GDPR – Confidentiality, Privacy and Retention Policy (including Storing and Processing Data)
How we process/store information
To register a person as a childminder, Rutland Early Years Agency Ltd (REYAL, the data processor) is legally required to collect certain information about the applicant and their families and others associated with them (the data subjects).
This information includes but is not limited to:
- Name including any previous names and reason for change
- Address including the last 5 years address history
- Date of Birth
- Contact numbers and email address
- National Insurance Number
REYAL is also required to confirm identity of the applicant and any persons in the household aged 16 or over and will obtain sight of relevant documents to do so.
All information we collect must fall into one of the following categories:
1. Consent of the data subject
2. Processing is necessary for the performance of a contract with the data subject.
3. Processing is necessary for the compliance with a legal obligation.
4. Processing is necessary to protect the vital interests of the data subject.
5. Processing is necessary in the public interest or the controller has official authority.
6. Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party.
REYAL carries out checks to ensure the suitability of applicants for the role they are wishing to carry out. (For example, but not limited to, social services checks, references) The information received from carrying out these checks will be subject to the same confidentiality, storage and processing procedures, adhering to GDPR 2018 and other relevant legislation
REYAL uses the Disclosure and Barring Service (DBS) checking service to help assess the suitability of applicants for positions of trust. REYAL complies fully with the government guidance of handling DBS certificate information code of practice, regarding the correct handling, use, storage, retention and disposal of certificates and certificate information.
REYAL uses secure storage (lockable unit with restricted access), and cloud-based Microsoft office system which is password protected and has antivirus software in place. REYAL has regard for handling, use, retention and disposal of all information held about the data subject and complies with our obligations under the GDPR 2018 and other relevant legislation.
Sharing of Information
The General Data Protection Regulations May 2018 and human rights law are not barriers to justified information sharing. REYAL provide the below policy to ensure that personal information about data subjects is shared appropriately.
REYAL is registered with the Information Commissioner’s Office (ICO) and are aware of their responsibilities under GDPR 2108. In general, REYAL will always seek consent to share relevant information where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. REYAL may still share information without consent if, in REYAL’s our judgement, there is good reason to do so, such as where safety may be at risk or there is a legal obligation to do so. This will always be documented.
When considering the sharing of information, REYAL will always consider safety and well-being: We will base our information sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions and any legal obligations required.
REYAL will ensure that we consider; necessary, proportionate, relevant, adequate, accurate, timely and secure information, before deciding to share information and ensure that what we share is necessary for the purpose for which we are sharing it. We will ensure also that it is shared only with those individuals who need to have it, and that it is accurate and up-to-date, is shared in a timely fashion, and is shared securely.
REYAL will keep a record of our decision and the reasons – whether it is to share information or not. Should we decide to share, then we will record what we have shared, with whom and for what purpose. In accordance with section 124 of the Police Act 1997, DBS certificate/personal information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it.
Personal information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.
We ask your permission to share your information:
- with parents who enquire about childcare places to enable them to make contact.
- with Ofsted/other regulatory bodies when required as part of a registration and when the agency is being inspected.
- With local authorities to inform them of my registration and to allow them to register me for funding and to offer support, updates and training
- with other agencies such as the Safeguarding team, to enable them to make contact regarding the children.
- with HMRC to register contact details and registration number in order to register for the tax free childcare scheme and the 30 hours funding.
- with those who work on behalf of REYAL to provide grading and support visits.
Retention of Information
Once a recruitment (or other relevant) decision has been made, we will only keep information of any data subject for as long as is necessary. The length of time we retain information will be to comply with our own requirements for ensuring we have the information required to continue to ensure that the data subject is a suitable person for their role and to comply with legal requirements.
For DBS certificates this is generally for a period of up to six months, to allow for the consideration and resolution of any disputes or complaints. If, in very exceptional circumstances, it is considered necessary to keep certificate information for longer than six months, we will consult the DBS about this and will consider the GDPR 2018 and Human Rights of the individual before doing so.
