Your Privacy Matters – General Data Protection Regulation

At Doncaster Children’s Services Trust, the protection of your personal data is very important to us.

We’re committed to respecting and protecting your privacy by complying with UK Data Protection Law and the forthcoming General Data Protection Regulation (GDPR), which comes in on the 25 May 2018.

What is GDPR?

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation, commonly known as GDPR. It’s a mandatory ruling that applies to all companies that collect the data and information of EU individuals and meet certain territorial requirements. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad, and covers almost any information relating to a specific individual

What does the Trust do with my data?

This document explains how we look after and protect your personal information. This includes what you tell us about yourself, also about what information we use, share and keep. It applies to anything that written on paper, by telephone or electronically – such as emails – by Trust staff or any of our partners or contractors.

About us:

Doncaster Children’s Services Trust is is focused on keeping children and young people safe and well, and helping them to achieve their potential.

Our areas of work include child protection, services for children in need and children in care, services to children who have left care, family support to families, fostering and adoption services, family group conferencing, family time contact services, advocacy and children's home.

At any one time, we work with around three and half thousand children, young people and their families.

Our work is guided by a number of specific laws, including the Children Act 1989 and 2004, Children and Social Work Act 2017, Children and Families Act 2014 and wider laws that apply to rights of all individuals.

The Trust is registered as a data controller under Data Protection Law (registration number ZA076349) because we collect and process personal information about you and use this to provide and manage our services.

We have a Data Protection Officer who makes sure we respect your rights and follow the law at all times. If you have any concerns or questions about how we look after your personal information, please visit our website or contact the Data Protection

Officer by calling 01302 735 954 or emailing DCSTDPO@dcstrust.co.uk

What is personal information?

Personal information can be anything that identifies or relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details.

We use many different kinds of personal information, and group them together like this.

Type of personal information Description
Contact details Where you live and how to contact you
Transactional Details about payments to you
Contractual Details about the services we provide for you
Behavioural Details about how you use our services
Communications What we learn about you from letter, emails and conversations between us
Documentary Data Details about you that is stored in documents in different formats, or copies of them. This could include things like your passport, driver’s license, or birth certificate.
Special types of data (Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you)

We will only collect and use these types of data if the law allows us to do so, these include:

  • sexuality and sexual health
  • religious or philosophical beliefs
  • ethnicity
  • physical or mental health
  • trade union membership
  • political opinion
  • genetic/biometric data
Specific details Any permissions, consents, or preferences that you give us.
National Identifier A number or code given to you by a government to identify who you are, such as your National Insurance Number
Where do we collect your personal information from?

Our work is focused on making sure every child and young person is kept safe and well, in an environment that supports them to grow up healthy and thrive.

To help us to provide the best support, we often collect data from families we are working with. There are also times when we need to ask other services that work you for information – such as health, GPs, police, schools, local authorities.

The data you give to us:

  • When you talk to us on the phone, in one of our offices or when we visit you
  • When you use our websites or mobile device apps
  • In emails and letters
  • In customer surveys
  • Through payment and transaction information

Data may also be given to us from other organisations we work with:

  • Doncaster Council and associated trusts
  • South Yorkshire Emergency services
  • Government and law enforcement agencies
  • Medical practitioners – such as GPs, Dentist etc.
So…why do we need your personal information?

This is your information, so why do we need it?

We may need to use some information about you to:

  • Deliver a range of services and support to you such as:
  • Investigating any worries or complaints you have
  • Train and manage our teams who deliver those services
  • Contact you in your preferred format e.g. by post, email, telephone etc.
  • Understand your needs better to provide the services that you request
  • Keep your records up to date
  • Ask for your feedback about our services
  • Help build up a record of how we deliver our services across the organisation and plan / improve future services
  • Comply with legal obligations to our funding bodies and to local and national government
  • Keep track of our spending on services.
What happens if you don’t want to give us your information?

We will always have a legal reason to collect, use and process your information and you can talk to us about any concerns you have about this at any time.

How the law allows us to use your personal information?

There are a number of legal reasons why we need to collect and use your personal information. Generally, we collect and use personal information where:

  • You, or your legal representative, have given consent
  • You have entered into a contract with us
  • It is necessary to perform our statutory duties
  • It is necessary to protect someone in an emergency
  • It is required by law
  • You have made your information publicly available
  • It is to the benefit of the public or society as a whole
  • It is necessary to protect public health
We will only ask you for the information we need and will always use it appropriately.

