We are Little Explorers, a childminding business based in Hartley Wintney Hampshire. Our web address is https://www.littleexplorers.co. Our data officer is Kerry Breading and can be reached on email at [email protected].
To provide a certain level of childcare and to comply with certain legislation we need to capture certain information from parents about their children and family. This will be classed as either personal data and in some cases, this will be classed as special category data. We are required to keep this on file and use this data to comply with the statutory framework for the Early Years Foundation Stage, Ofsted, Department for Education and local authority.
We take your privacy seriously and work inline with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR)
We will process any personal data according to the seven principles below:
1) We must have a lawful reason for collecting personal data. At all times we will do this in a fair and transparent way. At all times we aim to be clear about the data being collected and why it is required.
2) The data collected will only be used for the reason it was initially obtained unless it is required by law. We will not use data to market a product or service that is unconnected to the reason the data was provided initially.
3) We will not collect any more information or data than is necessary. The amount of data we collect will only be what is required and appropriate to supply childcare services and keep inline with relevant laws.
4) We will ensure that the data is correct, and will aim to ask parents to check and confirm that the data held is still accurate on a pragmatic basis.
5) Data will not be kept for longer than is needed. The data we keep is for as long as is needed to complete the tasks it was collected for and in compliance with relevant laws.
6) The personal data will be kept with due diligence and a responsibility to ensure that anyone with access to the use of the data, processes and manages it securely.
7) As we are accountable for the data, we will be able to demonstrate how we store and manage the data inline with the law.
We are registered with the Information Commissioner’s Office. The ICO is the UK’s independent authority. It is set up to uphold information rights in the public interest. It promotes openness by public bodies and data privacy for individuals.
When at Little Explorers we expect parents to keep private and confidential any sensitive information they may accidentally learn about the family, setting or the other children and families attending the setting, unless it is a child protection issue.
A parent (and those with parental responsibilities) have the right to access the data held on their child at any time. This will be provided no later than one month after requested. Requests can be made verbally. If the request comes via an unknown source (for example, a new email) we will seek verbal confirmation of the request.
The GDPR provides the following rights for individuals:
1) The right to be informed
2) The right of access
3) The right to rectification
4) The right to erasure
5) The right to restrict processing
6) The right to data portability
7) The right to object
8) Rights in relation to automated decision making and profiling
All paper-based records are securely locked away. We will gain parental permission for digital records, stored in a digital format. We will ensure we have adequate security surrounding the data. Any software or applications that are used as a digital solution to store data will have a level of due diligence carried out, in order to ensure they are compliant with GDPR.
We may be expected to share data with other childcare providers. This will be if a child also attends another setting.
We may need to share information with Local Authorities. This will be with regards to the childcare and early years entitlements.
There could be times and some cases where we may need to share information without parents' consent. This will be if there is a child protection concern, criminal investigation, tax investigation, health and safety reports or any other legal requirement etc.
Ofsted can require access to the data and records at any time.
All accidents are recorded within an accident book. As we insured via PACEY, we will notify PACEY of any accidents and share data on any accidents that may result in an insurance claim, e.g. an accident resulting with a visit to the doctor or to the hospital. From this, PACEY will log the data and forward this data to the public liability insurance company to enable a claim number to be allocated.
Any significant injuries, accidents or deaths will be reported and informed to Ofsted, the local child protection agency and the Health and Safety Executive.
Data of all signigicant incidents will be recorded within an incident book and will be shared with parents so that any issues can be resolved.
Data will be shared without your prior permission if it is in your child's best interests for us to do so. An example of this would be in a medical emergency, we would share the information with a healthcare professional.
Data may be shared to allow us to follow our duty of care and the local safeguarding children board procefures and referral. Where possible we will discuss any concerns with you before making the referral.
Any data breach will be recorded. We will investigate any suspected breach and take the appropriate action to correct and resolve any concerns. If we suspect data has been accessed unlawfully, we will inform the relevant parties straight away and report to the Information Commissioner’s Office within 72 hours.