top of page

Confidentiality & GDPR

Policy Statement

Our setting is dedicated to maintaining the privacy and security of personal information in accordance with legal requirements. We treat all data with the utmost care, taking appropriate measures to collect, store, and dispose of data responsibly and confidentially. We prioritise the security and confidentiality of all information regarding children and families. We adhere to the following guidelines:

​

Consent and Confidentiality:

Information will only be shared with third parties if explicit permission is obtained from the child’s parents/carers or in cases where child protection concerns arise.

All records are securely stored to maintain confidentiality.

Access to children's records is restricted to the premises unless authorisation is given.

 

Compliance with Data Protection Regulations:

We are committed to meeting the requirements of the Data Protection Act 1998 and the General Data Protection Regulations 2018.

Personal data will be collected, stored, and destroyed in accordance with the law.

Fair and lawful practices will be followed when collecting and using information.

All personal data will be stored securely to prevent unauthorised disclosure.

 

Access for Inspection:

Details and records will be readily accessible for inspection by OFSTED, ensuring compliance with regulatory standards.

 

Procedure:

We place great emphasis on maintaining the privacy and security of personal information. We uphold strict confidentiality standards, adhere to data protection legislation, and ensure access to information is controlled and provided only when necessary.

  • We understand and respect the sensitivity of the information you provide about your child/children.

  • Written information about your child will be securely maintained to ensure confidentiality.

  • Confidential information will not be discussed with others except in cases where it is necessary to safeguard your child (as outlined in our Safeguarding Children procedure) or during handovers to other authorised child carers as agreed upon with you.

  • We will adhere to data protection rules when disclosing records that refer to third parties.

  • You are welcome to request and review any written information we hold regarding your child at any time.

  • All parents have the freedom to access and review our policies, which provide detailed information on how our settings operate.

  • Our certificate of registration is displayed and available for viewing by all parents.

  • We are fully aware of our responsibilities under the Data Protection Act 1998, the Freedom of Information Act 2000, and the GDPR 2018.

  • We maintain records of parents and emergency contact details, the child's GP contact information, and appropriate signed consent forms.

  • In the event that a child is identified as a child in need (under Section 17 of the Children's Act 1989), we will, with parents' permission, provide relevant information to referring agencies.

 

GDPR:

The General Data Protection Regulation (GDPR) replaced the Data Protection Act 1998 and provides individuals with greater control over their personal data. It is necessary for us to collect personal information about the children, staff, and parents/carers. We are committed to ensuring compliance with GDPR and protecting your rights and privacy.

 

We follow the Privacy Principles under GDPR, which condense the Data Protection Principles, and are as follows:

 

  • Lawful, Fair, and Transparent Data Collection: We collect personal data for lawful reasons fairly and transparently.

  • Purpose Limitation: Personal data is used solely for the purpose it was initially obtained.

  • Data Minimisation: We only collect the necessary data.

  • Data Accuracy and Updates: Personal data is maintained accurately, and mechanisms are in place to keep it up to date.

  • Storage Limitation: Personal data is retained only as long as necessary and securely disposed of thereafter.

  • Integrity and confidentiality: We implement appropriate measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. Personal data is not transferred to any external agency or country within the EU that does not comply with GDPR regulations.

  • Accountability: To ensure compliance with the data processing principles, it is essential to have robust measures and well-maintained records as evidence of our adherence to GDPR regulations. These measures and records demonstrate our commitment to GDPR compliance and our dedication to safeguarding personal data.

 

Your Rights Concerning Your Data:

 

  • You have the right to request access to the personal data we hold.

  • You can object to the processing of personal data that causes or is likely to cause damage or distress.

  • You may prevent processing for direct marketing purposes.

  • Inaccurate personal data can be rectified, blocked, erased, or destroyed.

  • You have the right to claim compensation for damages caused by a breach of GDPR.

  • You can object to any automated decisions made about your data.

  • You can request the transfer of your personal data and your child's data to another person.

If you wish to exercise any of these rights or have any questions, comments, or concerns regarding our privacy practices, please get in touch with the manager. If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

 

CREATED: AUGUST 2023   NEXT REVIEW: AUGUST 2024

bottom of page