Identity: Sure Start Children's Centre
Our core data protection obligations and commitments are set out in the council's privacy notice.
This notice provides additional privacy information for those registering with a Sure Start Children's Centre to access services and support.
We obtain your personal information for the following purpose(s):
- To monitor and evaluate the provision of Children's Centre services
- To share with partner agencies where required so that support and services can be accessed by the parent, family or child.
- To inform you of services available at your Children's Centre
- To identify the needs of parents, families and children within the area
Categories of personal data
In order to carry out these purposes we collect and obtain:
- Information on the parent / carer
- Relationship to child(ren)
- Title, forename, middle name, surname
- Date of birth
- Address, postcode
- Phone number, email
- Employment status
- Ethnicity, religion, level of spoken English, disability
- Asylum status
- GP surgery
- Household dynamic
- Pregnancy status
- Information on the child / children
- Forename, middle name, surname
- Date of birth
- Relationship to parent/carer
- Address, Post Code
- Ethnicity, religion, level of spoken English, First / home language, disability
- GP surgery, health visitor, midwife
Legal basis for processing
The legal basis for processing your personal information is:
- The Children Act (2006)
- The Protection of Children Act (1999)
- Data Protection Act (1998)
- UK General Data Protection Regulation
- Equalities Act (2010)
- What to do if you are worried a child is being abused (2006)
- The Framework for the assessment of children in need and their families (2000)
- Safer recruitment and safeguarding (2007)
- Working Together to Safeguard Children (revised 1999)
- The Common Assessment Framework (2005)
- Criminal Justice and Court Services Act (2000)
- Human Rights Act (1998)
- Rehabilitation of Offenders Act (1974)
- Early Years Foundation Stage (EYFS) (2014)
- Early Education and Childcare (2018)
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you to provide support and enable access to services, or we may be prevented from complying with our legal obligations under; The Children Act (2006), The Protection of Children Act (1999), UK General Data protection Regulation, Equalities Act (2010), What to do if you are worried a child is being abused (2006), The Framework for the assessment of children in need and their families (2000), Safer recruitment and safeguarding (2007), Working Together to Safeguard Children (revised 1999), The Common Assessment Framework (2005), Criminal Justice and Court Services Act (2000), Human Rights Act (1998), Rehabilitation of Offenders Act (1974), Early Years Foundation Stage (EYFS) (2014), Early Education and Childcare (2018).
Information sharing / recipients
We may share personal information about you with the following types of organisations:
- Social Care - referral to services
- Local Authority - referral to services
- Police - to report a safeguarding concern
- MASH (Multi-Agency Safeguarding Hub) - to report a concern
- Health - referral to services
- Midwifery - referral to services
As well as information collected directly from you, we also obtain or receive information from:
- Social Care
- Local Authority
Data Transfers beyond EEA
We will only send your data outside the European Economic Area ('EEA'):
- with your consent, or
- to comply with a lawful and legitimate request, or
- if we use service providers or contractors in non EEA countries.
If we do transfer your information beyond the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:
- Transfer it to a non EEA country with privacy laws that give the same protection as the EEA. Learn more about data protection (Commission Europa).
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Learn more about data protection on the Commission Europa website.
- Transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about the Privacy Shield on EU and US data transfers information (Commission Europa).
If we propose to make a transfer in response to a lawful and legitimate request we will normally tell you in advance unless there are compelling reasons, such as law enforcement or, reasons of safety which justify not doing so.
For this service:
- All the decisions we make about you involve human intervention
Data retention and criteria
We will only keep your personal information for as long as the law specifies or where the law does not specify this, for the length of time we would need to hold onto your personal information having regard to the purpose for which it was obtained, the nature of the information, industry practice and the all surrounding circumstances including historical.
Rights of individuals
You may exercise the rights listed below in relation to the council's use of your personal information. Some rights are absolute and others are not. To find out more about how these rights apply in particular circumstances, please see the guide to General Data Protection Regulation (Information Commissioner's Office).
To exercise these rights, please contact us (see below).
- Access: You may request a copy of the personal information we hold about you.
- Rectification and erasure: You may request that we rectify or delete any of your personal information if you consider it is incomplete, factually incorrect, processed unlawfully or, is unnecessary or no longer needed.
- Review of automated decision making: Where we use only an automated system or programme that does not involve a human being, you have the right to request that a decision which legally affects you is reviewed by an appropriate officer.
- Objection: You may object, at any time, to your personal information being processed. This applies to processing:
- carried out in performance of our statutory functions or in the public interest, including 'profiling' , whether or not profiling is partly or fully automated;
- for direct marketing purposes
- Restriction of processing: You may request restriction of processing (quarantining) of your personal information for certain reasons, such as, for example:
- if you have objected to the processing or asked us for erasure and we need time to consider your request and let you know our decision
- you require us to retain your information for the establishment, exercise or defence of your own legal rights
- Data portability: In defined circumstances either where the processing relies on your consent or arises out of a legal contract, you may request we supply a copy of personal information that you have provided to us in a portable and machine readable format.
- Right to withdraw consent: Where the legal reason for processing your personal information is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of our processing prior to the withdrawal of your consent.
If you wish to exercise your rights (as outlined above) or to raise a concern about the handling of your personal information by the council, please contact us (see below).
Whether you are exercising your rights or raising a concern, you will normally need to include documents that prove your identity as well as a clear and precise description of your request or concern. We will process requests in accordance within the legislative framework and the statutory time scales and inform you should an extension of time be necessary.
If you are not satisfied with the way we have answered a request from you or handled your personal information, you have the right to make a complaint to the Information Commissioner's Office.