Privacy Policy

When a provider registers to create an account, we require:

• First name
• Surname
• Email address.

Having created an account, providers who list their services on FISH can lodge the following information:

• Name
• Address
• Telephone number
• Mobile number
• Email
• Facebook and twitter account
• Description of service which could include information about themselves.

When an individual provides feedback via the Contact Us method, they can provide their name, email address or a telephone number if preferred.

Like most websites we use 'cookies' to collect anonymous statistics about how people use the site, and to help us keep it relevant for the user. Cookies 'remember' bits of information from your visit to the site. Find out more about the use and storage of cookies on the Council’s privacy notice.

The information is stored in a secured area called the Datastore.  The Datastore is only accessible to eligible staff and on a restricted access basis.  Staff who can access the Datastore do so by using a username and password and can only see the areas of the datastore they have been given access to. This area is strictly controlled by the super users.

Part of the information can be made ‘visible’ and ‘live’ and can be seen on the front end of the website.  Other parts of the information can be restricted to public view and can only be accessed by authorised staff on the Datastore.

We use the data collected to enable us to carry out specific functions for which we are responsible.

Under the Care Act 2014, Children’s Act 2006/2016 and the SEND Code Of Practice (Children’s Act), we have a legal duty to ensure residents have access to clear information, advice and guidance to inform the choices they make. The purpose is to help people live healthy and fulfilling lives, as independently as possible, and to connect to, contribute and feel part of their local community. The information helps every member of the community know what is available to them and covers children’s services, youth services, some health services, services for children and young people with a disability, learning difficulty or sensory needs, sport and community activities.

The information is given by providers voluntarily.  By registering on the site and accepting the Terms of Conditions, they consent that the data and information is used for the purpose of informing and promoting their services.

The information is kept up to date by the providers – they can remove it from the system or enhance/update it.

It is also kept up to date by the data controller/processor.  The information is removed/updated if the service is no longer running, needs to be updated and the data controller is notified of such.

Any resigned, cancelled or suspended settings are removed from public visibility as soon as possible.

The information is shared on a public website, except for data that needs to be restricted either legally or on request.

Information will be shared with Ofsted and internal safeguarding/child protection teams if a safeguarding concern is raised via the Contact Us method.

Feedback regarding content will be shared with internal services/teams to further improve and develop services and information for Hampshire residents. This includes SEN Team, Early Years, Early Help, Children’s Commissioning Team, and any other appropriate internal service that may plan services. Personal information will not be shared without permission.

The information is also accessed by the software provider: IDOX/Open Objects.  They may access the information on a needs basis when system issues arise and need to be resolved. The software provider has to comply with GDPR and has its own policy to ensure this is met.

No, the Datastore is maintained in the United Kingdom.

Processing is based on consent.  When registering, service providers agree to the Terms and Conditions of use of the site.  Service providers who lodge their information on FISH have a right to withdraw all or any of the information we hold or that they have submitted.

The GDPR sets out a higher standard for consent than the Data Protection Act. The GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’

Under General Data Protection Regulations, users of FISH have the right to request access to information about them that we hold, using the Contact Us method.

To request information that the County Council holds, please make a Subject Access Request.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress prevent processing for the purpose of direct marketing
• object to decisions being taken by automated means in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed.

Service providers have a right to:

• have their data corrected; as a self-managed system a service provider is given access to their information for updating purposes.  This is something that we will promote in order to ensure the data is kept up to date at all times
• have their data deleted – if they no longer wish to be listed on the FISH website or if the service is no longer running
• put a complaint to the Information Commissioner’s Office (ICO).

To respond to safeguarding concerns, the data controller has a right to delete or archive a service provider from the site.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. The Council’s privacy notice explains how to do this.

Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

If you have any queries or concerns about how Hampshire County Council is handling your information or if you would like to exercise your rights under the General Data Protection Regulations, please contact the Council’s Data Protection Officer, data.protection@hants.gov.uk