GDPR Policy
With effect May 25th , 2018
Hideaway Day Nursery is required to collect personal information for its employees, children, parents, and visitors. It is also necessary to process information so that staff can be recruited and paid.
We intend to meet all the requirements of the General Data Protection Act 1998 and the General Data Protection Regulations 2018 when collecting, storing and destroying personal data.
To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, Hideaway Day Nursery must comply with the Data Protection Principles which are set in the Data Protection Act 1998. In summary these state that personal data must be:
- Obtained and processed lawfully
- Obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose; adequate, relevant, and not excessive for that
- Accurate and kept up to date
- Not kept for longer than necessary
- Processed in accordance with the data subject’s rights
- Kept safe from unauthorised access, accidental loss, or destruction
- Not be transferred to a country outside the /European Economic Area, unless that country has equivalent levels of protection for personal data.
All Hideaway Day Nursery staff and volunteers who process or use any Personal Information must ensure that they follow these principles at all times. In order to ensure this happens, Hideaway Day Nursery has adopted this Data Protection Policy.
Notification of Data Held and Processed
All employees, parents, visitors and other members of the public have the right to:
- Know what information Hideaway Day Nursery holds and processes about them and why
- Know how to gain it
- Know how to keep it up to date
- Know what Hideaway Day Nursery is doing to comply with its obligations under the Act.
The Data Controller and the Designated Data Controllers
Hideaway Day Nursery is a private day nursery, and thus the organisation is therefore ultimately responsible for the implementation. However, Designated Data Controllers will deal with day to day matters. Hideaway Day Nursery Designated Data Controllers are:
Jenny Fletcher – Nursery Manager
Jody Adcock – Nursery Manager
Zoe Auburn – Deputy Nursery Manager
Personal Information
Person Information is defined as any details relating to a living, identifiable individual. Within Hideaway Day Nursery this relates to employees, attending children and their families, professional visitors and some members of the public (i.e. job applicants). We need to ensure that the information gained from each individual is kept securely and to the appropriate level of confidentiality.
The Personal information collected from individuals could include:
- Their name
- Address
- Email address
- Telephone numbers, including those of emergency contacts
- Date of birth
- Medical information
- National Insurance Number
- DBS number
- Observations of children’s progress (learning journals)
- Children’s reports
- Information from outside agencies, i.e. SEN
- Photographs/videos
- Family medical history when necessary
Hideaway Day Nursery stores personal information to comply with the statutory framework (EYFS 2017), to deliver services to families, e.g. government funding, to employ suitable people for our setting.
Processing of Personal Information
All staff and volunteers who process any Personal data are responsible for ensuring that:
- Any personal information which they hold is kept securely
Personal Information is not disclosed either orally or in writing or otherwise to any unauthorised third party.
Staff and volunteers should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases.
Personal information should be:
- Kept in a locked cupboard, or
- In a locked filing cabinet, or
- If its computerised, be password protected
- Kept on a storage device, which is itself kept securely
Conversations and meetings
Information of a personal or confidential nature should not be discussed in a public area, in front of anyone that is not an employee of the setting. Employees should be aware of confidentiality at all times when discussions are taking place, either distancing themselves from the conversation if it does not concern them or ensuring that their discussion is not overheard by others. All staff should respect the confidential nature of any information inadvertently overheard.
When meetings are being recorded it is important that only relevant information is written down. This must be carried out using the correct forms provided by Hideaway Day Nursery, notes must be written legibly and coherently. The written notes are then stored in a locked cupboard and disposed of (shredded) in a timley manner once the child/family have left the setting (1 year unless of child protection nature).
Collecting Information
Whenever information is collected about people, they should be informed why the information is being collected, who will be able to access it and what purpose it will be put. The individual concerned must agree that he or she understands and gives permission for the declared processing to take place, or it must be necessary for the legitimate business of Hideaway Day Nursery.
Sensitive Information
Sensitive information is defined by the Act as that relating to ethnicity, political opinions, religious beliefs, trade union memberships, physical or mental health, sex life, criminal proceedings or convictions. The person about whom the data is being kept must express consent to the processing of data, except where data processing is required by law for employment purposes or to protect the vital interests of the person or a third party.
Disposal of Confidential Material
Sensitive material should be shredded as soon as it is no longer needed, following the retention guidelines and statutory requirements. Particular care should be taken to delete information from tablets or computer hard drives if they are disposed of.
Staff Responsibilities
All staff are responsible for checking that any information that they provide Hideaway Day Nursery, in connection with their employment is accurate and up to date. Staff have the right to access any personal data that is bring kept about them, either on the computer or in manual filing systems. Staff should be aware of and follow this policy and seek further guidance when necessary.
Duty to Disclose Information
There is a legal duty to disclose certain information, namely, information about: child abuse, which will be disclosed to Children’s Services, or drug trafficking, money laundering or acts of terrorism or treason, which will be disclosed to the police.
Retention of Data
Hideaway Day Nursery takes care to store personal information that is absolutely necessary.
Personal information is kept for the period of time requested, following guidelines, these retention periods are either recommended or statutory.
Stored information is filed in a sealed and secure ‘lock up’. Once the retention period has lapsed, the information is destroyed (see retention periods for records policy)