The Fostering Network is the UK’s leading fostering charity and membership organisation, bringing together everyone who is involved in the lives of fostered children to make foster care the very best it can be. We have around 58,000 foster carer and 450 fostering service members, as well as hundreds of other stakeholders and supporters.
Our data protection principles
About our Privacy Policy
At The Fostering Network, we want to make sure that you can be clear and confident in our handling of your personal data. This Privacy Policy outlines how we work and how we make sure that we meet our legal, regulatory and ethical obligations. You can find detail below on how and why we collect and process your information, and the rights that you have around this.
Your personal data is protected by specific pieces of legislation and we work hard to comply with them at all times:
- The Data Protection Act 2018
- The UK General Data Protection Regulation (known as the UK GDPR)
- Privacy & Electronic Communications Regulation (known as PECR)
We always work to these specific principles of data protection:
- We take data protection extremely seriously, and have policies and procedures in place to ensure that we look after all the personal data that we hold.
- We will always make it clear to you why we are asking for certain information, and how we will use it (either via this Privacy Policy or in other information we provide to you).
- We will never sell any personal data that we hold.
- You can change your communication preferences whenever you choose, and have control over how you hear from us.
Who we are & how to contact us
The Fostering Network is the UK’s leading fostering charity and membership organisation, bringing together everyone who is involved in the lives of fostered children to make foster care the very best it can be.
We are a registered charity in England & Wales 280852 and in Scotland SCO39338, and are registered in England & Wales as a limited company no.1507277.
For the purposes of managing personal data, we are registered with the Information Commissioner’s Office, with a registration reference of Z7599932.
If you would like more information on anything in this policy, please do get in touch with our Data Protection Officer, Martha Adam-Bushell via [email protected]
Understanding your rights
It’s very important to us that you understand your rights around your data, which are laid out in law.
If you would like to discuss or exercise any of these rights, you can do so by contacting our Data Protection Officer at [email protected].
The Right to be Informed means that we will always tell you how we are going to use your data and why we are asking for it. You might see messages on some of our forms, and there is a lot of detail in this Privacy Policy.
The Right of Access means that you have the right to access a copy of your personal data that we hold and find out detail on how it’s been used. You can get in touch with us at [email protected] and we can help you with your request. We will make sure that we are confident on the identity of anyone asking for data before we release it.
The Right to Erasure / to be Forgotten means that you can ask us to delete the information we hold about you. We will always try our hardest to do this, but you should be aware that there are some circumstances where we might need to keep limited details, for example if we have a legal requirement to do so. If this is the case then we will always discuss this with you.
The Right to Rectification means that if you feel any of the information we hold about you is incorrect, we will look into this for you and make updates.
The Right to Object means that you can ask us to stop the processing that we outline in this policy.
The Right to Restrict Processing allows you to ask us to restrict how we use and manage your data, rather than to delete it.
You have the Right to Data Portability, where you can request a copy of personal data to have it transferred to another organisation.
You also have Rights related to Automated Decision Making, but we do not carry this out at present and have no plans to adopt it in the future. If that changes then we will update this policy.
If you have any concerns, questions or complaints about exercising your rights or about how we handle your data then please do get in touch with us - we’re keen to discuss any issues with you to resolve them. However you do also have a right to complain to the Information Commissioner’s
Office (ICO) who are the UK’s data protection authority. They can be contacted at www.ico.org.uk but will most likely ask you to get in touch with us first, so please do contact us if you need.
How we collect & use your information
We need to process data to manage our business needs and make sure that we can operate effectively to best serve everyone we work with. How we collect and use your information will vary depending on how you interact with us, and we have laid this out below. There are some similarities in how we manage all information:
- We have detailed IT Security measures to keep data safe, including our secure member database, which has strict controls on who can access details. Where personal data is not kept on the database, it is kept in password protected or encrypted files.
- Email data is sent and stored using our secure email database. Information about message transaction data – which means details of which messages have been sent, opened and clicked – will be kept securely by us for one year.
