Menu
Home Page

GDPR - Data Protection

 

GENERAL DATA PROTECTION REGULATION POLICY

 

The General Data Protection Regulation (GDPR) is designed to protect the privacy of individuals. It requires that any personal information about an individual is processed securely and confidentially. This includes both staff and children. How the pre-school obtains, shares and uses information is critical, as personal data is sensitive and private. Everyone, adults and children alike, has the right to know how the information about them is used. The General Data Protection Regulation requires the pre-school to strike the right balance in processing personal information so that an individual’s privacy is protected. Applying the principles to all information held by the pre-school will typically achieve this balance and help to comply with the legislation.

In order to provide a quality early years and childcare service and comply with legislation, we will need to request information from parents about their child and family. Some of this will be personal data.

 

We take families’ privacy seriously, and in accordance with the General Data Protection Regulation (GDPR), we will process any personal data according to the seven principles below:

 

  1. We must have a lawful reason for collecting personal data, and must do it in a fair and transparent way. We will be clear about what data we are collecting, and why.
  2. We must only use the data for the reason it is initially obtained. This means that we may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with us in the first place.
  3. We must not collect any more data than is necessary. We will only collect the data we need to hold in order to do the job for which we have collected the data.
  4. We will ensure that the data is accurate, and ask parents to check annually and confirm that the data held is still accurate, and make any corrections that are required.
  5. We will not keep data any longer than needed. We must only keep the data for as long as is needed to complete the tasks it was collected for.
  6. We must protect the personal data. We are responsible for ensuring that we, and anyone else charged with using the data, processes and stores it securely.
  7. We will be accountable for the data. This means that we will be able to show how we (and anyone working with me) are complying with the law.

 

Procedure (how we put the statement into practice)

We expect parents to keep private and confidential any sensitive information they may accidentally learn about our family, setting or the other children and families attending our setting, unless it is a child protection issue.

 

We will be asking parents for personal data about themselves and their child/ren in order to deliver a childcare service (see privacy notice). We are required to hold and use this personal data in order to comply with the statutory framework for the early years foundation stage, Ofsted, Department for Education and our local authority.

 

Subject access

Parents have the right to inspect records about their child at any time. This will be provided without delay and no later than one month after the request, which should be made in writing. We will ask parents to regularly check that the data is correct and update it where necessary.

 

Storage

We will keep all paper-based records about children and their families securely locked away in a filing cupboard.

If we keep records relating to individual children on our computer, externally or in cloud storage such as iCloud, Google Drive or Dropbox, including digital photos or videos, we will obtain parents’ permission. This also includes CCTV.

 

We will store the information securely, for example, in password-protected files, to prevent viewing of the information by others with access to the computer.

 

We use software to back up our computer. Firewall and virus protection software are in place.

 

Information sharing

We are expected to share information with other childcare providers if a child also attends another setting.

 

We are also required to share information with services covered under the Lambeth local authority, i.e. the health care services in regards to the childcare and early year’s entitlements (15 or 30 free education hours).

 

We will not share any information with anyone without parents’ consent, unless there is a child protection concern.

 

OFSTED may require access to our records at any time.

 

Record keeping

We record all accidents on an accident form, which will be discussed and signed with parents on collection the same day. Accident forms are stored in a lockable cabinet in each room, and archived yearly into the child’s personal file.

 

We will inform OFSTED, the local child protection agency and the Health and Safety Executive of any significant injuries, accidents or deaths as soon as possible.

 

We record all significant incidents on an incident form, which is discussed and shared with parents and then stored in the same way as an accident form

We will only share information if it is in a child’s best interests to do so. For example in a medical emergency we will share medical information with a healthcare professional. If we are worried about a child’s welfare we have a duty of care to follow the Local Safeguarding Children’s Board procedures and make a referral. Where possible we will discuss concerns with you before making a referral.

 

Safe disposal of data

We are required by law to keep some data for some time after a child has left the setting. We have a review plan in place and ensure that any data is disposed of appropriately and securely.

 

Suspected breach

If we suspect that data has been accessed unlawfully, we will inform the relevant parties immediately and report to the Information Commissioner’s Office within 72 hours. We will keep a record of any data breach.

 

The Company is required to process relevant personal data as part of its operation and shall take all reasonable steps to do so in accordance with our policy.

 

Processing may include obtaining, recording, and holding, disposing, destroying or otherwise using data. The Company will endeavour to ensure that all personal data is processed in compliance with our policy and the principles of the Data Protection Act 1998.

 

If you wish to exercise any of these rights at any time or if you have any questions, comments or concerns about this privacy notice, or how we handle your data, please do not hesitate to contact us.

 

The ICO can be contacted at:

Information Commissioner’s Office, Wycliffe House,

Water Lane,

Wilmslow,

Cheshire

SK9 5AF

or on:

ico.org.uk/

 

 

  • Opening Hours
  • Monday - Friday: 7.30am - 6pm
  • Saturday: Closed
  • Sunday: Closed
Top

Cookies

Unfortunately not the ones with chocolate chips.

Our cookies ensure you get the best experience on our website.

Please make your choice!

Cookies

Some cookies are necessary in order to make this website function correctly. These are set by default and whilst you can block or delete them by changing your browser settings, some functionality such as being able to log in to the website will not work if you do this. The necessary cookies set on this website are as follows:

Website CMS

A 'sessionid' token is required for logging in to the website and a 'crfstoken' token is used to prevent cross site request forgery.
An 'alertDismissed' token is used to prevent certain alerts from re-appearing if they have been dismissed.
An 'awsUploads' object is used to facilitate file uploads.

Matomo

We use Matomo cookies to improve the website performance by capturing information such as browser and device types. The data from this cookie is anonymised.

reCaptcha

Cookies are used to help distinguish between humans and bots on contact forms on this website.

Cookie notice

A cookie is used to store your cookie preferences for this website.

Cookies that are not necessary to make the website work, but which enable additional functionality, can also be set. By default these cookies are disabled, but you can choose to enable them below: