Privacy Policy

1. Introduction

This Privacy Policy explains how Fosterli LTD collects, uses, and protects your data in compliance with the UK General Data Protection Regulation (UK GDPR).

2. Data We Collect

We collect and process fostering-related data, including details of applicants, provided by fostering agencies and local authorities. Our platform is also used by fostering applicants, social workers, and panel members. We may also collect:

• Names and contact details of agency representatives.
• Application information submitted by fostering applicants, including personal details and supporting documents.
• User activity logs for service improvement and security monitoring.
• Cookies and tracking data for functionality and analytics.

We also send email notifications to fostering applicants, social workers, and panel members regarding their application status, assessment updates, and other relevant communications. Users may opt out of non-essential notifications where applicable through their account settings or by contacting us directly.

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Legal Obligation: Where processing is required by law or regulatory requirements.
• Legitimate Interests: To provide and improve our services while ensuring data security.
• Consent: Where users have provided explicit consent (e.g., for marketing communications).

4. Data Sharing

Fostering agencies share data with us and remain responsible for ensuring compliance with GDPR requirements as data controllers. Fosterli LTD does not verify, modify, or make decisions regarding the accuracy or completeness of the data provided. Fosterli LTD does not sell or share data with third parties unless:

• Required by law or regulatory authorities.
• Necessary for the provision of our services.
• Explicitly consented to by the user.

Fosterli LTD enters into Data Processing Agreements (DPAs) with fostering agencies to ensure compliance with UK GDPR. These agreements outline key obligations, including data security measures, access controls, breach notification protocols, and the requirement that agencies obtain necessary user consents before sharing data. Additionally, DPAs specify that Fosterli LTD only processes data in accordance with agency instructions and does not assume responsibility for the accuracy or completeness of submitted information.

If Fosterli LTD engages sub-processors (e.g., cloud service providers), we ensure they meet strict UK GDPR compliance standards and have binding agreements in place.

5. Data Retention

We retain data only for as long as required by the relevant local authority or legal obligations, in accordance with fostering regulations and UK GDPR. Agencies using our platform may define shorter or longer retention periods based on their internal policies and regulatory requirements. Fosterli LTD provides tools to facilitate data retention management, but agencies remain responsible for ensuring compliance with applicable regulations and overseeing data deletion timelines. The retention periods are as follows:

• Foster Carer Records: Retained for at least 10 years after approval ends, as per regulatory requirements. The specific retention period may be determined by the fostering agencies using the platform, in alignment with their internal policies and regulatory obligations.
• Fostering Applicant Records (for unsuccessful applicants): Retained for 3 years after application completion, unless agencies specify a different retention period based on their internal policies and regulatory requirements.
• Panel Member and Social Worker Data: Retained for 6 years after contract termination, in line with employment and contractual laws. This retention period may be adjusted based on contractual agreements between agencies and Fosterli LTD, ensuring flexibility where needed.

Upon expiration of the retention period, data will be securely deleted or anonymised using industry-standard methods such as irreversible hashing or pseudonymisation techniques. Agencies may request earlier deletion under specific conditions, subject to regulatory compliance and contractual obligations.

6. Security Measures

We implement industry-standard security measures, including:

• Encryption of sensitive data.
• Strict access controls to prevent unauthorised access.
• Secure servers and data centres located within Europe, ensuring compliance with UK GDPR and EU data protection regulations.
• Regular security audits to ensure compliance and protection.
• A structured Data Breach Response Plan, which includes notifying affected parties and regulatory authorities such as the Information Commissioner's Office (ICO) within 72 hours of a detected breach, in line with UK GDPR.

7. User Rights (Under UK GDPR)

Users have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten'): Request deletion of data where no longer necessary.
• Right to Restriction of Processing: Request limitation on how data is processed.
• Right to Data Portability: Request transfer of data to another service provider.
• Right to Object: Object to data processing under certain conditions.
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO) if concerns about data use arise.

8. Contact Us

If you have any questions about these policies or wish to exercise your rights, contact us at [email protected] or write to us at Fosterli LTD, 22 Castle Farm Road, Bristol, BS15 3NJ, United Kingdom.