GDPR
GDPR stands for General Data Protection Regulation and states that personal data should be ‘processed fairly and lawfully’, ‘collected for specified, explicit and legitimate purposes’ and that the individual’s data is not processed without their ‘explicit consent’. GDPR covers personal data relating to individuals. Clophill Preschool is committed to protecting the rights and freedom of individuals with respect to the processing of children’s, parents, visitors and staff personal data. This policy explains what personal data we collect, why we collect it, how we use it and how we protect it.
GDPR includes 7 rights for individuals
1. The right to be informed
Clophill Preschool is a registered childcare provider with Ofsted and as such, is required to collect and manage certain data.
Parents: We need to know your name, home address, telephone numbers, email, emergency contact details and family details. This information will be collected from you by completing our online secure registration form or directly at enrolment. We also ask to see evidence of your identification and will make a record of this id number e.g. passport, for safeguarding purposes.
If you apply for up to 30 hours Government funded childcare, we will also collect your National Insurance number or if you are self-employed, your Unique Taxpayer Reference (UTR) and date of birth. We may also collect information regarding benefits and family credits that you are in receipt of.
Children: We need to know children’s full name, date of birth (for which we will need to see an original birth certificate), address, health and medical needs, development needs, special educational needs, child protection plans from social services (if applicable), health care plans from health professionals (if applicable), details of who has parental responsibility for the child and any court orders pertaining to the child (if applicable).
For parent’s claiming the free childcare entitlement, we are requested to provide this data to Central Bedfordshire County Council; the information is sent to them using a secure, electronic file transfer system.
Visitors: We are required to collect certain details of visitors to our preschool. We need to know names, telephone numbers and company name (if applicable). This is in respect of our Health and Safety and Safeguarding policies.
Staff: As an employer, Clophill Preschool is required to hold data on its employees; names, addresses, telephone numbers, date of birth, medical information, bank details, National Insurance numbers and photographic identification such as a passport or driving licence. This information is also required for the Disclosure and Barring Service checks (DBS) that are carried out and to check proof of eligibility to work in the United Kingdom. This information is sent via a secure file transfer system, to the processor of the DBS checks.
We ask for the emergency contact names and numbers for staff and children.
2. The right to access
At any point, an individual can make a request relating to their data. Clophill Preschool will need to provide a response to any requests, within 1 month. Clophill Preschool can refuse a request, if there is a lawful obligation to retain the data i.e. from Ofsted, in relation to the EYFS. We will always inform the individual of the reasons for rejection. The individual has the right to complain to the ICO if they are unhappy with the decision.
3. The right to erasure
You have the right to request deletion of your data, where there is no compelling reason for its continued use. However, Clophill Preschool has a legal duty to retain children and parent’s details for a reasonable amount of time. Clophill Preschool is required by law, to retain children and parent’s records for 3 years after the child has left preschool. Accident and Injury records must be kept until the child reaches the age of 21. Child protection records must be retained until the child reaches the age of 24. Staff records must be kept for 6 years after the employment ceases. All of the data that we retain is archived securely, in a locked cupboard at preschool, in secure home offices or on secure computers. It is shredded or deleted after the legal retention period.
4. The right to restrict processing
Parents, visitors and staff can object to Clophill Preschool processing their data. This means that records can be stored, but must not be used in any way.
5. The right to share data
Clophill Preschool requires some data to be shared with a third party, such as; the Local Authority and Payroll. These recipients use secure, file transfer systems and have their own policies and procedures in place, in relation to GDPR.
6. The right to object
Parents, visitors and staff can object to their data being used for certain activities, such as; marketing or research.
7. The right to not be subject to automated decision-making, including profiling
Clophill Preschool does not use personal data for such purposes.
Storage and use of personal information
All paper copies of children and staff records are kept securely in a locked cupboard at the pre-school or in the secure homes of the two owner/managers. The managers have access to all records and staff has limited access, on a need-to-know basis.
Learning Journeys are kept in setting. Staff are given time in session to work on these books. Staff may take approved photos home of children in setting to cut up for inputting into their books.
Records held on the computer are kept in a secure password protected Dropbox folder which has restricted access to the managers. There is also another deeper level of security called the vault that has an additional password protection, and this is where Child Protection concerns are kept, only the owner/managers have access to this.
All information held, both paper and digital records will be kept confidential within the management team and staff. In the event of there being any wrongful disclosures of confidential information, it will be investigated immediately by the owner/managers, changes may then have to be made to ensure similar breaches do not occur.
Some information regarding children and parents needs to be shared with other professionals in the care of the children e.g. speech and language therapists or SEND advisory teachers, in which case parental permission is sought.
In the instances of a child sharing their time between us and another setting or upon a child leaving Clophill Preschool and moving on to school or a new setting, data held on the child may be shared with the receiving school/setting. In the case of transition to school, the transition documents completed by staff are shared with the parents first and then with the school teachers and handed directly to them. Parent’s are asked for permission to share across settings.
It is the parent’s responsibility to ensure that the information given to us in the registration and enrolment paperwork is correct and kept up to date.
We collect personal data about you and your child for the following reasons:
To provide childcare services and fulfil the contractual agreement you have entered into
To verify your eligibility for Government funded childcare, as applicable
To process your claim for up to 30 hours Government funded childcare where applicable
To assist you in the claiming of household grants from local government
So we are able to contact you in case of an emergency
To carry out regular assessments of your child’s progress and to identify any areas of concern
To maintain contact with you and respond to any questions you may have
To provide care and learning that is tailored to meet your child’s individual needs
To manage any special educational, health or medical needs whilst at our setting
To keep you updated with information about our service
In order for us to deliver childcare services, we will share your data as required, with the following:
Ofsted- during an inspection or following a complaint about our service
Banking services to process chip and pin (if applicable)
Online secure accounting program if invoiced
The Local Authority, when a claim for up to 30 hours Government funded childcare is made
The Governments eligibility checker (as above)
Our software management provider (if applicable)
Other early years settings your child may attend while with us
The school that your child will be attending
We will also share data if:
We are legally required to do so, for example, by law or by a court
We need to enforce or apply the terms and conditions of your contract with us
We need to protect your child and other children, for example, by sharing information with Social Services or the Police
It is necessary to protect our rights, property or safety
GDPR means that Clophill Preschool must:
Manage and process personal data properly
Protect the individual’s rights to privacy
Provide individuals with access to all personal data that is held on them
If any person wishes to know what information we hold on them, they should speak to our Data Protection Officer- Imogen Godfrey.
Clophill Preschool are committed to ensuring that any personal data we hold about you and your child is protected in accordance with Data Protection Laws and is used in line with your expectations. If you continue to have concerns about the way we handle your data and remain dissatisfied after speaking with us, you have the right to complain to the Information Commissioner Office (ICO). The ICO can be contacted t Information Commissioner Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or ico.org.uk
Clophill Preschool are registered with the ICO ref: ZB000623 and update our registration annually every March.
Clophill Preschool Ltd based at Clophill Village Hall, Kiln Lane, Clophill, Bedfordshire, MK45 4DA
Registered address: 57A High Street, Clophill, MK45 4BE
Telephone Number: imogen – 07765 887868, Chris – 07936 006381
Email: clophillpreschool@gmail.com
Feb 24