This notice explains what personal data (information) we hold about you, how we collect it, how we use it and how we may share information that we hold about you in order to deliver our services. We are required to give you this information under data protection law. Dudley Council is committed to protecting your privacy when you use our services. The Privacy Notice below explains how we use information about you and how we protect your privacy.
Dudley Council (DMBC) complies with data protection legislation (the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) and is registered as a 'Data Controller'
The Communication, Interaction, Physical and Sensory Advisory Service (CIPS) is part of the SEND team in Dudley Council and provides services in the following areas:
- Autism Outreach
- Hearing Impairment
- Physical Impairment and Medical Inclusion
- Speech and Language Centre
- Visual Impairment
We collect information from parents or carers for children and young people below and within statutory school age and from young people themselves if they are aged 16 or over. We collect the following personal information (these lists are not exhaustive):
- personal information such as your name, address, contact details, date of birth, parent or carer details
- special category information such as ethnicity,
- languages spoken, disabilities, gender
- details of special educational needs and disabilities
- information about physical or mental health
- family information and contact details
- free school meal status
- EHC Plan
- home to School Transport details
- current school
- assigned professionals or practitioner details
- social care history
- safeguarding information
- Short Break Allocation details
- Pupil Premium details
- GP details
- financial information including benefits
We may also seek additional identifiable information such as:
- NHS Number
- Unique Pupil Reference Number
We will seek personal information from other sources including:
- other Dudley County Council departments
- medical professionals in regard to your health
- mental health services
- Educational Psychologists
- schools or post-16 settings currently or previously attended
- early education providers
- police
- other local authorities
We collect personal information in the following ways:
- consultations with parents, carers or professionals
- assessments and reports
- referral form
- secure managed data collection system
- face to face
- telephone
- post
We hold data securely for the set amount of time detailed in our records Retention Schedule. For more information in regards to this and how we keep your information safe please check our Records retention schedule.
Purposes for collecting personal information
- assessments
- service delivery
- service improvement
- service planning and research
- case closure
- to assess eligibility for a service to be offered
- to assess eligibility for funding
- to assess the learning environment and develop appropriate interventions or strategies for schools and other educational settings (including Home Educated)
- to provide advice and support to the whole family of a child or young person with SEND which may lead to an Early Help Assessment
- to measure the outcomes for individuals
- to assess and improve our services
- to provide a range of courses and workshops for parents or carers
Children’s Services uses Power BI as a business intelligence analysis tool that can handle hundreds of thousands of lines of raw data and add value by categorising, calculating and visualising information to give insight.
Working with colleagues in Children’s Services, interactive business intelligence dashboards have been developed to provide analysis into things like, number of service users, number of children in need, different types of interventions applied etc.
These insights can be shared with those members of staff who need the analysis to help Children’s Services improve service operations. Access to personal identifiable level data is restricted to those who have a lawful basis to access it.
Information which you have provided the Council will be stored securely in line with the retention periods shown below after which time it is archived or securely destroyed, unless we are required by law to retain records for longer than the stated retention period. The information will only be used for the purposes stated when it was collected. Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.