Throughout this time, we will follow our usual conditions regarding the safe storage and strictly controlled access will prevail.
Once any retention period has elapsed, we will ensure that any information is immediately destroyed by secure means, for example by shredding, pulping or burning. While awaiting destruction, certificate information will not be kept in any insecure receptacle (e.g. waste bin or confidential waste sack).
If a person wishes to complain about the way in which their information has been processed or handled, they will be required to follow REYAL complaints procedure. They can contact REYAL at email@example.com
Any individual has rights as follows:
Right to be informed – individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR
Right to access – Individuals have the right to access their personal data and supplementary information.
Right to rectification – the GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
Right to erasure- you can request that information I hold be erased
Right to restriction of processing- Individuals have the right to request the restriction or suppression of their personal data.
Right to objection- you can object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling), and processing for purposes of scientific/historical research and statistics
Right to data portability – you can obtain and reuse their personal data for their own purposes across different services.
Right to lodge a complaint with Supervisory Authority – you can make a complaint to the ICO
If a data breach occurs, we will notify the individual/s who the breach affects and the ICO. The ICO will be notified if the breach is likely to result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
All information obtained on ant data subject will be kept confidential in line with this policy. We also ask that you respect the confidentiality of REYAL and do not share information that you may be party to during your relationship with REYAL. We request that you keep this information confidential.
I have read and understood this policy. I give permission for REYAL to collect, process and store statutory and non-statutory information about myself, my family and others residing at my address for the purpose of my registration as a childminder/my being associated with the registered childminder. I give my permission for REYAL to share this information within legal and statutory requirements. I understand that this information will be kept confidential and all data will be processed and stored in line with GDPR May 2018. By registering with REYAL you are deemed to be accepting of this policy and therefore giving permission under the statement above.
Cookies are tiny text files placed on your computer, mobile phone or tablet when you browse a website. They are internet-friendly tools which make browsing faster and easier for you.
- It helps to make our website work in the best, most efficient way and to improve its speed to make it faster for you to browse.
- To remember your log in details so you don’t have to log in every time.
- Remember your settings during and between visits
- You share pages on social networks like Facebook
Collect any personally identifiable information (without your permission), to collect any sensitive information or to pass any data to third parties.
You can, if you wish, opt out of accepting cookies from our site. This may affect the efficiency of the site when you use it.
Website Function Cookies
Our own Cookies
There are some cookies that are not preventable in being set and these are the ones that make certain functions on our website work, such as making our shopping basket and checkout work properly, knowing if you are logged in or not, knowing if you have accepted our terms and conditions.
The only way to prevent these cookies being set is to not use the website, but please be assured that session cookies are instantly removed from your computer as soon as you close your browser.
Third party functions
Rutland Early Years Agency website includes functionality provided by third parties such as Facebook and Twitter.
- Social networking cookies
- Links to Facebook, Twitter etc
The privacy implications for this will vary from social network to social network and will be dependent on the privacy settings you have chosen to set on these networks.
Statistical cookies for visitors
At Rutland Early Years Agency Ltd, we use Google Analytics to compile visitor statistics such as how many people visit our website, technologies used by our visitors to determine when our site is not functioning properly, how long our visitors spend on our site. Our analysis of these statistics helps us improve our offering.
Opting to turn cookies off
You can switch cookies off by adjusting your browser settings and this will stop them from accepting cookies. Please be aware that by doing so it can limit website functionality. Cookies enhance your experience of the internet.
If you have any concerns
If you have any concerns about the privacy or protection of your data please do not hesitate to contact us, and refer to our GDPR policy. You can contact Rutland Early Years Agency to discuss your concerns at firstname.lastname@example.org Instead of contacting us you may wish to contact the Information Commissioner details of which may be found at: https://ico.org.uk/concerns/
Please be assured, your privacy, confidentiality and buying security is of the utmost importance to us. All measures to protect you are taken.