Achieving for Children Privacy Notice

Data Protection Act (1998); General Data Protection Regulation (2018).

As a provider of services for Kingston, Richmond and Windsor and Maidenhead local authorities Achieving for Children (along with other agencies such as schools and early years settings) process information about children and young people in order to help administer education and service provision. In doing so we must comply with the Data Protection Act (1998), Human Rights Act 1998 and the European Union General Data Protection Regulation (2018).
This means (amongst other things) that the data held about children must only be used for specific purposes allowed by law. The following information explains the types of data held, why that data is held, and to whom it may be passed on.

Types and use of data

Types of data
The categories of child and young person's information that we process include:
  • personal identifiers and contacts (such as name, unique pupil number, contact details and address, details of family and close relations )
  • characteristics (such as ethnicity, language, and free school meal eligibility, any relevant medical information )
  • safeguarding information (such as court orders and professional involvement)
  • special educational needs (including the needs and ranking)
  • attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)
  • assessment and attainment (such as key stage 1 and phonics results, post 16 courses enrolled for and any relevant results)
  • behavioural information (such as exclusions and any relevant alternative provision placements put in place)
Use of data
We (Achieving for Children) hold personal data about children in schools, children in our care / child protection or those children in need to whom we provide services. We collect and use data to:
  • support children and monitor their progress
  • provide appropriate support and pastoral care, and
  • Assess how well Achieving for Children services, schools, early years settings and councils as a whole are doing
  • monitor progress and develop good practice in the services received
  • carry out specific functions (such as social care and electoral services)
  • support children's/young people's teaching and learning
This list is not exhaustive, to access the current list of categories of information we process please see Under the General Data Protection Regulation (GDPR), the legal basis / bases we rely on for processing personal information for general purposes are The General Data Protection Regulation conditions Article 6, paragraph 1:
  • Section a: the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Section c: processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Section d: processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Section e: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Section f: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Also for the purposes of delivering children's services in accordance with The Children Act 1989 concerning the special category data
  • The General Data Protection Regulation conditions - Article 9, paragraph 2, section h: "processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;"
Collecting child and young person's information
We collect personal information via a number of means including:
  • Face to face interviews
  • Telephone conversations
  • Written letters, referrals, emails and text messages
  • Forms and documents submitted through websites
  • From other 3rd parties
Children and young person's data is essential for the local authority's operational use. Whilst the majority of personal information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, we will inform you at the point of collection, whether you are required to provide certain personal information to us or if you have a choice in this.
Storing child and young person's data
We hold data securely (either in locked and secured databases or storage facilities for 'hard copy' documents) for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please visit

