This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use and who we may share information with. We are required to give you this information under data protection law.
Who we are
Achieving for Children delivers children’s services and the local authority statutory responsibilities relating to children aged up to 25 years across the boroughs of Kingston, Richmond and Windsor and Maidenhead. Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO) (registration number ZA045069) and is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The Integrated Service for Children with Disabilities (ISCD) is commissioned by the Clinical Commissioning Group to provide support and developmental health services to children and young people registered with a Kingston GP or for children from other areas with special commissioning arrangements. The service includes health and social care professional teams, such as community paediatric occupational therapy, community paediatric consultants, community paediatric physiotherapy, disabled children’s nursing team and speech and language therapy. These professionals work closely together to ensure the child’s holistic needs are met. The weekly Integrated Team Around Child Meeting (ITAC) is the referral gateway to ISCD for children with a GP in the borough of Kingston or commissioned services and SEND referrals. This multi-disciplinary meeting screens and reviews referrals and jointly agrees the most appropriate pathway to support children irrespective of the reasons the referral was made.
Access to health services depends on which GP (doctor) you are registered with and which borough or health authority the GP comes under.
Personal data we collect
We collect the personal information below in order to identify the most appropriate service to support your child’s health and care needs and to fulfil our statutory duties:
- Date of birth
- NHS number
- Family information
- Referral reasons
- Education information such as learning needs and education settings attended
- Mental and physical health information
- Family and social issues
Parent or Guardian data
- Email and home address
- Relationship to child
- Job title and organisation details
- Telephone number
How we use your personal data
Children’s records are stored securely on Care Notes, an electronic patient record system and information is accessed on a ‘need to know basis’ only. Depending on your child’s needs, we may use the personal information we collect for the following purposes:
- discussing referral at the ITAC meeting and deciding on the most appropriate team to support your child if the criteria for ISCD is met
- providing pre and post diagnostic support to families
- providing assessment, advise and support to children with occupational therapy needs
- providing physiotherapy intervention for children and young people who have delayed gross motor development, neurological problems or difficulties with gross motor balance and coordination
- completing neuro-developmental assessments for children have a range of developmental and special needs
- completing statutory assessments for children who are looked after and those children going through an education, health and care plan process
- providing outreach clinics for children who attend local special schools
- completing social communication assessments
- providing specialist nursing care, support and advice to families and carers
- performance monitoring to help us assess the quality and standards of our services
- improving our services
Lawful basis for processing your personal data
In all cases we will comply with the provisions and exemptions of General Data Protection Regulation (GDPR) and Data Protection Act 2018 when processing your personal information. The lawful basis that we rely upon include:
- Article 6 91)(a) – you have given us clear consent to process your personal data for specific purpose
- Article 6(1)(c) – processing is necessary for comply with a legal obligation
- Article 6(1)(d) – vital interests
- Article 6(1)(e) – processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
Lawful basis for processing special categories of personal data, we rely upon:
- Article 9(2)(a) – explicit consent
- Article 9(2)(h) – health or social care
- Article 9(3) – the personal data is processed by a health professional as defined under section 204 (DPA)
Data Protection Act 2018(DPA):
Schedule 1, (Special categories of personal data), Part 1 (Conditions relating to Health or Social Care)
This condition is met if the processing is for the provision of health care or treatment.
These articles under the GDPR and the DPA 2018 are supported by the following specific legislation:
- Children’s Act 1989 and 2004
- Health and Social Care Act 2012
- Working Together to Safeguarding Children 2018
Who we share your personal information with
We will only share information where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018.
Depending on the individual circumstances of each situation, we may have to share this information with other teams within Achieving for Children to fulfil other duties and powers to support our work.
Some of the organisations we share information with include:
- Speech and language service
- Child and adolescent mental health services (CAMHS)
- Hounslow and Richmond Community Healthcare
- Kingston Hospital
- Public Health England
- Clinical Commissioning Groups
How long will we keep your information
We only keep your personal data for as long as is required by law and in accordance with our retention schedule.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights and access to information
Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- have inaccurate personal data rectified, blocked, erased or destroyed
- prevent processing for the purpose of direct marketing object to decisions being taken by automated means
- in certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to seek redress, either through the ICO, or through the courts
The National Data Opt Out
This is the service that allows patients to opt out of their confidential patient information being used for research and planning. To find out more or to register your choice to opt out, visit https://www.nhs.uk/your-nhs-data-matters/
If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: email@example.com
If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
Issue date: 03/2021