The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation, known as GDPR.
GDPR Rules were drafted and passed by the European Union, these rules converted into UK law on 1 January 2021 and now the UK GDPR mirrors the EU version.
Everyone responsible for using personal data should follow rules called data protection principles.
The principles lie at the heart of the UK GDPR. They are set out right at the start of the legislation and inform everything that follows. They don’t give hard and fast rules, but rather embody the spirit of the general data protection regime - and as such there are very limited exceptions.
Compliance with the spirit of these key principles is therefore a fundamental building block for good data protection practice. It is also key to your compliance with the detailed provisions of the UK GDPR.
They must ensure that the information processed is:
● Used fairly, lawfully, and transparently
● Used for specified, explicit purposes
● Used in a way that is adequate, relevant and limited to only what is necessary
● Accurate and kept up to date
● Kept for no longer than is necessary
● Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
Our designated Data Protection Officer for the organisation is Lisa Henderson and can be contacted at 07583073957. They are responsible for ensuring systems are in place to process and handle all data appropriately, updating policies, undertaking an annual audit of data, monitoring staff regarding data handling, processing, and training.
The personal data that we collect from you (or your child) may include:
● Date of birth
● Home address
● Email address
● Home and mobile telephone numbers
● Information and observations to support your child’s learning.
Please note – this is not an exhaustive list, so make sure you include details of ANY data you collect pertaining to parents/carers, children, staff or volunteers.
We may collect information in the following ways:
● In person
● Over the phone
● By email
We process your personal information to meet our legal, statutory, and contractual obligations and to provide you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice.
We take your privacy very seriously and will never disclose or share your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers or marketing, you are free to withdraw consent at any time.
The purposes and reasons we have for processing your personal data are:
● To support a contract or a service requested by you (i.e. the provision of early learning and childcare)
● As part of our legal obligation for business accounting and tax purposes.
You have the right to access any personal information that we hold and process about you. You also have the right to request information about:
● The personal data we hold about you
● The purposes for which we process your data
● The categories of data concerned
● The recipients (if any) to whom the personal data has/will be disclosed
● If applicable, where we gathered any supplementary information.
We intend to store your personal data for the duration of our contract/service with you and will operate within existing legal requirements.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will endeavour to make the corrections as a matter of urgency. If there is a valid reason for not doing this, we will contact you and update you about this situation. You also have the right to request the deletion of your personal data or to restrict processing in accordance with General Data Protection Regulation, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use which relates to required communications in relation to the service we provide to you. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
We do not share or disclosure any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. The processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, which we have agreement of. They have agreed to adhere to the data protection laws and work within the requirements of required confidentiality and security measures. Regulatory requirements from governing bodies supersede the requirements of the regulation; where a request is made by a non-regulatory organisation, your consent will be requested. We are required to share information without consent if:
● There is evidence that a child is suffering or at risk of suffering significant harm.
● There is reasonable cause to suspect that a child may be suffering or at risk of suffering significant harm.
● It will prevent a crime being committed or provide information where a crime may have been committed.
● Refusing to share the information will have a negative outcome.
You are not obligated to provide your personal information where is does not relate directly to our service to you, however, if this information is required for us to provide you with our services it may have a direct impact upon the level of service, we can provide you with.
We only ever retain personal information for as long as is necessary, for the duration of our contract/service with you. Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent. Regulatory requirements from governing bodies supersede the requirements of the regulation.
When you provide your details, you will see one or more tick boxes allowing you to:
● Opt-in to receive marketing communications from us by email, telephone, text message or post.
● Opt-in to receive marketing communications from our third-party partners (where applicable) by email, telephone, text message or post.
If you have agreed that we can use your information for marketing purposes, you have the right to change your mind at any time by letting us know.
We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
Our website may contain links to other websites. Please note that we have no control of websites outside our domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy. We would advise you to read any such site’s data protection and privacy policies fully to ensure your own security.
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Information Commissioner’s Office Scotland
The UK GDPR | ICO
Queen Elizabeth House
Telephone: 0303 123 1115