Supervised Toothbrushing Pilot in Schools privacy notice for parents and carers

We keep this privacy notice under regular review and it was last updated on 13 July 2023.

Kent County Council respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Who we are

Kent County Council (KCC) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). We are responsible as ‘controller’ of that personal information. Our Data Protection Officer is Benjamin Watts.

The Supervised Toothbrushing Pilot is being delivered by Kent Community Health Foundation Trust (KCHFT), on behalf of KCC. This project will offer opportunity for children in Reception in selected schools to participate in daily supervised toothbrushing at school, in order to protect and improve their oral health.

Parents and carers who have a child in Reception in participating schools in these districts will be asked if they give permission (called a ‘common law consent’) for their child to take part in the supervised toothbrushing programme, to take place during the academic year from September 2023 to late July 2024. They will also be asked if they give consent for their child to have a brief dental examination at the start and end of the project to record the level of visible plaque, so that we can explore the impact of taking part in daily supervised toothbrushing at school. This will be carried out by the KCHFT dental team.

We will also ask parents and carers if they wish to be contacted to complete a follow up survey. This will help us (KCC) to understand how helpful you think it has been for your child to take part in this project.

The personal information we collect and use

Information collected by us

If you give permission to your child taking part in daily supervised toothbrushing, we will collect the following personal information when you provide it to us:

  • Your child’s personal details, for example, name, date of birth, school name.
  • Your personal details (as the child’s parent or carer), for example, name, email address.

Your email address will only be used to contact you with a follow up survey during the course of the year.

We also collect the following ‘special category data’ (personal data which is more sensitive and is treated with extra care and protection) when you provide it to us:

  • Information about any allergies or health needs that your child may have that are relevant to them taking part in daily toothbrushing at school.
  • Information about your child’s teeth (visible plaque) at the start and end of the project (in autumn 2023 and again in summer 2024) so that we can explore the impact that taking part in the project may have on children’s oral health.

How we use your personal information

We use your personal information for the following purposes:

  • To protect and improve a child’s oral health.
  • To understand the impact of this project for children, parents and carers.
  • To seek feedback on the helpfulness of the project.

Reasons we can collect and use your personal information

When we collect your personal data, we rely on the following legal bases:

  • To administer the Supervised Toothbrushing Project:
    Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • For collecting parental email address to issue a follow up survey:
    Article (6)(1)(a) - consent - the individual has given clear consent to process their personal data for a specific purpose).

When we collect your ‘special categories of personal data’, (such as health, race, ethnicity) we rely on the following legal bases:

  • Article (9)(2)(h) - processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services.

We rely on the health or social care purpose and public health conditions from Schedule 1 of the Data Protection Act 2018 when relying on Article(9)(2)(h) to process your special category data.

We take the following appropriate safeguards in respect of your special category and criminal convictions data when relying on the conditions above:

  • We have a retention Schedule which explains how long data is retained (please see records AS 6.4.2 and 6.4.3).
  • We maintain a record of our processing in our ‘record of processing activities’ and record in it any reasons for deviating from the periods in our retention schedule.

How long your personal data will be kept

In line with the NHS Records Management Code of Practice, we will hold and use your child’s personal information until their 25th birthday, after which the information is made inaccessible to system users or securely destroyed. Any paper copies will be securely destroyed after 1 year.

We will hold your email address, when you provide it to us, for 1 year, after which time this information will be securely destroyed.

Who we share your personal information with

In the course of working with you, we may collect information from, or share it with, some of the following third parties (non-exhaustive list):

  • Kent Community Health Foundation Trust (KCHFT) will be conducting the Supervised Toothbrushing Project on KCC’s behalf. KCHFT will provide information to KCC about the overall uptake of the programme but this will not include personal information.
  • Your child’s school, so that only children who have permission from their parents take part in the programme and so their school is aware of any allergies or health needs that your child may have, relevant to toothbrushing.

We will share personal information with law enforcement or other authorities if required by applicable law or in connection with legal proceedings.

We will share personal information with our legal and professional advisers in the event of a dispute, complaint or claim. We rely on Article 9(2)(f) where the processing of special category data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

Transferring your information outside of the UK

KCHFT uses Wordpress as part of processing your personal data which is hosted using Microsoft Azure cloud services, within the EU. This means that we will transfer your data outside of the UK to the EU for processing. This is based on an adequacy decision by the Secretary of State and safeguards prescribed by the UK GDPR. More information can be found on the ICO’s website.

Your rights

Under the UK GDPR you have rights which you can exercise free of charge which allow you to:

  • know what we are doing with your information and why we are doing it
  • ask to see what information we hold about you (subject access request)
  • ask us to correct any mistakes in the information we hold about you
  • object to direct marketing
  • make a complaint to the Information Commissioners Office
  • withdraw consent at any time (if applicable)

Depending on our reason for using your information you may also be entitled to:

  • ask us to delete information we hold about you
  • have your information transferred electronically to yourself or to another organisation
  • object to decisions being made that significantly affect you
  • object to how we are using your information
  • stop us using your information in certain ways

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the United Kingdom General Data Protection Regulation.

If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your right to withdraw your consent

Where we rely on your consent to process your personal information (child participation, dental examination and follow up survey) you can withdraw your consent at any time. To do this, email kentchft.oralhealthkent@nhs.net. Please advise in your email which part of processing you wish to withdraw your consent to.

Who to contact

Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk.

UK GDPR also gives you right to lodge a complaint with the Information Commissioner, who may be contacted via the Information Commissioner's website or call 03031 231113.

Read our corporate privacy statement.