At Doncaster Children’s Services Trust, the protection of your personal data is very important to us. The law sets out a framework for what we can do with your personal information (information by which you can be identified: your name, address, email etc.) and it also gives you certain rights over your information. These laws are the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Doncaster Children’s Services Trust is focused on keeping children and young people safe and well, and helping them to achieve their potential.
The Trust delivers a range of services to support children, young people and families. At any one time, we work with around three and half thousand children, young people and their families.
Our work is guided by a number of specific laws, including the Children Act 1989 and 2004, Children and Social Work Act 2017, Children and Families Act 2014 and wider laws that apply to rights of all individuals.
The Trust is now part of Doncaster Council who is registered as a data controller under Data Protection Law. We collect and process personal information about you and use this to provide and manage our services.
We have a Data Protection Officer who makes sure we respect your rights and follow the law at all times. If you have any concerns or questions about how we look after your personal information, please visit our website or contact the Data Protection Officer emailing CYPFDataProtection@doncaster.gov.uk
As an individual you have many rights under the Regulation, these are:
• the right to be informed how your information is being collected and processed
• the right to request a copy of your own personal information
• the right to request the Council to rectify inaccurate information
• the right to request the Council erase information we are not require to process or keep
• the right to restrict the processing of your information
• the right to request your information is passed to another organisation (data portability)
• the right to object to automated decision making and profiling regarding yourself
For more information please refer to the Data Protection Policy and the procedure for your individual rights
Below are some answers to our frequently asked questions about how we handle data.
What does the Trust do with my data?
What is personal information?
We use many different kinds of personal information, and group them together like this.
|Type of personal information||Description|
|Contact details||Where you live and how to contact you|
|Transactional||Details about payments to you|
|Contractual||Details about the services we provide for you|
|Behavioural||Details about how you use our services|
|Communications||What we learn about you from letter, emails and conversations between us|
|Documentary Data||Details about you that is stored in documents in different formats, or copies of them. This could include things like your passport, driver’s license, or birth certificate.|
|Special types of data (Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you)|| |
We will only collect and use these types of data if the law allows us to do so, these include:
|Specific details||Any permissions, consents, or preferences that you give us.|
|National Identifier||A number or code given to you by a government to identify who you are, such as your National Insurance Number|
Where do we collect your personal information from?
To help us to provide the best support, we often collect data from families we are working with. There are also times when we need to ask other services that work with you for information – this can include your GP, schools, police, and other local authorities.
The data you give to us:
• When you talk to us on the phone, in one of our offices or when we visit you
• When you use our websites or mobile device apps
• In emails and letters • In customer surveys
• Through payment and transaction information
Data may also be given to us from other organisations we work with:
• Doncaster Council and associated trusts
• South Yorkshire Emergency services
• Government and law enforcement agencies
• Medical practitioners – such as GPs, Dentist etc.
So…why do we need your personal information?
We may need to use some information about you to:
• Deliver a range of services and support to you such as:
- Investigating any worries or complaints you have
- Train and manage our teams who deliver those services
- Contact you in your preferred format e.g. by post, email, telephone etc.
- Understand your needs better to provide the services that you request
- Keep your records up to date Ask for your feedback about our services
- Help build up a record of how we deliver our services across the organisation and plan/improve future services
- Comply with legal obligations to our funding bodies and to local and national government
- Keep track of our spending on services
What happens if you don’t want to give us your information?
How the law allows us to use your personal information?
• You, or your legal representative, have given consent
• You have entered into a contract with us
• It is necessary to perform our statutory duties
• It is necessary to protect someone in an emergency
• It is required by law • You have made your information publicly available
• It is to the benefit of the public or society as a whole
• It is necessary to protect public health
We will only ask you for the information we need and will always use it appropriately.
Where we can, we will only collect and use personal information if we need it to deliver a service or meet a requirement. We will always make sure the information we ask for is relevant and collected at the right time, for the right purpose.
If we don’t need your personal information, the information you provide will either remain anonymous or we won’t ask you for it. For example, in a survey we may not need your contact details, we may only be collecting your survey responses to help shape or improve our services.
If we use your personal information for research and analysis, you will remain anonymous.
We DO NOT sell your personal information to anyone else.
What YOU can ask US to do with YOUR information?
All of your rights are listed over the next few pages and if you have any queries about access to your information, or if you would like to see any of your personal information, please contact DCSTDataProtection@doncaster.gov.uk
If you make a request to us about the personal information we hold about you this must be made in writing and we have 1 month to complete your request.
You can ask us for access to the information we hold on you
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for all the information we have about you and the services you receive from us all at once. This is called a Subject Access Request.
When we receive a request from you we must give you access to everything we’ve recorded about you. However, we can’t let you see any parts of your record which may contain:
• Confidential information or images of other people; or
• We have received legal advice that to give out this information it will cause serious harm to you or someone else’s physical or mental wellbeing; or
• If we think that giving you the information may stop us from preventing or detecting a crime.
