Policy Page

Introduction

What Works for Children’s Social Care respects and protects your privacy. In this policy you will find information about when, how and why we collect personal data as well as the rights you have in relation to the data collected. 

We may revise this policy depending on changes in law or our operating practices. We will notify you if there are any major changes you need to be aware of. If you have any questions about any of this, please get in touch by emailing our data protection officer at dpo@whatworks-csc.org.uk. This policy was last updated on 10/11/2020. 

Who we are

What Works for Children’s Social Care seeks better outcomes for children, young people and families by bringing the best available evidence to practitioners and other decision makers across the children’s social care sector. Our registered company number is 12136703, Charity number is 1188350 and our registered office is Albany House Petty France, Westminster, London, England, SW1H 9EA. 

Who this privacy policy applies to

How and why we process your data varies depending on which of the below categories you fall into

  • Participating in research
  • Assisting with the delivery and/or evaluation of research
  • Visitor to the site
  • A supplier or applying for a job

How personal information is obtained

WWCSC collect information when you;

  • Sign-up: If you register or sign up for events, newsletters or publications on the site
  • Apply for services or funding: If you submit a tender to provide any services, apply for funding or support from WWCSC, or register to attend one of our events, we may ask for detailed information 
  • Participate in feedback and surveys: We may also ask you for feedback about WWCSC or to complete surveys.
  • Participate in Research: If you agree to work with us in relation to any research we are conducting
  • Use our website: we obtain information about the device from which you accessed it, your visits and use of the website including your IP address, location, browser type and version, referrer and activity. We record your activity and preferences when visiting the site through the use of cookies (see “Cookies”, below).
  • If you post content or communicate via the site

Types of personal information obtained

Information collected includes;

  • Personal details like your name and DOB
  • Contact details such as your phone number and email address
  • Technical information, like most sites these days, when you use our services we may utilise cookies or similar technologies which automatically collect information. This information may include your browser, mobile device, IP address, other websites you’ve visited etc/ You can turn off cookies by activating this setting on your internet browser. See the cookies section for more details. 

If you are assisting with the delivery and/or evaluation of research

Additional information will be required if you submit a tender to provide any services, apply for funding or support from WWCSC, or register to attend one of our events, we may ask for more detailed information which we will use to process your application and you will be asked to agree to specific terms and conditions at the time of making the application.

If you are partaking in research 

If you work with us in relation to any research we are conducting we will ask you for further information relevant to the particular research you are participating in. We will process the minimum amount of data necessary to achieve the aims of the research. Some of the additional information we may use to do this includes special category data as defined by Article 9 of the GDPR – additional information collected may include

  • personal data revealing racial or ethnic origin;
  • personal data revealing political opinions;
  • personal data revealing religious or philosophical beliefs;
  • personal data revealing trade union membership;
  • genetic data;
  • biometric data (where used for identification purposes);
  • data concerning health;
  • data concerning a person’s sex life; and
  • data concerning a person’s sexual orientation.

Where possible, full details of how your personal information will be used will be given to you at the time you agree to participate; this could include to inform the development of a project, programme or other initiative, being incorporated into reports or other research outcomes, and may include being publicly displayed on web pages relating to the particular research project or programme.

If you are a supplier, applying for the a job or visiting the site for another reason 

Additional information may be required in order to assist you with your reason for getting in touch. For job applicants this may include;

  • Information about your employment history
  • Contact details for referees
  • Depending on the role and jurisdiction, some special category data may be requested such as health info, background check info, criminal history info and trade membership association. 

Additional supplier information requested can include;

  • Tender information
  • Proof of identification and address
  • Bank details, expense claims
  • Information necessary to access company systems 

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA), Privacy and Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR) as it applies. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with ;

  • Business associates and other professional advisers
  • Financial organisations
  • Current, past or prospective employers
  • Educators and examining bodies
  • Suppliers and services providers

Your Rights

GDPR affords EU Data subjects with rights which are summarised below. In order to assert any of these rights, or to ask any questions, please contact our Data Protection Officer using dpo@whatworks-csc.org.uk

Right of Confirmation 

You have a right to obtain confirmation as to whether or not personal data concerning you is being processed. 

Right of Access

You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information, details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the European Economic Area (“EEA”).

Right to Rectification

You have a right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have any incomplete personal data completed, including by means of providing a supplementary statement. 

Right to Erasure

You have the right to erasure of personal data concerning you without undue delay. We will action this right where one of the statutory grounds applies as long as the processing is not necessary. 

Right of Restriction of Processing

You have the right to restrict processing where a statutory reason applies. 

Right to Data Portability

You have a right to receive the personal data concerning you in a structured, commonly used and machine readable format. 

Right to Object

You have a right to object on grounds relating to your particular situation, at any time, the processing of personal data concerning you, 

Automated individual decision making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling. 

Right to Withdraw Consent

Where consent forms the basis for processing, you have the right to withdraw consent to processing at any time. You can do this by contacting the data protection officer. 

