Why do we collect and use this information?
Hampshire County Council is the organisation responsible for processing your information (the Data Controller). Hampshire Ethnic Minority and Traveller Achievement Service (EMTAS) works closely with schools to support children and families from:
- Black and Minority Ethnic (BME) groups
- families who speak a language other than English at home
- children and young people of Traveller Heritage
We collect information about you as the parent/carer, as well as information about your child or children. We hold your personal data securely and use it to:
- carry out an initial profile visit with you (as parents/carers), your child or children and your child or children’s school, and write a report
- contact you and the school to inform you that EMTAS will provide support and what the next steps will be
- deliver additional support where needed
- monitor and assess the effectiveness of EMTAS
- undertake wider County Council statutory duties in support of a child’s education and welfare
- ensure compliance with our obligations under the accuracy principle of the UK General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you and your family are up to date
The following sections provide further detail around the information we process, setting out what allows us to do this (lawful basis), who we may share it with, how long we keep it for, alongside identifying any rights you may have and who to contact if you think we’re not handling your information in the right way.
The categories of information that we collect, hold and share
The following personal and special category information is processed:
- your child or children’s personal information (such as name, Unique Pupil Number, date of birth, current and previous educational establishments, year group) and characteristics (such as gender, date of admission to school, country of birth, ethnicity code, country of origin, first language, religion, asylum seeker/refugee indicator, Looked after Child indicator and responsible Local Authority, level of English)
- as their parent or carer, your language characteristics (level of English spoken, other languages spoken)
The lawful basis on which we process this information
We collect, store, use and share the information, ensuring that we comply with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA2018) requirements for processing through:
- Article 6(1)(e) – the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
- Article 9(2) (g) – Necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures
- Sch.1, Pt.1, 6 – Substantial public interest conditions, for processing under the DPA2018
These articles under the UK GDPR and the DPA2018 are supported by the following specific legislation:
- Sections 85 and 149 of The Equality Act 2010
- Section 13, 13A and 14 of the Education Act 1996
Please note that no automated decision-making (decisions taken without a person involved) occurs for any parts of these activities controlled by the County Council. The County Council does use profiling as part of this process but only for compliance with the definitions for delivery of this service for children and young people who are identified as BME, English as an Additional Language (EAL) or for children and young people of Traveller heritage.
Storing and securing data
The information provided is added to the EMTAS record management system and stored within the County Council’s Document Management System (DMS). The information held within the County Council’s DMS will be kept in line with our retention schedule and then deleted as appropriate. The County Council’s DMS is hosted by the County Council in secure, UK-based data centres.
The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure that personal data held are:
- prevented from being accidentally or deliberately compromised
- accessed, altered, disclosed or deleted only by those authorised to do so
- accurate and complete in relation to why we are processing them
- continually accessible and usable with daily backups
- protected by levels of security appropriate to the risks presented by our processing
The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.
Who do we share your information with?
We do not share information with anyone unless there is a lawful basis that allows us to do so.
If your child(ren) changes school during this service being delivered, we may need to share the profile report developed to date with your child(ren)’s new school.
We are annually required to provide a summary level report to the County Council’s Children’s Services Departmental Management Team. Your information provides data for our report but no identifying, child-level data are shared.
Depending on the individual circumstances of each situation, we may have to share this information with other teams within the County Council to fulfil other duties and powers to support our work. These might include teams such as Children Missing Education (for ensuring the provision of full-time education); Virtual School (for support of children looked after); and/or Social Care (supporting welfare, safeguarding and corporate parent functions). We may also share information through the County Council’s role in the Hampshire Safeguarding Children Partnership (HSCP) to comply with their statutory duties.
Requesting access to your personal data and your rights
Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or someone you have responsibility for, please contact the Children’s Services Department’s Subject Access Request (SAR) Team.
You also have the right to:
- prevent processing for the purpose of direct marketing
- object to decisions being taken by solely automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- claim compensation for damages caused by a breach of the Data Protection regulations
The above information is the specific privacy notice for this service. For more information about your rights in relation to your personal data, see the County Council’s general privacy notice.
You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.
You can contact the County Council’s Data Protection Officer by email [email protected].
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.