Confidentiality, Data Protection and GDPR Policy

We collect personal data from parents in compliance with the Data Protection Act 2018 and the General Data Protection Regulation, prioritising confidentiality and care in handling sensitive information and processing any personal data according to the seven data protection principles, see below:  

1. We must have a lawful reason for collecting personal data and must do it in a fair and transparent way.  We will be clear about what data we are collecting, and why. 
2. We must only use the data for the reason it is initially obtained. This means that we may not use a person’s data to, market inappropriately or to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place, unless required to do so by law.
3. We must not collect any more data than is necessary. We will only collect the data we need to hold to provide appropriate childcare services and abide by relevant laws. 
4. We will ensure that the data is accurate and ask parents to check annually and confirm that the data held is still accurate. 
5. We will not keep data any longer than needed. We must only keep the data for as long as is needed to complete the tasks it was collected for and in compliance with relevant laws.  
6. We must protect the personal data. We are responsible for ensuring that Sara Taylor-Platt, and anyone else charged with using the data, processes and stores it securely. 
7. We will be accountable for the data. This means that we will be able to show how we are complying with the law.

 

Confidentiality Assurance 

At Daffodil WLC, we take pride in providing a nurturing environment for children to flourish. As registered members with the Information Commissioners Office (ICO), we are committed to upholding the highest standards of data protection. To deliver our childcare service effectively, we may ask parents for personal data regarding themselves and their child/ren. Rest assured, we have a comprehensive privacy notice that we share with all parents to ensure transparency and compliance with regulations such as the Childminding and Day Care Regulations (Wales) 2010, as well as other pertinent legislation in Wales. This data is essential for us to meet regulatory requirements and to support additional services funded through our Local Authority.  

We trust that parents will also understand the importance of confidentiality and respect the privacy of sensitive information they may inadvertently come across about our family, our setting, or other children and families within our care, unless it pertains to a child protection concern. 

 

Individual Rights 

Respecting individual rights in line with the Data Protection Act 2018 is paramount at Daffodil. We ensure adherence to each of the following rights for individuals:  

1. Right to be Informed - We will provide parents with comprehensive information regarding the purposes of data processing, the types of data collected, how it will be used, who it will be shared with (if applicable), and their rights under data protection laws. This information will be communicated through privacy notices and consent forms.
2. Right of Access - Parents can request access to their and their child's personal data held by Daffodil at any time. We will respond promptly to such requests and provide the requested information in a clear and understandable format.
3. Right to Rectification - If parents identify inaccuracies or incompleteness in their or their child's personal data, they can request corrections. Daffodil will promptly rectify any inaccuracies and ensure that the data is updated accordingly.
4. Right to Erasure - Upon request, Daffodil will delete personal data when it is no longer necessary for the purposes for which it was collected, unless there are legal obligations requiring its retention. We will also inform relevant third parties with whom the data has been shared, where possible.
5. Right to Restrict Processing - Parents have the right to request that we limit the processing of their or their child's personal data under certain circumstances. Daffodil will respect and implement such restrictions accordingly.
6. Right to Data Portability - Upon request, we will provide parents with their and their child's personal data in a commonly used and machine-readable format such as a PDF document, allowing them to transfer it to another service provider if they wish.
7. Right to Object - Parents can object to the processing of their or their child's personal data for specific purposes, such as direct marketing or profiling. Daffodil will cease processing the data for those purposes unless we have compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the individual.
8. Rights in Relation to Automated Decision Making and Profiling - Daffodil will ensure that any automated decision-making processes or profiling activities are transparent, fair, and include human oversight. Parents will be informed if decisions are made solely by automated means, and they will have the opportunity to request human intervention, express their views, and challenge the decision.

 

Subject Access 

At Daffodil WLC, we understand the importance of parental involvement and transparency regarding their child's records. Parents have the right to inspect records about their child at any time, and we commit to providing these without delay and no later than one month after the request. Requests must be made via email (send to: sara.taylor91.sat@gmail.com), to ensure that we have received the correct information. In instances where requests are made via unknown email addresses or other less familiar means, we may need to verify the identity of the requester to safeguard data security. Furthermore, we proactively engage with parents, regularly asking them to confirm the accuracy of their child's data and update it as necessary. 

  

Access to records is strictly limited to authorised personnel, including childcare providers and designated staff directly involved in childcare. We maintain stringent measures to ensure the integrity and security of records.  

 

When it comes to digital storage, we understand the importance of obtaining parental permission before storing records and images in a digital format, such as on computers, smartphones, or cloud storage platforms like iCloud, Google Drive, or Dropbox. We follow a strict IT policy and procedure, and parents are required to provide explicit consent through our parent permission forms before we store any digital data pertaining to their child. Data is stored securely and subjected to encryption for digital protection. Our systems are equipped with firewalls and virus protection software to guard against breaches, and regular backups are conducted to maintain data integrity.  

Additionally, all confidential paperwork is stored securely in a locked safe or cabinet to prevent unauthorized access. These measures demonstrate our unwavering commitment to maintaining the confidentiality and security of the personal data entrusted to us by parents and guardians. 

 

Trust and Confidentiality 

At Daffodil WLC, we value the trust and confidentiality of our parents and guardians. Therefore, we always seek their explicit consent before sharing any information with other professionals, such as health visitors, schools, or other childcare providers. Additionally, we acknowledge that the Care Inspectorate Wales (CIW) may require access to a full range of records as appropriate for regulatory purposes. 

  

We may be obligated to share information with the Local Authority (Monmouthshire) or Welsh Government regarding funding received, such as through schemes like the Childcare Offer or Flying Start. However, we assure parents that their data will only be disclosed in accordance with relevant regulations and with utmost discretion. 

  

In certain circumstances, such as child protection or safeguarding concerns, criminal or tax investigations, or health and safety reports, we may need to share information without parental consent. Our priority in such cases is always the well-being and safety of the children under our care. 

  

Regarding the use of social media sites or apps, we adhere to a strict ICT policy and seek parental permission before sharing any personal data or images of children and families in this manner. Our policy outlines specific permissions and guidelines to ensure the privacy and safety of all individuals involved. Parents can refer to our ICT policy and parent permission forms for further information on this matter. 

 

CCTV 

Daffodil WLC does not currently use CCTV. However, should we decide to install CCTV in our premises, we will adhere to stringent protocols to safeguard privacy. All data captured by CCTV will be encrypted to prevent unauthorized access and breaches of privacy. Before implementing any digital solutions, including CCTV or external storage, we will conduct thorough due diligence to ensure compliance with the Data Protection Act 2018. Our commitment to data protection extends to regular monitoring and updating of our cybersecurity measures, including firewalls and virus protection software, to mitigate potential threats 

 

Record Keeping: 

At Daffodil WLC, we maintain thorough records of all accidents and significant incidents that occur within our premises. This includes detailed documentation of the incident, any injuries sustained, and the actions taken in response. We understand the importance of transparency and collaboration with parents, and therefore, we share these records with them to work together in resolving any issues and ensuring the safety and well-being of their child. 

  

In the event of accidents that may result in an insurance claim, such as those requiring a doctor or hospital visit, we will notify PACEY, our insurance provider, accordingly. Additionally, if necessary, we will inform the Care Inspectorate Wales (CIW) and the Health and Safety Executive to ensure compliance with regulatory requirements. 

  

Records pertaining to individual children are retained for a minimum of three years, as mandated by standard practice. However, certain records may be kept for longer periods as stipulated by our insurance policy requirements. 

  

We have a comprehensive review plan in place to regularly assess our record-keeping practices. This includes ensuring that any data, whether in physical or digital format, is disposed of appropriately and securely when it is no longer needed. Our commitment to data protection extends to all aspects of our operations, including the management and disposal of records. 

  

Suspected Breach Response: 

In the event of a data breach, we promptly inform relevant parties and report to the ICO within 72 hours, conducting thorough investigations and corrective actions to safeguard privacy and security.