Children, Families and Lifelong Learning - Privacy Notice


  • Directorate - Children, Families and Lifelong Learning
  • Date of issue - 25 May 2018
  • Date of current version - 26 August 2022
  • Review date - 26 August 2025

The reasons why we use your personal data

Purpose / function of the service

This privacy notice applies to the functions of the Children, Families and Lifelong Learning Directorate in order to carry out our statutory duties and deliver our range of services.

What processing of personal data is undertaken by the specific teams or services

You and your child's personal data is needed in order to provide the care your child receives, including:

  • It is necessary for legal cases
  • Assess and improve the quality of our services
  • Provide your child with pastoral care
  • Identify children as part of the CP-IS program
  • To support children and monitor their progress
  • Provide information about children's social care
  • Make and take payments, process grants and tackle fraud
  • Evaluate and improve our policies around children's social care and education
  • Listen to your comments and feedback on children's social care and education
  • Enable us to prepare statutory statistics on local authority performance
  • To ensure the care we provide to your child is safe, effective and appropriate
  • Carry out our statutory and regulatory duties, such as making informed decisions about your child's care
  • To identify families eligible for inclusion in Troubled Families Program and monitor their progress as part of the program
  • To help us teach, train and monitor staff on their work, and to audit and improve our services to ensure they meet you and your child's needs
  • It may be shared if your child sees other care of health professionals and/or your child is referred to a specialist for the purposes of care

What information do we collect?

Within the Children, Families and Lifelong Learning Directorate of Surrey County Council, we use the following personal data:

  • You and your child's name, address, contact details
  • Records of your child's care, support and wellbeing
  • Details of your child's care and any concerns or investigations
  • Details of your child's education including where they go to school and their unique pupil number
  • Basic information such as date of birth, ethnicity, specific needs, NHS number and next of kin
  • Details of each contact that we have with you and your child, including visits, correspondence, communications and documents
  • Relevant information from individual's involved in your child's care and education, including health and other care providers, carers and relatives

How we are allowed to use your personal data

The lawful conditions for us to process you and your child's personal data depends on the circumstances but are usually so that we can comply with a legal obligation or because we are acting in the public interest or exercising our official authority. We may also process some of your data with consent or because we have a contract with you. The legislation which we have duties under include (but aren't limited to) the following:

  • Care Act 2014
  • Localism Act 2011
  • Childcare Act 2006
  • Children Act 1989, 2004
  • Care Standards Act 2004
  • Welfare Reform Act 2012
  • Mental Capacity Act 2005
  • Data Protection Act 2018
  • Crime and Disorder Act 1998
  • Health and Social Care Act 2012
  • Mental Health Act 1983, 2007
  • Adoption and Children Act 2002
  • Children and Social Work Act 2017
  • Adoption: Statutory Guidance 2013
  • Children and Young Persons Act 2008
  • Care Leavers (England) Regulations 2010
  • Fostering Services (England) Regulations 2011
  • Health and Social Care (Safety and Quality) Act 2015
  • Fostering Services: National Minimum Standards (2011)
  • Care Planning, Placement and Case Review (England) Regulations 2010
  • Local Safeguarding Children and Adults Boards Regulations 2006 (SI 2006/90)
  • Education (Information About Individual Pupils) (England) Regulations 2013
  • Education Act 1996
  • The Special Educational Needs and Disability Regulations 2014
  • Children and Families Act 2014
  • Education and Adoption Act 2016
  • Adoption Agencies Regulations 2005
  • Adoption Agencies (Miscellaneous Amendments) Regulations 2013
  • Adoption Support Regulations 2005
  • Adoptions with a Foreign Element Regulations 2005
  • Guidance and Regulations Volume 4 Fostering Services
  • Domestic Abuse Act 2021

Under Article 9 of the General Data Protection Regulation 2016/679 our lawful reason for us to process you and your child's sensitive personal data is for health or social care or where it is substantially in the public interest.


Where we do use consent to process your personal data, we will explain to you what we are asking you to agree to and why. If we have consent to use your personal data, you have the right to remove it at any time. If you want to remove your consent, please contact us at the following email address and we will deal with your request.

Who we share your personal data with

We share your data between departments and services within the council so that we can keep our information up-to-date, provide cross departmental support, and to improve our services to you and your child. Our Corporate Teams and the Chief Executives Department provide support and specialist services across the council and may need access to personal information to do so. Staff can only see your information if they need it to do their job.

