The Family Mediation Trust respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data, including when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.


This privacy notice gives you information on how The Family Mediation Trust collects and processes your personal data including through your use of our website. We also process data in order to carry out work as a subcontractor, (for example for CAFCASS) and are then additionally bound by their policies.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and is not intended to override them.

Who will process your personal information?

Your information will only be processed by staff employed by TFMT. Everyone will process in accordance with this privacy notice.

Why is your personal information required?

Your information is required to enable us to process your case.

What happens if we want to process your information for other reasons?

Though there are some legal exceptions, if we wish to process your data for any unrelated purpose than those we have informed you about we will notify you.

What are the consequences if you do not provide your personal data?

Your data is essential for us to carry out work on your behalf, so we will not be able to proceed without it.

What makes the data processing lawful?

The processing is necessary:

  • In order for us to process your case
  • For compliance with a legal obligation to which we/you are subject

Keeping your information up to date

We record your information exactly as you provide it. You may ask us to update it at any time and we will action your request promptly. In Legal Aid cases, we may ask you for updates to comply with regulations.

What about sensitive personal data?

We will only process sensitive data such as concerning your health with your explicit and informed consent for specific processing activities regarding your case. Your consent can be withdrawn at any time.

How we will further use your personal information (Our legitimate interests)

  • To contact you to ensure that our records of your personal information are correct
  • To respond to questions or complaints you have about our services
  • To update you with changes in our terms
  • For statistical analysis relating to the performance of our charity and understanding the changing needs of our clients
  • To review, improve and develop our services  we offer or handle complaints
  • To pursue debts or unpaid fees
  • To evidence charity practices
  • To evidence the standards and processes carried out conform to our ethical standards and expectations
  • For direct marketing activities
  • To protect the charity from risks which might be introduced by the individual.

You have the right to object to processing for these purposes and we shall cease unless we can show we have compelling legitimate grounds to continue.

Processing when performing a task carried out in the public interest

We will use the information provided to protect members of the public against dishonesty, money laundering or fraudulent activities or where safeguarding issues arise. This must necessarily be carried out without your explicit consent to ensure this function is not prejudiced.

What information is required?

We only collect information that is necessary to carry out the purposes above. This includes data we receive from referring agencies or in mediation cases the other party. Where practical and lawful we will inform you about any personal data we receive about you from third parties that you may be unaware of.

How secure will your data be?

We will ensure that your data is only accessible to authorised people within TFMT and will remain confidential at all times. Appropriate security measures will be in place to prevent unauthorised access, alteration, disclosure, loss, damage or destruction of your information. Where we process information on behalf of another organisation, we will be additionally compliant with their policies. We have procedures in place to prevent data breaches and to deal with a suspected data breach. This includes notification where we are legally required to do so.

Where will your data be held?

Information is held at our offices or on our remote server.

Will we share your information with anyone else?

We may share your information with

  • Appropriate staff to carry out your case
  • Organisations that need your information because we are required to provide it by law (eg. HMRC, CAFCASS, MOJ)
  • For external audit purposes and quality checks for accreditation or statutory audit.
  • Where TFMT go through a business transaction such as a merger with another charity, your information will in most instances be part of the assets transferred.

Transferring data outside the European Union

We do not usually transfer any of your personal data outside of the UK unless your case involved a party resident outside the UK in which case this would be with your explicit permission.

What about direct marketing?

TFMT may use your information provided now or in the future to carry out direct marketing activities as these are legitimate interests pursued by us. We do not share data with other providers. You can choose which method you’d prefer us to use to contact you (by email, telephone, SMS or post) and you have the right to object at any time, to the use of your personal data for this purpose and we will cease marketing activity. You just have to let us know your preferences.

Telephone call recording

TFMT do not currently record telephone calls under normal business activity, but reserves the right to do so. If telephone calls are recorded this will be notified to you at the start of the call.

How long will we keep your information for?

We keep records as prescribed by company law and will not keep your data for longer than is necessary.

Requesting a copy of the information we hold.

You may at any time ask for a copy of the information we hold about you – it is your legal right. We will provide you with a copy of any non-exempt personal information within one month unless we ask you for an extension of time. To protect your personal data, we will ask you to verify your identity before we release any information. We may refuse your request if we are unable to confirm your identity.

Important rights

You have the right, on grounds relating to your situation, at any time to object to processing which is carried out as part of our legitimate interests or in the performance of a task carried out in the public interest. We will then, no longer process your data unless we can demonstrate there are compelling legitimate grounds which override your rights and freedoms or unless processing is necessary for the establishment, exercise or defence of legal claims.


You have the right to receive a copy of your personal data.

You do not have the right to access the data of any other clients including those relevant to your case.


The right to require us to correct any mistakes in your personal data.

To be forgotten

Where you have given consent, you have the right to withdraw previous consent to processing your personal data at any time

Restriction of processing

You have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning your data

Data portability

The right to receive your data in a structured, commonly used and machine readable format and/or request transmission of the data to a third party. (in certain situations)

Not to be subject to automated individual decision-making

The right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

To raise a concern or object

You have the right to lodge a concern with us and/or the regulator (see below).

We hope we can resolve any query or concern you may have about our use of your information.

Breach and incident reporting

Serious breaches must be reported to Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. Therefore, all employees and workers must immediately report an incident that may potentially or actually put personal data at risk of a data breach. This is never more imperative than when it is suspected that there may be actual loss, theft unauthorised disclosure or inappropriate use of personal data, either wholly or partly. In this event you must immediately refer to and follow the Company's Breach and Incident and Reporting Procedure.

Where a third-party service provider notifies you of an incident that may affect the Company and its responsibilities, this incident will be immediately reported.

In high-risk situation a breach will be reported immediately and individuals will be notified.

All breaches are logged on a breach register.

Breaches include any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

How to contact our data protection officer

You can contact our data protection officer about any data protection or marketing issues by:

  • Writing to
  • The Data Protection Officer
  • c/o The Charing Cross Centre
  • St John Maddermarket,
  • Norwich,
  • NR2 1DN

  • Telephoning 01223 576308


How do you make a complaint to the regulator?

  • By writing to:
  • Information Commissioner’s Office
  • Wycliffe House
  • Water Lane
  • Wilmslow
  • Cheshire
  • SK9 5AF
  • By telephoning: 0303 123 1113
  • By emailing :
  • By  using their website:

GLOSSARY of Data Protection Terms


Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting our Data Protection Officer (see above)

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to

Data Controller: A controller determines the purposes and means of processing personal data. Cambridge Family Mediation is a data controller for all clients whose contract is directly with TFMT. (Private Clients)

Data Processor: A processor is responsible for processing personal data on behalf of a controller.Cambridge Family Mediation is a processor for all our contracted work this includes Legal Aid through the MOJ, court directed SPIPS from CAFCASS and Send mediation through Cambridge County Council.


This version was last updated November 2021.

Verification: a049c36190e2bc57