Privacy Policy

Vantage Children’s Services Limited is the data controller.

Vantage Children’s Services Limited
Company number: 14975497
Registered office: 2-4 Petworth Road, Haslemere, England, GU27 2HR
Email: [email protected]

We may collect and use information including:

• names, contact details and dates of birth;
• care, placement, safeguarding, health, education and wellbeing records;
• family, contact and professional information;
• staff recruitment, employment, payroll, training and supervision records;
• DBS, safer recruitment and regulatory information;
• incident, complaint, risk assessment and quality assurance records;
• emails, forms, system records and audit logs;
• website enquiry and basic technical data.

Some of this information may be sensitive, including health information, safeguarding information, ethnicity, religion, identity, disability or information about criminal allegations, offences or DBS checks.

We use personal information to:

• provide safe and appropriate care;
• safeguard children and young people;
• manage placements, risks, incidents and care planning;
• communicate with families, local authorities and professionals;
• meet legal, regulatory and Ofsted requirements;
• recruit, manage, train and support staff;
• operate our homes safely and effectively;
• manage complaints, concerns and investigations;
• protect our systems, records and confidential information;
• deal with contracts, finance, insurance, legal and governance matters;
• respond to enquiries.

We use personal information where we have a lawful basis to do so, including:

• to comply with legal and regulatory duties;
• to provide care and manage placements;
• to perform employment or supplier contracts;
• to protect someone’s vital interests;
• for safeguarding and social care purposes;
• for legitimate business, governance, safety and operational reasons;
• where consent is appropriate.

We do not usually rely on consent for core care, safeguarding, regulatory or employment records, because we often need to use information to meet legal and professional duties.

Where we use special category data, we do so only where UK data protection law allows this, including for health or social care, safeguarding, employment obligations, legal claims, vital interests or substantial public interest reasons. Special category data needs extra protection under UK GDPR.

Where necessary and lawful, we may share information with:

• local authorities and placing authorities;
• social workers, IROs, advocates and other professionals;
• Ofsted and other regulators;
• LADO, police, DBS, courts and safeguarding partners;
• health, education and therapeutic professionals;
• staff, managers and directors;
• payroll, HR, IT, finance and care-record system providers;
• insurers, auditors, legal advisers and professional advisers;
• suppliers and contractors where needed.

We may share information without consent where this is needed for safeguarding, child welfare, legal, regulatory, professional or public interest reasons.

We may monitor work systems where necessary and proportionate. This may include email, Microsoft 365, SharePoint, OneDrive, Teams, care systems, rota systems, finance systems, access logs and audit trails.

We do this to protect children, staff, confidential information, company systems and regulatory compliance.

We keep information only for as long as needed for legal, regulatory, safeguarding, care, employment, insurance, accounting or operational reasons.

Children’s care records and safeguarding records may need to be kept for long periods. Staff, recruitment, financial and business records are kept in line with legal and operational requirements.

When information is no longer needed, we securely delete or archive it.

We use appropriate safeguards, including secure systems, access controls, role-based permissions, staff confidentiality duties, training, audit logs, secure disposal and data breach procedures.

You may have the right to:

• ask for a copy of your personal information;
• ask us to correct inaccurate information;
• ask us to delete information in certain circumstances;
• ask us to restrict how we use information;
• object to certain uses of information;
• withdraw consent where we rely on consent;
• complain to the Information Commissioner’s Office.

These rights are not absolute. We may need to keep or share information for safeguarding, legal, regulatory, child welfare or employment reasons.

Children and young people have rights over their own personal information. Where appropriate, we will explain privacy information in a way they can understand. ICO guidance says privacy information for children should be clear and accessible.

If someone makes a request on behalf of a child, we may need to consider the child’s wishes, understanding, confidentiality, safeguarding and legal position before responding.

You can ask for a copy of personal information we hold about you by emailing:

[email protected]

We will normally respond within one month. We may ask for proof of identity or further details to help us respond.

If a personal data breach happens, we will assess it and take appropriate action. Where required, we will report it to the Information Commissioner’s Office and inform affected individuals.

If you are concerned about how we use your information, please contact us first:

[email protected]

You also have the right to complain to the Information Commissioner’s Office.

We may update this policy from time to time. The latest version will be available on our website.