Toggle mobile menu visibility

Children's Services (Social Care) full privacy notice

Norfolk County Council (the County Council) is committed to protecting the privacy and security of your personal information. By "personal information", we mean information which, by itself or with other information available to the County Council, can be used to identify you and, by "use", we mean the various ways the personal information may be processed, including storing and sharing the information.

In summary, this document (known as a privacy notice):

  • Sets out how we promise to look after your personal information
  • Describes how we collect, use and share your personal information, and
  • Tells you about your privacy rights and how the law protects you. 

This privacy notice has been produced in compliance with the General Data Protection Regulation (GDPR).

Who we are

The County Council is the "data controller" for the personal information held by the County Council.  This means that we are responsible for deciding how we "process" (that is, collect, hold, use and disclose to third parties) your personal information.

Our address is Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2UA.

What we use your personal information for

We use your personal information primarily to provide advice and guidance, assessments, services, support and safeguarding for your children and your family to better meet the needs of your children and family and to provide the help that you require as early as possible.  This includes the provision of:

  • Services to, and monitoring of, vulnerable children and young people, including services to children in need, safeguarding, looked after children, children leaving care, children with disabilities, children who are fostered or adopted (This includes surveys and feedback forms to monitor and measure the effectiveness of specific Children's services)
  • Enhanced and preventative services to children and families on the edge of care to prevent children coming into care or accommodation such as Community and Partnerships, Family Support Services, New Roads and other call-in services
  • Specialist services for children and families who may be vulnerable or have higher levels of need such as special education needs or who are at risk of youth offending
  • The Supporting Families Programme - the Government's national initiative to turn around the lives of families with multiple needs
  • Services to facilitate the provision of services to families, for example, transport 
  • Providing multi-organisational safeguarding schemes, such as Operation Encompass

We also process this information to assess the quality of our services, evaluate and improve our policies and procedures.

We may also process this information in other ways compatible with the above. Mainly this will include supporting the work of other public bodies providing services to children.  We provide more details of the services on our website at Children and families.

You do not have to provide information to us for some of these services, but, if you do not provide information, we may not be able to or it may inhibit our ability to provide services to you or your child.

The kind of information we collect and use about you

The information we collect and use includes you and your child:

  • Name, address and contact details
  • Date of birth
  • Gender
  • NHS number and other identifiers
  • Personal history
  • Educational and employment history
  • Family history and social relationships generally
  • Dealings with the County Council including being a child in need, a looked after child - including fostering and residential care, adopted and leaving care
  • Financial details if necessary

We may also collect data about:

  • racial or ethnic origin
  • religious or philosophical beliefs
  • sexual orientation
  • health data including any disabilities and medical conditions.

This information is classed as "special category data" under the GDPR. We may only collect and use this type of data when it is relevant. Such data may be collected as part of the case work records and information we hold as part of referral / assessment / case work records.  

We also collect information concerning criminal convictions and offences.

The GDPR includes safeguards to protect the use of your special category data and criminal conviction data. Further details can be found on our website in the document named 'Special category data and criminal offences data policy', which sets out our procedures for compliance with the principles of the GDPR and the retention and erasure of this information.

Who provides this information

The information we hold includes information you have provided to us.

We also receive information from other public bodies and organisations providing services to you or your children.

We may also receive information from your family, friends and members of the public.

How the law protects you and the legal basis for processing your information

There must be a lawful basis (or justifiable reason) for us to collect, store, use and disclose your personal information.

We have legal grounds to process this information because it is necessary for the performance of a task carried out in the public interest.

These tasks we carry out are under the:

  • Children Act 1989
  • Children (Leaving Care) Act 2000
  • Adoption & Children Act 2002 and associated regulations
  • Childcare Act 2006
  • Children and Families Act 2014, and
  • Children and Social Work Act 2017
  • Transport Act 1985
  • SEND Code of Practice 2014
  • Care Act 2014
  • Chronically Sick and Disabled Persons Act 1970
  • Local Government Act 1972 

We have legal grounds to process special category data and criminal convictions data where it is in the exercise of a statutory function and it is in the necessary for reasons in the substantial public interest. The statutory functions are as set out above.

Where appropriate, we may also seek specific consent to use your information in certain ways. This will normally be where the use of the data is not necessary for the above purposes but may be very useful or helpful to us to provide services. For example, all marketing and feedback where personal information is obtained alongside, and directed at, individuals, and where personal information, such as photographs/videos, are used for publicity purposes.

