At Bright Starts Day Nursery we are committed to ensuring that any personal data we hold about you and your child is protected in accordance with data protection laws and is used in line with your expectations.
This privacy notice explains what personal data we collect, why we collect it, how we use it and how we protect it.
What personal data do we collect? We collect personal data about you and your child to provide care and learning that is tailored to meet your child’s individual needs. We also collect information in order to verify your eligibility for free childcare as applicable.
Personal details that we collect about your child include: your child’s name, date of birth, address, health and medical needs, development needs, and any special educational needs.
Where applicable we will obtain child protection plans from social care and health care plans from health professionals.
We will also ask for information about who has parental responsibility for your child and any court orders pertaining to your child.
Personal details that we collect about you include: your name, home address and work contact details, phone numbers, emergency contact details, and family details of those you have listed to be contacted in an emergency and authorised in collecting your child.
This information will be collected from you directly in the registration form.
If your child attends another setting or childminder, we will also ask for:
Address and contact details of the setting or individual so we can ensure information is shared about his or her development whilst in our care.
‘Sharing information is an intrinsic part of any frontline practitioners’ job when working with children and young people. The decisions about how much information to share, with whom and when, can have a profound impact on individuals’ lives. It could ensure that an individual receives the right services at the right time and prevent a need from becoming more acute and difficult to meet. At the other end of the spectrum it could be the difference between life and death.’
Information Sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers (HM Government 2015)
We recognise that parents have a right to know that the information they share with us will be regarded as confidential, as well as to be informed about the circumstances when, and the reasons why, we are obliged to share information.
We record and share information about children and their families (data subjects) in line with the six principles of the General Data Protection Regulations (GDPR) (2018) which are further explained in our Privacy Notice that is given to parents at the point of registration.
The six principles state that personal data must be:
1. Processed fairly, lawfully and in a transparent manner in relation to the data subject.
2. Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes.
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
4. Accurate and where necessary, kept up to date.
5. Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
6. Processed in a way that ensures appropriate security of the personal data including protection against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We are obliged to share confidential information without authorisation from the person who provided it, or to whom it relates, if it is in the public interest. That is when: it is to prevent a crime from being committed or to intervene where one may have been, or to prevent harm to a child or adult; or not sharing it could be worse than the outcome of having shared it.
Although consent is a huge part of GDPR, as a nursery we have lawful obligations that require us to collect process and store personal data.
In order to comply with regulatory frameworks and inspectorates across the UK, there is a large amount of data that we must hold and maintain. These legal obligations override GDPR and therefore we do not need consent to collect certain data from our parents or children.