Where we can, we will only collect and use personal information if we need it to deliver a service or meet a requirement. We will always make sure the information we ask for is relevant and collected at the right time, for the right purpose.

If we don’t need your personal information we’ll either keep your information anonymous or we won’t ask you for it. For example, in a survey we may not need your contact details, we may only be collecting your survey responses to help shape or improve our services.

If we use your personal information for research and analysis, we’ll always keep you anonymous.

We DO NOT sell your personal information to anyone else.

What YOU can ask US to do with YOUR information

The law gives you a number of rights to control what personal information is given to us and how it is used by us.

All of your rights are listed over the next few pages and if you have any queries about access to your information, or if you would like to see any of your personal information, please contact:

Data Protection Officer
Doncaster Children’s Services Trust
Floor 2, The Blue Building,
38 High Street,
Doncaster,
DN1 1DE

Or you can contact them by telephone on 01302 735 954 or by emailing

DCSTDPO@dcstrust.co.uk

If you make a request to us about the personal information we hold about you this must be made in writing and we have 1 month to complete your request.

You can ask us for access to the information we hold on you

We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for all the information we have about you and the services you receive from us all at once. This is called a Subject Access Request.

When we receive a request from you in writing, we must give you access to everything we’ve recorded about you. However, we can’t let you see any parts of your record which may contain:

  • Confidential information or images of other people; or
  • We have received legal advice that to give out this information it will cause serious harm to you or someone else’s physical or mental wellbeing; or
  • If we think that giving you the information may stop us from preventing or detecting a crime.

This applies to personal information that is in both paper and electronic records. If you ask us, we can also let another named individual see your record (except if one of the points above applies).

If you can’t ask in writing for your records, we’ll make sure there are other ways that we can help you access this information.

You can ask us to change information you think is inaccurate

You should let us know if you disagree with the information we hold for you. (For example, we might have the wrong email address for you or our records said that you live at ‘62 Smith Street’, when in fact you live at ‘622 Smith Street’).

We may not always be able to change or remove information as you request, but we’ll always correct factual inaccuracies and may include your comments in the record to show that you disagree with others that we can’t change.

You can ask us to delete information (this is called your right to be forgotten or right to erasure)

In some circumstances you can ask for your personal information to be deleted, for example:

  • Where your personal information is no longer needed for the reason it was collected in the first place
  • Where you have removed your consent for us to use your information and where there is no other legal reason for us to use it
  • Where there is no legal reason for the use of your information.

Where your personal information has been shared with others (such as a contractor), we’ll take every step to make sure those using your personal information comply with your request for erasure.

Please note that we can’t delete your information where:

  • We are required to have it by law
  • It is used for freedom of expression
  • It is for public health purposes
  • It is for, scientific or historical research, or statistical purposes where it would make information unusable
  • It is necessary for legal claims.
You can ask us to limit what we use your personal data for

You have the right to ask us to limit or restrict what we use your personal information for where:

  • You have identified inaccurate information, and have informed us of this and are waiting for us to change it
  • Where we have no legal reason to use that information but you want to restrict what we use it for rather than erase the information altogether.

Where restriction of use has been granted, we’ll inform you before we intend to use your personal information for any reason.

You have the right to ask us to stop using your personal information to deliver any of our services. However, if this request is approved this may cause delays or prevent us delivering that service in the future if you need us.

Where possible we’ll seek to comply with your request, but we may need to hold your information and use it because we are required to by law.

You can ask to have your information moved to another provider (this is called ‘data portability’)

You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called ‘data portability’.

However this only applies if we are using your personal information with consent and if decisions were made by a computer and not a human being.

Data portability won’t apply to most of the services you receive from us as we don’t use computers to make automated decisions about you.

You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions.

If you have concerns regarding automated decision making, or profiling, please contact our Data Protection Officer who’ll be able to advise you about how we use your information.

Who do we share your information with?

We use a range of organisations to supply us with systems to either store personal information or other organisations such as contractors help deliver our services to you.

Wherever we share information with someone else there is always an agreement in place to make sure that the organisation complies with data protection law. We will complete a privacy impact assessment before we share personal information to make sure we protect your privacy and comply with the law.

Sometimes we have a legal duty to provide personal information to other organisations some of which include:

  • If a court orders that we provide the information; and
  • If someone is taken into care under mental health law.

We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:

  • In order to find and stop crime and fraud; or
  • If there are serious risks to the public, our staff or to other professionals; or
  • To protect a child; or
  • To protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them.

