01270 623023

Privacy Notice – parents/carers/children

Parklands Day Nursery record, create, process and keep personal information about you and your child in accordance with the General Data Protection Regulation (GDPR May 2018).  The GDPR provides the following rights for individuals:

  • The right to be informed.
  • The right to access.
  • The right to erase.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision-making and profiling.

These rights are outlined within this Privacy Notice, our Access and Storage of Information Policy and our Retention of Information Policy and must be read together.

The GDPR sets out 6 lawful bases for processing your data and at least one of these must apply whenever we process each piece of data.

  • Consent – you have given clear consent to process specific data for a specific purpose.
  • Contract – processing is necessary to fulfil contractual obligations.
  • Legal obligation – processing is necessary to comply with the law.
  • Vital interests – processing is necessary to protect someone’s life.
  • Public task – processing is necessary to perform a task in the public interest.
  • Legitimate interests – processing is necessary for our legitimate interests or those of a third party.

What information we hold and why.

It is also a requirement of our registration with the Information Commissioners Office to inform you about the details we keep about you and your children.  We will only collect information that is necessary for what we do and to allow us to comply with the Early Years Foundation Stage and the Childcare Register.  The records we hold generally fall into three different types:

Developmental records including – information collected from you, details about your child’s learning at home, observations of your child’s learning, assessments, individual planning and regular progress summaries and your child’s statutory 2 year progress check.

Personal records including – personal details, contractual details (attendance registers, fees/banking information), emergency details (contact information, records of health or care needs), safeguarding/child protection records, visitor records and any records required to support your child (information from other agencies/professionals).  Personal details will be recorded on your initial contact with the nursery via telephone/email/Facebook message regardless of whether your child eventually attends the nursery or not.  This information will enable us to re-contact you for feedback on your visit, invite you to events and monitor interest in the nursery to develop it further, and is processed under the lawful basis of consent.  Your consent for this data will be requested in advance.

Photographs – We store photographs of you and your child’s emergency contacts in your child’s individual file in their base room to allow us to check the identity of who is collecting your child.  These files are not in a locked filing cabinet as they are stored within the child’s base room to allow ease of access.  They are not left in open view and no other adults apart from staff will be alone to access to them.

We will take many photographs of your child to assist us in providing evidence of assessment in the learning journey, to use in various displays around the nursery and to advertise the nursery using various media.  Specific consent from you is required for us to do this.

Other parents may take photographs of your child at group events throughout the year.  These photographs must be for personal use only and not uploaded online.  Specific consent from you is required for us to allow this.

Photographs are taken on one of the designated nursery cameras and transferred onto our laptop/computers.  Occasionally, photographs will be transferred onto a memory stick which will be encrypted, along with hard-drive backups.  When printing photographs, staff will be present at all times or the office will be locked whilst printing continues.  Any discarded photographs will be shredded immediately.

What we do with your data and with whom it is shared.

We are required to ensure that the information we collect about you and your child is treated confidentially and only shared when there is a need for it to be shared, ideally with your permission in advance.

  • We share information with other settings or agencies involved in your child’s care e.g. speech therapists, other nurseries or childminders, and are required to do this by the EYFS. We have a legal obligation to share this data.
  • We are required by the EYFS to share a copy of your child’s 2 year old progress check with your health visitor. We have a legal obligation to share this data.
  • We are required to share information with our Local Authority to enable us to claim funding. There is a contractual necessity to share this data.
  • We share information about income and expenses including (when requested) your invoices and payments with professional advisors, HMRC and Tax Credits. We have a legal obligation to share this data.
  • We may also be required, without authorisation, to share information with the Local Authority in regards to our duty to safeguard and promote the welfare of children. We have a legal obligation to share this data.

Written Data Sharing Agreements or contracts will be in place with external organisations who we share your data with.  This ensures anyone processing your data will also be compliant with the GDPR requirements.

Ensuring your data is accurate.

We are required to keep your data up-to-date and we will be confirming the accuracy of the data we hold, including consents, on a regular basis.  In the event that any data needs amending, we are required to inform anyone who we have shared this data with to enable them to maintain accurate records.

Online data processing.

Electronic equipment – We have 2 computers and 2 laptops.  Computer and laptop security includes regularly updated antivirus software and regularly changed password protection.  The nursery mobile phone and tablets also have password protection.  The software Qustodio is installed on all relevant electronic equipment to prevent any inappropriate content from being accessed and also enables the equipment usage to be monitored on a regular basis.

Email (newsletters, invoices etc.) – We use Microsoft Outlook 2010 to process emails and our email provider is Fasthosts.  We keep a copy of your email addresses on our computers but we do not gather statistics or monitor this information.  We will occasionally email photographs of your child to you but your specific consent to do this is required in advance.  Data will be password protected or encrypted prior to emailing.

Website – Our website uses cookies.  Cookies are small text files that are placed on your computer and are used by most websites in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.   As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on our site and on others.

When you visit our website, Google Analytics collect internet log information and details of visitor behaviour patterns in the form of cookies.  This data will be shared with a third party for web development, analytics and search engine providers that assist us in the improvement and optimisation of our website.  Written Data Sharing Agreements or contracts will be in place with external organisations who we share your data with.  This ensures anyone processing your data will also be compliant with the GDPR requirements.

The web server also collects statistical information pertaining to every visit.

Your child’s photographs may be uploaded onto our website but your specific consent to do this is required in advance.

Facebook – We have a public nursery Facebook page and regularly post photographs of you and your child, which will be shared with third parties.  Specific consent for us to use these photographs is required in advance.  Facebook collect information from you when you visit and like our page in the form of cookie data to associate our Facebook page with your Facebook account.  We also use cookie information to analyse the performance of our page and develop it further.

Paper data processing.

Paper documents relating to you and your child are mainly stored in locked filing cabinets.  Some documentation is stored in files in the main office and this office is locked when it is empty, including throughout the day.  Some documentation is stored within your child’s base room (child’s registration form, learning journey, medical form, accident form, register details, permission forms etc.) for ease of access and this information is not locked away.  They are not left in open view and no other adults apart from staff will be alone to access to them.

All other paper documents such as invoices, bank statements, local authority funding forms are stored within the nursery office and are either locked in a filing cabinet or locked in the office when vacant.

How you can make a complaint.

Contact our Data Protection Lead or Deputy in the first instance:

Named Data Protection Lead – Victoria Finnan.

Named Data Protection Deputy – Jane Heath.

If your concerns remain unresolved, you can make a complaint relating to a data breach or if you think we are not processing your data appropriately to either Ofsted and/or the ICO.

Ofsted – enquiries@ofsted.gov.uk  phone – 0300 1231231, address – Piccadilly Gate, Store Street, Manchester M1 2WD.

ICO – https://ico.org.uk/for-organisations/report-a-breach/.

Other policies which should be read alongside this privacy notice are:

Access and Storage of Information Policy

Retention Policy

Camera and Recording Device Use

Safeguarding Policy

Our full Policies and Procedures File can be found in each lobby area but please ask if you would like specific policies copied to read off site.