DDP Connects UK CIC Privacy Policy

1. General Information

We are committed to protecting your privacy and will handle all information we receive from you in accordance with the UK DPA 2018 and GDPR Data protection legislation.

Who are we?

DDP Connects UK is a not-for-profit Community Interest Company (CIC) incorporated on 12 April 2017 as a private company limited by guarantee without share capital.

Our Companies House registration number is 10722944.

Our address is DDP Connects UK CIC, 2nd Floor, The Fragrance House, Haydon, Wells, Somerset, UK, BA5 3FF.

Our activities are carried out for the benefit of families, voluntary bodies and professionals working within social services, education and health who work with families where trauma has impacted on a child’s development.

Our aims include informing people about Dyadic Developmental Practice, Parenting and Psychotherapy (DDP), providing and maintaining public resources relating to information about DDP including research, training and developments and providing and maintaining a public register of Practitioners in the UK qualified in Dyadic Developmental Psychotherapy.

We also promote the mental health and well-being of children who have had adverse experiences and/or experienced developmental trauma.

Our aims are met via the work of our directors, colleagues and through the DDP Network websites including the DDP Connect UK website and the DDPI pages of the main DDP Network website.

What are the links between DDP Connects UK and the DDP Network website?

This privacy policy relates specifically to DDP Connects UK CIC. The effective running of the work of DDP Connects UK relies on services integrated in the DDP Network websites.

DDP Connects UK is one of the four connected websites that make up what we call “DDP Network”. The other websites are DDP Network, DDP USA & Canada and DDP Members. DDP Members site users are invited DDPI-approved Consultants, Trainers, those in training to become Consultants and Trainers, the DDPI Board and the DDP Connects UK Board of Directors and Honorary Associates.

Please read the DDP Network Privacy Policy for further information.

DDPI is the Dyadic Developmental Psychotherapy Institute, a not-for-profit training and certification institute based in the United States.

2. What information do we collect about you?

1. Information, when relevant, for invoicing, billing and payments: Your name, email, postal address, the name, email and postal address of the organisation you work for, telephone and mobile numbers and any necessary bank account details.
2. A summary of the certification application information required for the DDPI-approved practicum. You provide this information to your DDP Consultant who sends us a summary. Your Consultant retains the full details of the information you provide.
3. The name, email, profession, location and organisation of individuals who attend DDPI-approved Level One and Two trainings. You provide this information to your DDP Trainer who sends a summary to us. Your DDP Trainer retains the signed consent forms.

Information about historical data

Between 2010 and 2017 you may have sent paper records containing the personal information necessary to apply for certification to Julie Hudson, in her role of UK DDPI Member at Large. These are stored securely. These will be kept for as long as you are a certified Practitioner, Consultant or Trainer in DDP. They will be removed when you are no longer certified. Paper records will be transferred to any subsequent DDPI Members at Large for the UK

All new information given to us by you for the purposes of certification application will be added directly to our online database software. Data collected between 2012 -2018 and stored online is being transferred to our online software.

3. How we collect personal information from you

We collect personal information about you when you provide it to us. DDP Consultants collect certification application materials from you. Trainers collect organisation details, training attendance and email consent information that you provide. Consultants and Trainers send a summary of this information to named directors and administrators who add your information to our online database.

4. Why do we need your personal information?

The main ways in which we may use your personal information are:

1. To meet our legal obligations
2. For billing and payments
3. To provide you with our services. These include:
   • Coordinating events, local support groups and training
   • Holding a UK-based conference every one to two years
   • Making information, including a library of research, available free to all online
   • Adding you as a subscriber to our DDP Connects UK Newsletter when you ask us to
   • Publishing the regular DDP Connects UK newsletter
   • Keeping a record of who has attended DDP Level One and Two trainings to enable us to confirm attendance as required for certification applications and to issue repeat attendance certificates, as request by attendees
   • Supporting the supervision and certification of DDP Practitioners, Consultants and Trainers in the UK and Ireland
4. Create groups to share specific information with, such as to Practitioners to contact them about services or to organisations who commission training directly from DDP Trainers

5. Who do we share your personal information with?

 We may share your personal information to comply with legal obligations, respond to enquiries and complaints and support the services we offer, such as:

• Booking you on a training or conference using the DDP Connects UK website
• Collecting fee payments from organisations that commission DDP Trainers to run Level One and Two and other trainings
• Organise training and conferences
• Finding you a supervisor when you have asked us to. This may include supervisors who live outside Europe, such as in the United States and Canada

Other than described above, we will not share your information to third parties for any reason, including marketing purposes.

