Privacy Notices - Speech and language therapy virtual groups Privacy Notice
You need to be aware of this Privacy Notice if you or your child are thinking of attending a virtual speech and language therapy group.
- What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.
- Who is collecting and using your personal data?
Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us. We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)
To find out more about Swindon Borough Council’s data protection policies please contact our Data Protection Officer. firstname.lastname@example.org or in writing to Data Protection Officer, Civic Offices, Euclid Street, Swindon, Wiltshire, SN1 2JH.
Please note that not providing your personal data may lead to you being unable to utilise services provided by speech and language therapy.
- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
- What personal data do we collect?
The categories of this information that we collect, process, hold and share include:
- personal information (such as name, unique pupil number and address)
- characteristics (such as ethnicity, language and free school meal eligibility)
- school attainment and attendance data
- case information if you are in receipt of services from children, families and community health. Case information relating to children and their families will include contact, referral, assessment, plans, reviews and case information notes.
For the purpose of running a virtual group through Microsoft TEAMS, participants will need to be aware that if the guests click the participants icon, during the group session, names (e.g. first name or name attached to your TEAMS account) of all the attendees will be visible in the meeting to all other participants.
- How do we process your personal data?
We use children and young person’s data to:
- enable us to carry out specific functions for which we are responsible
- meet statutory reporting and case recording requirements for Social Care, Early Help, Virtual School, Exclusions and Reintegration, Education Safeguarding and Special Educational needs service provision
- derive statistics which inform decisions such as the funding of schools
- assess performance and to set targets for the services we provide
- provide commissioning services with aggregate data so that we can be held accountable for the services we are commissioned to provide
- complete statutory returns on children in receipt of social care and health and Early Help services and these datasets can include unique identifiers such as a National Health Number
- run virtual groups via Microsoft TEAMS
- Why do we need your personal information?
We use children and young person’s or your data to:
- enable us to carry out specific functions for which we are responsible
- provide therapy groups in a virtual format using Microsoft TEAMS
- How the law allows us to use your information?
We collect and use this information under Article 6 (lawful processing), and Article 9 (special categories of data), of GDPR 2018:
Article 6 of GDPR:
Public task: the processing is necessary for the local authority to perform a task in the public interest or for official functions, and the task or function has a clear basis in law in terms of Health and Social Care Provision.
For those early help services where the above does not apply:
Consent: the individual has given clear consent for the local authority to process their personal data for a specific purpose.
Article 9 (2) of GDPR – Special Categories of Data and lawful processing of:
(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
The Data Protection Act 2018 (12, Schedule 1, part 2 specifically outlines the responsibilities in relation to processing data for the purposes of safeguarding children and individuals at risk. Further information is available at the GOV.UK website
- Who do we share your information with?
We routinely share children and young person’s information with:
- Department for Education (DfE) - on a statutory basis under section 3 of The Education (Information about Individual Pupils) (England) Regulations 2013
- Department of Education (Social Care) – under the Children’s Act 1989 which requires us to complete statutory reporting requirements for children in receipt of social care
- Youth support services – under section 507B of the Education Act 1996, to enable them to provide information regarding training and careers as part of the education or training of 13-19 year olds
- NHS provision – mandatory data collection for The Mental Health Services Data Set (MHSDS). This dataset contains record-level data about the care of children, young people and adults who are in contact with mental health, learning disabilities or autism spectrum disorder services.
For the purpose of running a virtual group through Microsoft TEAMS, participants will need to be aware that if the guests click the participants icon, during the group session, names (for example, first name or name attached to your TEAMS account) of all the attendees will be visible in the meeting to all other participants.
- How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.
Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code, or what is called a 'cypher'. The hidden information is said to then be 'encrypted'.
- pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
- How long do we keep your personal information?
We hold children and young person’s data for set periods of time based on statutory requirements and the Council’s data retention policy.
The Local Authority (LA) uses information about children for whom it provides services, to enable it to carry out specific functions for which it is responsible, such as the assessment of any special educational needs the child may have. Swindon Borough Council holds child level information on a database for children and families who are in receipt of Education, Health and Social Care Services. It also uses the information to derive statistics to inform decisions on (for example) the funding of schools, and to assess the performance of service delivery and identify where improvements are required.
- What you can do with your information?
Under the Data Protection Act 2018 and the EU General Data Protection Regulations you have the following rights:
- The right of access to you own personal data
- The right to request rectification or deletion of your personal data
- The right to object to the processing of your personal data
- The right to request a copy of the information you provide us in machine-readable format
- The right to withdraw your consent to any processing that is solely reliant upon your consent.
Should you wish to exercise any of your rights, you should contact the Data Protection Officer.
- Your right to complain
We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Council’s Data Protection Officer, at DataProtection@swindon.gov.uk or by calling 01793 445500 and asking to speak to the Data Protection Officer.
You have a right to complain to the Information Commissioner’s Office about the way in which we process your personal data. For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO) at:
Information Commissioner's Office
- What if you do not provide personal data?
You are under no statutory obligation to provide personal data to Swindon Borough Council Speech and Language Therapy Service. However, if you do not provide the data, you will not be able to join the virtual groups.
- How will we ensure compliance?
A yearly audit will take place on personal data to ensure that we remain legally compliant in accordance with current data protection legislation.
- Main privacy notice
You are viewing the Privacy Notice for speech and language therapy virtual groups.