Why do we collect and use this information?
Hampshire County Council is the Data Controller for the purpose of collecting and using information from parents/carers to provide financial reimbursement for the costs of transporting their child to school.
We collect information to identify the child you are transporting, the school to which transport is being provided and the parent making the claim for reimbursement. We hold this personal data securely and use it to:
- verify the mileage claim
- reimburse the parent or carer as appropriate
- ensure compliance with our obligations under the accuracy principle of the UK General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you and your family are up to date
The categories of information that we collect, hold and share
The following personal and special category information is processed:
- your child’s personal information (name, date of birth, school)
- your personal information (name, phone number, email address and home address)
- your financial information (bank details)
The lawful basis on which we use this information
We collect and use the information ensuring that we comply with the UK General Data Protection Regulation (GDPR) requirements for processing through:
- Article 6(1)(e) – the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
Under this lawful basis we do not require your consent to process this information but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.
Please note that no automated decision making (decisions taken without a person involved) occurs for any parts of these activities controlled by the County Council. This information is not used for profiling.
Storing and securing data
The information provided to us will be retained three years plus the current financial year in line with financial auditing requirements. Your information will be held electronically and in paper format.
The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:
- prevented from being accidentally or deliberately compromised
- accessed, altered, disclosed or deleted only by those authorised to do so
- accurate and complete in relation to why we are processing it
- continually accessible and usable with daily backups
- protected by levels of security ‘appropriate’ to the risks presented by our processing
The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management system, ISO27001.
Who do we share information with?
We do not share information with anyone unless there is a lawful basis that allows us to do so.
Depending on the individual circumstances of each situation, we may have to share this information with other teams within the County Council to fulfil other duties and powers to support our work. These might include our Children Missing Education (for ensuring the provision of full time education); Data Protection Team (for personal data incidents); Virtual School (for support of children looked after); and/or Social Care teams (supporting welfare, safeguarding and corporate parent functions). We may also share information through the County Council’s role in the Hampshire Safeguarding Children Partnership (HSCP) to comply with their statutory duties.
As part of the payment stage of the process, information is shared with the County Council’s Integrated Business Centre (IBC) for the purpose of them being able to set up the invoice and manage the payment.
Requesting access to your personal data and your rights
Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or someone you have responsibility for, please contact the Children’s Services Department’s Subject Access Request (SAR) Team.
You also have the right to:
- prevent processing for the purpose of direct marketing
- object to decisions being taken by solely automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- claim compensation for damages caused by a breach of the Data Protection regulations
Please note that under the UK GDPR, there is also a right to erasure but the right to erasure does not provide an absolute ‘right to be forgotten’. Where the data being processed is for the purpose of ‘performing a task in the public interest or for our official functions, and the task or function has a clear basis in law’ (Article 6(1)(e))’, this right does not automatically apply.
The above information is the specific privacy notice for this service. For more information about your rights in relation to your personal data, see the County Council’s general privacy notice.
You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.
You can contact the County Council’s Data Protection Officer by email [email protected].
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.