Privacy Policy

Capa First Response CIC
Child to Parent Abuse
Capa First Response CiC Privacy and Confidentiality document
Document Date: September 2020
Date revised: October 2020
Capa First Response is committed to protecting the privacy of all people who we hold information on (referred to as data subjects).
The following document outlines how we use and protect your information and who to contact if you have any issues or queries regarding this. This policy is fully compliant with GDPR regulations and ensures we conform to all European laws as the
“data controller” of the information you provide to us.
How we collect your information
We collect your personal information when you use our services. We use this
information to help us improve our services and optimise customer experience.
We collect information:
● When you contact us directly via email, phone, message, via our social media
chat functions;
● When you complete booking, referral, enquiry, application, evaluation forms
(online and hard copy) for Capa services;
● When you browse and use our website (see cookie policy which is displayed
when you visit our website);
● When your personal information is passed on to us (with your consent) from
authorised third-parties.
Information that we collect from you
As part of our commitment to the privacy of our data subjects and visitors to our
website, we want to be clear about the sorts of information we will collect from you.
When you contact us directly (or your personal information is passed on to us from
authorised third parties), you (or the authorised third party) are asked to provide
information about yourself which includes your name, contact details, address, detail
of enquiry (which may include background information, including date of birth, marital
status, gender and ethnicity).
If after receiving a 3rd party referral and it is not appropriate for Capa services we will
inform the referrer of this decision. If Capa receives a direct referral (self referral)and it
is not appropriate we will signpost if able to the most appropriate service for them.
We also collect information about your usage of our website (and/or social media
platforms) and information about you from any messages you post to our website
(and/or social media platforms) or when you contact us or provide us with feedback,
including via e-mail, letter, phone or chat function. If you contact us by phone, we may
Capa First Response CIC
Child to Parent Abuse
record voicemails (and retain them for a reasonable period of time), and may make
notes in relation to your call.
We process health information about you only where you volunteer and consent to
this, for example if you specify any food allergies on Capa Training booking forms.
Use of your information
We will only process the data we collect about you if there is a reason for doing so,
and if that reason is permitted under data protection law. We will have a lawful basis
for processing your information: if we need to process your information in order to
provide you with the service you have requested or to enter into a contract; if we have
your consent; if we have a justifiable reason for processing your data; or if we are
under a legal obligation to do so.
Where we need to, in order to provide you with the service you have requested or to
enter into a contract, we use your information:
● to enable us to provide you with access to relevant documentation and
● to supply the services you have requested;
● to enable us to collect payment from you; and
● to contact you where necessary concerning our services, such as to resolve
issues you may have with the service you have received from Capa.
We also process your data where we have a justifiable reason for doing so – for
example personalisation of our services, including processing data to make it easier
and faster for you to find out about and access Capa services.
We have listed these reasons below:
● to improve the effectiveness and quality of service that our service users can
expect from us in the future;
● to enable our support services team to help you with any enquiries or
complaints in the most efficient way possible;
● to contact you for your views and feedback on our services and to notify you
if there are any important changes or developments to our website or our
services, including letting you know that our services are operating in a new
area, where you have asked us to do so;
● to analyse your activity on our website and social media streams so that we
can administer, support, improve and develop our business and for statistical
and analytical purposes;
● to enforce our contractual terms with you and any other agreement, and for
the exercise or defence of legal claims and to protect the rights of Capa, and
our employees; and
● If you submit comments and feedback regarding our services, we may use
such comments and feedback on our website, social media streams and in
any marketing or advertising materials. We will only identify you for this
purpose by your first name and the city in which you live.
Capa First Response CIC
Child to Parent Abuse
Where we are under a legal obligation to do so we may use your information to:
● create a record of your interactions with Capa;
● comply with any legal obligation or regulatory requirement to which we are
You can set your browser to refuse all or some browser cookies, or to alert you when
websites set or access cookies. If you disable or refuse cookies, please note that
some parts of our site may become inaccessible or not function properly.
Capa uses Google Analytics software (Universal Analytics) to collect information about
how you use the Capa website. We do this to help make sure the site is meeting the
needs of its users and to help us make improvements, for example improving site
content and navigation.
Google Analytics stores information about:
● the pages you visit on our website
● how long you spend on each website page
● how you got to our website
● what you click on while you’re visiting our website
Google Analytics does not collect or store your personal information (for example
your name or address) so this information can’t be used to identify who you are.
Direct marketing
Where you have given your consent or where we have a justifiable reason for doing
so (and are permitted to do so by law) we will use your information to let you know
about our other products and services that may be of interest to you and we may
contact you to do so by email or phone. You can control your email marketing
preferences by:
● clicking on the ‘unsubscribe’ button which can be found on the footer of Capa
newsletters (this will automatically remove you from future Capa newsletter
● replying to with ‘unsubscribe’ in the subject field
to be removed for future Capa mailouts (details of how to unsubscribe can be
found in the footer of every Capa mailout).
Retention of your information
We will not retain your information for any longer than we think is necessary.
Information that we collect will be retained for as long as needed to fulfil the purposes
outlined in the ‘Use of my information’ section above, in line with our legitimate
interest or for a period specifically required by applicable regulations or laws, such as
retaining the information for regulatory reporting purposes.
When determining the relevant retention periods, we will take into account factors
● our contractual obligations and rights in relation to the information involved;
Capa First Response CIC
Child to Parent Abuse
● legal obligation(s) under applicable law to retain data for a certain period of
● statute of limitations under applicable law(s);
● our legitimate interests (potential) disputes; and
● guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information where we no longer require your
information for the purposes collected.
Disclosure of your information * please see appendix at the bottom of this document
regarding classifications of data.
