Data Protection and Privacy
We are committed to protecting your data and privacy, and take great care to ensure it stays safe. This page will explain how our organization uses the personal data we collect from you and from any referrers as well as our policies and how to make complaint relating to GDPR.
Please contact our Data Protection Officer if you have any concerns or questions about how DVACT-PAI collects and uses data.
Our Privacy Policy
Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfil our statutory obligations and the provision of goods or/and services - as required by the data protection legislation, including the UK General Data Protection Regulation (UK GDPR).
While we’ve tried to make our privacy policy as comprehensive as possible, it does not include an exhaustive list of every aspect of how we collect and use your personal information. If you need any further information or explanation please contact us.
Printable versions of this information can be found at the bottom of this page.
Data Collection
Why we collect data
We collect and process personal data and in some cases special category data about the people who interact with us. The kind of data we collect depends on someone’s needs, and how they are using our services.
For instance, we might collect data to communicate with someone and send requested information to them, to help us deliver a service that we have been instructed to provide, or to improve our services.
Some of the reasons we might collect your data include:
-
to provide you with the service you have requested or been referred to
-
to record personal details shared during conversations with our assessors and facilitators to ensure we provide the best possible service
-
to record and contact you regarding payments required for self-funded services
-
to process job applications
-
to conduct surveys, carry out research and gather feedback
-
to obtain information to improve our services and user experiences
-
to address and resolve complaints about DV-ACT or our services
-
to comply with applicable laws and regulations, and requests from statutory agencies.
The type of data we collect
Our Company collects the following data:
-
Personal identification information (Name, email address, phone number, etc.)
-
Details of your case including social services documents, court documents, health data and police data
-
Details of the information you give us when attending an assessment interview or session
-
Information from forms that you complete as part of an assessment or programme
-
Records of your correspondence and engagement with us.
How we use your data
As outlined above we collect personal and sensitive data about individuals. This includes information about health, religion, sexuality, ethnicity, political and philosophical beliefs, and criminal records. We will only use this data when the law allows us to.
Generally, we do not rely on consent as the legal basis for processing your personal data. As an organisation that acts to safeguard vulnerable individuals we use recognised legitimate interest as the basis for processing data. Most commonly, we will use your personal data in the following circumstances:
-
Performance of contract: this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into an agreement with us to provide a service.
-
Legitimate Interest: this means processing data for the interests of our business in conducting and managing our business, to enable us to give you the best possible service/product and the most secure experience.
-
Comply with a legal or regulatory obligation: this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
How we collect your data
Most of the data we collect is provided by referrers such as social services, solicitors or the courts. We may also receive data directly from parents who wish to self-refer for a programme or assessment, ex- or current partners of self-referrers, or we may collect contact data when we are asked for information about a service directly. We collect data and process data when you:
-
Complete an online form to receive information or advice
-
Are referred by social services or a solicitor
-
Self-refer to us
-
Are an ex or current partner of a self-referrer
-
Complete a customer survey or provide feedback
-
Use or view our website via your browser’s cookies.
Sharing your data
If we are working with other organisations or services to support you or your family, we may have to share information with them. We only do this if we have a good reason to and it is necessary for delivering the agreed service.
Sometimes we might have to share information with authorities if we think that you or someone else is at serious risk of abuse or harm. We do not need your consent to do this.
We may need to disclose your personal information to third party individuals or organisations in line with our confidentiality agreements. Other organisations we may share your information with include:
-
Local authorities concerning child protection measures or care proceedings
-
Legal representatives concerning ongoing family court matters
-
Family courts directly in relation to ongoing family court proceedings
-
The police, if you disclose something that leads us to believe that you, your ex/partner or children may be at risk of harm.
How we store your data
We will keep all your personal information in a confidential record that is specific to your case. We use an electronic case management system and individual assessors and treatment workers may use hard copies of documents.
This means that we can keep the information you provide us, so we are able to see the history and relevant details of your case(s). This ensures that we provide appropriate and accurate assessment reports as well as suitable programme sessions.
