a referral

10.1 Each Service Provider accepting referrals and call back requests must use its best endeavours to acknowledge receipt of a referral through the Site within 3 working days.

10.2 Each Service Provider must close the referral through the Site in a timely manner.

11. Use of data

11.1 Any statistical information or satisfaction survey results derived from the Site will be anonymised so that individual clients cannot be identified.

11.2 Service Providers accept that Frontline and UCA are free to use anonymised statistics derived from the Site.

11.3 Any data on the level of satisfaction of clients or patients referred by a Service Provider through the Site is available on request by that Service Provider to Frontline.

11.4 Records regarding the use of the Site and referrals of clients or patients by Registered Users will be stored for such period as Frontline in its sole discretion considers appropriate.

12. Online security

12.1 The Site is accessible via the internet and uses a high level of encryption to ensure that client information is stored as securely as is reasonably practicable and steps are taken to ensure that personal information is treated securely from the time it is received. However, Registered Users and Service Providers must acknowledge that no system or data transmission over the internet can ever be regarded as 100% secure.   As a result, while every effort is made to protect personal information after it has been received, Frontline cannot ensure or guarantee the security of information when it is transmitted or stored and storage of personal client or patient information has been limited to a period of 90 days from the date of sending a referral. After this time personal information related to the relevant referral will be deleted and rendered unrecoverable

13. Disclaimer

13.1 To the fullest extent permitted by law and recognising that access to the Site is provided free of charge to you, Frontline excludes any liability for any loss (whether direct, indirect, consequential or otherwise), damage or inconvenience arising as a consequence of any use of (or the inability to use) any information on the Site or the functionality of the Site or for the loss of any data provided to it. Frontline cannot guarantee that the use of the Site will be uninterrupted or error-free or that the server that operates it is free of viruses or other harmful components. Frontline is not responsible for claims brought by third parties arising from the use of this Site by Registered Users, Service Providers or any other person or organisation.

13.2 Frontline excludes all  responsibility for the contents or availability of information provided by Service Providers or linked websites. The inclusion of any such information or link should not be taken as endorsement of any kind by Frontline of the relevant Service Provider or the linked website or any association with its operators.

13.3 This section 13 does not apply to any liability for death or personal injury resulting from negligence or for fraud or fraudulent misrepresentation.

14. Intellectual Property Rights

Material on the Site, including text and images, is protected by copyright. It may not be copied, reproduced, republished, downloaded, posted, broadcast or transmitted in any way except for the purposes of using the relevant Frontline Site within the scope of Clause 1.2. Prior written consent of the copyright holder must be obtained for any other use of material. Intellectual property rights (including copyright) in all materials and/or works comprising or contained within the Site remains with Frontline and/or UCA and (to the extent otherwise specified) other  owner(s). No part of the Site(s) may be distributed or copied for any commercial purpose.  Frontline and UCA reserve all intellectual property rights in any trade marks, service marks, graphics and logos incorporating (or used together with) the word “Frontline” in relation to the Site.

15. Privacy policy and data protection

15.1 All parties will comply with all applicable requirements of the Data Protection Legislation in relation to Personal Data

15.2 For the purposes of the Data Protection Legislation in relation to any Personal Data provided to 'Frontline, the relevant Service Provider is the Data Controller and Frontline is the Data Processor. All Personal Data provided to Frontline or UCA will be processed and stored and may be accessed or used in accordance with these Terms of Use and our Privacy Policy or (unless otherwise required by applicable law) with any further written instructions of the relevant Service Provider.   

15.3 Each Service Provider will ensure that it has all necessary consents to enable the lawful transfer of Personal Data to Frontline and consents to the appointment of UCA and the Council for Voluntary Service Uttlesford as a third-party processor.    

15.4 Frontline will:

(A) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

(B) provide reasonable assistance to a Service Provider, at the Service Provider's cost, in responding to any request from a Data Subject relating to Personal Data and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(C) notify the relevant Service Provider without undue delay on becoming aware of a Personal Data breach in relation to any Personal Data provided by that Service Provider;

(D) (if access to the Site is discontinued in accordance with paragraph 2.7(A) or if the Registered User’s registration is cancelled in accordance with paragraphs 2.5 or 2.8 and at the written direction of the relevant Service Provider) delete or return Personal Data provided by that Service Provider and copies thereof unless required by applicable law to store the Personal Data;

(E) maintain records and information to demonstrate its compliance with Data Protection Legislation and, on reasonable notice and at the Service Provider’s cost, permit the Service Provider or its designated auditor to have access to such records and inform the Service Provider if, in its opinion, any instruction infringes the Data Protection Legislation; and

(F) not transfer any Personal Data outside of the UK unless the prior written consent of the relevant Service Provider has been obtained.

15.4 Personal Data on the Site will be treated as confidential and will not be given, or sold to anyone or transferred except in accordance with these Terms of Use and the Privacy Policy. Information collected online will be used to help Frontline understand more about how the Site is used by Registered Users, Service Providers and the public to develop and enhance the services available through the Site from Service Providers.