Data Privacy Notices (DPNs) Under General Data Protection Regulations (GDPR)
The GDPR sets out the information that you should supply and when individuals should be informed.
The information you supply about the processing of personal data must be:
- concise, transparent, intelligible and easily accessible
- written in clear and plain language, particularly if addressed to a child
- free of charge
The identity and contact details of the company
Reading Borough Council – for Reading Services Guide: www.reading.gov.uk/servicesguide - main site
www.reading.gov.uk/fis - sub section
www.reading.gov.uk/sendlocaloffer - sub section Local Offer
www.reading.gov.uk/youth - sub section
www.reading.gov.uk/servicesguide - Community Directory - sub section
Providers who register their services on the Reading Services Guide can lodge the following information:
Ofsted registration number
Description of service which could include information about themselves
Date of birth??
Parent carers/professional Enquirers – Back end data store (Contact Log) system of Open Objects, with consent the following information is held. At the request of the client this can be removed anytime by emailing email@example.com
Client first name
Clients address details
Clients contact telephone numbers
Description of the information requested
Children and Young Peoples Disability Register (DCR) – voluntary register for families to register their child or young person who has additional needs (NOTE: this information is held on a secure database with stick access rights and not published. Information captured
- First name of child
- Surname of child
- Date of Birth
- Languages spoken
- Parents first name
- Parents surname
- Address details
- Contact telephone numbers
- Email address
- Languages spoken
- Sibling first name
- Siblings Surname
- Date of Birth
- Any additional need information
- Weather they are a young carer
The information is stored in a secured area called the Datastore. The Datastore is only accessible to eligible staff and on a restricted access basis. Staff who can access the Datastore do so by using a username and password and can only see the areas of the datastore they have been given access to. This area is strictly controlled by the super users.
Part of the information can be made ‘visible’ and ‘live’ and can be seen on the front end of the website. Other part of the information can be restricted to public view and can only be accessed by authorised staff on the datastore. There is an option for full, part and admin access only visibility for each record and this option is used by the super users to assign the records
We use the data collected to:
- enable us to carry out specific functions for which we are responsible
- derive statistics which inform decisions such as the funding
- assess performance and to set targets
Under the Care Act 2014, Children’s Act 2006/2016 and the SEND Code Of Practice (Children’s Act), we have a legal duty to ensure residents have access to clear information, advice and guidance to inform the choices they make. The purpose is to help people live healthy and fulfilling lives, as independently and as long as possible in their own home, and to connect to, contribute and feel part of their local community. The information helps every member of the community know what is available to them and covers children’s services, youth services, adult care services, support services for carers, health services, services for children and adults with a disability, learning difficulty or sensory needs, sport and community activities.
The information is given by providers voluntarily. By registering on the site and accepting the Terms of Conditions, they consent that the data and information is used for the purpose of informing and promoting their services.
Contact log, is where we log the client information, verbal consent is taken from the client and a super user would tick a consent box to indicate permission has been given. The information is held on a secure system and is used solely for the purpose of detail in the enquiry/request from the parent carer / professional. Permission is also asked if the parent carer / professional would like to be kept informed on events, activities, new information, and legislation changes etc. Parent carers / professionals can contact firstname.lastname@example.org if they want the details removed or amended.
Children & Young Peoples Disability Register (DCR) – information provided by parent carers and young people is stores on a secure database. The information is NOT for public use. Those registering receive a Max Card will gives discounted entry to attraction throughout the country.
The information is kept up to date by the providers – they can remove it from the system or enhance/update it.
It is also kept up to date by the data controller/processor. The information is removed/updated if the service is no longer running, needs to be updated and the data controller is notified of such.
Childcare / Ofsted data is updated and reviewed on a daily basis, childcare setting records are updated accordingly as informed by Ofsted. Any resigned, cancelled or suspended settings are removed from public visibility as soon as possible. New childcare settings are requested to complete their business information for families to access (this is a voluntary request) if permission isn’t granted then the core information from Ofsted will be held on the back end data store secure system and not published on the front end website.
The information is shared on a public website, except for data that needs to be restricted either legally or on request.
Information will be shared with, Ofsted and internal safeguarding/child protection teams if a safeguarding concern is raised.
Local Offer platform is shared with West Berkshire Council, Bracknell Forest Council and Wokingham Council, the information supplied by the providers is for public use.
Information will be shared with internal services/teams to further improve and develop services and information for Reading residents. This includes SEN Team, Early Years, Early Help, Children’s Commissioning Team, and any other appropriate internal service that may use the data to plan services. Personal information will not be shared without permission.
The information is also accessed by the software provider: IDOX/Open Objects. They access the information on a needs basis when issues arise and need to be resolved. The software provider has to comply with GDPR and have their own policy to ensure this is met.
Processing is based on consent. When registering, service providers agree to the Terms and Conditions of use of the site. Service providers who lodge their information on the Reading Services Guide have a right to withdraw all or any of the information we hold or that they have submitted.
Contact log (FIS and SEND Local Offer) verbal permission is taken and noted, information is held on a secure Open Objects data store system
Children & Young Peoples Disability Register DCR – voluntary register – processing is based on consent from the user.
Under data protection legislation, users of the service have the right to request access to information about them that we hold. To make a request for your personal information, or be given access contact Ricky.Gill@reading.gov.uk administrator / Data Protection Officer
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
The service provider has a right to have their data corrected, as a self-manage system the service provider can be given access to their information for updating purposes. This is something that we will promote in order to ensure the data is kept up to date at all times.
The service provider has a right to have their data deleted – if they no longer wish to be listed on the Reading Services Guide or if the service is no longer running.
To respond to safeguarding concerns, the data controller has a right to delete or archive a service provider from the site. See disclaimer on the Reading Services Guide
The service provider has a right to put a complaint to the Information Commissioner’s Office (ICO)
The GDPR sets out a higher standard for consent than the Data Protection Act. The GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’
Consent has to be a positive indication of agreement to personal data being processed. It cannot be inferred from silence, pre-ticked boxes or inactivity. Opt out consent is no longer acceptable under the GDPR. The GDPR is clear that controllers have to demonstrate that consent was given, so a review is best practice in order to ensure there is an effective audit trail.