We take information security very seriously. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal data so that it is only made available to employees, agents or contractors when they need this to provide a service to you, or for one of the other purposes discussed in this notice. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Disposal and Retention
Data disposal
We will ensure that personal data is securely disposed of when it is no longer needed.
The method of disposal should be appropriate to the nature and sensitivity of the documents concerned. This includes:
-
Non-Confidential records: place in waste paper bin for disposal
-
Confidential records: shred documents personally
-
Large confidential records: secure shredding service
-
Deletion of Computer Records
-
Secure drive storage
-
Gmail archiving storage.
Retention schedule
A retention policy (with its schedule), is a tool used to assist us in making decisions on whether a particular document should be retained or disposed of. In addition, it takes account of the context within which the personal data is being processed and our business practices. We will regularly monitor and audit compliance with this policy and update it when required.
The table within our policy available below contains the retention period that we have assigned to each type of record. This will be adhered to wherever possible, although it is recognised that there may be exceptional circumstances which require documents to be kept for either shorter or longer periods.
Websites and Online Data
Cookies
Our website also uses web beacons or pixels through third-party service providers that allow us to track conversions and activity on our website as well as generating advertisements that appear on Facebook and other search engines, like Google, for you and other potential users. Please see our Cookies Policy for more information.
If you receive an email - whether you open it, do not open it, select a link and/or browse our website - we collect this information to ensure that the information we send to people is received and relevant.
When we are monitoring people’s online activity in this way, we are using cookies. We use cookies to tailor your browsing experience and ensure we show you more relevant information. If you do not want cookies, you can set your browser to notify you when you receive one, then choose to decline it.
Please see our Cookies Policy for more information.
Safe browsing online
If you are in an abusive or controlling relationship it is important you stay safe online. To cover your tracks fully you should delete your computer’s browsing history as the internet browser you are using will keep records of all websites and webpages you visit. It is important you do not delete everything as this could raise suspicions in an abusive partner, so instead only delete the relevant websites.
Some internet search engines, like Google, keep a record of the words you have used to look for information online. To delete this information, check the settings for the toolbar/browser you use.
Please note: Deleting your history and toolbar may vary on different internet browsers. If you are worried someone will know you are trying to seek help, use a public computer (e.g. at work or in a library) or a friend’s device. We do not advise searching for help on a device you share with your abusive partner.
For further advice please visit Refuge’s tech abuse website at https://refugetechsafety.org
If you are in immediate danger, always call 999.
Queries, Requests or Concerns
The UK Data (Use and Access) Act 2025 (DUAA) introduced targeted amendments to the UK GDPR and Data Protection Act 2018. Many of its provisions are designed to offer organisations more flexibility and remove red tape, however it also introduces explicit new mandatory requirements for complaints and SAR's.
Organisations must actively facilitate data protection complaints by enabling a clear complaints process which is outlined below. We provide an online form to help you inform us of any complaints and, by law, we must acknowledge your complaint within 30 days, keep you informed, and respond without undue delay.
Your rights
Unless subject to an exemption under the data protection laws, you have the following rights with regards to your data:
-
The right to request a copy of the personal data which we hold about you;
-
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
-
The right to request your personal data is erased where it is no longer necessary to retain such data;
-
The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data;
-
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means;
-
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
-
The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests (or in performance of a task in the public interest/exercise of official authority).
Please note that the changes to GDPR in 2025 mean that when handling Data Subject Access Requests (DSARs), we are required to make "reasonable and proportionate" searches to fulfil your request, and are permitted to pause statutory timelines if additional information is required to process the request.
No fee required – with some exceptions
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to someone who has no right to receive it.
We may also contact you to ask you for further information about your request to speed up our response.
Time limit to respond
We will respond to complaints and acknowledge legitimate requests for data within 30 days.
Occasionally it may take us longer than a month to if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Queries and complaints
For all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please use our form below.
Alternatively you can call, email or write to us using the details below.
A leaflet explaining our data complaints procedure to service users is available here and at the bottom of the page.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.
Make A Data Protection Complaint
Use this form to submit a data protection complaint.
You can also call or email us with your complaint using the contact information below:
T: 0203 9678368