Data Protection and GDPR Policy
The Data Protection Act 2018 (DPA) is an Act of Parliament which defines UK law on the keeping and processing of data. It is the main piece of legislation that governs the protection of personal data in the UK, and helps strike a balance between the many benefits of sharing information and safeguarding privacy. Forming part of the DPA are the General Data Protection Regulations 2018 (GDPR). These Regulations require that a processor of personal data must clearly disclose any data collection, declare the lawful basis and purpose for data processing, how long data is being retained, and if it is being shared with any third parties or outside of the EU. As a data controller, Blofield Preschool will meet the requirements of the DPA and GDPR.
Why we hold your data
It is an Ofsted requirement that we hold the personal information of the children in our care and their families. We also need to hold personal data stipulated by Norfolk County Council for the purpose of claiming Government funding on your behalf. We hold child/family information for development purposes, safeguarding reasons, and for billing and communication. All information given to us relating to your child or family is only used for the intended purpose of childcare and the welfare of your child.
Who we share your data with
Your data is not shared with anyone except for the purpose of supporting your child’s learning and development. Our contracts include a section where you give consent for us to discuss your child with other professionals and agencies such as Ofsted, the NHS, and Norfolk County Council. Our contracts also include a section where you can give consent for your child’s information to be shared with other settings they may attend and their new school, to ensure continuity of care and to support your child’s learning and development.
All documentation relating to your child is scored securely and any information regarding your child or your family, which we observe, or which is given to us either verbally or in writing, will be kept confidential and only shared on a need to know basis with your permission. In rare circumstances however, we may have to share information relating to your child or family without parental permission, e.g. for safeguarding purposes where sharing information with the parent/carer could put the child at risk of harm.
How long we keep your information
When a child leaves Blofield Preschool, we will hold their information on file for:
· Development and learning records – 3 years
· Child accident and medication records – 3 years
· Attendance records – 6 years
· Early Education Funding records – 6 years
· Child protection/safeguarding records – until the child is 25 years
Data will then be disposed of appropriately and securely at the correct time.
Under the GDPR, parents have the right to access the information held on them and their children and have the right to have personal data corrected if it is inaccurate. You can request the information held on you by emailing firstname.lastname@example.org and we will respond within 30 days.
If Blofield Preschool suspects that your data has been accessed unlawfully, we will inform the relevant parties immediately and report to the Information Commissioner’s Office within 72 hours. We will keep a record of any data breach.