Data Protection Policy

Here at Scallywags Nursery and Pre-School, data and its safekeeping are critical. We have a data protection officer – Vicky and to help in handling any information we follow the eight principles of good practice:-

The 8 principles of data must be:-

1. Fairly and lawfully processed

2. Processed for limited purposes

3. Adequate, relevant and not excessive

4. Accurate and up to date

5. Not kept for longer than necessary

6. Processed in accordance with the individual's rights

7. Secure

8. Not transferred to countries outside the European Economic area unless the country has adequate protection for the individual.

This policy defines the arrangements in the nursery that assures compliance to the requirements of The Data Protection Act, 1998 and the General Data Protection Regulation (GDPR) 2018, as relevant to the Nursery’s business interests:

Introduction

• The Data Protection Act, 1998 and the GDPR 2018 address certain requirements for all Organisations that collect & process personal data as part of there on-going business operations. Personal data is defined by: any information relating to an ‘identifiable living individual; & will therefore, apply to the nursery’s clients (children attending the nursery, and their parents/ carers), employees & suppliers.

• The data protection Act, 1998 and GDPR 2018 apply to any data recorded in a filing system that allows personal data to be easily accessed.

• The data protection act, 1998 and GDPR 2018 applies to records kept in hard copy (paper) format, and in computer files.

Policy details

• The nursery will require written consent from each individual’s child’s parents/ guardian/ carer, in order for personal data to be collected and processed. In this respect it will be taken that consent is implied through the following: · Clients – by the parent/ carer who signs the registration forms and appropriate consent forms as a ‘contract for nursery care’ for their child/ children. Employees – by completing the job application form at onset of employment, and where the employee has not registered an objection to their data being used.

• All individual, parents, carer’s & employees have the right of access to manual and computerised records when concerning their personal data.

• Where it is deemed necessary to divulge a third party this will only be done with the express permission of the individual subject.

• All past files and present files are stored in a lockable cupboard and storage space.

• Personal data and records will be maintained under appropriate conditions of security to prevent any unauthorised or accidental disclosure. Records can be hard copy (paper) format and computer files. Particular attention is paid to the following aspects of the record storage. Hard copy file; Identification of storage; · Identification of those employees authorised to have access. Computer file: · Password- protection for access to sensitive data files: · Who is authorised to have knowledge of these passwords · Back up, control and management of what are essentially copies of personal data. When personal data is being processed, staff will take reasonable precautions to prevent sighting of data by unauthorised persons: · Record files are locked away when are not in use. · where practical computer VDU screens should be tilted towards the user and away from the general office environment; · VDUs are not left on when not in use.