Privacy Policy

The Autism Plan (TAP) and My Autism Plan (MAP) – Data Privacy Policy

“We” are The Autism Plan Ltd, a company registered in England with registration number 09909205 and registered office at The Coach House, Shacklands Road, Shoreham, Sevenoaks, Kent, United Kingdom, TN14 7TU and My Autism Plan Ltd, a company registered in England with registration number 11510571 and registered office at The Coach House, Shacklands Road, Shoreham, Sevenoaks, Kent, United Kingdom, TN14 7TU.

OUR PROMISE ABOUT YOUR PERSONAL INFORMATION

At The Autism Plan, we promise respectful treatment of the personal information of everyone we have contact with.  It’s fundamental to what we do.

This Policy explains how we do that – when and why we collect information, how we use it, the limited situations when other people can see or use it, and how we keep it secure.

But just to set the scene, in case you don’t want to read through all the details just now, we can be clear up front.

  • We don’t sell, rent or trade email lists with anyone else.
  • We’ve split this Policy into sections, depending on who you are.
  • Section A is for everyone.
  • Section B is for you if you’re part of our Parent Community, or thinking of joining or we’ve approached you because we think you might be interested in joining.
  • If you are, or you work for, a business prospect or member of our Professional Community, section C is for you.
  • And if you’re a supplier, section D is for you.

Section A: For everyone

Whoever you are, our intention is to use your information to make things work smoothly for you in your experience of dealing with The Autism Plan.  If that’s not how it turns out for you, please make sure to give us a shout. You can contact us by emailing us at [email protected].

This Privacy Policy is up to date to June 2018. We keep this Policy under regular review, and we may revise it at time goes on.  Please check back here from time to time to make sure you’ve got the latest information.

Words or phrases with special meaning

In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way.  They are:

“personal data”

any information about an identifiable living human being.

“process”

we “process” your personal data when we do anything with it, which might include:  collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.

“special category data”

this is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.

  • Our general approach to personal data

We’re committed to protecting your privacy, and honouring your legal rights to control how we use your personal data.

We only collect and use personal data when we need to

-because you have asked us to do something (for example, send you newsletters);
-to support our Communities, and develop their knowledge, reach and influence;
-so that we can reply to queries or complaints;
-to develop and manage our business relationships;
-to help grow our business and fulfil our contracts;
-to deliver our services effectively; and
-to meet our legal obligations.

We try to make sure the information we hold is accurate and up to date, and is no more than we need to have.

You can check the information we hold about you by emailing us and asking, and if you find anything wrong we will delete it or correct it promptly.

If you have any questions or concerns about our use of your information, or how we have responded to any request about your personal data, please take it up in the first instance by emailing [email protected]

If we can’t sort it out, the official authority here in the UK is the Information Commissioner, and you can raise your concerns with them here.

  • Cookies on our website

If you visit our website, we use cookies and similar technologies to

-recognise your repeat visits and preferences
-measure the effectiveness of our campaigns
-analyse our website traffic

Our cookies do not identify you personally to us.

We use Google Analytics, which collects information in an anonymous form about the number of visitors to our site and how visitors use our website. We use the information to compile reports and to help us improve the website.

We may also use targeting/advertising cookies, which link to Facebook and Google to deliver ads there that are relevant to you, limit the number of times that you see an ad, and help us analyse our marketing campaigns.

If you click through a link on our website to a different website, then the cookie policy for that website will then apply to your session, and we have no control over those.

To learn more about cookies, including how to disable them, view http://www.allaboutcookies.org/ or https://www.aboutcookies.org/.

By using our website, you agree to our use of cookies unless you have disabled them yourself. Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.

  • Newsletter Sign Up

If you sign up for our newsletter, you will have to supply us with some information so that we can deliver it.  We also ask you for details that we think will be helpful in tailoring our offers. We will also use the information you provide to tune the information we send you to what we think will be most useful or interesting for you.

It’s up to you how much information you provide.

