Norfolk County Council (the County Council) is committed to protecting the privacy and security of your personal information. By “personal information”, we mean information which, by itself or with other information available to the County Council, can be used to identify you and, by “use”, we mean the various ways the personal information may be processed, including storing and sharing the information.
In summary, this document (known as a privacy notice):
- Sets out how we promise to look after your personal information
- Describes how we collect, use and share your personal information, and
- Tells you about your privacy rights and how the law protects you.
This privacy notice has been produced in compliance with the General Data Protection Regulation (GDPR).
Who we are
The County Council is the "data controller" for the personal information held by the County Council. This means that we are responsible for deciding how we “process” (that is, collect, hold, use and disclose to third parties) your personal information.
Our address is Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2UA.
The County Council’s Data Protection Officer (DPO) is Helen Edwards.
What we use your personal information for
We use your personal information primarily to provide advice and guidance, assessments, services, support and safeguarding for your children and your families to better meet the needs of your children and family and to provide the help that you require as early as possible. This includes the provision of:
- Services to and monitoring of vulnerable children and young people, including services to children in need, safeguarding, looked after children, children leaving care, children with disabilities, children who are fostered or adopted
- Enhanced and preventative services to children and families on the edge of care to prevent children coming into care or accommodation such as the Early Help Service and New Roads
- Specialist services for children and families who may be vulnerable or have higher levels of need such as special education needs or who are at risk of youth offending
- The Troubled Families Programme – the Government's national initiative to turn around the lives of families with multiple needs
- Services to facilitate in the provision of services to families, for example, transport
We also process this information to assess the quality of our services and evaluate and improve our policies and procedures.
We may also process this information in other ways compatible with the above. Mainly this will include supporting the work of other public bodies providing services to children. We provide more details of the services on our website at children and families.
You do not have to provide information to us for some of these services, but, if you do not provide information, we may not be able to or it may inhibit our ability to provide services to you or your child.
The kind of information we collect and use about you
The information we collect and use includes you and your child’s:
- Name, address and contact details
- Date of birth
- NHS number and other identifiers
- Personal history
- Educational and employment history
- Family history and social relationships generally
- Dealings with the County Council including being a child in need, a looked after child – including fostering and residential care, adopted and leaving care
- Financial details if necessary
We may also collect data about:
- racial or ethnic origin
- religious or philosophical beliefs
- sexual orientation
- health data including any disabilities and medical conditions.
This information is classed as “special category data” under the GDPR. We may only collect and use these types of data when it is relevant and such data will be collected as part of the case work records and information we hold. as part of the referral / assessment / case work records and information we hold.
We also collect information concerning criminal convictions and offences.
The GDPR includes safeguards to protect the use of your special category data and criminal conviction data. Further details can be found on our website in the document named ‘Special category data and criminal offences data policy’ which sets out our procedures for compliance with the principles of the GDPR and the retention and erasure of this information.
Who provides this information
The information we hold includes information you have provided to us.
We also receive information from other public bodies and organisations providing services to you or your children.
We may also receive information from your family and friends and members of the public.
How the law protects you and the legal basis for processing your information
There must be a lawful basis (or justifiable reason) for us to collect, store, use and disclose your personal information.
We have legal grounds to process this information because it is necessary for the performance of a task carried out in the public interest.
These tasks we carry out are under the:
- Children Act 1989
- Children (Leaving Care) Act 2000
- Adoption & Children Act 2002 and associated regulations
- Childcare Act 2006
- Children and Families Act 2014, and
- Children and Social Work Act 2017
- Transport Act 1985
We have legal grounds to process special category data and criminal convictions data where it is in the exercise of a statutory function and it is in the necessary for reasons in the substantial public interest. The statutory functions are as set out above.
Where appropriate, we may also seek specific consent to use your information in certain ways. This will normally be where the use of the data is not necessary for the above purposes but may be very useful or helpful to us to provide services. For example, all marketing and feedback where personal information is obtained alongside, and directed at, individuals, and where personal information, such as photographs/videos, are used for publicity purposes.
Who we share your information with
We may disclose your personal information to your family including persons with parental responsibility as well as public bodies and other organisations, in particular:
- Other departments in the County Council, for example, Children’s Services (Education) and Adult Social Services and transport team
- NHS and other health agencies
- Norfolk Safeguarding Childrens Board
- Education providers (schools and colleges)
- District councils
- Voluntary agencies and charities providing services to children, young people and/or their families e.g. the Children's Society
- Courts and other judicial agencies
- Youth Offending Team
- Other central government agencies including government bodies responsible for providing funding for eligible services e.g. the Troubled Families Programme (payment by results)
- Other public authorities
- Department for Education (DfE) in respect of children in need and looked after children to help the DfE develop national policies, manage local authority performance, administer and allocate funding and identify and encourage good practice. For more information about the data collection requirements placed on us by the DfE go to
Your personal information may also be provided to a third party contracted by the County Council to provide a service to the Council or directly to you for example, transport providers like Norse Ltd and taxi drivers. These service providers are known as data processors and have a legal obligation under GDPR and to the County Council to look after your personal information and only use it for providing that service. An example of this is the County Council uses a case management system operated by a data processor for its social care services.
We may also share your information across different departments of the County Council, where it is necessary for our public tasks or functions to do so.
We disclose this information without your specific consent as it is reasonable and necessary to do so to fulfil our public tasks or it is otherwise in the substantial public interest to do so.
How we keep your information
The information is stored electronically, on the County Council’s records management system, known as Liquid Logic. Information is also securely stored in other mediums, including email accounts and in paper files.
If we transfer your personal information to other countries
We do not transfer your information to countries outside of the UK
How long we use your information for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Once you are no longer require services from us, we will retain and securely destroy your personal information in accordance with our information retention schedule.
Automated decision making
We do not use automated decisions about you and your family.
Your responsibility to inform us of changes
It is important that the personal information we hold about you is accurate and current.
Please keep us informed if your personal information changes during your working relationship with us. You can do to help us with this by:
- Telling us when any of your details change, and
- Telling us if any of the information we hold on you is wrong
Your rights under the GDPR
You have the following rights (but note, these rights do not apply in all circumstances):
- Your right to be informed about the processing of your personal information. This is the purpose of this notice.
- Your right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- Your right to object to the processing of your personal data
- Your right to restrict processing of your personal information
- Your right to have your personal data erased (“the right to be forgotten”). As above, please note this right is subject to several restrictions, which we will discuss further with you if you choose to exercise it .
- The right to move, copy or transfer your personal information (“data portability”) in some circumstances
- Rights to be notified of, object to and challenge any automated decision made in respect of you, including profiling
- Your right to request access to your personal information and information about how the County Council processes it
- Your right to withdraw any consent you have given for the processing of personal data at any time
If you want to exercise any of these rights, please contact the Information Compliance Team by:
- Emailing the Information Compliance Team at email@example.com
- Writing to the Information Compliance Team, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2UA
Questions or complaints
If you have any questions about this privacy notice or how we handle your personal information, you can write to the DPO by letter to the DPO, Norfolk County Council, County Hall, Martineau Lane, Norwich NR1 2DH or by email firstname.lastname@example.org.
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The ICO can be contacted by:
Links to other websites
Where this notice applies to information collected or processed on a website, please note this privacy notice only applies to the County Council’s website and ceases to apply when you leave our pages. If you follow links to other organisations websites, even if you follow a link which we have provided, it is suggested you take the time to read the privacy notices on the websites you visit.
Changes to this privacy notice
We keep this privacy notice under regular review and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
This notice was last updated 22 April 2021