Skip to main content

{{ root_page.title }}

Privacy notice for Finance and Resources


This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use and who we may share information with. We are required to give you this information under data protection law. This privacy notice should be read in conjunction with the corporate privacy notice.

Who we are

Achieving for Children is a community interest company created in 2014 by the Royal Borough of Kingston upon Thames and London Borough of Richmond to provide children’s services. In August 2017 the Royal Borough of Windsor and Maidenhead became co-owner of Achieving for Children.

Achieving for Children delivers children’s services and the local authority statutory responsibilities relating to children aged up to 25 years across the boroughs of Kingston, Richmond and Windsor and Maidenhead. Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO) (registration number ZA045069) and is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Our Finance and Resources Team is responsible for financial planning, statements of accounts,budgeting, financial systems, financial controls and payments.

Personal data we collect

We collect and process the following personal data when you provide it to us or from third parties for purposes of administering and managing finance:

  • name, address, email address and contact telephone numbers
  • financial data including bank account details, payment information, purpose of payment, debit or credit card information
  • children social care client details including foster carers, adoptive parents, special guardians
  • looked after children payments – name of child, date of birth and address
  • high needs top up payments – name of child, payments to schools and school address
  • employee information such as payroll number, salary, national insurance, pension and sickness details
  • personal information supplied as part of the financial assessments and any procurement process

How we use your personal data

We use your personal information to administer financial processes, protect against fraud and to meet our legal obligations and responsibilities.

We hold your personal data for the following reasons:

  • processing payments to external individuals and providers
  • accounting for income and expenditure
  • budget setting and budget monitoring
  • submission of grant funding claims
  • looked after children payments
  • adoption, special guardianship and other carer allowances payments
  • meet legislative, statutory, contractual and audit requirements
  • detect, investigate and prevent crime including fraud
  • report information to our insurers in respect of accidents or incidents. Disclosure of sensitive personal information in this context would only be made where explicit consent has been obtained, disclosure is in the substantial public interest, or where necessary for the establishment, exercise or defence of a legal claim

Lawful basis for processing your personal data

The legal basis we rely on for processing you and your child’s personal data depend on the specific circumstances but are for performance of a public task or to comply with a legal obligation.

Section 151 of the Local Government Act 1972 requires local authorities to make arrangements for proper administration of their financial affairs. The CIPFA Statement on the role of the Chief Financial Officer (CFO) in local government describes the role and responsibility of the CFO including responsibility for the finance function. The CFO and the finance function need to access individuals’ information as required in order to carry out the role.

We will process your personal data based on the consent you have provided to us e.g. for the purposes of making an insurance claim.

How long your personal data will be kept

We only keep your personal data for as long as is required by law and in accordance with our retention schedule.

Keeping your information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Who we share your personal information with

We will only share information with these organisations where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018. We share your personal data between Achieving for Children departments and services so that we can keep our information up to date, provide cross departmental support and improve our services to you and your child.

Some of the organisations that we share data with include (but aren’t limited to) the following:

  • Financial institutions including banks and building societies
  • Insurers, brokers, solicitors
  • Department for Education
  • Her Majesty’s Revenue and Customs (HMRC)
  • External and Internal Auditors
  • Department for Works and Pensions
  • Contracted third parties to help deliver our services

Your rights and access to information

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified, blocked, erased or destroyed
  • prevent processing for the purpose of direct marketing object to decisions being taken by automated means
  • in certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to seek redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: [email protected]

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance, but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at