This privacy notice provides information about the types of personal data that we may collect about you and your child when you contact us. It applies to all personal data collected by Achieving for Children or on behalf of Achieving for Children, whether by letter, face to face, telephone, online or any other method. It also explains what we will do with the personal data and how we will keep it safe.
Achieving for Children is registered as a data controller with the Information Commissioner’s Office (ICO). Registration number ZA045069.
Your personal data – what is it?
‘Personal data’ is any information about a living person which allows them to be identified from that data (for example, name, email address, address). Identification can be made directly using the data itself or by combining it with other information which helps identify a living individual.
Personal data we collect
There are a variety of reasons why we work with children and their families and ways to collect information about you and your child. We collect and process the following personal data:
- personal identifiers and contacts (such as name, unique pupil number, contact details and address, details of family and close relations)
- characteristics (such as ethnicity, language, and free school meal eligibility, any relevant medical information)
- safeguarding information (such as court orders and professional involvement, child in care status including looked after or previously looked after early help, social care and health)
- special educational needs (including the needs and ranking, for example pastoral support plan (PSP), education, health and care plan (EHCP), SEND support plan, personal education plan (PEP), employment and education)
- attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
- details and records of your child’s care, support, wellbeing and any concerns or investigations
- details of each contact that we have with you and your child, including visits, correspondence, communications and documents
- relevant information from individuals involved in your child’s care, including health and other care providers, carers and relatives.
- behaviour and social information (such as exclusions and any relevant alternative provision placements put in place)
- school preferences (in line with the School Admissions Code issued under Section 84 of the School Standards and Framework Act 1989)
How we use your personal data
The personal data you provide helps us to support your family and makes sure that we meet our legal duties and responsibilities. We use information about children, young people and their families to:
- it is necessary for legal cases
- provide you and your family with help, advice and appropriate services
- provide your child with pastoral care
- assess the quality of our services
- evaluate and improve our policies around children’s social care, education and SEND
- provide information about children’s social care, education and SEND
- monitor progress and develop good practice in the services received
- complete statistical returns to Government departments
- carry out our statutory and regulatory duties, such as making informed decisions about your child’s care
- identify families eligible for inclusion in the Troubled Families Programme and monitor their progress as part of the programme.
- help us teach, train and monitor staff on their work and to audit and improve our services to ensure they you and your child’s needs.
- contact you with detail of programmes that may benefit you or your family for you to decide whether to take part or not
Legal basis for processing your personal data
Under the General Data Protection Regulation (GDPR) and Data Protection Act 2018, the legal basis / bases we rely on for processing you and your child’s personal data depend on the specific circumstances but are consent, public task or to comply with a legal obligation which include (but is not limited) to the following:
- Care Act 2014
- Childcare Act 2006
- Children Act 1989, 2004
- Care Standards Act 2004
- Data Protection Act 2018
- Health and Social Care Act 2012
- Adoption and Children Act 2002
- Children and Social Work Act 2017
- Adoption: Statutory Guidance 2013
- Children and Young Persons Act 2008
- Care Leavers (England) Regulations 2010
- Fostering Services (England) Regulations 2011
- Care Planning, Placement and Case Review (England) Regulations 2010
- Education (Information About Individual Pupils) (England) Regulations 2013
- Children and Families Act 2014
How we collect personal data
Whilst the majority of personal information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain personal information to us or if you have a choice in this. We collect personal data via a number of means including:
- face to face interviews
- telephone conversations
- written letters, referrals, emails and text messages
- forms and documents submitted through websites
- from other third parties
How long your personal data will be kept
We only keep your personal data for as long as is required by law and in accordance with our retention schedule (PDF).
Keeping your information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who we share your personal information with
We will only share information with these organisations where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018. We share your personal data between Achieving for Children departments and services so that we can keep our information up to date, provide cross departmental support and improve our services to you and your child.
Sharing information about individuals with partner organisations is sometimes necessary in order to protect individuals if there are concerns they may be at risk of significant harm and to keep those individuals and the wider public safe. We have an overarching information sharing protocol agreed with partners so you can be confident local partners all comply with the same privacy principles. Information is held securely by Achieving for Children and is only be used and shared on a strict need to know basis with limited partners, for the purposes of keeping children or young people safe or ensuring they get the best services they need.
Everyone we share data with has a legal duty to keep it confidential and secure.
Some of the organisations that we share data with include (but aren’t limited to) the following:
- Department for Education (DfE)
- Qualifications and Curriculum Authority (QCA)
- Office for Standards in Education, Children’s Services and Skills (Ofsted)
- Department of Health (DoH)
- Care Quality Commission (CQC)
- Social Care Services
- Metropolitan Police
- Health services
- Probation services
- Education and schools
- Housing services
- Child and Adolescent Mental Health Services (CAMHS)
- Targeted Support services
- Audit Commission
- Department of Works and Pensions (DWP)
- Her Majesty’s Revenue and Customs (HMRC)
Your rights and access to information
Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Subject Access Requests page on this website and then submit your request using your preferred method of contact.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- have inaccurate personal data rectified, blocked, erased or destroyed
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- redress, either through the ICO, or through the courts
If you have any questions or concerns about the way we process personal data, please contact our Data Protection Officer: email@example.com
If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact our Data Protection Officer: firstname.lastname@example.org
Our website privacy notice explains how we collect, use and share your information via this website.