Sometimes we need to process data without your consent. For example, to make sure we provide your child with the appropriate care, when the health and safety of others is at risk (including our staff), to protect public health or when we are required by law to share data. Also to prevent or investigate crimes, we have been ordered by a court, sharing is in the public interest or there are safeguarding concerns for vulnerable children. If we believe you, your child or another person is going to be caused significant harm or distress, we will protect data and prevent its release.

At times, it's necessary for us to share information with another party. For example, if your child is receiving care from the NHS then we may need to share information so we can all work together for your child's benefits. We only use or share data if the other party involved in your child's care has a legitimate need for it. Everyone we share data with has a legal duty to keep it confidential and secure.

Some of the organisations that we share data with include (but aren't limited to) the following:

  • Early Help Services
  • Pupil Referral Units
  • Legal Representatives
  • Public Health England
  • Other Local Authorities
  • District and Borough Councils
  • Voluntary Sector Partners
  • School Transport Operators
  • Government Departments including the Department for Education, the Department for Work and Pensions and MHCLG
  • Schools, Colleges and other Education Providers
  • Judicial Agencies such as Courts
  • Safeguarding boards and services
  • Specialist therapists and teachers
  • Health Services such as NHS Trusts, Medical professionals, General Practitioners and Surrey Clinical Commissioning Groups
  • Surrey Heartlands CCG as our partner for Integrated Commissioning
  • Law enforcement such as the police
  • Funding bodies and Elected members
  • Probation and Youth Offending Services
  • Community staff, locality staff and district nurses
  • Emergency response units such as the Surrey Ambulance Service
  • Other care providers including third party providers and charities
  • Regulatory bodies and auditors such as the Care Quality Commission, Ofsted and Information Commissioners Officer

Automated decision making (when computers make any decisions about you)

We do not use automated decision making

Personal data being sent or processed outside of the UK and EU

It is possible that we may need to process your data outside of the UK and EU, for example, for the purposes of processing adoption applications. Where in these cases we have to share data outside of the EU we will ensure adequate protections are made.

Retention of data

We keep data for as long as the law requires or for as long as is necessary. For example, IICSA has placed local authorities under a legal duty to retain any records which has or might have information (whether directly or indirectly) relevant to the sexual abuse of children or to child protection and care. Or adoption and fostering law states we must keep specific data for certain amounts of time.

Please see our Retention Schedule and Information Asset Register for information on how long we keep specific data.

Other information

How is data used for care and education?

Children, Families and Lifelong Learning Directorate holds data on you and your child so we can provide care and support their education. There are legal measures to protect the information that we hold and these ensure the information is only shared appropriately and in line with your wishes.

Where you and your child's personal data is shared, confidentiality and privacy will be protected. Organisations will use data to support you and your child with any service or contact that they may have ('care'). By doing so, it helps them provide the most appropriate care for your child and they may share data with other specialists including health care professionals to ensure they make informed decisions. To make sure confidentiality and privacy is maintained, national legislation and our procedures will be followed.

How is data used for reasons other than care and education?

We use data for research and analysis, and produce reports which contain information to help us improve and plan future care services. This data is used to identify where our services need to change, improve or expand in order to effectively support our service users and ensure funding is appropriately managed between organisations.

Surrey County Council and Surrey Heartlands CCG have established Integrated Commissioning Teams so that we can jointly commission health and social care services. The Council and the CCG are joint controllers of the data we use for these purposes.

How much data do we use?

There is a range of data available to us, from data that relates directly to your child to data that won't identify any living individual. We only use an appropriate amount of data depending on the circumstances. We use as little data as necessary in our work. Where possible we use methods such as pseudonymised or anonymised data (like when we are using data for research and analysis).

Who can access your data?

Our staff will only access personal data which is necessary for them to do their work. Staff access to you and your child's information is monitored to ensure confidentiality is maintained and staff are acting in line with our code of conduct. We have security measures in place where we hold and process sensitive personal data.

How do we keep data safe?

Our staff and partners who have access to or process data must comply with a legal duty of confidentiality. We protect the access to data through security methods such as logins, passwords, permissions and encryptions.

For further information on our privacy notices, please see information and privacy.

Subscribe to our newsletters for latest news and events.