Due to our pandemic response requirements, customers are advised that there may be delays in handling requests for information made under the Freedom of Information (FOI) Act, Environmental Information Regulations (EIR) or the General Data Protection Regulation (GDPR) for subject access requests. We apologise for any inconvenience this may cause.

We have had to change the way that some of our services operate to meet the guidelines set out by the government in response to the Coronavirus pandemic.

This privacy notice sets out how we process your personal information relating to Direct Payments:

What information do we need?

We need to hold certain information about its customers and services users in order to effectively provide the services we have to deliver. For Direct Payment service delivery, we need to hold information such as your name, address, date of birth, bank details, child’s details (including mental and physical health details), care package contents and funding amount, details of employees and/or service providers, insurance provider.

Why we need it?

We need to know this information about you in order to deliver the direct payment service to ensure that the care needs for your child are met. It will allow us to support you through the employment and payroll processes and to aid you with financial requirements relating to this. With your consent we may contact you to provide up to date information and alert you of any changes to the service.

Our lawful basis for holding your data is ‘contractual obligation’.

Our lawful basis for holding your special category data is ‘explicit consent’.

We are the ‘data controller’ in relation to this data.

Do we share your information?

We do not trade personal data for any commercial purpose, however we will share your personal information with the payroll & insurance providers, Inland Revenue and employees/service providers for the purpose of robust service delivery.
Outside of the above we will only disclose your personal information if we have a lawful basis to do so, for example for the prevention and detection of crime, or if we have your consent.

How long do we keep your information?

For audit purposes we are required to hold your personal data for 6 years from closure, after which time it will be securely destroyed.