The information we collect about you will be transferred to and stored on our servers
located within the EU (Brighton, England). We are very careful and transparent about
who else your information is shared with.
Sharing your information internally
We share your information internally only where necessary for the purposes set out in
section 4.
Sharing your information with third parties
We share your information with third party service providers only where necessary for
the purposes set out in section 4. The types of third party service providers whom we
share your information with includes:
Payment providers (including online payment providers and fraud detection
providers): for the purposes of providing services to us, for example when they
process information such as credit card payments for us, provide support services to
you or carry out fraud checks for us;
IT service providers (including cloud providers): for the purposes of data storage,
management and analysis;
Commissioners (including local authorities, schools, health services and statutory
authorities) for the purposes of contract compliance; progress reporting on services
being provided on behalf of commissioners; duty of care; safeguarding regulations;
legal compliance, research and evaluation.
Capa will take all steps reasonably necessary to ensure that your data is treated
securely and in accordance with this privacy policy when it is transferred to third
Capa will ensure when sharing information or data with external agencies, a sharing
agreement is in place agreeing information sharing and vis versa.
We may also share your information:
● if we are under a duty to disclose or share your information in order to comply
with (and/or where we believe we are under a duty to comply with) any legal
obligation or regulatory requirement. This includes exchanging information
with other companies and other organisations for the purposes of fraud
protection and prevention and safeguarding.
● in order to enforce our contractual terms with you and any other agreement;
● to protect the rights of Capa, employees, or others to prevent fraud; and
Capa First Response CIC
Child to Parent Abuse
● with such third parties as we reasonably consider necessary in order to
prevent crime, e.g. the police.
International transfers of data
In some cases the personal data we collect from you might be processed outside the
European Economic Area (“EEA”). These countries may not have the same protections
for your personal data as the EEA has. However, we are obliged to ensure that the
personal data that is processed by us and our commissioners outside of the EEA is
protected in the same ways as it would be if it was processed within the EEA. There
are therefore certain safeguards in place when your data is processed outside of the
We ensure a similar degree of protection is afforded to it by ensuring at least one of
the following safeguards is implemented:
● your personal data is transferred to countries that have been deemed to
provide an adequate level of protection for personal data by the European
● we use the EU approved Standard Contractual Clauses; and
● where your personal data is transferred to third party providers based in the
US, data may be transferred to them if they have self-certified under the
Privacy Shield framework in relation to the type of data being transferred,
which requires them to provide similar protection to personal data shared
between the EU and the US.
Please contact us at if you want further information on the countries
to which personal data may be transferred and the specific mechanism used by us
when transferring your personal data out of the EEA.
We adopt robust technologies and policies to ensure the personal information we
hold about you is suitably protected.
We take steps to protect your information from unauthorised access and against
unlawful processing, accidental loss, destruction and damage.
Where you have chosen a password that allows you to access certain parts of the
Capa website, you are responsible for keeping this password confidential. We advise
you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely
secure. Although we will take steps to protect your information, we cannot guarantee
the security of your data transmitted to the Capa website and social media streams;
any transmission is at your own risk. Once we have received your information, we will
use strict procedures and security features to try to prevent unauthorised access.
Your rights
Under data protection law, you may have a number of rights concerning the data we
hold about you. If you wish to exercise any of these rights, please contact our Data
Protection Officer at For additional information on your rights please
contact your data protection authority and see below.
Capa First Response CIC
Child to Parent Abuse
The right to be informed. You have the right to be provided with clear, transparent and
easily understandable information about how we use your information and your rights.
This is why we’re providing you with the information in this policy.
The right of access. You have the right to obtain access to your information (if we’re
processing it). This will enable you, for example, to check that we’re using your
information in accordance with data protection law. If you wish to access the
information we hold about you in this way, please get in touch
The right to rectification. You are entitled to have your information corrected if it is
inaccurate or incomplete. You can request that we rectify any errors in information
that we hold by contacting us at
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple
terms, enables you to request the deletion or removal of certain of the information
that we hold about you by contacting us at
The right to restrict processing. You have rights to ‘block’ or ‘suppress’ further use of
your information. When processing is restricted, we can still store your information,
but will not use it further.
The right to data portability. You have the right to obtain your personal information in
an accessible and transferrable format so that you can re-use it for your own purposes
across different service providers. This is not a general right however and there are
exceptions. To learn more please get in touch at
The right to lodge a complaint. You have the right to lodge a complaint about the way
we handle or process your information with the national data protection authority, for
the UK this is the Information Commissioners Office (ICO).
The right to withdraw consent. If you have given your consent to anything we do with
your information (i.e. we rely on consent as a legal basis for processing your
information), you have the right to withdraw that consent at any time. You can do this
by contacting us at Withdrawing consent will not however make
unlawful our use of your information while consent had been apparent.
The right to object to processing. You have the right to object to certain types of
processing, including processing for direct marketing and profiling. You can object by
changing your marketing preferences or disabling cookies as set out in sections 5
and 6 above.
Changes to Capa’s Privacy Document
Any changes to our privacy document will be posted on the Capa website and, where
appropriate, we will notify you of the changes for example by email.
This privacy document was last updated: 30/09/2020
If you’re not satisfied with our response to any complaint or believe our processing of
your information does not comply with data protection law, you can make a complaint
to the Information Commissioner’s Office (ICO) using the following details:
Capa First Response CIC
Child to Parent Abuse
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
Telephone number: 0303 123 1113
I have read and accept the Capa Privacy Policy and consent to Capa storing my
information and contact details?
Contact Capa
Classifications of Data
Personal data – Name Address DoB , Contact details
Sensitive data – info sharing about family history, personal detail of what experienced,
Sexual orientation, ethnicity , wider demographics.