For all of these reasons the risk must be serious before we can override your right to privacy.

If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so. However, we may still share your information if we believe the risk to others is serious enough to do so.

How do we protect your information?

We have rigorous measures, policies and procedures in place to ensure the information you give us will not be seen or shared with anyone who does not need to see it in order to provide our services to you.

We will always do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them.

Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as passwords. This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • Training for our staff on a yearly basis allows us to make them aware of how to handle information and how and when to report when something goes wrong
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates to minimise the risks from a ‘cyber-attack’
How long do we keep your personal information?

There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule.

For each service the schedule lists how long your information may be kept for. This ranges from months to decades depending on the nature of the information.

Where can I get advice?

If you have any worries or questions about how your personal information is handled please visit our website or contact our Data Protection Officer, Nina Lindsay, at DCSTDPO@dcstrust.co.uk or by calling 01302 735954.

For independent advice about data protection, you can also contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)

Or, you can visit www.ico.org.uk or email casework@ico.org.uk.

How we use your information when you visit us on our website

Cookies (sorry, not the edible ones)

To make this website easier to use, we sometimes place small text files on your device (for example your iPad or laptop) called cookies. Most big websites do this too.

They improve things by:

  • Remembering the things you’ve chosen while on our website, so you don’t have to keep re-entering them whenever you visit a new page
  • Remembering data you’ve given (for example, your address) so you don’t need to keep entering it
  • Measuring how you use the website so we can make sure it meets your needs.

We don’t use cookies on this website that collect information about what other websites you visit (often referred to as privacy intrusive cookies).

Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. You can manage and/or delete these files as you wish. The cookies and personal data we collect can be found here.

To learn more about cookies and how to manage them, visit www.AboutCookies.org

Turning off cookies

You can stop cookies being downloaded on to your computer or other device by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of our website.

Search Engine

Our website search and decision notice is search is powered by Drupal. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by the Trust or any third party.

Online reporting tool

We collect information volunteered by members of the public about partner organisations – such as GPs, nurses, schools – where they have concern about a child. The form is hosted by a company called Cloudoko Ltd. This company is a data processor for the Trust and only processes personal information in line with our instructions.

People who contact us via social media

We use a third party provider, Tweet Deck to manage our Twitter interactions.

If you send us a private or direct message via social media the message will be stored by Tweet Deck for three months. It will not be shared with any other organisation.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Applying for jobs at the Trust

As part of any recruitment process, the Trust collects and processes personal data relating to job applicants. The Trust is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the Trust collect?

The Trust collects a range of information about you. This includes [list the appropriate points and expand on them as necessary]:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration;
  • whether or not you have a disability for which the Trust needs to make reasonable adjustments during the recruitment process;
  • information about your entitlement to work in the UK; and
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, and religion or belief.

The Trust collects this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.

The Trust will also collect personal data about you from third parties, such as references supplied by former employers and information from criminal records checks. The Trust will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

Why does the Trust process personal data?

The Trust needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you.

In some cases, the Trust needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts.

The Trust has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the Trust to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. The Trust may also need to process data from job applicants to respond to and defend against legal claims.

Where the Trust relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.

The Trust processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.

Where the Trust processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.

For some roles, the Trust is obliged to seek information about criminal convictions and offences. Where the Trust seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.

The Trust will not use your data for any purpose other than the recruitment exercise for which you have applied.

Who has access to data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process, recruiting managers and IT staff if access to the data is necessary for the performance of their roles.

The Trust will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The Trust will then share your data with former employers to obtain references for you and the Disclosure and Barring Service to obtain necessary criminal records checks].

The Trust will not transfer your data outside the European Economic Area.

How does the Trust protect data?

The Trust takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does the Trust keep data?

If your application for employment is unsuccessful, the Trust will hold your data on file for 6 months after the end of the relevant recruitment process. At the end of that period, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the Trust to change incorrect or incomplete data;
  • require the Trust to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the Trust is relying on its legitimate interests as the legal ground for processing; and
  • ask the Trust to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact DCSTDPO@DCStrust.co.uk

You can make a subject access request by emailing DCSTDPO@DCStrust.co.uk

If you believe that the Trust has not complied with your data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the Trust during the recruitment process. However, if you do not provide the information, the Trust may not be able to process your application properly or at all.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

Automated decision-making

Recruitment processes are not based solely on automated decision-making.

 

“I couldn’t have asked for a better social worker.”

Parent

Why not pop in and see us