From 25th May 2018 new regulations come into force to guide businesses in the new General Data Protection Regulations (GDPR). At Footsteps there is a certain amount of personal data that we will collect from you. In your terms & conditions you have a table outlining all the data we take, how it is stored, what we use it for and when it will be deleted. We do not share your data with anyone unless we have your prior written consent. *
Data controllers for this nursery are Hannah Moss, Jerri Miles & Georgia Nicholas
We do the following to ensure that your personal data is safe.
On children's fines we keep registrations forms with all consent & emergency contacts. We also keep a copy of their birth certificate. These are kept in a locked filing cabinet. Guidelines require us to keep this information for 3 years.
Each child has an online learning journal that has basic information such as name & date of birth. Observations & assessments are then added to by the key person. Each key person has his or her own log in. Tapestry can only be accessed from the nursery tablets, which are locked in the safe overnight. Staff do not take these home. Tapestry cannot be access until a manager has signed in on the main computer. When a child leaves the journal is downloaded as a PDF and given to parents. This may be shared with another setting, any professionals supporting the child / family and the school the child moves onto. These are then deleted by the manager. Tapestry journals will not be shared without prior consent.
We use Facebook to share events & news with parents as well as celebrating the nurseries achievements. We seek separate consent for your child's picture to be included on Facebook. We never mention the children by name. You can like the page Footsteps Day Nursery – Hove.
Daily registers are needed to sign the children in & out each day. We need this record in the event of a fire. We also need a record of attendance. Registers do have dates of birth on. We keep old registers in the locked office. These are destroyed after the required 3 years.
These are filled in to apply for 2 & 3 year funding. We also need details to access 2-year & 30-hour funding. These details are shared with the finance team at the local council.
Any email we send with a child's personnel details in we will use only initials of the child so they can't be identified. We send out the newsletter via email each month. We do this in a way so that all the email addresses are hidden. We never pass email addresses onto third parties.
We do have children's name & photo on our allergy lists. These are kept inside a cupboard so that staff can access to check for dietary requirements or allergies. This includes new staff & staff covering from either another branch or an agency. This information is destroyed once the child leaves.
Accident / medicine records
We do record information on any accidents in the setting. These are done on separate sheets to avoid confidentiality issues. We also record home accidents. We are happy to administer medication and this is also recorded on spate sheets. These are filed in the locked office and destroyed after 3 years.
We email invoices every month. These do not contain any personal details. We use initials for the child's name.
Permissions forms / sleep sheets / daily sheets / nappy sheets
Permission for outings is kept in a locked filing cabinet and kept for 1 year. We only use first names on nappy / sleep /daily sheets. This is to keep the staff up to date each day on the children. These are kept for 6 months
We always seek prior written consent for any photos that appear on our website or advertising campaigns.
We take names & thumb prints for our door entry system. These are stored on the computer and deleted when somebody leaves
SEND / EMAS
We may need to share information with other agencies in order to support your child. We will always seek prior written consent from parents before we do this. SEND paperwork should be kept for 21 years.
Child protection. *
We would in most cases look to seek permission before contacting Front Door For Families with any concerns we had. However, if it is the best interests of the child then we may share information without prior consent. We follow guidelines set out by the Local Safeguarding Children's Board (LCSB). All data around Child Protection must be kept for 21 years.
- We shred any items with personal data on. This is sent in sealed bags to a local recycling firm Brighton Paper Round, who shred our sensitive information.
- We lock our filing cabinet & office when there is no one from the senior management team working from it.
- You may request to see a copy of any personal information we hold about you under the Data Protection Act 1998. To facilitate this please email the nursery email@example.com and we will respond to your request within 3 working days. If you believe that any information we are holding on you is inaccurate then please contact us as soon as possible.
- We are registered with the Information Commissioners Office (ICO)