Menu
St Mary's CE Foundation

Who will we share your personal information with?

Who will we share your personal information with?

 

We use a range of companies and partners to either store personal information or to manage it for us. Where we have these arrangements there is always a contract, memorandum of understanding or information sharing protocol in place to ensure that the organisation complies with data protection law. We complete privacy impact assessments before we share personal information to ensure their compliance with the law.

Sometimes we have a legal duty to provide information about people to other organisations, e.g. Child Protection concerns or Court Orders.

 

We may also share your personal information when we feel there is a good reason that is more important than protecting your confidentiality. This does not happen often, but we may share your information:

 

  • For the find and stop crime or fraud; or
  • if there are serious risks to the public, our staff or to other professionals; or
  • to protect a child.

The law does not allow us to share your information without your permission, unless there is proof that someone is at risk or it is required by law.

 

This risk must be serious before we can go against your right to confidentiality. When we are worried about physical safety or we feel that we need to take action to protect someone from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation.

 

We may still share your information if we believe the risk to others is serious enough to do so.

 

There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why as soon as or if we think it is safe to do so.

 

How do we protect your information?

We will do what we can to make sure we hold personal records (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. Our security includes:

 

  • Encryption allows information to be hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or cypher. The hidden information is said to be encrypted.
  • Pseudonymisation allows us to hide parts of your personal information from view so only we can see it. This means that someone outside of ECC could work on your information for us without ever knowing it was yours.
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
  • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
  • Ways for us to access your information should something go wrong and our systems not work, including how we manage your information in event of an emergency or disaster.
  • Regular testing of our technology and processes including keeping up to date on the latest security updates (commonly called patches).

 

If your information leaves the country

 

Sometimes, for example where we receive a request to transfer Organisation records to a new Organisation, it is necessary to send that information outside of the UK.  In such circumstances additional protection will be applied to that data during its transfer, and where the receiving country does not have an adequacy decision from the European Commission, advice will be sought from the Information Commissioners Office prior to the data being sent.

How long do we keep your personal information?

For each reason why we use your personal information there is often a legal reason for why we need to keep it for a period of time. We try to capture all of these and detail them in what’s called a ‘retention schedule’. This schedule lists for each service how long your information may be kept for.

 

 

Where can I get advice?

 

You can contact our Data Protection Officer at dpo@essex.gov.uk or by calling 0333 032 2970

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

 

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

 

Alternatively, visit ico.org.uk or email casework@ico.org.uk.

Top