Sharing Data and Information

Central Government
Information may be shared with other agencies for statistical or research purposes only. Data is also used and passed on for specific purposes to the following agencies:
  • Department for Education (DfE),
  • Qualifications and Curriculum Authority (QCA),
  • Office for Standards in Education, Children's Services and Skills (Ofsted)
  • Department of Health (DH)
  • and organisations that require access to data in the Learner Registration System as part of the MIAP (Managing Information Across Partners) programme and youth support services
Department for Education
The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our children and young people with the Department for Education (DfE) for the purpose of those data collections, under:
  • section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
All data is transferred securely and held by DfE under a combination of software and hardware controls which meet the current government security policy framework.
Other external agencies
We may need to pass your information to external organisations and other service providers, but only where it is necessary or to comply with a legal obligation, or where permitted under the Data Protection Act. When disclosing personal data to a third party we will strive to ensure that the third party has sufficient procedures and systems in place to prevent the loss and unlawful use of that data. We have an overarching information sharing protocol agreed with other partners so you can be confident local partners all comply with the same privacy principles.
We may also share information with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud or crime. These third parties include the Audit Commission, the Department for Work and Pensions, other local authorities, HMRC and the police.
In addition to undertaking our own data matching to identify errors and potential frauds, the Audit Commission requires us to participate in data matching to assist in the prevention and/or detection of fraud. Data matching involves comparing records held by one body against the records held by the same or another body to see how far they match. Where a match is found it indicates that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The use of data by the Audit Commission in a data matching exercise is carried out under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned.
SIngle Point of Access (SPA) and Multi Agency Safeguarding Hub (MASH)
Sharing information about individuals with partner organisations is sometimes necessary in order to protect individuals if there are concerns they may be at risk of significant harm and to keep those individuals and the wider public safe.
Partner agencies included in the Achieving for Children MASH include:
  • Social Care Services
  • Metropolitan Police
  • Health services
  • Probation services
  • Education and schools
  • Housing services
  • Child and Adolescent Mental Health Services (CAMHS)
  • Targeted Support services
  • Youth Offending services
Information will be processed within the MASH under strict protocols in accordance with the Data Protection Act 1998 and other relevant legislation. Information will be held securely by Achieving for Children and will only be used and shared on a strict need to know basis with limited partners, for the purposes of keeping children or young people safe or ensuring they get the best services they need. Personal information may also be shared if there is a lawful reason to do so such as for crime prevention or detection purposes or where it is in the interest of maintaining public safety. The parent / carer will normally be informed at the time the enquiry is made unless this could place the child or someone else at further risk or undermine a police investigation.
Personal information held in the MASH will be deleted when it is no longer needed for these purposes, in accordance with formal record retention policies.
All these are data controllers and are subject to the same legal constraints. Other disclosures may be made as required by law.
Sharing information with our partner councils
We will use information about you for the provision of services and specifically for the following:
  • all law enforcement, regulation and licensing, criminal prosecutions and court proceedings which we are obliged to undertake
  • all financial transactions to and from us including payments, grants, invoices and benefits
  • where monies are due or outstanding we reserve the right to use all the available information at its disposal to protect public funds
We may also check information you have provided, or information about you that someone else has provided, with information already held by us. We may also receive information about you from certain third parties, or provide them information in order to:
  • prevent or detect fraud or crime
  • to protect public funds
  • to ensure the information is correct
Schools and education information
We hold information about young people living in our area, including about their education and training history. This is to support the provision of their education up to the age of 20 (and beyond this age for those with a special educational need or disability). Under parts 1 and 2 of the Education and Skills Act 2008, education institutions and other public bodies (including the Department for Education (DfE), police, probation and health services) may pass information to us to help us to support these provisions
Youth support services
Pupils aged 13+
Once our pupils reach the age of 13, we also pass pupil information to the provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
  • youth support services
  • careers advisers
  • post-16 education and training providers [Pupils aged 16+]
The information shared is limited to the child's name, address and date of birth. However where a parent or guardian provides their consent, other information relevant to the provision of youth support services will be shared. This right is transferred to the child / pupil once he/she reaches the age 16 .
For more information about services for young people, please visit our website.

How we communicate

Wherever possible we use secure means to communicate our information. This is usually through the use of systems and databases that have very limited access and high levels of security to ensure the risk of data loss is minimised. Where we send information it is usually sent using secured data connections within Achieving for Children and between partners. When we email information to external partners we use secure email processes wherever possible that encrypt information.
With the advent of new technologies methods of communication such as email and text messaging is becoming more widespread. Traditionally we have used the normal postal service to send information to our clients and service users. This may change in future. If you have a preference to receive your communications from us in alternative ways please liaise with your Achieving for Children worker or school.
We also provide Achieving for Children information in a variety of formats to assist users who have difficulty reading or for whom English is not their first language.
Whilst Achieving for Children has a presence on social media we will never process, publish or communicate sensitive or personal information using these forums and would not enter into personal communications with any parties using these methods.

Data rights and access

Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child's record, contact
You also have the right to:
  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to seek redress, either through the ICO, or through the courts
If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner's Office at


If you would like to discuss anything in this privacy notice, please contact our Data Protection Officer:

Our use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Cookies used on our website

Session Cookies
Name Purpose Expires
ASPSESSIONID This cookie is set by our site to maintain session state. We also use this cookie so that once you have logged on with username and password you won't have to do it for every page you request from our site. When you close your browser.
cT We use this cookie to as part of our error handling system to improve our site. This cookie is only set when an error occurs on the site. When you close your browser.
Google Analytics
Name Purpose Expires
_utma For more information, see the Google Analytics Privacy Policy. You can choose to opt out of Google Analytics. 2 years
_utmb For more information, see the Google Analytics Privacy Policy. You can choose to opt out of Google Analytics. 30 minutes
_utmc For more information, see the Google Analytics Privacy Policy. You can choose to opt out of Google Analytics. when you close your browser
_utmz For more information, see the Google Analytics Privacy Policy. You can choose to opt out of Google Analytics. 6 months

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where vistors have come to the site from and the pages they visited.

If you do not want your browser to accept cookies, you can turn off the cookie acceptance option in your browser settings. Note: By doing this some areas of the website, features, and information may not function or display properly.