HaveMySay Privacy Notice
This privacy notice explains what personal information we may collect about you when you use HaveMySay. It also explains how we will keep your information safe and who to contact if you have questions about the use of your personal information. We are required to give you this information by law.
Achieving for Children is registered as a data controller with the Information Commissioner’s Office (ICO). Registration number ZA045069.
Your personal data – what is it?
Personal Data relates to a living person who can be identified from that data (for example, name, email address, address). Some of your personal data is classed as ‘special category data’ because this information is more sensitive, for example, health information, ethnicity and religion and so on. In this case
Personal data we collect
HaveMySay collects and processes the following personal data:
■ Unique case number (sometimes referred to as ICS number)
■ First name, month and year of your birth
■ Service preferences and feedback
How we use your personal data
The personal data you provide helps us to support your family and makes sure that we meet our legal duties and responsibilities. HaveMySay uses information about children, young people and their families to:
■ Helps us understand the views of children and young people
■ Assess the quality of our services
■ Evaluate and improve our services
Legal basis for processing your personal data
We collect and process personal data to comply with our legal obligations as outlined in the Children’s Act 1989, the Care Standards Act 2004 and to carry out tasks in the public interest.
How we collect personal data
All personal data is collected by the HaveMySay portal - you or your practitioner will enter your data directly into the system.
How long your personal data will be kept
We only keep your personal data for as long as is required by law and in accordance with our retention schedule (PDF).
Keeping your information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information, This is Focus Ltd will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who we share your personal information with
We will only share information with these organisations where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018. We share your personal data between Achieving for Children departments and services so that we can keep our information up to date, provide cross departmental support and improve our services.
Outside of AfC, the only partner able to see your data (case number) is Focus Ltd who design and manage the portal. We have an information sharing protocol agreed with This is Focus Ltd so you can be confident they will handle your personal information in accordance with data protection law.
Information is held securely by Achieving for Children and is only to be used and shared on a strict need to know basis with limited partners, for the purposes of keeping children or young people safe or ensuring they get the best services they need.
Everyone we share data with has a legal duty to keep it confidential and secure.
Your rights and access to information
Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Subject Access Requests page on the AFC website and then submit your request using your preferred method of contact.
You also have the right to:
■ object to processing of personal data that is likely to cause, or is causing, damage or distress
■ have inaccurate personal data rectified, blocked, erased or destroyed
■ prevent processing for the purpose of direct marketing
■ object to decisions being taken by automated means
■ in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
■ redress, either through the ICO, or through the courts
If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer : firstname.lastname@example.org
If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/