This statement will cover the requirements of the General Data Protection Regulation (GDRP) which came into effect on 25th May 2018. It will show how Honey Tots Day Nursery collects and uses personal information about parents, children and employees. As a ‘Data Controller’ we are responsible for how we utilise all personal information.
GDPR states that personal data should be ‘processed fairly and lawfully’, ‘collected for specified, explicit and legitimate purposes’ and that the individual’s data is not processed without their ‘explicit consent’. GDPR covers personal data relating to individuals. Honey Tots Day Nursery is committed to protecting the rights and freedom of individuals with respect to the processing of children’s, parents, visitors and staff personal data.
GDPR includes 7 rights for individuals
1. The right to be informed
2. The right to access
3. The right to erasure
4. The right to restrict processing
5. The right to share data
6. The right to object
7. The right to not be subject to automated decision-making, including profiling (Honey Tots Day Nursery does not use personal data for such purposes).
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
· We have completed a data audit and identified any potential risks
· We have migrated any potential risks
· Paper records are held in locked filing cabinets
· Electronic records are password protected
· In the event of there being any wrongful disclosures of confidential information, it will be investigated immediately.
· All records are kept on site at all times. Archived records are shredded after the retention period.
It is the parent’s responsibility to ensure that the information given to us in the registration forms, are correct and kept up to date.
If any person wishes to know what information we hold on them, they should contact our Data Protection Officer- Bukola Adeyemi.
Honey Tots Privacy Notice
Honey Tots Day Nursery, 21-23 Stokes Croft, Bristol. BS1 3PY
Telephone Number: 01179243100
Name of Data Protection Officer: Bukola Adeyemi
Honey Tots Day Nursery are committed to ensuring that any personal data we hold about you and your child is protected in accordance with Data Protection Laws and is used in line with your expectations. This privacy notice explains what personal data we collect, why we collect it, how we use it and how we protect it.
Why do we collect your personal data?
We collect personal data about you and your child for the following reasons:
• To provide childcare services and fulfil the contractual agreement you have entered in to.
• To be able to contact you in case of an emergency.
• To support your child’s wellbeing and development.
• To manage any special educational, health or medical needs whilst at our setting.
• To carry out regular assessments of your child’s progress and to identify any areas of concern.
• To maintain contact with you about your child’s progress and respond to any questions you may have.
• To process your claim for up to 30 hours free childcare (only where applicable).
• To keep you update with information about our service.
What personal data do we collect?
We collect personal data about you and your child to provide care nd learning that is tailored to meet your child’s individual needs. We also collect information in order to verify your eligibility for free childcare, as applicable.
Personal data we hold about your child includes:
• Name, date of birth, address, health and medical needs, development needs, special educational needs, child protection plans from social services (if applicable), health care plans from health professionals (if applicable), details of who has parental responsibility for the child and any court orders pertaining to the child (if applicable).
Personal data that we hold about you includes:
• Name, home and work address, telephone numbers, emergency contact details and family details. This information will be collected from you directly, in the registration form.
• If you apply for up to 30 hours free childcare, we will also collect your National Insurance number or if you are self-employed, your Unique Taxpayer Reference (UTR). We may also collect information regarding benefits and family credits that you are in receipt of.
As an employer, Honey Tots Day Nursery is required to hold data on its employees; names, addresses, telephone numbers, date of birth, bank details, National Insurance numbers and photographic identification such as a passport or driving license. This information is also required for the Disclosure and Barring Service checks (DBS) that are carried out and to check proof of eligibility to work in the United Kingdom. This information is sent via a secure file transfer system, to the processor of the DBS checks.
Who do we share your data with?
In order for us to deliver childcare services, we will share your data as required, with the following:
• Ofsted- during an inspection or following a complaint about our service.
• Banking services to process chip and pin or direct debit payments (if applicable).
• The Local Authority, when a claim for up to 30 hours free childcare is made.
• The Governments eligibility checker (as above).
• Our insurance underwriter (if applicable).
• Our software management provider (if applicable).
• The school that your child will be attending.
We will also share data if:
• We are legally required to do so, for example, by law, by a court, or the Charity Commission.
• To enforce or apply the terms and conditions of your contract with us.
• To protect your child and other children, for example, by sharing information with Social Services or the Police.
• It is necessary to protect our rights, property or safety.
• We transfer the management of the setting, in which case we may disclose your personal data to the prospective buyer, so they are able to continue the service.
We will not share information about you, with any third parties without your consent, unless the law allows us to.
We will never share your personal data with any other organisation, to use for their own purposes.
How long do we retain your data?
We are required by law, to retain your child’s personal data for up to 3 years after your child has left our setting, or until the next Ofsted inspection after your child has left. Medication and accident records are kept for longer, according to legal requirements. Your child’s learning and development records are maintained by us and handed to you when your child leaves the setting.
In some instances (child protection or other support service referrals), we are obliged to keep your data for longer, if it is necessary to comply with legal requirements.
Automated decision making
We do not make any decisions about your child, based solely on automated decision making.
How do we protect your data?
We protect unauthorised access to your personal data and prevent it from being lost, accidentally destroyed, misused or disclosed by:
• Keeping files in a secure, locked cupboard.
• Digital files are all password protected.
Your rights with respect to your data
With regards to personal data we hold, you have the right to:
• Request access to the personal data we hold.
• Object to processing of personal data that is likely to cause, or is causing, damage or distress.
• Prevent processing for direct marketing purposes.
• Have inaccurate personal data rectified, blocked, erased or destroyed.
• Claim compensation for damages caused by a breach of the General Data Protection Regulations.
• Object to us making any automated decisions about your data.
• Request that we transfer yours and your child’s personal data to another person.
If you wish to exercise any of these rights at any time or if you have any questions, comments or concerns about this privacy notice, or how we handle your data, please contact the nursery Director: Fatai Kasali at firstname.lastname@example.org