Educational Psychology Service
Data Controller – Somerset County Council – ICO Registration Z5957592
Data Protection Officer Contact – firstname.lastname@example.org
Purpose for processing
To enable the Inclusion services to work effectively with schools, education provisions and partner organisations to address the needs of children and young people who require support.
How and what we collect
We will typically collect information from your/your child’s education provision and then through our contact with you and/or your parents/carers and other services/professionals/organisations involved.
The information we collect may include:
- personal details
- family details
- lifestyle and social circumstances
- education information & pupil records
- visual images
- case file information
We may also collect information that falls under the following special categories (sensitive information):
- physical or mental health details
- racial or ethnic origin
- offences (including alleged offences)
- religious or other beliefs of a similar nature
Legal basis for processing
We rely on the following provisions of the General Data Protection Regulation (GDPR) as the lawful basis for processing your personal data:
- Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or int the exercise of official authority vested in the controller.
And for special category data (if applicable)
- Article 9(2)(g) – processing is necessary for reasons of substantial public interest which shall be proportionate to the aim pursued.
- Data Sharing Code of Practice (ICO 2012)
- Children’s Act 2004
- Children and Families Act (2014)
- SEND Code of Practice (2015)
In order to provide our services, it may be necessary to share information linked to you/your child with other organisations or services that provide support. This may include your / your child’s current and future school or education setting and other local authority or health services/departments. We will discuss how we share personal data with you as and when this is necessary. Reports and records created by the service will be copied to you, your school/education provision and to other services supporting you as appropriate. They will form part of your school record.
We have appropriate security measures in place to prevent personal information from being accidentally lost or misused. We limit access to your/ your child’s personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
Your data will not be transferred abroad.
Your personal data, including written reports are typically retained until the young person reaches the age of 34, in accordance with our retention schedule.
Under the General Data Protection Regulation (GDPR) you have a number of rights in relation to the data we hold about you and/or your child. These include the right to ask for a copy of the data, the right to rectify or erase the personal data, and the right to object to processing. However, these rights are only applicable if the Council has no other legal obligation concerning that data. Further information about your rights and how to exercise them can be found on our website – https://www.somerset.gov.uk/our-information/your-rights-on-the-information-we-hold-about-you/
You also have the right to complain to the regulator (The Information Commissioner) and details can be found at https://ico.org.uk/make-a-complaint/
In some cases, if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.