Privacy Policy

Derby and Derbyshire Safeguarding Children Partnership: Privacy Policy

Who we are?

Multi-Agency Safeguarding Arrangements across the Derby City and Derbyshire County areas are called the Derby and Derbyshire Safeguarding Children Partnership (DDSCP) and bring together the lead members and chief officers from the statutory agencies to oversee and scrutinise the work of a joint executive board comprising both statutory and other key partners.

The legally required (statutory) key partners are Derby City Council; Derbyshire County Council; NHS Derby and Derbyshire Integrated Care Board;  and Derbyshire Constabulary. These organisations work closely alongside schools and colleges, health providers, probation providers, CAFCASS and all other agencies to keep children safe across the partnership.

The purpose of our local arrangements is to support and enable organisations and agencies across Derby and Derbyshire to work together so that:

  • children are safeguarded and their welfare promoted
  • partner organisations and agencies collaborate, share and co-own the vision for how to achieve improved outcomes for vulnerable children
  • organisations and agencies challenge appropriately and hold one another to account effectively
  • there is early identification and analysis of new safeguarding issues and emerging threats
  • learning is promoted and embedded in a way that local services for children and families can become more reflective and implement changes to practice
  • information is shared effectively to facilitate more accurate and timely decision making for children and families

Your right to privacy is very important to us and we recognise that, when we collect, use, or store your personal data, you should be able to trust us to act in a responsible manner. This privacy notice tells you what you can expect when we process your data, and what your rights are. We take our responsibilities seriously and aim to use personal information fairly, correctly and safely in line with the legal requirements set out by the General Data Protection Regulations (GDPR).

Data Protection Principles

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

Personal data, or personal information means any information from which that person can be identified.

Why we collect data

The DDSCP is committed to being transparent about how it collects and uses your personal data and to meeting its data protection obligations. We may collect and process personal data relating to anyone accessing our service to manage the service we provide.

How we collect data

Your data may be collected in various ways. This includes when you visit www.ddscp.org.uk, as well as:

  • Verbally
  • Paper
  • Telephone
  • Email
  • Online forms
  • Website cookies
  • Other forms of image and voice recording

Data we obtain will be captured and stored in our systems for the purpose(s) specified. We do not collect information when you use a link in our website to other externally operated websites, other than our Learning Management System (see the separate Privacy Notice on this site). If you transfer to another site, please read the Privacy Notice or Statement relating to their information, this will also apply to individual partners websites within the partnership.

What personal data are we collecting?

We collect different categories of information about you, this includes personal information (for example your name and address), or other more sensitive data such as data about services you have received. The partnership may also process criminal conviction data in accordance with our statutory functions.

The Learning Management System (mentioned above) to which delegates will register, is managed by an external provider. The DDSCP have taken all reasonable steps, in compliance with Article 28(1) of the GDPR, to ensure that the processor has provided sufficient guarantees as to the implementation of appropriate technical and organisational measures to ensure their processing activities comply with the GDPR, protects the rights of individuals, and reflects the expectations of Derby City Council.

The provider will process the following information on behalf of the DDSCP for the purposes of facilitating the requested training.

Training/E-Learning

  • Your name, work address and work contact details, including work email address and work telephone number
  • If you are a private delegate this will include your name, address and contact details, including email address and telephone number
  • Information about training needs, including whether or not you have a disability for which the DDSCP needs to make adjustments for on training events
  • Attendance information
  • Qualitative and quantitative information given on evaluation forms following attendance at a training session

Electronic Feedback Forms

When submitting feedback or enquiries using electronic feedback forms, such as MS Forms, your information will be processed by the DDSCP, only for the purposes and scope of providing a response to you or obtaining qualitative and quantitative information for analysis purposes.

Details of information obtained from third parties

We receive information which includes personal data, from a wide range of partners including public sector organisations such as local authorities; health services; GPs; schools, and other educational settings; emergency services, the Disclosure and Barring Service (DBS) and the Probation Services, such information will be shared in accordance with the relevant safeguarding legislation.

We also receive similar information from voluntary and third sector organisations such as care providers, voluntary adoption agencies, youth groups, and charities. We also receive similar information from members of the public.

How we use your personal data

We will use your personal information for a limited number of purposes and always in line with our responsibilities, where there is a legal basis to do so, and in line with your GDPR rights. When we collect personal data from you, we only collect what we need to provide services you have requested or require.

We will use the information you provide in order to:

  • Provide learning, training or e-learning
  • Respond to your enquiries
  • Contact you where necessary
  • Contact you with further information where you have requested us to do
  • Obtain your feedback about our services
  • Ensure that we fulfil our legal obligations
  • Inform and fulfil our audit requirements

We also gather information to know how well agencies are working together to keep children safe. This helps us understand the experiences of children and young people living in Derby and Derbyshire. Where appropriate we will seek information from parents and carers and the wishes and feelings of children (including children who might not ordinarily be heard) about the priorities and the effectiveness of local safeguarding work.

How we share your data

If the information we intend to share is of a sensitive, personal nature we will only share it with partner organisations if we have obtained your consent or unless we are legally required or enabled to share it.