Membership:
When a foster carer becomes a member of The Fostering Network, their contact details are given to us either by their fostering service or by the foster carer themselves. When a fostering service becomes a member of The Fostering Network, the contact details of the named representatives from the service are given to us. These contact details are held on a secure members’ database administered by The Fostering Network until their membership has expired, when the records are made inactive, and personal information is later removed. We use this information to communicate with members about their membership, via post, email, telephone or text.
We use a third party mailing house to send members our Foster Care magazine mailing, and to share fundraising appeals. Where we have a member’s email address, we use it to keep them up to date with our work via our e-newsletters, including information on programmes, events, publications, training, products, campaigning and fundraising.
Occasionally we work with market research companies to collate the views of our members on our membership offer and wider fostering issues. From time to time we also ask members to complete surveys via a secure online portal. Completion of contact details is optional; these are kept on the portal for two years and then deleted.
Campaigning:
The Fostering Network campaigns to create change to ensure that foster care is the very best it can be. We encourage members and non-members to join us in our campaigning work. Supporters can sign up to our campaign action e-newsletter; their email address is then held on our secure email database, and recipients can unsubscribe from this e-newsletter at any time.
From time to time we ask supporters to complete surveys via a third party secure online portal.
Completion of contact details is optional; these are stored on the portal for two years and then deleted. Further contact on the survey issue will be in line with preferences given by the respondent.
We also ask members and other supporters to take digital campaign actions via a third party secure online portal. Their contact details are stored on the portal for two years. Further contact on campaigning will be in line with preferences given by the respondent.
Children’s contact details:
We collect contact details and other relevant information about children and young people who are attending our events. This information is held in paper form in locked storage and online in password-protected folders until the end of the activity or project, when it is destroyed. We also receive nominations for children as part of our Fostering Excellence Awards via a form on our website that generates an email to a restricted access inbox which can only be accessed by The Fostering Network's Award's team. The emails that are generated are retained in a restricted access inbox for two years. In addition, details are held in restricted access folders, which can only be accessed by The Fostering Network's Award's team, also for two years.
Events:
When people sign up to attend one of our events via a third party event website, their contact details are kept on the password protected website. We can download these contact details and use them to administer their attendance at that event. We store this data on our secure email database or on password-protected spreadsheets, and delete it after two years unless the event is part of a project when we will keep the data in line with project requirements (usually until the project is finished).
When people sign up to attend one of our events directly with The Fostering Network, we use this to administer their attendance at that event. We store this data on our secure email database or on password-protected spreadsheets, and delete it after two years unless the event is part of a project when we will keep the data in line with project requirements (usually until the project is finished).
Attendees at events may be asked if they wish to receive further information or invitations from us about future events. If they agree, their contact details will be kept securely for this purpose.
Working with JustGiving:
We work with a third party called JustGiving to manage our donations, gift aid and some events sponsorship. When you give your details to JustGiving (either by setting up a page or making a donation) then you are asked to indicate if you are happy for those details to be passed to us. We can only access your information if you agree to this, at which point we add it to our secure systems.
Helplines and independent support:
When people contact our helplines, their contact and enquiry details are kept permanently on a secure database, in order that we can support follow up or further enquiries from the same individual, and that our advice is formally recorded should this be required or challenged in the future. When people access our independent support, their contact details and reason for requiring support are kept permanently on a secure database or on access-restricted spreadsheets, in order that we can support the same individual again, and that our advice is formally recorded should this be required or challenged in the future. Paper-based documents may also be kept while the case is open, but are destroyed on closure.
Photos and film:
We may take photographs of attendees at our events: this will always be made clear at the event. On occasion we also hold photoshoots, and ask all models to complete permission forms. We only take photographs of children with permission, and only use these photos for the purposes outlined in the permission form. We keep all photographs for use for three years, or for the duration of a project or programme, whichever is longer. Photographs may then be destroyed, or may be kept indefinitely for archival or heritage purposes. We also film attendees at some of our events, and also make bespoke films to showcase elements of our work, which involve our members and others in their personal capacity. We only film children with permission in place. We use these films for up to three years, or for the duration of the relevant project or programme, whichever is longer.
