This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use it and who we may share information with. We are required to give you this information under data protection law.
Who we are
Achieving for Children delivers children’s services and the local authority statutory responsibilities relating to children aged up to 25 years across the boroughs of Kingston, Richmond and Windsor and Maidenhead. Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO) (registration number ZA045069) and is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The EarlyBird and EarlyBird Plus programmes have been developed by the National Autistic Society (NAS) to provide early intervention support to parents and carers of children (preschool to age 9 years) with an autism spectrum disorder.
It is a three month programme for up to six families at a time, combining weekly group sessions and home visits. School staff are also invited to attend for the EarlyBird Plus programme with the aim of working towards ‘joined up’ strategies of support for each child at home and at school.
The main aims of the programmes are:
- to help parents and carers to understand autism spectrum disorder
- to develop their child’s communication skills; and
- to develop and apply practical strategies to manage their child’s behaviour.
Personal data we collect
Participation is voluntary and we collect the following information only when you register to attend the programme:
- Parent's name, address, email address, telephone numbers
- Child’s name, date of birth
- Child’s school (where applicable)
- Whether your child has been diagnosed with autism or on the ‘pathway’
How we use your personal data
We use the personal information we collect from you about your child to:
- decide which programme is appropriate (based on your child’s date of birth)
- contact you about the programmes and other associated support services
- visit you at your home address
- contact your child’s school to invite them to attend the programme alongside you (for school age children only)
- help our facilitators support you during the programme by asking the diagnosis or ‘pathway’ status of your child
Lawful basis for processing your personal data
We collect and use the information where you have provided your consent. (Article 6(1)(a) and article 9(2)(a) UK GDPR) You can withdraw your consent at any time and that yours and your child’s information is deleted.
Who we share your personal information with
We will only share information where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018.
For the purposes of the EarlyBird and EarlyBird Programmes your personal information will only be shared with the two facilitators of your programme.
In the case of the EarlyBird Plus programme your child’s school will be informed that you are attending and will be invited to attend alongside you.
How long will we keep your information
We only keep your personal data for as long as is required by law and in accordance with our retention schedule.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights and access to information
Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page on this website and then submit your request using your preferred method of contact.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- have inaccurate personal data rectified, blocked, erased or destroyed
- prevent processing for the purpose of direct marketing object to decisions being taken by automated means
- In certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to seek redress, either through the ICO, or through the courts
If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: firstname.lastname@example.org
If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/