Sandwell Children’s Trust
Sandwell Children’s Trust (the Trust) collects, holds and processes a considerable amount of information, including personal data about you, and the wider population of Sandwell as well as website visitors. This allows us to provide our services more effectively.
Personal data is important, and we have a responsibility regarding the information we hold about you, to ensure that the information we collect and use is proportionate, correct and held safely.
Being transparent and providing accessible information about how we use your information demonstrates our commitment to the Data Protection Act 2018 (DPA2018).
We are committed to safeguarding your privacy and in this privacy notice explains how we will handle your personal data.
The Trust is registered as a ‘data controller’ with the Information Commissioner’s Office (ICO).
We can be contacted at:
Sandwell Children’s Trust
The Wellman Building
The Trust’s Data Protection Officer can be contacted as follows:
Purpose of processing
We process personal information to enable us to provide information, advice, guidance social care and support to children, young people and families including the development of policies and procedures for safeguarding and promoting the welfare of children.
We also process personal information to enable us to manage children and young people subject to an offending prevention programme as part of either a voluntary arrangement or a statutory order.
Personal data is also processed to promote our services, to maintain our accounts and records, share information with associated agencies and to support and manage our employees.
The Trust also provides some services which will require your consent to process your personal data.
“Personal data” means any information relating to a person who can be identified, directly or indirectly, from that information.
This could include your name, address, email and other contact details, online identifier (such as IP address) or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity.
Some of the services we provide may require us to process ‘special categories of personal data’.
These special categories of personal data might include health data in relation to public health functions, or financial data in relation to social services.
The definition of special categories of personal data has been extended to now include biometrics data (such as facial images or fingerprints) and genetic data (such as the analysis of a biological sample).
Principles of Processing
When we process your personal data we will do so in accordance with Data Protection legislation. These principles are designed to protect you, and ensure that we:
- a) processed lawfully, fairly and in a transparent manner in relation to individuals;
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Additionally, article 5 (2) requires that we shall be responsible for, and be able to demonstrate, compliance with the principles.
Lawfulness of processing
Processing of personal data shall be undertaken ‘lawfully’. To show the processing is being undertaking lawfully one of the following conditions should apply (unless an exemption applies):
1.You have given clear consent to the processing of your personal data for one or more specific purposes.
2.Processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
3.Processing is necessary for compliance with a legal obligation to which the Trust is subject.
4.Processing is necessary to protect your vital interests or the vital interests of another natural person.
5.Processing is necessary for the performance of a public task carried out in the public interest or in the exercise of official authority vested in the Trust.
Processing ‘special categories’ of personal data
All personal data is not the same, and some information is more sensitive than others. As such special rules apply when processing these ‘special categories’ of personal data. Special categories’ of personal data include:
- Ethnic origin;
- Political opinions;
- Religious and philosophical beliefs;
- Trade union membership;
- Genetic data;
- Biometric data for the purpose of uniquely identifying a natural person; and
- Sex life
- Sexual orientation.
Processing of these types of personal data is prohibited unless one of the conditions below applies :
a). The citizen has given explicit consent to the processing;
b). It is necessary for the purposes of carrying out the obligations and exercising specific rights of the Trust or of the citizen in the field of employment and social security and social protection law. (For example employee equal opportunities data);
c). Processing is necessary to protect the vital interests of the citizen or of another natural person, where the citizen is physically or legally incapable of giving consent. (For example a life or death situation);
d). Processing is carried out by a not-for-profit entity with a political, philosophical, and religious or trade union aim in the course of its legitimate activities;
e). Processing relates to personal data which is manifestly made public by the citizen. (The personal data is already in the public domain);
f). Processing is necessary for the establishment, exercise or defence of legal claims;
g). Processing is permitted where it is necessary for reasons of substantial public interest. (For example a natural disaster);
h). Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment. (Medical treatment);
i). Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health (such as foot and mouth disease); and
j). Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Consent for personal data
The Trust also provides limited services which will require your consent to process your personal data.
In circumstances as described above – your consent to process your personal data must be specific, informed, active and affirmative, meaning it must be clear and freely given by you after we explain what further processing we would like to do with your data. You can therefore make an informed decision about whether you consent to the processing or not. You are in control and you can withdraw your consent at any stage by contacting the Data Protection Officer at the above address. (Please note however that any processing that has taken place up to the time that you withdraw consent will however be considered lawful).
