Privacy notice and data protection

This privacy notice explains what types of personal data we may hold about you, how we collect it, how we use and who we may share information with. We are required to give you this information under data protection law.

Who we are

Achieving for Children is a community interest company created in 2014 by the Royal Borough of Kingston upon Thames and London Borough of Richmond to provide children’s services. In August 2017 the Royal Borough of Windsor and Maidenhead became co-owner of Achieving for Children.

Achieving for Children delivers children’s services and the local authority statutory responsibilities relating to children aged up to 25 years across the boroughs of Kingston, Richmond and Windsor and Maidenhead. Achieving for Children is registered as a controller with the Information Commissioner’s Office (ICO). Registration number ZA045069 and is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Achieving for Children’s School Admissions Service is responsible for coordinating the admissions process for Kingston and Richmond residents and schools. This includes children moving in the transition period from nursery to Reception, the transition period from Year 6 primary school to year 7 secondary school and children moving school mid year.

Personal data we collect

In order to process your admission application, we need some, or all of, the following children’s data:

• Names
• Date of birth
• Address
• Name of school, pre-school, nursery (current and previous)
• School exclusion history
• School attendance history
• Details of period if a child was or is in care i.e. looked after by a local authority and entails of adoption or special guardianship orders and names of social workers involved
• Details of exceptional social and medical needs provided by parents to meet school admission oversubscription criteria, such as written statements from parents or supporting letter from professionals
• Details of support received in school from specialist services i.e. speech and language support
• Nationality and whether or not the child is seeking asylum or is a refugee and documentation to support this
• Supplementary forms for Voluntary Aided Church School applications:
  • Faith
  • Confirmation of church attendance
  • Evidence of Baptism

Parent or guardian data

• Names
• Address
• Email
• Telephone number
• Date of birth
• Proof of residence (e.g. utilities bill, exchange of contracts confirmation letter, rental agreement)
• School preferences
• Reasons for your school preferences (optional)

How we use your personal data

• To process your child’s application for a school place
• To administer any school appeals that may be heard
• To prevent and detect fraudulent applications for school places
• To contact and notify parents/carers where they have queries about the application and to let them know the final outcome of the application
• To notify the allocated school and provide them with your child’s details as detailed on the application form and your contact details
• To maintain waiting lists where parents are not allocated their preferred school or schools
• To help investigate any worries or complaints you may have about our service
• To develop and improve our services

Lawful basis for processing your personal data

We collect and use the information ensuring that we comply with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 requirements for processing through:

• Article 6(1)(c) - compliance with a legal obligation
• Article 6(1)(e) - processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
• Article 9(2)(g) - necessary for reasons of substantial public interest, on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures;

These articles under the GDPR and the DPA2018 are supported by the following specific legislation:

• School Admissions Regulations 2012
• Education act 1996
• School Admissions Code 2014
• School Standards and Framework Act 1998

Who we share your personal information with

We will only share information where it is appropriate and legal to do so. Where this is necessary, we are required to comply with all aspects of the Data Protection Act 2018.

Depending on the individual circumstances of each situation, we may have to share this information with other teams within Achieving for Children to fulfil other duties and powers to support our work.

How long will we keep your information

We only keep your personal data for as long as is required by law and in accordance with our retention schedule.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Achieving for Children’s email service has been configured to Government Digital Service and we encrypt and authenticate email in transit using Transport Layer Security (TLS) and Domain-based Message Authentication, Reporting and Conformance (DMARC). We will ensure that when we send emails containing your personal information they are sent using appropriate security measures to encrypt the data in transit. This may involve the use of a third party encryption tool where appropriate.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights and access to information

Under data protection legislation you have the right to request access to the information that we hold about you. To request a copy of your data, please read the Individual Rights Requests on this website and then submit your request using your preferred method of contact.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress
• have inaccurate personal data rectified, blocked, erased or destroyed
• prevent processing for the purpose of direct marketing object to decisions being taken by automated means
• In certain circumstances have inaccurate personal data rectified, blocked, erased or destroyed; and
• A right to seek redress, either through the ICO, or through the courts

If you have any questions or concerns about the way we process personal data, or would like to discuss anything in this privacy notice, please contact our Data Protection Officer: dpo@achievingforchildren.org.uk

If you want to make a complaint about how we handle your personal data, we ask that you give our Data Protection Officer the opportunity to respond in the first instance but you are not obliged to do this. You can make a complaint directly to the Information Commissioner’s Office