Privacy and Data Protection Policy

Statement of Intent

This policy describes how we collect, use and look after the information you provide us.

Naunton Park Pre School Playgroup will at all times protect and retain data, relating both to its staff and children, in line with statutory requirements under the GDPR.

Key Facts

  • We need to keep certain personal information about parents and children who use our services in order to fulfil our contractual obligations and best care for your children. From 25th May 2018 the processing of this personal information is governed by the General Data Protection Regulation (GDPR) 2018.
  • We only collect personal data when we have a lawful reason for doing so, and we only use it for the purpose it was originally obtained for.
  • We take steps to ensure that the data we keep is accurate, up to date and secure, and we do not keep it longer than is necessary.
  • We have written policies and procedures in place for dealing with personal data, including breaches of security, and our staff have appropriate training and awareness of data protection principles and procedures.
  • We are a Data Controller for your personal data, which means that we decide what information we need to keep about you and why, and how we process and store that information.

Rights of Individuals under GDPR

1) The right to be informed

Naunton Park Pre School is a registered Childcare provider with Ofsted and as such, is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses, date of birth and National Insurance numbers. We need to know children’s’ full names, addresses, date of birth and Birth Certificate number. For parents claiming the free nursery entitlement we are requested to provide this data to Gloucestershire County Council.

As an employer Naunton Park Pre School is required to hold data on its employees; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK.

2) The right of access

At any point an individual can make a request relating to their data and Naunton Park Pre School will need to provide a response (within 1 month). The individual will have the right to complain to the ICO if they are not happy with the any decision not to disclose (for safeguarding reasons, for example).

3) The right to erasure

You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Naunton Park Pre School has a legal duty to keep children’s and parents’ details for a reasonable time [need specifics for different data types]

4) The right to restrict processing

Parents, visitors and staff can object to Naunton Park Pre School processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.

5) The right to data portability

6) The right to object

Parents, visitors and staff can object to their data being used for certain activities like marketing or research.

7) The right not to be subject to automated decision-making including profiling

Automated decisions and profiling are used for marketing-based organizations. Naunton Park Pre School does not use personal data for such purposes.

Types of Data

We keep two kinds of records on children attending the playgroup.

1. Developmental records

  • These include observations of the children whilst they are attending the playgroup, samples of their work, photographs of them playing and summaries of their development and records of achievements.
  • They are kept in a lockable filing cabinet and can be accessed and contributed to by staff. They are shared with parents at the end of the school year, but parents can see them at any time, if they wish to do so.

2. Personal records

These include:

  • Registration and admission forms and signed consents. These are kept in a file in the lockable filing cabinet.
  • Correspondence concerning the child or family, reports or minutes from meetings concerning the child from other agencies, an ongoing record of relevant contact with parents and observations by staff on any confidential matter involving the child, such as developmental concerns or child protection matters. These are kept in individual, confidential files in the lockable filing cabinet.
  • Parents have access, in accordance with the access to records procedure, to the files and records of their own children but do not have access to information about any other child.
  • Staff will not discuss personal information given by parents with other members of staff, except where it affects planning for the child’s needs. Staff induction includes an awareness of the importance of confidentiality in the role of a key person.

Information Sharing

There are times when we are required to share information about a child or their family. These are when:

  • there are concerns a child is or may be suffering significant harm
  • the ‘reasonable cause to believe’ a child is or may be suffering significant harm is not clear
  • there are concerns about ‘serious harm to adults’ (such as domestic violence or other matters affecting the welfare of the parents)
  • We explain to families about our duty to share information for the above reasons.
  • Where we have concerns as above, we would normally gain consent from families to share. This does not have to be in writing, but we will record in the child’s file that we have gained verbal consent as a result of discussing a concern that we need to refer to a social care agency.
  • We do not seek consent from parents to share information where we believe that a child, or sometimes a vulnerable adult, may be endangered by seeking to gain consent. For example where we have cause to believe a parent may try to cover up abuse, or threaten a child.
  • Where we take a decision to share information without consent that is recorded in the child’s file and the reason clearly stated.
  • Where evidence to support our concerns are not clear we may seek advice from our local safeguarding childcare service.
  • We only share relevant information that is accurate, factual, non-judgemental and up to date.

Other Records

  • Issues to do with the employment of staff, whether paid or unpaid, remain confidential to the people directly involved with making personnel decisions.
  • Students attending the playgroup are advised of our confidentiality policy and required to respect it.

Access to Personal Records

Parents may request access to any records held on their child and family following the procedure below.

  • Any request to see the child’s personal file by a parent or person with parental responsibility must be made in writing to the playgroup supervisor.
  • The supervisor informs the chair of the committee and sends a written acknowledgement.
  • The playgroup commits to providing access within 14 days- although this may be extended.
  • The supervisor and the key person prepare the file for viewing.
  • All third parties are written to, stating that a request for disclosure has been received and asking for their permission to disclose to the person requesting it. A copy of the letters will be retained on file.
  • ‘Third parties’ include all family members who may be referred to in the records.
  • It also includes workers from any other agency, including safeguarding children service, the health authority etc. It is usual for agencies to refuse consent to disclose, preferring the individual to go directly to them.
  • When all the consents/refusals to disclose have been received these are attached to the copy of the request letter.
  • A photocopy of the complete file is taken.
  • The playgroup supervisor and key person go through the file and remove any information which a third party has refused consent to disclose. This is best done with a thick black marker, to score through every reference to the third party and information they have added to the file.
  • What remains is the information recorded by the setting, detailing the work initiated and followed by them in relation to confidential matters. This is called the ‘clean copy’.
  • The clean copy is photocopied for the parents who are invited in to discuss the contents. The file should never be given straight over, but should be gone through with the supervisor, so it can be explained.
  • Legal advice may be sought before sharing a file, especially where the parent has possible grounds for litigation against the setting or another (third party) agency. At this point the Chairperson needs to be informed and would have access to the file.

All the undertakings above are subject to the paramount commitment of the playgroup, which is to the safety and well-being of the child. Please see our Safeguarding policy.

To be reviewed Reviewed by Office Signature Date
05/2022 Sarah White Sarah White 05/2021
01/2024 Lucy Champion Secretary Lucy Champion 01/2023