When you sign up, you will have to confirm your email address so that we are sure that you really do want to get our newsletter.

You can stop receiving newsletters and email marketing from us at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails.

We hold your information for our newsletter list in a program called ActiveCampaign We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see ActiveCampaign’s privacy notice here.

ActiveCampaign holds data in the USA - they comply with the EU-US Privacy Shield Framework, protecting your data.

We monitor who opens what in our newsletter lists, and in the pre-set sequences of information we send you.  We do this so we can see if content is popular and generate more of it, or if it is not read.

There may be sub-routines that trigger if you click on links or articles.  These are designed to offer you more information about things you are interested in.

You can unsubscribe from these sequences at any time.

From time to time, we contact individual email newsletter subscribers but it is extremely rare.  This would normally be if something odd were going on and we wanted to check you could see and use the content or find out what was causing a problem.

  • Social media

We have an active presence on social media, including Facebook, Instagram, Twitter, and LinkedIn.  Click the name of the platform for a link to their privacy policy.

If you ‘like’ any of our posts, or ‘follow’ us, we can make ourselves aware of who you are from the information that you publish in your profile on the relevant platform.  Your information is held by the platform and is subject to their data policy – we don’t control those. You can find a link to the privacy policy for each of the social media platforms by clicking on their name above.

Your replies to us, messages you send us, and your other activity linked to our posts may be seen by members of our staff and by anyone else we contract with to support our marketing and administration functions.  Our contract with them holds them to high standards of protecting your information.

  • Who can see or use your data?

We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

Data location and platforms

Like many businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.

This means that some of your data may be held in the EEA, and some may be held in services in the USA or elsewhere.  We have picked reputable suppliers with appropriate security standards.

People

As well as our own employees, we also have an outsourced support team for our own business.  This may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more.  Those support services have limited access to your data - only where the service they provide to us means they need it.

For example, if our IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you.

Your information is held in the strictest confidence. We contract our employees and our external service providers to strict confidentiality clauses, and require them to comply with current data protection laws.

  • How long do we keep your data for?

If you unsubscribe from our newsletter list, your record is gone.

Community Members

We are required to keep customer transactional information long enough to satisfy HMRC, our accounting and reporting obligations, and the requirements of our insurers.  We therefore keep this information for a minimum of seven years and for a maximum of ten years.

Where members elect to cancel their membership under the money-back guarantee, all data collected to that point is removed from our systems – so you will have to repeat the ‘suitability’ and ‘getting to know you’ processes if you later decide to come back to us.  The log-in details on Teachable will remain unless you remove them yourself.

Because autism is a lifelong condition, we have concluded that members may properly and legitimately wish to have their history with us kept indefinitely so that reference can be made to it if they come back to us for support at later stages.  It is our view that routinely deleting call notes/coaching history and the special category data alongside it would be detrimental to the interests of the Member and to the individual presenting with autism, and would undermine our ability to offer the most effective support possible in the future if requested.

We therefore intend to keep such data without time limit, but we remind our service users and data subjects that if they object to us continuing to hold that data they should contact us and request its removal from our systems, and only where there are compelling reasons for us to retain such information would we resist requests to remove it.

Suppliers and Professional Community members

We are required to keep customer transactional information long enough to satisfy HMRC, our accounting and reporting obligations, and the requirements of our insurers.  We therefore keep this information for a minimum of seven years and for a maximum of ten years. Our basis of processing is contract, then legal obligation, and legitimate interest in keeping a proper record of transactions and supplier relationships.

We will keep all associated information for the same period in the interests of simplicity and certainty.

  • What are your rights?

You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.

If you feel for some reason we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

Signing onto our newsletter list is by your consent – and when you withdraw your consent we stop processing your data.  Apart from that, the information we hold is based on our needing the information to run our business and provide our products and services – either so we can perform our contract with you, or because we have a legitimate business interest in processing your data.

If you want to know what information we have about you (if any), email us at the email address set out above and give us your name and email address(es).  We will happily do a search and let you know what information we hold on you and how we are using it/have used it.