Who we share your information with

We may disclose your personal information to your family including persons with parental responsibility as well as public bodies and other organisations, in particular:

  • Other departments in the County Council, for example, Children's Services (Education), Adult Social Services and transport team
  • NHS and other health agencies
  • Norfolk Safeguarding Childrens Partnership
  • Education providers (schools, colleges and early years providers)
  • District councils
  • Voluntary agencies and charities providing services to children, young people and/or their families e.g. the Children's Society
  • Police
  • Courts and other judicial agencies
  • Probation
  • Youth Offending Team
  • Other public authorities
  • Dolly Parton's Imagination Library (only applies to information about looked after children until the age of 11 and have been signed up to the programme, at this point their information is anonymised and any personal information is deleted within 12 months)
  • Central government agencies including government bodies responsible for providing funding for eligible services e.g. the Supporting Families Programme (payment by results) particularly:
    • Department for Work and Pensions in respect of welfare eligibility
    • Your personal information may also be provided to a third party contracted by the County Council to provide a service to the Council or directly to you for example, transport providers like Norse Ltd and taxi drivers.  These service providers are known as data processors and have a legal obligation under GDPR and to the County Council to look after your personal information and only use it for providing that service. An example of this is the County Council uses a case management system operated by a data processor for its social care services.
  • If you contact us to report concerns about a family, we may share your information with the family you have contacted us about. If you would prefer your details were not shared please tell us. 

We disclose this information without your specific consent as it is reasonable and necessary to do so to fulfil our public tasks or it is otherwise in the substantial public interest to do so. 

How we keep your information

The information is stored electronically, on the County Council's records management systems, known as Liquid Logic and Synergy. Information is also securely stored in other mediums, including email accounts and in paper files.

If we transfer your personal information to other countries

Apart from the Dolly Parton Imagination Library, we do not transfer your information to countries outside of the UK.

When a looked after child is signed up to the imagination Library we will share the child's; name, gender, address, and date of birth, with the Imagination Library. The Imagination Library is based in the United States of America.

We have a contract in place with the Imagination Library which helps to protect the personal information sent. However, we cannot guarantee the same level of protection of information will be provided in the United States as the UK. The United States do not have the same level of data protection legislation as the UK. We have assessed this transfer of data and believe appropriate safeguards are in place.

How long we use your information for

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once you no longer require services from us, we will retain and securely destroy your personal information in accordance with our information retention schedule.

Automated decision making

We do not make automated decisions about you and your family.

Your responsibility to inform us of changes

It is important that the personal information we hold about you is accurate and current.

Please keep us informed if your personal information changes during your working relationship with us. You can help us with this by:

  • Telling us when any of your details change, and
  • Telling us if any of the information we hold on you is wrong

Your rights under the GDPR 

You have the following rights (but note, these rights do not apply in all circumstances):

  • Your right to be informed about the processing of your personal information.  This is the purpose of this notice.
  • Your right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • Your right to object to the processing of your personal data
  • Your right to restrict processing of your personal information
  • Your right to have your personal data erased ("the right to be forgotten").  As above, please note this right is subject to several restrictions, which we will discuss further with you if you choose to exercise it .
  • The right to move, copy or transfer your personal information ("data portability") in some circumstances
  • Rights to be notified of, object to and challenge any automated decision made in respect of you, including profiling
  • Your right to request access to your personal information and information about how the County Council processes it
  • Your right to withdraw any consent you have given for the processing of personal data at any time

If you want to exercise any of these rights, please contact the Information Compliance Team by:

  • Emailing the Information Compliance Team at information.management@norfolk.gov.uk
  • Writing to the Information Compliance Team, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2UA

For access to your personal information (Subject Access Request) complete our online form

Questions or complaints

If you have any questions about this privacy notice or how we handle your personal information, you can write by letter to the DPO, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2DH or by email dpo@norfolk.gov.uk.

You also have the right to make a complaint about how we have handled your data (or your rights around your data) at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.  The ICO can be contacted by:

Links to other websites

Where this notice applies to information collected or processed on a website, please note this privacy notice only applies to the County Council's website and ceases to apply when you leave our pages.  If you follow links to other organisations websites, even if you follow a link which we have provided, it is suggested you take the time to read the privacy notices on the websites you visit.

Changes to this privacy notice

We keep this privacy notice under regular review and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.

This notice was last updated in February 2024.