This privacy notice is written by Aimee Clay, Deputy Manager of Pebbles Kindergarten and Information Compliance Co-Ordinator. Should you have any queries relating to this privacy notice or data protection please email us at email@example.com
Our Principles of Data Protection
Our approach to data protection is built around a key concept of transparency. We take a human approach on how we process personal data by being open and honest.
As a nursery provider we are required to keep personal data for each child as set out by the Early Years Foundation Stage. This is for both contractual reasons and for emergency reasons. We are required to inform you of how we both process and store personal data within our setting.
Compliance with the Data Protection Act 1998
We treat any personal information (information that identifies and relates to a person. This can include information that when put together with other information can lead to the identification of a person. For example your name and contact details) that you provide us, or that we obtain from you, in accordance with the provisions of the Data Protection Act. Under this Act, we have a legal duty to protect any information we collect from you. Any amendments to this policy will continue to be in accordance with the provisions of the Data Protection Act 1998.
What Information Do We Collect About You and Your Child?
To care for your child effectively, communicate appropriately, access funding and support appropriate to your child’s learning and development, we collect and hold personal information. In the nursery setting, we have paper-based records and data held on computers which are secure and password protected. All records are stored securely in locked filing cabinets, with most folders and all computers locked securely within the office of the setting and accessible only by the Owner, Deputy Manager and Duty Manager. We provide parents with a closed Facebook group for news and information relating to the setting. We use ChildsPlay as our database containing all information on the children, which works alongside Sage for our invoicing and payments procedure. Policies are on show at the setting and are available for parents to request copies of. As a secure nursery setting, no unauthorised people have access to these records and any visitors to the setting follow our visitor policy, signing in and providing identification and will never be left alone with any confidential information. For any further information please see our nurseries policies and procedures.
How Is Your Data Used?
We are covered by the Information Commissioner’s Office (ICO) for using computers, laptops, wi-fi enabled phones and tablets within each setting, and to take photos of your child. Photos are deleted as soon as possible, always within the same day as taken. All computers, laptops, phones, and tablets are password protected and are locked in the office when not in use.
When your child leaves our setting, the only data we will keep relating to them are the ones required by law, for further details on this information, please see our GDPR Policy. Anything else non-statutory can be destroyed at your request.
As a childcare provider we must adhere to the Lawfulness of Processing Data, that means that any data we need from you must fall into one of the following categories:
Consent of the data subject
Processing is necessary for the performance of a contract with the data subject.
Processing is necessary for the compliance with a legal obligation.
Processing is necessary to protect the vital interests of the data subject.
Processing is necessary in the public interest or the controller has official authority.
Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party.
The data we are required by law to hold for each child is as follows:
Child’s Address and Contact Details
Parent Addresses (if different) and Contact Details including phone number
Emergency Contact Details (2 people not including parents)
Allergies / dietary requirements information
Any other special requirements / needs /medical history details
Names of people who can collect your child if not yourselves
Dr Name and address, and contact number
Other information relating to your child and their care may be requested from time to time in line with the above categories.
Why Do We Collect Your Data?
As such the above can be collected in compliance with the principles above; we need this data to put a contract together to make it legally binding, and to abide by our OFSTED registration requirements. Therefore, the data will be necessary under Points 3 and 4 at the very least.
Storing Personal Data & How You Can Access It
Although most of the data you provide to us is mandatory, some of it is requested on a voluntary basis. To comply with GDPR we will inform you when collecting this information as to whether it is mandatory. You can access and update your information. Your data is securely stored on site and on our computer systems. We have up to 1 month to comply/ respond to your request.
How Long Do We Keep Yours & Your Child’s Information For?
When you leave the setting, you are entitled to take all data relating to your child’s development. We are required by law to hold onto some data until the child reaches the age of 24 (normally 20 years after they have left the setting), therefore we cannot destroy these or pass them over to you. You have the right to request additional data we may hold is handed over to you or destroyed at your request.
How Is Your Data Deleted?
Hard copies of personal data are shredded when your child reaches the age of 24 years. Digital copies are deleted from all sources when your child reaches the age of 24 years. You have the right to have your records amended or deleted provided this doesn’t breach our other responsibilities (for example Safeguarding Children). We have 1 month to comply with and/or respond to such a request.
You have the right to:
Right to access
Right to rectification
Right to erasure
Right to restriction of processing
Right to objection
Right to data portability
Right to lodge a complaint with the Supervisory Authority.
Provided this doesn’t breach our other responsibilities (for example Safeguarding Children).
Sharing Your Data & How We Do This
To adhere to contractual purposes, we have a duty to share some of your information with our Local Authority (Essex County Council) the DfE (Department for Education) and HMRC. Sometimes we may also need to share information with other settings and professionals to ensure your child is getting the best possible and consistent care. Permission is sought for this. This may include: full name and address, DOB, ethnic group, particular additional needs, and National Insurance numbers. For more details on these agencies and their Privacy Notices, please refer directly to their website. Major safeguarding concerns will be the only occasion we may need to share information without permission. For further information around safeguarding please see our safeguarding policies.
Security is a priority for us when it comes to your personal data. We are committed to protecting your personal data whilst stored within our facilities.
If you have concerns about the way we are collecting or using your personal data, please refer your concern to us in the first instance. Please contact Aimee Clay on 01255 433339 or email: firstname.lastname@example.org