You have a “right to be forgotten” - but that does have some legal limits to it.  If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.

SECTION B: for our Member Community

Most of the information we process comes from you.  We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.

Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet.  See the general notes above, about what happens if you sign up to our newsletter, or engage with us on social media.

When you become a Member of the Community, we ask for a great deal more information, and a lot of it is, and has to be, special category data so that we can accurately assist and support you.

We will collect and process special category data relating to health of the Member’s child (including ASD diagnosis, of course). We need to link this to the child's name, and it may also be necessary to link the family name to a location so that local support services can be offered where relevant.

We are processing this data because it is necessary for the performance of our contract to supply you with Services within your membership category.

If we email you individually using our own email system, or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.  We use Google Mail, and our emails are held on their servers. Their data privacy policy is here.  Google Mail holds data in the USA - they comply with the EU-U.S. Privacy Shield Framework, protecting your data.

We currently keep individual emails from and to you indefinitely, so we have a record of complaints and queries and how we resolved them.

Coaching platform and payment gateway:  Generally available coaching and informational modules are provided through a platform called Teachable, and we also use this as our payment gateway.  We have selected Teachable because it gives the best functionality for delivering support to Members. However, you should be aware that this site is based in the USA and information is held on their servers in the USA, and they are not US-EU Privacy Shield compliant. Your personal details for identity, contact and financial are being exported outside the EEA. Teachable’s privacy policy is available here.

However, please note that special category personal data is not being held on the Teachable platform.  The questionnaire information is being held on our databases on servers in the UK, on ActiveCampaign and some special category data will also be held on Active Campaign who are US-EU Privacy Shield compliant.

Working with an autism consultant – Platinum membership: your consultant will be taking notes, including special category data, during your sessions.  This is necessary in order to provide the support and strategies that are offered as part of your membership contract. These notes will be held in ActiveCampaign (privacy policy here), and are only available to the consultant and to TAP Head Office for supervision, quality control, and to support improved service to the member (for example where the use of another consultant was indicated).

SECTION C: for our Professional Community

Prospect

Most of the information we process comes from you – either directly or through publicly available sources (like LinkedIn).  We process it so we can connect with you, reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.

Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be a suitable member of our Professional Community, or otherwise be a relevant contact for our business.

We will process your data on the basis that we have a legitimate interest in seeking to connect with properly qualified professionals to grow our resource base to support our Parent Community, and that it will not be obtrusive or offensive to you to have modest approaches made to you.

If we email you individually using our own email system, or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored. We use Google Mail, and our emails are held on their servers. [Their data privacy policy is here.  Google Mail holds data in the USA - they comply with the EU-U.S. Privacy Shield Framework, protecting your data.]

We currently keep individual emails from and to you indefinitely, so we have a full record of our business dealings.

We do not routinely keep special category data about Professionals.  To the extent we hold this, it was supplied or made publicly available by you.

Professional Community Member

Once you join the Professionals Community, we will collect information from you at the time of joining.

This will include the information we collect from Prospects (above).  We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.

We also collect a substantial quantity of data from you in order to publish it on our website – as part of our service to our Parent Community in knowing what professionals are available, and as part of our service to you in putting your details in front of potential clients.  We do this on the basis that it is necessary for our legitimate interests (in growing our business and supporting our Communities).

We process your data to support the delivery our services to you.  We keep records of the services provided to you, and information you give us, so we can support you when needed and advise you of any additional products or services you may need or may be appropriate for you.

Financial and credit details

We do not do credit reference checks.

When you pay us, we receive limited information about you from our bank, usually the name of the person who paid us and how much and the reference number.

SECTION D: Suppliers and Associates

We collect information on potential and actual suppliers and associates.   This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).

If you become a supplier or associate we keep a copy of the contract between us and your bank details so we can pay you.  We also keep a record of invoices/payments for accounting purposes.

We keep a record of the work you undertook for us along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.

This information is all needed to manage the contract between us, support our customer relationships, and manage our supply chain.