This applies to personal information that is in both paper and electronic records. If you ask us, we can also let another named individual see your record (except if one of the points above applies).
You can ask us to change information you think is inaccurate
You should let us know if you disagree with the information we hold for you. (For example, we might have the wrong email address for you or our records said that you live at ‘62 Smith Street’, when in fact you live at ‘622 Smith Street’).
We may not always be able to change or remove information as you request, but we’ll always correct factual inaccuracies and may include your comments in the record to show that you disagree with others that we can’t change.
You can ask us to delete information (this is called your right to be forgotten or right to erasure)
In some circumstances you can ask for your personal information to be deleted, for example:
• Where your personal information is no longer needed for the reason it was collected in the first place
• Where you have removed your consent for us to use your information and where there is no other legal reason for us to use it
• Where there is no legal reason for the use of your information.
Where your personal information has been shared with others (such as a contractor), we’ll take every step to make sure those using your personal information comply with your request for erasure.
Please note that we can’t delete your information where:
• We are required to have it by law
• It is used for freedom of expression
• It is for public health purposes
• It is for, scientific or historical research, or statistical purposes where it would make information unusable
• It is necessary for legal claims.
• We need to evidence decision making and action taken
You can ask us to limit what we use your personal data for
You have the right to ask us to limit or restrict what we use your personal information for where:
• You have identified inaccurate information, and have informed us of this and are waiting for us to change it
• Where we have no legal reason to use that information but you want to restrict what we use it for rather than erase the information altogether.
Where a restriction of use has been granted, we’ll inform you before we intend to use your personal information for any reason.
You have the right to ask us to stop using your personal information to deliver any of our services. However, if this request is approved this may cause delays or prevent us delivering that service in the future if you need us.
Where possible we’ll seek to comply with your request, but we may need to hold your information and use it because we are required to by law.
You can ask to have your information moved to another provider (this is called ‘data portability’)
You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called ‘data portability’.
However, this only applies if we are using your personal information with consent and if decisions were made by a computer and not a human being.
Data portability won’t apply to most of the services you receive from us as we don’t use computers to make automated decisions about you.
You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.
If you have concerns regarding automated decision making, or profiling, please contact our Data Protection Officer who’ll be able to advise you about how we use your information.
Who do we share your information with?
Wherever we share information with someone else there is always an agreement in place to make sure that the organisation complies with data protection law. We will complete a privacy impact assessment before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations some of which include:
• If a court orders that we provide the information; and
• If someone is taken into care under mental health law.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
• In order to find and stop crime and fraud; or
• If there are serious risks to the public, our staff or to other professionals; or
• To protect a child; or
• To protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.
For all of these reasons the risk must be serious before we can override your right to privacy.
If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so. However, we may still share your information if we believe the risk to others is serious enough to do so.
How do we protect your information?
We will always do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them.
Examples of our security include:
• Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as passwords. This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
• Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
• Training for our staff on a yearly basis allows us to make them aware of how to handle information and how and when to report when something goes wrong
• Regular testing of our technology and ways of working including keeping up to date on the latest security updates to minimise the risks from a ‘cyber-attack’
How long do we keep your personal information?
For each service the schedule lists how long your information may be kept for. This ranges from months to decades depending on the nature of the information.
Where can I get advice?
For independent advice about data protection, you can also contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate)
Or, you can visit www.ico.org.uk or email email@example.com.
Applying for jobs in children’s social care
As part of any recruitment process, we collect and process personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
What information do we collect?
• your name, address and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history;
• information about your current level of remuneration;
• whether or not you have a disability for which the Trust needs to make reasonable adjustments during the recruitment process;
• information about your entitlement to work in the UK; and
• equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, and religion or belief.
We collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.
We will also collect personal data about you from third parties, such as references supplied by former employers and information from criminal records checks. We will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
Why do we process personal data?
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant's eligibility to work in the UK before employment starts.
We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
Where we rely on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
We process health information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.
Where we process other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.
For some roles, we are obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.
We will not use your data for any purpose other than the recruitment exercise for which you have applied.
Who has access to data?
We will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. We will then share your data with former employers to obtain references for you and the Disclosure and Barring Service to obtain necessary criminal records checks].
We will not transfer your data outside the European Economic Area.
How do we protect data?
For how long do we keep data?
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
• access and obtain a copy of your data on request;
• require the Trust to change incorrect or incomplete data;
• require the Trust to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
• object to the processing of your data where the Trust is relying on its legitimate interests as the legal ground for processing; and
• ask the Trust to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact CYFPDataProtection@doncaster.gov.uk
You can make a subject access request by emailing CYPFDataProtection@doncaster.gov.uk
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.