Products and training:
When people buy our publications and merchandise they do so via our third party bookshop, which sends out the purchase and stores this information on a secure database. We can access this data to understand sales trends. Purchasers can opt in to receive further information about publications. At times we offer free products to foster carers, such as publications and our handmade quilts. When foster carers sign up to receive these, we use their names and addresses to send the product to their homes and then destroy these contact details. When people buy our training, we store their contact details securely online or in paper form before deleting/destroying it after two years. A record of which training course members have attended is kept on their member record. Attendees can choose to opt in to further communications from The Fostering Network about training, in which case their contact details are kept on our secure email database. We also send members information about our training via our e-newsletters, via their contact details kept on our secure email database.
Projects and programmes:
The Fostering Network runs a number of projects and programmes which are externally funded and often delivered in partnership with other organisations. For each programme we develop data sharing agreements which are specific about how we collate, store and use personal data.
Our legal basis for processing your information
Types of data processing include collection, storage, use and deletion of information. Data Protection law means that we must identify a legal basis for processing your data to ensure that we are being fair. This legal basis will differ, depending on how we interact with you.
Here are some examples of which legal basis we may use in certain situations:
- Membership with us acts as a Contract, and this is our legal basis for processing member data.
- When you sign up to fundraise for us, for example via JustGiving, we will ask for your Consent to send certain marketing materials to you.
- If you are employed by us then we have a Legal Obligation to work with HMRC to manage matters such as income tax.
- If we ask for health information when you attend an event, it is so that we can manage your Vital Interests, for example so that we can pass this to paramedics in the unlikely event of an accident.
- As a business, we process some personal data to enable us to further our Legitimate Interests. For example, if you call our Fundraising team to ask for information on running an event, we will use your data to keep a record of your call and what we have discussed.
Where we use Legitimate Interests as our legal basis for processing, we make sure that we have carried out a Legitimate Interests assessment, to assess the importance of the processing.
How we work with third parties in processing personal data
We sometimes work with third parties, who need to access data in order to provide a service to us, such as mailing houses, IT support and market research companies. We have strict processes for ensuring that your information remains safe whilst we work with these companies:
- We will always have a contract in place with any third party we work with.
- We require our suppliers to demonstrate how they keep data safe and secure.
- We have IT security measures for transferring data to make sure that it is protected.
- Our contracts always say when we expect a supplier to delete any data that we pass to them when they are working on our behalf, and this deadline will be as soon as is practical.
We never share contact information for marketing and we never sell your data. We will sometimes share data with law enforcement agencies if required, but we have strict processes to ensure that requests are verified and well-managed.
How long we keep your data for
How long we keep data for is dependent on why and how it was processed, but we will always ensure that data is only kept for as long as is necessary. We have detailed records on all the types of data that we hold, and how long these are kept for.
We also make sure that any third parties working on our behalf are clear on how long they should keep data for. For example, if a mailing house manages the posting of a newsletter for us, we will list in our contract with them what happens to the data once the mailing is finished. In general we would ask them to keep the data for a short period in case of any issues, and then securely delete it.
How we keep your information secure
We take information security very seriously and have put strict measures in place to manage this.
These include:
- Technical security measures, including achieving Cyber Essentials Plus certification.
- Manual security measures, such as training all staff in data protection, with additional training for staff who regularly process data.
- Security of our properties, such as adequate door locks and visitor registration.
Any third party we work with is also required to demonstrate that they have adequate security measures (noted in contracts) before we are prepared to work with them.
How to manage the communications that we send you
It’s important to us that you are able to control how and when we communicate with you:
- Members can change how we communicate with them by unsubscribing from any e[1]newsletters they receive, or by contacting [email protected] or 020 7620 6440 to update us.
- Non-members can change how we communicate with them by unsubscribing from any e[1]newsletters they receive or by contacting [email protected] or 020 7620 6422 to update us.
We will make any changes as soon as we can, but please be aware that there are somecommunications that we legally still have to send, for example, written confirmation of a direct debit.
Changes to this policy
From time to time, we may make changes to this policy, and you will always be able to see here when it was last updated. We may also contact you directly if we make significant changes to how we are working.
This policy was last updated in April 2025.
Cyber Essentials
The Fostering Network is certified under the Cyber Essentials scheme, which helps us guard against the most common cyber attacks. View our certificate here.