Privacy & Data Protection Policy

The Independent Safeguarding Hub is committed to a policy of protecting the rights and privacy of individuals. We need to collect and use certain types of personal data in order to carry out our work but we recognise that this data must be collected and handled securely.

The Data Protection Act 1998 (DPA) and General Data Protection Regulations (GDPR) 2018 govern the use of any personal data we may hold about people who use our services. Personal data may be held on computers, laptops and mobile devices, or in manual files; this includes emails and minutes of meetings.

The Independent Safeguarding Hub is committed to being concise, clear and transparent about how we obtain and use personal information and will ensure data subjects are aware of their rights under the legislation.

If we share data with third parties, it is done so under a written agreement to ensure our data security standards are met.

We won’t pass on or sell your contact details to third parties for marketing purposes.

The Independent Safeguarding Hub is registered with the Independent Commissioners Office (ICO).

The Data Protection Act  

This contains eight principles for processing personal data with which we must comply. These principles are as follows.

Personal data shall be:

  • processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met,
  • obtained only for one or more of the purposes specified in the DPA/GDPR, and shall not be processed in any manner incompatible with that purpose or those purposes,
  • adequate, relevant and not excessive in relation to those purpose(s).
  • accurate and, where necessary, kept up to date,
  • processed in accordance with the rights of Data Subjects under DPA/GDPR,
  • kept secure by the Data Protection Officer who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,

Personal data shall not be:

  • kept for longer than is necessary,
  • transferred to a country outside the European Economic Area unless that country ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of personal information.

All managers and employees of The Independent Safeguarding Hub are aware that a breach of the rules and procedures identified in this policy may lead to action being taken against them.

Personal Data

Personal data relates to data of living individuals who can be identified from that data where use of that data could cause an individual damage or distress. This does not mean that mentioning someone’s name in a document comprises personal data; however, combining various data elements such as a person’s name and salary or religious beliefs etc. would be classed as personal data, and falls within the scope of the DPA/GDPR. It is therefore important that managers and employees treat any information (which is not otherwise in the public domain) that can be used to identify an individual as personal data and follow these policy guidelines.


Usually when the Independent Safeguarding Hub undertakes Independent Social Worker Assessments (including fostering assessments) the Local Authority (or appropriate referring agency) will be the Data Controller for information held and will comply with its obligations under the GDPR and DPA.

Likewise, when the Independent Safeguarding Hub undertake a consultancy role, the agencies and organisations who request this service will be the Data Controller for information held and will comply with their obligations under the GDPR and DPA.

The Independent Safeguarding Hub will be responsible for the processing of data, which will involve the collecting, amending, handling, storing or disclosing of personal information.

The Independent Safeguarding Hub will also be the data controller in some circumstances, determining the purpose and manner in which data is processed. The Independent Safeguarding Hub is registered with the ICO and will comply with our obligations.

The Directors, managers and employees of the Independent Safeguarding Hub are responsible for storing, processing and using personal data in accordance with the DPA/GDPR and will therefore be expected to read and comply with this policy.

Our Website

If you submit an enquiry form on our website we will use this information to ensure that we can offer you the most appropriate service. This information will not be used for marketing purposes or sold to third parties.

We sometimes use tracking technologies that record information about you automatically, when you visit our web pages. This can include using a cookie that would be stored on your browser. Without such technology it is possible that certain functionality of our site might be affected. This information does not identify you personally. We automatically collect and store only the following information about your visit:-

  • The internet domain and IP address from where you access our website;
  • The type of browser software and operating system used to access our website;
  • The date and time you access our website;
  • the pages you enter, visit and exit our website from; and
  • If you linked to our website from another website, the address of that website.

We use this information to help us identify click stream patterns, to improve our website and to learn about the number of visitors to our website and the types of technology our visitors use. We only use this information to ensure that our web pages stay compatible with a selection of browsers and systems and thereby ensure that the pages appeal to our audience. We do not track or record information about individuals and their visits. You can clear your cookies on your machine at any time and browse incognito.

Storing Data

Enquiry forms, client information and assessment reports that contain personal data will be stored safely on company devices, with additional password encryption. This information may be shared within the organisation as well as additional parties as agreed (for example the Local Authority Social Worker, Legal Representatives, Courts and Fostering Agencies).

Data is held by the Independent Safeguarding Hub for a reasonable amount of time. We retain data for as long as necessary in relation to the specific work we are required to undertake. Data will not be held for longer than 2 years, unless there are agreed circumstances.

All personal data we hold or process is disposed of in a way that protects the rights and privacy of data subjects.

If you have made a direct enquiry with us for a services, you can request to receive the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If a data breach occurs we are obliged to let you know within 72 hours, where reasonable. If and when this does occur we will aim to let you know as soon as we can.

Subject Access Requests

Individuals have a right to make a Subject Access Request (SAR) to find out whether The Independent Safeguarding Hub holds their personal data, where, what it is used for and to have data corrected if it is wrong, to prevent use which is causing them damage or distress, or to stop marketing information being sent to them. Any SAR must be dealt with within 30 days. Reasonable steps must be taken to confirm the identity of the individual before providing any information to them.


The Independent Safeguarding Hub have a responsibility to ensure that appropriate measures are taken and training accessed to prevent:

  • Unauthorised or unlawful processing of personal data
  • Unauthorised disclosure of personal data
  • Accidental loss of personal data

All Directors, managers and employees must therefore ensure that personal data is dealt with properly no matter how it is collected, recorded or used. This applies whether or not the information is held on paper, in a computer or recorded by some other means e.g. pc or mobile phone.

If you have any further queries or questions about how The Safeguarding Hub retains and processes data then please contact our Data Protection Officer at

This policy was agreed by the Directors of The Independent Safeguarding Hub Ltd on 18th September 2018 and will be updated in accordance with any changes to legislation and guidance relating to DPA/GDPR.

Definitions of terms used in this policy:

Data Controller – the collectively decide what personal information we’ll hold and how it will be held or used.

Data Subject – the individual whose personal information is being held or processed by ISH; this includes manager or employee

Personal Data – information about living individuals that enables them to be identified, e.g. names, addresses, telephone numbers and email addresses. This does not apply to information about organisations, companies and agencies; it only applies to named persons, such as individual customers.

Processing – collecting, amending, handling, storing or disclosing personal information.

Data Protection Officer – the person responsible for ensuring that ISH follows its data protection policy and complies with the data protection legislation.

Information Commissioner’s Office (ICO) – the ICO is responsible for implementing and overseeing the Data Protection Act 1998 and GDPR.