Educational Psychology Service
Data Controller – Somerset Council – ICO Registration Z5957592
Data Protection Officer Contact – email@example.com
Purpose for processing
To enable the Inclusion services to work effectively with schools, education provisions and partner organisations to address the needs of children and young people who require support.
How and what we collect
We will typically collect information from your or your child’s education provision, and then through our contact with you/your parents or carers, and other services, professionals and organisations involved.
The information we collect may include:
- personal details
- family details
- lifestyle and social circumstances
- education information and pupil records
- visual images
- case file information
We may also collect information that falls under the following special categories (sensitive information):
- physical or mental health details
- racial or ethnic origin
- offences (including alleged offences)
- religious or other beliefs of a similar nature
Legal basis for processing
We rely on the following provisions of the General Data Protection Regulation (GDPR) as the lawful basis for processing your personal data:
- Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
And for special category data (if applicable)
- Article 9(2)(g) – processing is necessary for reasons of substantial public interest which shall be proportionate to the aim pursued.
- Data Sharing Code of Practice ( ICO 2012)
- Children’s Act 2004
- Children and Families Act (2014)
- SEND Code of Practice (2015)
In order to provide our services, it may be necessary to share information linked to you/your child with other organisations or services that provide support. This may include your/your child’s current and future school or education setting and other local authority or health services/departments. We will discuss how we share personal data with you as and when this is necessary. Reports and records created by the service will be copied to you, your school or education provision and to other services supporting you as appropriate. They will form part of your school record.
We have appropriate security measures in place to prevent personal information from being accidentally lost or misused. We limit access to your/your child’s personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
Your data will not be transferred abroad.
Your personal data, including written reports are typically retained until the young person reaches the age of 34, in accordance with our retention schedule.
Under the General Data Protection Regulation (GDPR) you have a number of rights in relation to the data we hold about you and/or your child. These include the right to ask for a copy of the data, the right to rectify or erase the personal data, and the right to object to processing. However, these rights are only applicable if the council has no other legal obligation concerning that data. Further information about your rights and how to exercise them can be found on our Information rights page.
You also have the right to complain to the regulator (The Information Commissioner) and details can be found on the Information Commissioner’s Office (IOC) website.
In some cases, if you do not supply your information to us, we will not be able to provide you with the services we are obliged to provide by law or any supplementary service you have asked for.