Category of information |
Retention period |
All records relating to children and young people on caseload (unless Looked After, SEN, or Adopted - see other entries)
|
Retain records until service user's 25th birthday |
SEN Assessment and Support |
Retain records until the end of the academic year in which the service users 31st birthday occurs. |
All records relating to the provision of educational support for children looked after. |
Retain records until the child’s 75th birthday or, if the child dies before the age of 18 for 15 years from the age of the child’s death. |
All records relating to the provision of educational support for children adopted. |
Retain records for 100 years from date of adoption order |
All records relating to the allocation and provision of home to school transport for special needs pupils |
Retain from date transport provision ceases for 6 years |
We collect and use your personal information in order to:
- perform a Statutory Duty
- perform a Public Duty
- perform a Regulatory Duty
- to enable service delivery
- to enable official reporting
- to manage funding or grants
The additional legal bases that govern and direct the delivery of SEND services is as follows:
- Children's and Families Act 2014
- Childcare Act 2006 (Section 40(2)(a))
- The Education Reform Act 1988
- Further and Higher Education Act 1992
- Health and Safety at Work Act
- Safeguarding Vulnerablle groups Act
- Working together to Safeguard Children Guidelines (DfE)
- Education Act 1994; 1998; 2002; 2005; 2011
- Equality Act 2010
- Children and Young Person's Act 2008
- Autism Act 2009
- National Health Service Act 2006
- Mental Capacity Act 2015
- SEND Code of Practice 0-25 years, July, 2014 – Statutory Guidance
We collect and use your personal information to carry out tasks in our official authority. For additional/specific interventions we will seek, under common law duty of confidentiality, your permission to share with appropriate professionals. If we need to collect special category (sensitive) personal information, we rely upon reasons of substantial public interest (equality of opportunity or treatment).
Where the use of video conferencing facilities are utilised (such as Zoom) we will seek your consent to process your data through this means. Further information on Zoom Privacy
If required we will share your information with other Dudley Council departments such as:
- Adults Services
- Children’s Services
- Education and Universal Services
- LGSS Legal
- Public Health
With your permission we may also share your information outside of Dudley Council with the following organisations (this list is not exhaustive):
- Advocates
- NHS/Medical Professionals
- Schools
- Childcare providers
- Commissioned Delivery Partners
- Department for Education
- Other Education providers
- Housing Agencies
- Local Authorities
- Judicial Agencies
- Police
- Ofsted
- Residential care providers
- Training providers
- Voluntary or third sector providers
- Youth Offending Service
- Third Party Information Society Services applications
In order for the service to fully carry out its legal duties and to deliver its service it is a necessary requirement to share this information. If you have approached the service in a voluntary capacity, permission to share will be sought as appropriate.
We will share personal information with law enforcement or other authorities if required by applicable law.
When video communication facilities are used to record face to face meetings, it is likely that information will be stored on servers outside of the United Kingdom. We ensure that we only utilize services that offer appropriate security standards.
Zoom Video Communication, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield. Zoom is committed to subjecting all personal data received from EU member countries, Switzerland, and the United Kingdom, in reliance on the Privacy Shield Frameworks, to the Framework's applicable Principles.
Your Rights
Under UK GDPR you have rights which you can exercise free of charge which allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioners Office
- withdraw consent at any time (if applicable as this will not be possible in certain circumstances)
Depending on our reason for using your information you may also be entitled to:
- ask us to delete information we hold about you (if applicable) have your information transferred electronically to yourself or to another organisation
- object to decisions being made that significantly affect you
- object to how we are using your information
- stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties which will override the requirements of the UK GDPR. Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals' rights under UK GDPR.
We are required under Section 6 of the Audit Commission Act 1998 to participate in the National Fraud Initiative data matching exercise. The data held will be used for cross-system and cross authority comparison for the prevention and detection of fraud. For further information see the National Fraud Initiative webpage.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Under data protection legislation, parents, carers and children have the right to request access to information that we hold on them. To make a request for your personal information please contact:
Data Protection and Information Governance Manager, Dudley MBC, ICT Services, The Council House, Priory Road, Dudley, DY1 1HF
Email: information.governance@dudley.gov.uk
Phone: 01384 815607
If you have a concern about the way we are collecting or using your personal information, you should raise your concern with us in the first instance. UK GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted on 03031 231 113. Or see the ICO Website for further details.
Read our Corporate Privacy Statement for more information.
If you would like to discuss anything in this Privacy Notice please contact:
Data Protection and Information Governance Manager
Dudley MBC,
ICT Services,
The Council House,
Priory Road,
Dudley,
DY1 1HF
Email: information.governance@dudley.gov.uk
Phone: 01384 815607
Last updated 26/09/2024