Consent for special category personal data
In respect of sensitive or ‘special categories of personal data’ we will require your ‘explicit consent’ to further process this type of personal data under Section 7a) above. This means your consent must be very clear and specific, and again you can withdraw your consent at any stage by contacting the Trust.
Where the Trust seeks to disclose sensitive personal data, such as medical details, to third parties, we will do so only with your prior explicit consent.
There may be occasions where we may have to disclosure your personal data if it is required or permitted by law, for example in relation to crime prevention/detection. In these cases we do not require your specific consent or explicit consent for the disclosure of your personal data.
Once consent is obtained we will keep a record of when the client consented, the information they were provided with prior to consent and how they consented.
Consent is part of your ongoing relationship with our citizens and will therefore be managed appropriately. The consent will be reviewed periodically to ensure it remains appropriate, and, as previously stated, citizens have the right to withdraw their consent at any stage.
We will only retain your personal data for as long as necessary and in accordance with our retention schedule.
When your personal data is no longer needed it will be securely deleted, except where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
The Trust will strive to ensure that any personal data in its care will be kept safe and secure. In order to prevent unauthorised access, loss, destruction or theft, we have put in place appropriate technical, physical and managerial procedures to safeguard the information that we collect from you; this includes encryption of our computer systems. Our security measures are frequently reviewed in light of new risks or guidance from the ICO.
Data Protection Impact Assessments (DPIA)
A Data Protection Impact Assessment (often referred to as a DPIA) is a process or task designed to identify what data protection issues may arise from certain ‘high risk’ projects we are undertaking.
A ‘high risk’ project is one where the processing of your personal data is likely to result in a high risk to your rights and freedoms.
The DPIA will help us manage any risk by allowing us to identify the risk, and to implement solutions to those risks project at an early stage.
The Trust will process personal information relating to its current and former staff and individuals, (who have applied for permanent or temporary jobs at the Trust), Councillors and other elected officials, and volunteers, for the purposes of managing their contract of employment, the work of the Trust, pay and/or pensions, discipline and other personnel matters.
To ensure that we can provide you with the best possible service we may have to share your personal data between our internal teams or external partners. Our external partners include the Cabinet Office, West Midlands Police, West Midlands Fire Service, National Health Service, The Department for Work and Pensions, HM Revenues and Customs, Public Health other local authorities, district councils, , service providers/contractors and partner bodies.
We may also share your information with third parties, other than those who either process information on our behalf or because of a legal requirement/entitlement, and it will only do so if necessary or where permitted under the GDPR.
As well as public bodies we may also share information with credit reference agencies and service providers/contractors where the disclosure of such information is required to protect the public purse or is otherwise necessary to comply with any other legal obligation.
You have certain rights in relation to the personal information we hold about you. In particular, you may have a right to:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure (right to be forgotten) – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restrict processing – where certain conditions apply to have a right to restrict the processing.
- Right of data portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing, the performance of a legal task and scientific or historical research.
- Right to object to automated processing, including profiling.
- The right to withdraw consent – If the legal basis for our processing of your personal information is consent then you have the right to withdraw that consent at any time.
Some of the rights are complex, and there are circumstances where your rights will not apply, for example the right to erasure will not apply if your personal data is required for legal proceedings. It is recommended that you read the relevant guidance notes on the Council website, or on the ICO’s website for further information.
How to exercise your rights
You may exercise any of your rights in relation to your personal data by writing to us at the address above or sending an e-mail.
The first copy will be provided free of charge, but additional copies of the same information may be subject to a reasonable fee.
We will respond to your request within 30 days, by either providing you with the information requested, requesting further information from you, or requesting further time to complete your request, if for example the request is substantial or we need to obtain information from various departments within the Trust.
The Trust can also refuse your request. In the event that the Trust refuses your request we will provide you with reasons why, as well as provide you with details of how you can challenge or appeal our decision. You will also be informed of your right to legally challenge our decision with the ICO.
If you wish to make a complaint about how the Trust are processing your personal data, then in the first instance please contact the data protection officer at the address listed at the start of this document.
If you are still dissatisfied with how the Trust has handled your complaint then you have the right to complain to the Information Commissioners Office (ICO). The ICO can be contacted as follows:
The Information Commissioner
Telephone: 08456 30 60 60