Data Protection Policy
Here at Scallywags Nursery and Pre-School, data and its safekeeping are critical. We have a data protection officer – Vicky and to help in handling any information we follow the eight principles of good practice:-
The 8 principles of data must be:-
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than necessary
6. Processed in accordance with the individual's rights
7. Secure
8. Not transferred to countries outside the European Economic area unless the country has adequate protection for the individual.
This policy defines the arrangements in the nursery that assures compliance to the requirements of The Data Protection Act, 1998 and the General Data Protection Regulation (GDPR) 2018, as relevant to the Nursery’s business interests:
Introduction
• The Data Protection Act, 1998 and the GDPR 2018 address certain requirements for all Organisations that collect & process personal data as part of there on-going business operations. Personal data is defined by: any information relating to an ‘identifiable living individual; & will therefore, apply to the nursery’s clients (children attending the nursery, and their parents/ carers), employees & suppliers.
• The data protection Act, 1998 and GDPR 2018 apply to any data recorded in a filing system that allows personal data to be easily accessed.
• The data protection act, 1998 and GDPR 2018 applies to records kept in hard copy (paper) format, and in computer files.
Policy details
• The nursery will require written consent from each individual’s child’s parents/ guardian/ carer, in order for personal data to be collected and processed. In this respect it will be taken that consent is implied through the following: · Clients – by the parent/ carer who signs the registration forms and appropriate consent forms as a ‘contract for nursery care’ for their child/ children. Employees – by completing the job application form at onset of employment, and where the employee has not registered an objection to their data being used.
• All individual, parents, carer’s & employees have the right of access to manual and computerised records when concerning their personal data.
• Where it is deemed necessary to divulge a third party this will only be done with the express permission of the individual subject.
• All past files and present files are stored in a lockable cupboard and storage space.
• Personal data and records will be maintained under appropriate conditions of security to prevent any unauthorised or accidental disclosure. Records can be hard copy (paper) format and computer files. Particular attention is paid to the following aspects of the record storage. Hard copy file; Identification of storage; · Identification of those employees authorised to have access. Computer file: · Password- protection for access to sensitive data files: · Who is authorised to have knowledge of these passwords · Back up, control and management of what are essentially copies of personal data. When personal data is being processed, staff will take reasonable precautions to prevent sighting of data by unauthorised persons: · Record files are locked away when are not in use. · where practical computer VDU screens should be tilted towards the user and away from the general office environment; · VDUs are not left on when not in use.
Tax, Accounts, NI | 6 Years + current tax year |
Employment Records | 2 Years after they have left (possible 5 years for reference requests) |
Staff Interview Records | Statutory 7 Years |
Employers Liability Insurance Certificate | Statutory 40 Years |
Accidents/Incident/Medication Serious Accidents |
2 Years after they have left |
Registers | 2 Years after they have left |
Commercial paperwork-old parental contracts, enquires, correspondence |
2 Years after they have left |
Child Protection | Statutory Keep until they are 25 Years old. Pass on to Child Protection Officer in next setting or to the child’s Health Visitor when the child leaves |
Health and Safety, Food and Fridge Temp | 6 Months |
Children’s Records – Development, Tapestry | 2 Years after they have left and/or send to next setting. |
Records of Special Needs | Until child reaches 25 Years |
Copies of transitional Records | 3 Years as child reaches KS2 and/or send to next setting |
Disposing Of Information
All information when ready (See dates above) will be shredded and placed into black sacks then into the rubbish bin.
For additional guidance on the Data Protection Act, it is available on a website at https://eugdpr.org/
To contact their helpline 01625 545 745
To contact their press office telephone 020 7282 2960
Please see our separate GDPR privacy notices for customers and staff.