top of page

Rose Buddies Childcare is governed by Thurrock Council and as such will work in accordance with GDPR policies and guidelines.  All staff have completed GDPR training with NoodleNow.

 

GDPR Principles

Under the General Data Protection Regulation (GDPR) from 25th May 2018, the data protection principles set out the main responsibilities for processing data.

​

As the data controller, Rose Buddies Childcare will have clear regard to Article 5 of the GDPR that requires personal data to be:

a) processed lawfully, fairly and in a transparent manner in relation to individuals;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

​

The categories of children’s information that we collect, hold and share include:

  • Personal information (such as name, and address, contact details and medical information)

  • Characteristics (such as ethnicity, language, nationality, country of birth and entitlement eligibility)

  • Attendance information (such as sessions attended, number of absences and absence reasons)

  • Observation and assessment information, special educational needs information

 

Why we collect and use this information

​

We use the child’s data:

  • to support learning and development

  • to monitor and report on progress

  • to support the child’s wellbeing

  • to assess the quality

  • to comply with the law regarding data sharing

  • to share information with Thurrock, in regards to childcare and early years entitlement.

  • to meet the statutory requirements of the Early Years Foundation Stage (EYFS)

  • ​

Collecting information

​

Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

​

Storing data

​

We hold child data for the duration period as stipulated by the appropriate legislative body.

​

Rose Buddies Childcare will keep all paper-based records about children and their families securely locked away.

If we keep records relating to individual children on our computer, externally or in cloud storage such as iCloud, Google Drive or Dropbox, including digital photos or videos, we will obtain parents’ permission. This also includes CCTV. We will store the information securely, for example, in password-protected files, to prevent viewing of the information by others with access to the computer.

​

Backup files will be stored on an encrypted memory stick which I/we will lock away when not being used. Firewall and virus protection software are in place. 

​

We may store records using our digital Baby’s days package. We will ensure we have carried out due diligence to ensure this is compliant with GDPR.

​

Who we share information with

​

Information may be shared with:

  • Other shared care settings or carers agreed with parent/carers

  • Schools that the child will be or is attending

  • Children Centres

  • Health care professionals

  • Thurrock Local Authority

  • ​

Why we share information

We do not share information about children with anyone without consent unless the law and our policies allow us to do so.

Requesting access to your personal data

Under data protection legislation, parents and children have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the nursery manager.

 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress

  • prevent processing for the purpose of direct marketing

  • object to decisions being taken by automated means

  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and

  • claim compensation for damages caused by a breach of the Data Protection regulations

 

A response to your request for information will be acted upon within 20 working days. Please allow postal time.

 

If you have a concern about the way we are collecting or using your personal data, Little Pirates and Neptune nurseries request that you raise your concern with us in the first instance. Alternatively, you can contact Thurrock Council or the Information Commissioner’s Office at https://ico.org.uk/concerns/

Safe disposal of data

Rose Buddies Childcare is required by law to keep some data for some time after a child has left the setting. We have a review plan in place and will ensure that any data is disposed of appropriately and securely. 

Suspected breach

If we suspect that data has been accessed unlawfully, we will inform relevant parties immediately. We will report to the Information Commissioner’s Office within 72 hours. We will keep a record of any data breach.   

bottom of page