Acorns Community Preschool Children and Families
We are committed to ensuring that any personal data we hold about you and your child is protected in accordance with data protection laws and is used in line with your expectations.
This privacy notice explains what personal data we collect, why we collect it, how we use it and how we protect it.
What personal data do we collect?
We collect personal data about you and your child to provide care and learning that is tailored to meet your child’s individual needs. We also collect information in order to verify your eligibility for free childcare as
Personal details that we collect about your child include:
- your child’s name, date of birth, address, health and medical needs, development needs, and any special educational needs, child’s gender, ethnicity, first language, attendance patterns.
Where applicable we will obtain child protection plans from social care and health care plans from health professionals.
We will also ask for information about who has parental responsibility for your child and any court orders pertaining to your child.
Personal details that we collect about you include:
- your name, home and work address, phone numbers, emergency contact details, and family details
This information will be collected from you directly in the registration form.
If you apply for up to 30 hours free childcare, your child is eligible for Pupil Premium or we help you with an assisted funding application with Hampshire County Council, we will also collect:
- your national insurance number or unique taxpayer reference (UTR), if you’re self-employed. We may also collect information regarding benefits and family credits that you are in receipt of.
Why we collect this information and the legal basis for handling your data
We use personal data about you and your child in order to provide childcare services and fulfil the contractual arrangement you have entered into. This includes using your data to:
- contact you in case of an emergency
- to support your child’s wellbeing and development
- to manage any special educational, health or medical needs of your child whilst at our setting
- to carry out regular assessment of your child’s progress and to identify any areas of concern
- to maintain contact with you about your child’s progress and respond to any questions you may have
- to process claims with Hampshire County Council for all Early Years Education Funding
- to keep you updated with information about our service
With your consent, we will also record your child’s activities for their individual learning record. This may include photographs and videos. You will have the opportunity to withdraw your consent at any time, for images taken by confirming so in writing.
We have a legal obligation to process safeguarding related data about your child should we have concerns about their welfare. We also have a legal obligation to transfer records and certain information about your child to the school that your child will be attending (see Transfer of Records policy).
Who we share your data with
In order for us to deliver childcare services we will also share your data as required with the following categories of recipients:
- Ofsted – during an inspection or following a complaint about our service
- the Local Authority, Hampshire County Council
- the government’s eligibility checker (as above)
- our insurance underwriter (if applicable)
- the school that your child will be attending
We will also share your data if:
- we are legally required to do so, for example, by law, by a court or the Charity Commission;
- to enforce or apply the terms and conditions of your contract with us;
- to protect your child and other children; for example by sharing information with social care or the police;
- it is necessary to protect our, or others rights, property or safety
- we transfer the management of the setting, in which case we may disclose your personal data to the prospective management team members so they may continue the service in the same way.
We will never share your data with any other organisation to use for their own purposes
How do we protect your data?
We protect unauthorised access to your personal data and prevent it from being lost, accidentally destroyed, misused, or disclosed by:
- Having all digital information password protected and with up to date virus protection.
- Having all paper information stored securely within the setting.
How long do we retain your data?
We retain your child’s personal data for up to 3 years after your child no longer uses our setting, or until our next Ofsted inspection after your child leaves our setting. Medication records and accident records are kept for longer according to legal requirements. Your child’s learning and development records are maintained by us and handed to you when your child leaves.
In some instances (child protection, or other support service referrals) we are obliged to keep your data for longer if it is necessary to comply with legal requirements (see our Children’s and Provider Records policies).
We do not make any decisions about your child based solely on automated decision-making. Or explain details if this is the case.
Your rights with respect to your data
You have the right to:
- request access, amend or correct your/your child’s personal data
- request that we delete or stop processing your/your child’s personal data, for example where the data is no longer necessary for the purposes of processing; and
- request that we transfer your, and your child’s personal data to another person
If you wish to exercise any of these rights at any time or if you have any questions, comments or concerns about this privacy notice, or how we handle your data please contact us. If you have/continue to have concerns about the way your data is handled and remain dissatisfied after raising your concern with us, you have the right to complain to the Information Commissioner Office (ICO). The ICO can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or ico.org.uk/
Changes to this notice
We keep this notice under regular review. You will be notified of any changes where appropriate.
The General Data Protection Regulation (GDPR) is a new EU law that came into effect on 25 May 2018. It replaced the Data Protection Act 1998 and the changes remain in place even after the UK leaves the EU in 2019.
GDPR condenses the Data Protection Principles into six areas, referred to as the Privacy Principles. They are:
- You must have a lawful reason for collecting personal data and must do it in a fair and transparent way.
- You must only use the data for the reason it is initially obtained.
- You must not collect any more data than is necessary.
- It has to be accurate and there must be mechanisms in place to keep it up to date.
- You cannot keep it any longer than needed.
- You must protect the personal data.
These privacy principles are supported by a further principle – accountability.
This means our setting must not only do the right thing with data but must also show that all the correct measures are in place to demonstrate how compliance is achieved.
For more information please see our Policy 10.8 Information sharing. For a copy of the policy please see Policies section.
‘Practitioners need to understand their organisation’s position and commitment to information sharing. They need to have confidence in the continued support of their organisation where they have used their professional judgement and shared information professionally.’
Information Sharing: Guidance for Practitioners and Managers (DCSF 2008).