Security

Once we receive your information we do our best to keep your personal information safe on our systems. Suitable protection is maintained at all times by ensuring that appropriate safeguards are in place. We ensure the smallest number of named individuals have access to our information processing partners.

We only work with processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.

In general, the processing partners used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

Non-sensitive information, such as your email address, are transmitted over the internet. This can never be guaranteed to be 100% secure. We cannot guarantee the security of information you send to us over the internet for the same reason.

Transferring your information outside Europe

Your data will be transferred outside of Europe when we add information to the DDP Connects UK & DDPI shared online database software. This holds information about:

• DDPI-approved Practitioners, Consultants and Trainers, and those in training
• Individuals who have attended DDPI-approved Level One and Two trainings

Our database includes information about all such individuals across the world, including Europe, the USA, Canada, Australia and New Zealand. Only a small number of DDP Connects UK and DDPI board directors and administrators are allowed access to process your information.

GPDR expands the definition of personal data to include photos. This is relevant for our four connected DDP Network websites because we add photos of individuals, who consent and send them to us, to their profiles. For individuals certified in the UK and Ireland, a DDP Connects UK director collects this information. It is stored on the DDP Network website.

When information is processed that involves the services of a processing partner, your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For example, if DDP Trainers living in the United States run relevant trainings in the UK or Ireland and they pay the training fee to DDP Connects UK, their transaction may be processed by a payment gateway located in the United States. Then their personal information used in completing that transaction may be subject to disclosure under United States legislation.

Whether you live inside or outside the EU, by booking a place on a DDP Level One and Two training or a conference located in the UK or Ireland, you agree to the transfer, storing and processing at a location outside the EU of your attendance and personal data.

If we transfer your data out of the EU we will only do so when necessary and make sure appropriate security measures are taken to ensure your privacy rights are still protected.

Data processing addendums (DPA’s) have been signed with all applicable data processors.

6. How long do we keep your information?

• Billing and payments information – 7 years or until a request for deletion
• Booking information for training or conferences- 7 years or until a request for deletion
• Certification application and profile information – until a request for deletion, request to cease certified, certification expired or suspended
• Training attendee information – Until a request for deletion. Confirmation of Level One training attendance is required for attendance at Level Two training. Confirmation of Level One and Two training attendance is required should an individual apply to be certified as a Practitioner after attending Level Two. No time limits are applied.

7. What are your rights?

Your rights relevant for DDP Connects UK are to:

• Request access to the information we hold about you (Data Access Request)
• Request a copy of your data (Data Portability)
• Ask us to delete the personal information we hold about you when it is no longer required for a legitimate company need, such as sending you invoices or paying your bills (Right to be forgotten)
• Amend or correct your information if you believe the information we hold about you is incorrect, inaccurate or needs updating (Right to rectification)
• Withdraw consent (Right to withdraw)
• Be notified “without undue delay” if your personal data is compromised

Data portability and other rights don’t apply in all circumstances. We will need to validate your identity before we can respond to your requests.

Once we have validated your identity, we aim to respond to your request within 30 days and no later than 90 days from receipt of complex requests. We will let you know if we need additional time to complete. This process is provided free of charge unless the request is deemed to be “manifestly unfounded, excessive or repetitive”.

8. Children

Our services are not directed to individuals aged under 16. We do not process any data about children aged under 16.

9. Making a data protection complaint

If you have any concerns about the use of your personal data you can raise a complaint directly against us. Please address any concerns to Julie Hudson at julie.hudson@ddpnetwork.org.

The EU asks national agencies to enforce GDPR. In the UK this is the UK Information Commissioner’s Office (ICO). If you are not satisfied with the way we handle your complaint you are entitled to raise a complaint directly with the ICO via details available on their website: www.ico.gov.uk.

10. Changes to our Privacy Policy

You can review the most current version of our privacy policy at any time here. We reserve the right to update, change or replace any part of this privacy policy from time to time. It is your responsibility to check for changes so please visit the policy periodically to ensure you are happy with any changes. By using our services you are agreeing to be bound by this policy. By using our website you are agreeing to be bound by the website privacy policy.

11. Who can you contact?

Please contact us if you have concerns about the privacy of your personal data or require further information about how we manage your personal information. DDP Connects UK has a lead director responsible for data protection compliance.

Julie Hudson is our GDPR lead director. You can contact Julie by email or post.

Email: julie.hudson@ddpnetwork.org.

Post, using our company address:
Julie Hudson, Director, DDP Connects UK CIC
2nd Floor, The Fragrance House, Haydon, Wells, Somerset, UK, BA5 3FF

To contact DDPI please email: ddpi.admin@ddpnetwork.org

Last modification was made 9 December 2019