What we collect

The categories of this information that we collect, process, hold and share include:

  • Personal information (such as name, date of birth and address).
  • Characteristics (such as gender, ethnicity and disability).
  • Information relating to episodes of being a child in need (such as referral information, assessment information, Section 47 information, Initial Child Protection information and Child Protection Plan information).
  • Placement plans, risk management plans and outcomes for looked after children (such as whether health and dental assessments are up to date, strengths and difficulties questionnaire scores and offending).
  • Detailed medical information and health care planning.
  • Daily and weekly records of activities and movements.
  • Information relating to family members including personal information and characteristics.
  • Limited personal information relating to other professionals working with the child.
  • Information relating to incidents including self-harm, missing, violence / aggression and drug / alcohol abuse.
  • SEN information and EHCP’s.
  • Clinical assessments and reports detailing a child’s history and presenting behaviours.
  • Other information relating to and supporting the delivery of therapeutic residential childcare.

Why we collect and use this information

We use this personal data to:

  • Assess and plan for a child’s care.
  • Support and monitor their progress and outcomes.
  • Provide them with pastoral care.
  • Assess the quality of our services.
  • Evaluate and improve our services and childcare practice.
  • Demonstrate value for money to local authorities.
  • Demonstrate the delivery of framework / service agreements.

The lawful basis on which we use this information

We collect and process information about children in our care and children to whom we provide services under;

The General Data Protection Regulation (GDPR) (EU) 2016/679

Article 6

  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Article 9

  • Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
  • Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

Collecting this information

Whilst the majority of children looked after information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Storing this information

We hold children in need and children looked after data under:

Looked after Child Legal status included in the category:

  • Interim Care Order – Sec.38 Children Act 1989;
  • Care Order – Sec.31 Children Act 1989;
  • Accommodated under Sec.20 Children Act 1989;

For 75 years from the birth of the individual, except when an individual dies prior to age 18, then records should be retained for 15 years from date of death.

With whom we share this information

We routinely share this information with the following:

  • Local authorities
  • Internal stakeholders – care, education and clinical staff
  • Regulation 44 inspectors
  • Ofsted / CIW
  • Police
  • Health care services
  • Youth Offending Services
  • NYAS / Independent Visitors

Why we share this information

Local authorities

To support care planning processes, meet service delivery agreements and adhere to safeguarding and child protection processes under the legal status of the child as a sub-contracted private provider of care for that child.

Internal stakeholders – care, education and clinical staff

To support care-planning processes, meet service delivery agreements and adhere to safeguarding and child protection processes.

Regulation 44 inspectors

To meet legislative requirements set out in The Children’s Homes (England) Regulations 2015 and Quality Standards; to support transparency of practice and service improvement.

Ofsted / CIW

To meet legislative requirements as above regarding notifications of serious incidents and to support the inspection process of the sector regulator.


To support and adhere to safeguarding and child protection processes, particularly relating to absences from children’s homes, missing persons and risk of child sexual exploitation.

Health care services

To support the meeting of health needs in the capacity of responsible parenting on behalf of the local authority, meeting legislative requirements for safeguarding the wellbeing of a child.

Youth Offending Services

To support the implementation of court orders relating to youth justice and rehabilitation.


To support the meeting of mental health needs and for the completion of effective assessments and ongoing treatment.


To advocate and support a child on their request, where their needs are not being met by the local authority or other professional warranting an independent advocate and / or to ensure welfare and safety of child.

Data collection requirements

To find out more about the data collection requirements placed on us by the Department for Education go to the following sites:

Children looked after: https://www.gov.uk/guidance/children-looked-after-return

Children in need: https://www.gov.uk/guidance/children-in-need-census

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about children in England. It provides invaluable information on the background and circumstances on a child’s journey and evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

Law requires us, to provide information about our children to the DfE as part of statutory data collections. Some of this information is then stored in the national pupil database (NPD). The law that allows this is the Education (Information about Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to:

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

  • Conducting research or analysis.
  • Producing statistics.
  • Providing information, advice or guidance.

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • Who it is requesting the data.
  • The purpose for which it is required.
  • The level and sensitivity of data requested: and
  • The arrangements in place to store and handle the data.

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:

To contact DfE: https://www.gov.uk/contact-dfe

Safeguarding Measures

Bryn Melyn Care takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data.

We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place,including:

  • Constantly updated professional firewall security for our whole network
  • Seamlessly connect remote locations and mobile employees through SSL VPN, site-to-site, and client-to-site VPN connectivity.
  • SSL Encryption for Email Client Communications
  • Secure Single Point Login for all services, with high level authentication
  • Network managed and constantly updated professional Anti Virus Solutions

Transfers outside the EU

Bryn Melyn Caredoes not transfer or store any personal data outside the EU.


If you would like to discuss anything in this privacy notice, please contact: Sherrie Kelly, Bryn Melyn Care, Edward James House, Hadley Park East, Telford TF1 6QJ. Telephone: 01952 504715. Email: sherrie.kelly@brynmelyncare.com