Early Education Funding Privacy Notice

Department or Service Area: Children’s Services Education and Learning, Intelligence and Sufficiency Service 

City of Bradford Metropolitan District Council (CBMDC) is registered with the Information Commissioner's Office (ICO) under the provisions of the Data Protection Act 2018. The Council takes its responsibilities under the Act very seriously. This notice provides details of how Education and Learning, Intelligence and Sufficiency Service collects and uses information about you. For more general information about how CBMDC uses your information, please refer to the general Privacy Notice on the Bradford Council website.

What is the information we collect?

Intelligence and Sufficiency Service collects some or all of the following information from early education funded provider about children and their parents who are accessing early education funded entitlements.

The information we collect will be the minimum we need to deliver our service and will include the following personal data:

Personal information of the child as set out in the Bradford Early Years Funding Parent Agreement

• name
• date of birth
• address
• gender
• ethnicity
• language
• number of entitlement hours they are accessing
• details of other provider/s the child attended including start date and end date

Personal information of the parent as set out in the Early Years Funding Parent Agreement

• name
• address
• date of birth
• contact details
• national insurance number
• HMRC 30 hour eligibility code
• Eligibility for 2 year old funding
• Eligibility for Early Years Pupil Premium
• Eligibility for Disability Access Fund

Who uses this information?

Intelligence and Sufficiency Service officers use this information. It may also be used by other council and government departments where it is legal to do so. See the section on ‘Who are we likely to share this information with?’

We use information to:

• confirm eligibility of children’s access to funded entitlements for children age 2, 3 and 4 years old and additional funding for Disability Access Fund and Early years Pupil Premium calculate the amount of funding to be paid to the provider
• carry out financial audits of early years providers
• carry out statutory functions to ensure sufficient funded entitlements is available. The statistics are used in such a way that individual children cannot be identified

What authority does CBMDC have to collect and use this information?

Under the UK GDPR, CBMDC collects and uses this information under powers given to Local Authorities (council’s). The following categories of lawfulness apply:

6(1)(a) Consent of the data subject

6(1)(b) Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

6(1)(c) Processing is necessary for compliance with a legal obligation

6(1)(d) Processing is necessary to protect the vital interests of a data subject or another person

6(1)(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

The UK GDPR refers to sensitive personal data as special categories of data and the conditions for special categories of data in relation to our service are set out in Article 9(2).

9(2)(b) Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement

9(2)(c) Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent

In the rare circumstance that we don’t have a legal authority to use your information, we will obtain your consent first.

What is 'person identifiable data'?

The term ‘person identifiable data’ relates to any data that could potentially identify a specific individual. The following fields in Intelligence and Sufficiency Service are classified as person identifiable: Name, age, address, telephone contact, telephone number, date of birth, gender, national insurance number, 30 hour eligibility code, any information about an individual that can be used directly, or in connection with other data, to identify, contact or locate that person.

Why do we use this information?

We use this information to support families and ensure that children and young people can access education and receive the support they require as well as mitigate risks and the effective identification of need.

Who are we likely to share this information with?

We may sometimes share the information that we have collected about you where it is necessary, lawful and fair to do so. We may share information with the following for these purposes:

• the Department of Education (DfE)
• other council departments working with children and families

Why we share this information?

We share data with the Department of Education on a statutory basis, Section 99 of the Childcare Act 2006 and The Education (Provision of Information About Young Children) (England) Regulations 2009

This data sharing helps to develop national policies, manage local authority performance, administer and allocate funding.

We do not share information with anyone without consent unless the law and our policies allow us to do so.

How do we keep this information secure?

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security incidents and we will notify you and the appropriate regulator of any incident where we are legally required to do so.

How long do we keep this information?

Your information is retained securely for the date of birth of the child + 25 years. At its expiry date the information will be reviewed, and only retained where there is an on-going requirement to retain for a statutory or legal purpose. Following this your personal information will be securely destroyed.

Rights for individuals under UK GDPR

• Find out about the rights for individuals under UK GDPR

What are your rights?

Please contact the Corporate Information Governance Team at dpo@bradford.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

You can contact our Data Protection Officer at dpo@bradford.gov.uk  or write to: Data Protection Officer, City Hall, Centenary Square, Bradford, BD1 1HY.

The UK GDPR also gives you the right to lodge a complaint with the Information Commissioner's Office who are the supervisory authority responsible to regulate and monitor the legislative obligations within the UK and can be contacted on 03031 231113.