GDPR Compliance Statement

Our commitment to the General Data Protection Regulation.

Overview

FosterReady acts as both a Data Controller (for our direct users) and a Data Processor (for our partner agencies). We are fully committed to the principles of the UK GDPR and ensuring that your data is safe, secure, and processed lawfully.

The 7 Key Principles

We adhere to the following principles of GDPR:

1. Lawfulness, fairness and transparency: We are clear about why we collect data and use it only for stated purposes.
2. Purpose limitation: We collect data for specified, explicit, and legitimate purposes (foster carer recruitment and support).
3. Data minimization: We strictly limit data collection to what is necessary for the assessment process.
4. Accuracy: We take every reasonable step to ensure personal data is accurate and kept up to date.
5. Storage limitation: We retain personal data no longer than is necessary.
6. Integrity and confidentiality (security): We use appropriate technical and organizational measures to ensure data security.
7. Accountability: We take responsibility for what we do with your personal data and how we comply with the other principles.

Data Subject Rights

We have established procedures to respond to data subject requests regarding access, correction, deletion, and portability of personal data within the statutory timeframe of one month.

Technical Measures

Our security measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Strict access controls and role-based permissions.
• Regular security audits and vulnerability scanning.
• Data breach notification procedures.