Commissioning Privacy Notice

Commissioning and Procurement

Birmingham Childrens Trust (the Trust) uses information about individuals so that we can commission a range of services to meet the needs of children, young people and families in Birmingham. The Trust is committed to meeting its data protection obligations and handling your information securely. This notice sets out what you need to know about how we will use your information. You should make sure you read and understand this notice before submitting your information to us.

Birmingham Children’s Trust complies with data protection legislation (the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) and is registered as a ‘Data Controller’ (Reg. No ZA317906). 

Purpose and lawful bases of collecting this personal data

The Commissioning Team’s purpose for collecting your personal data is set out in the table below.

ACTIVITY

Legal Basis

Service user and market engagement

The Trust engages in different research activities for the purpose of service improvement. However, the data used is anonymised.

Where the information is identifiable, the Trust will ensure that appropriate lawful basis is used as the initial purpose of collection is procurement and commissioning in accordance with The Children and Families Act 2014 and the Care Act 2014.

Commissioning of services

Art 6 1(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Contract monitoring of commissioned services and review of service delivery

Art 6 1(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Complaints – to process personal data if it relates to a compliant where you have asked us to be involved to seek a resolution or where an issue has been raised regarding a service provision we have commissioned 

Art 6 1(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Direct payments for personalised budgets

Art 6 1(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Necessary to process payments as outlined in the contract under The Short Breaks Regulations as per the duty in the Care Act 2014 and SEND code of practice.

Ensure the Trust is compliant with commissioning laws

Art 6 1(c) processing is necessary for compliance with a legal obligation to which the controller is subject.

Additionally, the Trust ensures compliance with Legal Obligation under

  • Education Act 1989 Section 47
  • Children’s Act 2004 Sect 11

Safeguarding

Art 6 1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

What personal information do we collect to deliver this service?

In order to procure and commission services and deliver participation and engagement opportunities, we may collect the following personal information.

We will seek the following information from providers of services:

  • name of key contact person
  • business address
  • contractual information including information collected for Quality Assurance purposes
  • Health and safety and insurance details
  • VAT number
  • bank details  - payroll information, company ownership arrangements and payment details 
  • Unique Tax Reference (UTR) number (if you are a self-employed trader) 
  • Ofsted and CQC Category if applicable

The consequences of not providing the information requested are that we cannot enter into a contract with you and pay for services delivered. Furthermore, in certain cases, if you don’t give us this information then we will be unable to process your tender for any commissioned service you bid on with us, meaning we will not be able to contract with us.

We may also seek personal information from other sources including:

  • other Birmingham City Council departments
  • schools and academies
  • agencies that you have received a service from (if applicable)
  • Disclosure and Barring Service (DBS)
  • regulatory bodies such as Care Quality Commission and Ofsted

Some of the information we hold and use has already been collected and is provided to this service by other teams in the Trust (these lists are not exhaustive):

  • personal information such as your name, age, address, contact details
  • special category information such as ethnicity and gender
  • information describing service needs and requirements if relevant to a commissioned service
  • family contact detail
  • assigned professional or practitioner details
  • Child in Care status or other status
  • current school and details of any exclusions
  • SEND Details
  • EHC Plan

How we collect this information

We collect personal information in the following ways:

  • secure records and databases managed by Birmingham Children’s Trust and Birmingham City Council
  • online forms for registration and requests for services
  • commissioning processes including tender applications

How your personal information is stored

We hold personal information in secure electronic case management, financial (CareFirst) and procurement systems on the secure Trust network.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long your personal information is stored for

Information which you have provided will be stored securely in line with the retention periods shown below after which time it is archived or securely destroyed, unless we are required by law to retain records for longer than the stated retention period. The information will only be used for the purposes stated when it was collected. Information will not be sold, rented or provided to anyone else, or used for any other purpose than that for which it was originally collected unless required to by law.

​Category of information

​Retention period

Tender specification & contract development (ordinary contracts) 

Terms of contract +6 years 

Pre-contract advice 

Terms of contract +6 years 

Tender evaluation (ordinary contracts) 

Terms of contract +6 years 

Successful tender documents (ordinary contracts) 

Terms of contract +6 years 

Unsuccessful tender documents 

Terms of contract +6 years 

Post tender negotiations 

Terms of contract +6 years 

Awarding of contract (ordinary contracts) 

Terms of contract +6 years 

Contract management 

Terms of contract +6 years 

Management and amendment of contract (ordinary contracts) 

Terms of contract +6 years 

Tender specification & contract development (Contracts under Seal) 

Terms of contract +12 years 

Tender evaluation (contracts under Seal) 

Terms of contract +12 years 

Successful tender documents (contracts under Seal) 

Terms of contract +12 years 

Awarding of contract (contracts under Seal) 

Terms of contract +12 years 

Management and amendment of contract (contracts under Seal) 

Terms of contract +12 years 

How we use this personal information

  • To develop strategies and supporting service planning
  • To commission best value services, this ranges from large contracts to individual bespoke services
  • To prepare for regulatory inspections
  • To co-ordinate participation and engagement activity for young people, including managing participation groups
  • To support the sufficiency of provision of services for children, young people and families
  • To source and ensure good quality placements for children in care and care leavers
  • To manage the quality of, and outcomes delivered by, direct and in-direct or commissioned services
  • To monitor contracts and provide quality assurance

Who we may share your information with

The Trust shares the information with Birmingham City Council as they are the commissioner of Birmingham Children’s Trust. We will only share your information when necessary and when the law allows us to, and we will only share the minimum information we need to.

We might share information with other teams within the Trust or with other organisations for a variety of reasons, such as to provide services, for safeguarding and the prevention and detection of crime (including fraud). The Trust will never sell your information to anyone else, but we may share some of it with other individuals and organisations, including the following organisations (this list is not exhaustive):

  •  stakeholders involved in the delivery of social value offers
  • stakeholders involved in the procurement requirement or delivery
  • advocates
  • Care Quality Commission
  • commissioned delivery partners
  • other Local Authorities
  • Ofsted
  • Police
  • residential care providers
  • Youth Offending Service
  • project partners

Your rights

Under GDPR you have rights which you can exercise free of charge which allow you to:

  • know what we are doing with your information and why we are doing it
  • ask to see what information we hold about you (subject access request)
  • ask us to correct any mistakes in the information we hold about you
  • object to direct marketing
  • make a complaint to the Information Commissioners Office
  • withdraw consent at any time (if applicable as this will not be possible in certain circumstances)

Depending on our reason for using your information you may also be entitled to:

  • ask us to delete information we hold about you (if applicable)
  • have your information transferred electronically to yourself or to another organisation
  • object to decisions being made that significantly affect you
  • object to how we are using your information
  • stop us using your information in certain ways

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties which will override the requirements of the GDPR. Please note, your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under GDPR.

Requesting access to your personal information

Under data protection legislation, parents, carers and children have the right to request access to information that we hold on them. To make a request for your personal information please contact:

Disclosure Team
One Avenue Road
Aston
Birmingham
B6 4DU

Email: DisclosureTeam@birminghamchildrenstrust.co.uk

If you have a concern about the way we are collecting or using your personal information, you should raise your concern with us in the first instance via CustomerRelations@birminghamchildrenstrust.co.uk.

GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted on 03031 231 113. Or see the ICO Website for further details.

Contact us

If you would like to discuss anything in this Privacy Notice, please contact:

Data Protection Officer
Disclosure Team
One Avenue Road
Aston
Birmingham
B6 4DU

Email: DPO@birminghamchildrenstrust.co.uk