Right to complain to the supervisory authority 

You also have a right to make a complaint to the Information Commissioner’s Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.

Legal Basis for Processing 

The legal basis WWCSC processing personal data is typically where;

  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for our legitimate interests (or those of a third-party), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Consent for purposes specified at the time of capturing consent

The legal basis for WWCSC processing special category data is typically;

  • Explicit Consent requiring a positive opt in for purposes specified at the time of capturing consent
  • Processing is necessary for employment, social security and social protection (if authorised by law)
  • Archiving, research and statistics (with a basis in law)
  • Reasons of substantial public interest (with a basis in law)
  • Processing is necessary and conducted by a Not-for-profit body

How we share your information 

We may share your personal information with the following third parties or categories of third parties. 

  • service providers and subcontractors, including payment processors, cloud service providers, utility and logistic providers
  • public agencies and the emergency services
    companies that assist in our marketing activities
  • analytics providers to assist in the improvement and optimisation of our services
  • Any third party with whom we share your personal information with shall be subject to privacy and security obligations consistent with applicable laws. 
  • We will also disclose your personal information to third parties where it is in our legitimate interests to do so to run, grow and develop our business for example, In the event that we undergo re-organisation or are sold to a third-party personal information we hold about you may be transferred to that re-organised entity or third-party.
  • We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Services or the rights, property or personal safety of any person.

Cookies

Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. By using our service you consent to our use of cookies. 

Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies.

How Long we store your personal information

  • General principle: We will only keep any personal information that you provide to us for as long as is necessary to fulfil the purpose for which you gave us the information and we will securely delete information when it is no longer needed for that purpose, as explained in more detail below.
  • Events: If you attend one of our events, we will use your information for the purpose of the event, and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and business development purposes to help us understand our audience and reach, and to improve future events. If you buy a ticket for one of our events, we will also keep your information on our customer database and to tell you about future similar events. If you do not wish us to contact you about future events please let us know by writing to us or emailing us at the contact details below.
  • Consent: We keep records of consent, and any withdrawal of consent, on our files for as long as your personal information is being used in-line with that consent and for a period of 6 years after the consent is withdrawn (unless otherwise requested by you).
  • Application details: If you tender to provide any services, or apply for funding or support, or enter one of our prizes, and you are successful, then we will keep your information for 6 years after the associated agreement has come to an end, or if the agreement was executed as a deed for 12 years. If the project or initiative has any external funding or support, we may need to retain your information for a longer period to fulfil our obligations under those agreements, in which case we will tell you that at the time of application.
    If you are unsuccessful in a tender to supply services or you are unsuccessful in an application for funding, support or a prize entry, once the process has ended we will retain your information for 3 years for evaluation and business development purposes, and to provide you with future opportunities to apply for similar opportunities, funding and support, or prizes in the future. If you do not wish us to contact you about future opportunities, please let us know by writing to use or emailing using the contact details below.
  • Research: If you agree to take part in any research your personal information will be kept for as long as it is of value to WWCSC, and the wider research community, and for as long as may be specified by any external research funder, patent law, legislative and other regulatory requirements. Research data shall be reviewed at least every 5 years to consider its continued value to WWCSC, and personal data anonymised or pseudonymised where possible, unless to do so would affect the integrity of the research data and/or its outcomes, or its future value.

To the extent that Personal Data arising from any research is embodied within a research report or other research outcome, it will be retained in perpetuity as part of the published materials.

Research that supports the development of a prize, project, programme, publication or other research outcome, shall be kept for at least 5 years beyond publication or any other research outcome has been completed. If the research is funded or the subject of any other contract, your personal data may be kept for 6 years after the end of the contract or longer if the contract or funding agreement specifies, which could be up to 12 years after the contract ends.

  • Posts and communications: Any information that you post on the website shall only be kept and displayed for such time as the subject matter to which it relates is publicly displayed.
  • Processing for statistical analysis purposes: This type of processing will only be undertaken whilst we retain your personal information in line with the principles explained above.

Security and Transfers 

WWCSC takes all reasonable precautions to safeguard the confidentiality of your personal information, including through the use of appropriate organisational and technical measures.

Where you have been given or chosen a password that enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.

The personal information we collect is generally transferred to and stored on secure third-party servers located in the UK or European Economic Area (EEA) or transferred securely and stored in a locked safe or a non networked computer within the WWCSC building when analysis is being conducted. Such storage is necessary in order to process the information. Where your data is processed or stored outside of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the appropriate safeguards described in the GDPR is in place, such as; 

  • The country data is being transferred to has been deemed to provide an adequate level of protection for personal data by the European Commission;
  • Specific contractual terms approved by the European Commission which give personal data the same protection it has in the EEA are in place;
  • For US entities, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
  • Any transfers made will be in full compliance with the Data Protection Legislation.
  • We encrypt your data at transmission to and from the App and Dashboard and at rest. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Changes to this policy 

We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our privacy policy.