Skip to main content

Privacy notice for Single Point of Access (Kingston and Richmond)

Introduction

This privacy notice explains what types of personal information Achieving for Children’s Single Point of Access in the boroughs of Kingston and Richmond collects, uses and why.

Who we are

Achieving for Children (AfC) is a community interest company created in 2014 by the Royal Borough of Kingston upon Thames and London Borough of Richmond to provide children’s services. In August 2017 the Royal Borough of Windsor and Maidenhead became co-owner of Achieving for Children.

Achieving for Children delivers children’s services and the local authority statutory responsibilities relating to children aged up to 25 years across the boroughs of Kingston, Richmond and Windsor and Maidenhead. Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO) (registration number ZA045069) and is committed to being transparent and accountable for how we use and process your personal information.

The Single Point of Access (SPA) acts as a single ‘front door’ to all of Children’s Services in the boroughs of Kingston and Richmond, including referrals to Tier 2 Child and Adolescent Mental Health Services (CAMHS). Tier 2 CAMHS is provided by AfC’s Emotional Health Service, so please refer to their privacy notice for further information.

The core function of the SPA is to provide a timely and appropriate response to children in need of help and protection by assessing the level of need and risk associated with the contacts and referrals received. The SPA works in partnership with other agencies ensuring timely and informed decisions about risk are based on accurate and up to date information. The Multi-Agency Safeguarding Hub (MASH) is co-located within the SPA and is made up of representatives from children’s social care, the police and NHS. Where appropriate, the SPA may request information from the MASH for safeguarding and risk assessment purposes. This process assists in improving the quality of safeguarding decisions for children and their families in order to provide them with the most appropriate support and services as soon as possible.

Why we need your information and how we use it

As the front door to Children’s Services, the SPA receives contacts and referrals through a variety of methods including telephone, fax, email, letter and via the online referral form. All contacts and referrals are screened for safeguarding concerns and recorded on the Integrated Children’s System (ICS), called Liquidlogic. Using the information provided, a record of the child/parent/carer is created. A brief risk assessment, analysis and recommendations about what happens next is completed by the SPA. The SPA may recommend that no further action is taken or may signpost you to community support. If further social work support is required, the risk assessment, analysis and recommendations are shared with the relevant social work team.

Where the contact or referral relates to Tier 2 CAMHS, it is forwarded to the CAMHS SPA after the safeguarding screening process.

Personal data we collect

  • Name
  • Address
  • Date of birth
  • Nationality
  • Family/Relationships information
  • Referral/Assessment information
  • Criminal/Prosecution information
  • Equalities information
  • Health information
  • Housing information
  • Education information
  • NHS number
  • Other agencies involved with the child, young person and their family

Lawful basis for processing your personal data

The SPA relies on the following lawful basis for processing your personal information:

  • processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the UK GDPR)
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person (Article 6(1)(d))
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e))

The SPA relies on the following lawful basis for processing special categories of personal data:

  • processing is necessary for reasons of substantial public interest. (Article 9(2)(g) UK GDPR) The condition within Schedule 1, Part 2 is met for:
    (i) safeguarding children and individuals at risk Para. 18(1)(2)(3)
    (ii) preventing and detecting unlawful acts Para 10(1)(2)(3)
    (iii) Statutory and government purposes Para 6(1)(2)

Processing of criminal offence data is in compliance with Article 10 of the GDPR and for the purpose of preventing or detecting unlawful acts (DPA 2018, Schedule 1, Part 2, Para. 10)

These articles under the UK GDPR and the DPA 2018 are supported by the following specific legislation:

  • Children’s Act 1989
  • Children’s Act 2004
  • Working Together to Safeguard Children 2018
  • London Child Protection Procedures
  • Crime and Disorder Act 1998

Who we share your personal information with

Your personal information may be shared with Children’s Social Care and other departments within Achieving for Children to better carry out our safeguarding responsibilities for children at risk.

Sharing information about individuals with partner organisations, such as the police, NHS and schools, is sometimes necessary in order to protect individuals if there are concerns they may be at risk of significant harm and to keep those individuals and wider public safe.

Sections 10 and 11 of the Children Act 2004 place obligations upon the police, local authorities, NHS bodies and others to cooperate with other relevant partners in promoting the welfare of children and ensuring that their functions are carried out paying attention to the need to safeguard and promote the welfare of children.

How long will we keep your information

We only keep your personal data for as long as is required by law and in accordance with our retention schedule.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights and access to information

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests page and then submit your request using your preferred method of contact.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • have inaccurate personal data rectified, blocked, erased or destroyed
  • prevent processing for the purpose of direct marketing object to decisions being taken by automated means
  • in certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to seek redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: dpo@achievingforchildren.org.uk

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns

 

Version 2.0/092021
Issue date: 09/2021