We will process your information in accordance with the following data protection provisions [1]:

  • Our legal obligations and public tasks
  • Our contractual obligations
  • Protection of vital interests of the data subject
  • The provision of health and social care
  • In some cases we may rely on consent, this will be clearly stipulated where applicable. If you wish to withdraw consent at any time you can do so emailing ddscp@derby.gov.uk

The public tasks based on the public interest and legal obligations arise from the following provisions:

  • Children Act 1989
  • The Working Together to Safeguard Children 2018 statutory guidance
  • Children Act 2004 
  • Education Act 1996
  • Education Act 2002
  • Education and Skills Act 2000
  • Legal Aid, Sentencing and Punishment of Offenders Act 2012
  • Police Reform and Social Responsibility Act 2011
  • Childcare Act 2006
  • Crime and Disorder Act 1998
  • Housing Act 1996
  • Safeguarding Vulnerable Groups Act (SVGA) 2006

For some services we process your data under a contract. Where we do not directly provide a service, we may need to pass your personal data onto the organisations that do. These providers are under contract and have to keep your details safe and secure and use them only to provide the service.

On occasions we use companies and partners to either store personal information or to manage it on our behalf. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection law. Arrangements involving sensitive personal data will have been formally assessed in more detail for their compliance with the law.

Your information may be collected in a variety of ways. For example, data might be collected through application forms and evaluations forms both short term and long term, and through Training Needs Analysis tools or through procurement paperwork when we commission training from a private provider.

At no time will your information be passed to organisations external to us or our partners for marketing or sales purposes or for any commercial use without your prior explicit consent.

How we look after your data

Under GDPR we have a legal duty to protect any personal data we hold. We implement appropriate technical and organisational measures to protect the confidentiality , integrity and availability of your data.

The DDSCP needs to process your data in order to maintain the service that we provide. As such the DDSCP is carrying out a task in the public interest when delivering these services.

Information will be stored securely and only used for the purpose(s) stated at the point of collection.

The amount of time data is kept before being disposed of will be determined by our retention and disposal schedule.

Who has access to your information?

The DDSCP is supported by a business team who will process information held on individuals. For example the business team will make sure that if you have successfully applied for a course that you receive all the information you need and the trainers know who is attending the course.

We may share your information if a multi-agency review is required to understand your circumstances and the quality of services that have been provided to you to keep you safe. The information about you may be shared with other professionals who may or may not be involved with you for the specific purpose of carrying out a review. This can include professionals who work for organisation’s such as Children’s Social Care, Schools or other Educational Settings, Police, your GP, District Nurses, Looked After Children Designated Nurses, Community Midwives and Health Visitors, Physiotherapists, Occupational Therapists or other NHS professional. This is so that we can ensure that we are all working together to achieve the best outcomes for our children and young people.

We will also share personal information IT System and Hardware Suppliers that are contracted to work with the partnership and appointed legal advisors or insurers.

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Access to records may also be undertaken under the provisions of the GDPR, the Data protection Act 2018, and under the Access to Health Records Act 1990 (in the case of the records of deceased individuals).  

Use of personal information for marketing

We will only send you information about our services and/or products if you have agreed for us to do so. You can opt out of this at any time using the contact details below.

What are your rights?

Under the GDPR you, as the data subject, you have the right to:

  • Access: you can request copies of any of your personal information that is held by the DDSCP.
  • Rectification: you can ask us to correct any incorrect information.
  • Deletion: you can ask us to delete your personal information. The DDSCP can refuse to delete information if we have a lawful reason to keep this.
  • Portability: you can ask us to transfer your personal data to different services or to you.
  • Right to object or restrict processing: you have the right to object to how your data is being used and how it is going to be used in the future.
  • Right to prevent automatic decisions: you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.

If you would like to exercise any of these rights, please contact us.

How long will we keep your information for?

We keep and dispose of all records in line with our record retention schedule; information about this is included in the DDSCP Information Sharing Agreement. We will comply with Data Protection legislation.

What security precautions in place to protect the loss, misuse or alteration of your information?

We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.

Keeping your data up to date

We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.

Under 13

If you are accessing online services and are under the age of 13; please get your parent/guardian's permission beforehand whenever you provide us with personal information.

Cookies & IP addresses: What are Cookies and why are they used?

Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them at https://www.derby.gov.uk/site-info/about-cookies/.

How to contact us

Please contact us if you have any questions about the information we hold about you or if you have a complaint about privacy or misuse of personal data.

If you believe that the DDSCP has not complied with your data protection rights, or if you wish to complain about privacy or misuse of data, please contact the Data Protection Officer in the first instance.

Post to:

Data Protection Officer, Information Governance, The Council House, Corporation Street, Derby, DE1 2FS

For individual contact details for each core partners Data Protection Officer please visit the following websites:

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

By Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

  • By phone:      0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
  • By Email:       casework@ico.org.uk
  • By Website:   www.ico.org.uk

[1] General Data Protection Regulations, Article 6 (1) (a)-(e) & Article 9 (2) (b),(c),(g),(h)