This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use and who we may share information with. We are required to give you this information under data protection law.
Achieving for Children’s Special Educational Needs and Disability (SEND) Transport Service assesses a child’s eligibility to transport assistance to and from school using the SEND Home to School Transport Policy for the borough where the pupil resides.
Personal data we collect
- Personal identifiers and contacts (such as name, address, email address, telephone numbers, date of birth, gender, ethnicity, language, religious beliefs, family details and emergency contact details)
- Information about any siblings your child may have; including name, date of birth, gender, school attended
- Details about their education, health and care plan (EHCP)
- Details of the education provision including the travel arrangements for both the current and new provision
- Medical information including mobility and physical needs, height and weight (where child seats are required) and medication
- Vehicle ownership and driving licences held
- Your availability and ability to transport your child to school
- Any interest you hold in independent travel training for your child in the future
- In some cases we may also collect data about your bank details for payments which we may make to you
How we use your personal data
We use the personal information we collect from you about your child to assess the eligibility for and planning your child’s transport. We hold this personal information securely and use it to:
- assess your child’s eligibility for transport assistance
- provide the appropriate transport provision
- undertake statistical forecasting, planning and improving our services
- share with schools and transport operators to confirm the identity of those using transport and to provide safe transport
- share with commissioners (Richmond Council and Kingston Council) to report on service delivery and manage and oversee demand
Lawful basis for processing your personal data
We collect and use the information ensuring that we comply with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 requirements for processing through:
- Article 6(1)(e) – processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
- Article 9(2)(g) – necessary for reasons of substantial public interest, on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures
These articles under the GDPR and the DPA2018 are supported by the following specific legislation:
- Home to School Travel and Transport: Statutory Guidance for Local Authorities (Department for Education, 2014)
- Special educational needs and disability code of practice: 0 to 25 years Statutory guidance for organisations which work with and support children (Department for Education, 2015)
Education Act 1996
Under this lawful basis we do not require your consent to process this information but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.
Who we share your personal information with
We will only share information where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018.
Depending on the individual circumstances of each situation, we may have to share this information with other teams within Achieving for Children to fulfil other duties and powers to support our work. These might include Social Care Teams (supporting welfare, safeguarding and corporate parent functions); Virtual School (for support of children looked after); and or Information Governance Team (for personal data incidents). We may at times share information with our Commissioners (Richmond Council and Kingston Council).
How long will we keep your information
We only keep your personal data for as long as is required by law and in accordance with our retention schedule.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights and access to information
Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- redress, either through the ICO, or through the courts
If you have any questions or concerns about the way we process personal data or have any questions about the privacy notice, please contact our Data Protection Officer: firstname.lastname@example.org
If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance, but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns