Sunflowers Childcare C.I.C. GDPR Privacy Policy
Sunflowers Childcare C.I.C. collects and processes personal data relating to the children who are registered with and attend our setting, their parents and the people with whom we wok in order to successfully carry out our functions. This personal information, which may be recorded manually, electronically or by other means, must be handled and dealt with correctly and we are committed to being transparent about how it is collected and used.
We will ensure that we treat personal information lawfully and correctly, to this end we endorse and adhere to the principles of the General Data Protection Regulation (GDPR) and this policy applies to the collecting and processing of all personal data and also covers our response to any data breach and other rights under the GDPR.
WHO WE ARE
Sunflowers C.I.C is classified as a data controller under the General Data Protection Regulations.
OUR CONTACT DETAILS
Sunflowers Childcare
Community Interest Company
Registered office:
The Cabin
Stone Street Road
Boxford
Suffolk
CO10 5NP
Tel: 01787 211363
Email: info@sunflowers-childcare.co.uk
RESPONSIBILITY FOR DATA PROTECTION
Sunflowers C.I.C is a not-for profit organisation. The people on site responsible for gathering and processing the personal data and data protection are the Administrators.
TYPES OF INFORMATION COLLECTED AND PROCESSED
Sunflowers C.I.C. collects and processes a range of information about its children and parents/carers including;
Personal information - i.e. name, date of birth, address and telephone & email contact details
Characteristics - i.e. ethnicity, language, nationality, country of birth
Attendance information - sessions attended, number of days absent and reasons for absence
Special educational needs and behavioural information
Relevant medical and dietary information - asthma or allergies, accident forms
Family links and emergency contact information
Funding eligibility information - i.e. parent consent forms, additional funding eligibility
EYFS development data - i.e. learning journeys, development tracking
WHY WE COLLECT AND USE THIS INFORMATION
We use the data we collect to:
Support a child's learning and development
Monitor and report on a child's progress
Provide appropriate care
Promote health, safety and welfare - i.e. assessment by Healthcare Professionals
Safeguard and promote the welfare of children
Perform and fulfil our contractual and legal obligations
Comply with the law regarding data sharing
Protect and promote our interests and objectives - i.e. fundraising
Assess the quality of our services
THE LAWFUL BASIS ON WHICH WE USE THIS INFORMATION
We collect and use a child's information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989. We also comply with Article 6(1) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).
COLLECTING PUPIL & PARENT/CARER INFORMATION
Whilst the majority of the child's information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulations we will inform you whether you are required to provide certain child's information to us or if you have a choice in this. We may acquire Personal Date in a number of ways including, but not limited to the following:
Parents and children may provide us with Personal Data about themselves and/or their family in correspondence, forms, documents, during discussions with staff and through our website.
We may acquire Personal Data from other parents, or from people outside the community who know parents or from the children themselves.
We may acquire Personal Data from third parties such as schools and other pre-schools/nurseries, public authorities and public sources.
STORING PUPIL & PARENT/CARER DATA
In most cases we hold a child's data for a minimum of 3 years. We are required to retain funding forms for 6 years and in some cases, for example where there are safeguarding issues, the statutory guidance may extend this period until the child reaches the age of 24 years.
WHO WE SHARE PUPIL & PARENT/CARER INFORMATION WITH
We routinely share child and parent/carer information with:
Schools, nurseries or pre-schools that the child attends after leaving us
Our local authority and where necessary other local authorities
The Department of Education (DfE)
NHS and other Medical/Healthcare Professionals, as appropriate
Education Welfare Officers and Lead Attendance Officers from the local authority
We sometimes (as appropriate or necessary) share child and/or parent/carer information with:
Providers of educational support services - e.g., Educational Psychologists, Speech & Language Therapists
WHY WE SHARE INFORMATION
We do not share information about our children or parent/carers with anyone without prior consent unless the law and our policies allow us to do so.
We are legally required to share a child's data with the Department for Education (DfE) and our local authority. We are required to share information about our children with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
HOW DO WE KEEP YOUR PERSONAL DATA SAFE
We work to protect the security of your information and have procedures and security measurers and software in place for protecting information that we hold.
LIMITATION OF LIABILITY
Sunflowers Childcare C.I.C. assumes no responsibility or liability with regard to any theft, loss, alteration or misuse of personal data or other information lawfully provided by Sunflowers Childcare C.I.C. to third parties, or with regards to the failure of any third party to abide by this privacy policy.
REQUESTING ACCESS TO YOUR PERSONAL DATA
Under data protection legislation, parents and children have the right to request access to the information that we hold about them. To make a request for your personal information or to be given access to the information we hold on yourself or your child, please contact the setting manager in writing or by email.
You also have the right to:
Object to processing of personal data that is likely to cause, or is causing damage or distress
Prevent processing for the purpose of direct marketing
Object to decisions being taken by automated means
In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and claim compensation for damages caused by a breach of the Data Protection Regulations.
CONTACTING US
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance.