Hampshire and Isle of Wight Educational Psychology (HIEP) respects your privacy and is committed to protecting your personal data. Please read this Privacy Notice carefully – it describes why and how we collect and use personal data and provides information about your rights. It applies to personal data provided to us, both by individuals themselves or by third parties and it supplements the Hampshire County Council generic Privacy Notice.
Hampshire County Council is the data controller for the purposes of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). We keep this Privacy Notice under regular review.
Hampshire & Isle of Wight Educational Psychology (HIEP) works to ensure partnership with parents and other professionals at all stages of our work in line with our professional codes of conduct and ethics and also in line with the ethos of the SEN Code of Practice (DfE & DoH, 2014). All of our educational psychologists (EPs) are registered with the Health and Care Professions Council (HCPC) and our work is underpinned by their Standards of Conduct, Performance and Ethics.
EPs hold qualifications that give them eligibility for chartered status with the British Psychological Society (BPS). Working within the team, we also have trainee educational psychologists and psychologists who are in the process of registering with the HCPC (following completion of the doctorate programme in educational psychology). All team members who are not yet eligible for registration with the HCPC are supervised by an HCPC registered educational psychologist.
Why we collect this information
If you are a member of staff or a professional in a setting who links with an EP for consultation, or if you are attending a conference, training, coaching or supervision offered by HIEP, we may collect information about you in order to:
- maintain a record of professionals in settings who we work with or who are attending conferences, training, coaching or supervision offered by HIEP
- ensure we can communicate with consultees and with professionals attending conferences, training, coaching or supervision offered by HIEP in order to share news and resources
- arrange future sessions and maintain effective implementation of ongoing work
- monitor and evaluate the services we provide.
The following sections provide further detail around the information we process, setting out the lawful basis for the processing, who we may share information with and when, and how long we keep the information (the retention period). You will also find information about your rights and who to contact if you have concerns about how we are handling your data.
The categories of information that we collect, hold and share
If you are a member of staff or a professional in a setting who links with an EP for consultation, or are a professional attending a conference, training, coaching or supervision offered by HIEP, we may collect and hold the following personal data (as relevant):
- your name, a contact email address of your choice and telephone number of your choice
- dietary information or information about adjustments required to support your attendance
- the team or setting in which you work (if relevant)
If you are a professional in a setting who we work with through consultation on a regular basis, or if you have attended a conference, training, coaching or supervision offered by HIEP, we may approach you to provide feedback about HIEP and the service we have provided to you, as part of our evaluation. For example, we may share a link to an online survey and seek your views about the service (ratings and comments).
These activities are optional and you would not have to complete any surveys or provide other feedback if you didn’t want to. If you did choose to take part, we would not ask directly for your name or the name of your setting as the information and views provided would only be used to help us to explore which parts of our service are working well and what can be improved. Your views would be collated with the views of other professionals and the findings summarised. Although direct quotes may be used in reports, in presentations or on the HIEP website, no-one would be able to identify you nor any child, family or school from any of the above.
The lawful basis on which we process this information
For children and young people where we are involved on an individual basis, we collect and use the information, ensuring that we comply with the UK GDPR and the Data Protection Act 2018 (DPA 2018) requirements for processing personal data through:
- Article 6(1)(c) - the processing is necessary for compliance with a legal obligation to which the controller is subject
- Article 6(1)(e) - the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
And Special Category Personal Data through:
- Article 9(g) – the processing is necessary for reasons of substantial public interest
- Schedule 1, paragraph 6 of the Data Protection Act (2018)
These articles under the UK GDPR and DPA (2018) are supported by the following specific legislation:
- Part 3 of the Children and Families Act 2014 and associated guidance
- The Special Educational Needs and Disability Regulations 2014
- The Equality Act (2010)
Under these lawful bases we do not require your consent to process this information, but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.
Storing and securing data
The information you provide will be entered into our service’s secure system (SharePoint) to create an electronic record. We will store and protect this information in line with the County Council’s data retention strategy for the Children’s Services Department. Our systems are hosted in secure UK based data centres. Appropriate security measures are in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Paper based records may be kept on site and, when not in use, they are kept securely in a locked cabinet.
The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure any personal data held by us is:
- prevented from being accidentally or deliberately compromised
- accessed, altered, disclosed or deleted only by those authorised to do so
- accurate and complete in relation to why we are processing it
- continually accessible and usable with daily backups
- protected by levels of security appropriate to the risks presented by our processing
The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.
Requesting access to your personal data and your rights
Under data protection legislation, individuals have the right to request access to information that we hold about them. To make a request for your personal information, or someone you have responsibility for, please contact the Children’s Services Department’s Subject Access Request (SAR)
You also have the right to:
- prevent processing for the purpose of direct marketing
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed.
Please note that under the UK GDPR, there is also a right to erasure but the right to erasure does not provide an absolute ‘right to be forgotten’. Where the data being processed is for the purpose of ‘performing a task in the public interest or for our official functions, and the task or function has a clear basis in law’ (Article 6(1)(e))’, this right does not automatically apply.