General Data Protection Regulations (GDPR) Policy
Last updated: Tuesday 20 July, 2021
Why do we collect and use children’s information?
Jigsaw Preschool will record, process and keep personal information on you and your child in accordance with the General Data Protection Regulations 2018.
We use this data to:
- Support children’s learning
- Make assessments on children’s development
- Safeguard the children in our care in accordance with relevant legislation
- Comply with Government legislation
- Assess the quality of our services
- Contact you regarding your child.
Jigsaw Preschool will collect, hold and share two kinds of records on children attending our setting.
- Information collected upon your child starting at the setting
- A copy of the child’s Two-Year-Old Progress Check
- Observations of children in the setting, photographs, video clips, samples of work and developmental assessment records.
- Personal details – including the information provided on the child’s registration form and any consent forms and characteristics such as ethnicity, language and nationality
- Contractual matters – including the child’s days and times of attendance, a record of the child’s fees and/or funding entitlement, any records of fee reminders and/or disputes
- Emergency contact details – including those people, other than parents/guardians with authorisation to collect the child from the setting
- Children’s health and well-being – including discussions about every day matters regarding the health and well-being of the child with the parent/guardian, records of accidents and medical health records
- Safeguarding and child protection concerns – including records of all welfare and protection concerns and our resulting actions, meetings and telephone conversations about the child and any information regarding a Looked After Child
- Early support and SEN – including any focussed intervention provided by our setting, and where relevant, their Education, Health and Care (EHC) assessments and plans
- Correspondence and reports – including letters and emails to and from other agencies and any confidential reports relating to specific children.
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
The Early Years Foundation Stage (Welfare Requirements) Regulations 2012 place a legal obligation upon us to collect and process much of the information detailed above. Therefore we do not require your consent to collect this information as we have a fair and lawful reason for doing so.
Where we do require consent, such as for using images, we will do so separately using relevant forms and a signature will be necessary to confirm consent. You do not have to give consent and where you do, this can be withdrawn at any time as the new regulations allow.
Storing children’s data
We ensure that access to children’s files is restricted to those authorised to see them such as the manager, deputy, designated person for child protection, SENCo, administrator and the child’s key person. These confidential records are stored in the office cabinet and on our electronic database.
We retain children’s records until they turn seven years of age, except records that relate to an accident or child protection matter. These are kept until the child reaches the age of 21 years or 24 years respectively.
The information that you provide to us, whether mandatory or voluntary, will be regarded as confidential. We do not share information about your child with anyone without consent unless the law and our policies allow us to do so.
We routinely share information without consent with:
- schools that children attend after leaving us
- our local authority for the purposes of the Early Education Entitlement for 3 and 4-year olds and the Early Years Census
- the Department for Education (DfE) as part of statutory data collections.
We are obliged to share confidential information without authorisation from the person who provided it, or to whom it relates, when:
- there is evidence that the child is suffering or is at risk of suffering significant harm.
- there is reasonable cause to believe that a child may be suffering, or is at risk of suffering, significant harm
- it is to prevent significant harm arising to children, young people or adults, including the prevention, detection and prosecution of serious crime.
Requesting access to your personal data
Under data protection legislation, parents/guardians, children and young people have the right to request access to information about them that we hold. Where a child is too young to give ‘informed consent’ the parent is the ‘subject’ of the file and has a right to see the information held.
Children’s developmental records are shared regularly with parents/guardians and formal requests to access these is not required.
To make a request for your personal information contact our DPL.
Under GDPR you also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- withdraw consent where given
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations.
If you would like to discuss anything in this privacy notice, please contact our DPL.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/