GDPR – General Data Protection Regulation
On 25th May 2018 the General Data Protection Regulations (GDPR) came into effect, and it replaced current the Data Protection Act (DPA) legislation. It is intended to provide greater transparency around the collection and use of data.
The scheme will still be governed by the Information Commissioner’s Office (ICO). Dinotots Childcare Ltd is registered with the ICO
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual’s data is not processed without their knowledge and are only processed with their ‘explicit’ consent.
Dinotots Childcare aims to ensure that all personal data collected about staff, children, parents, carers, visitors and other individuals is only ever collected, processed and stored in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill. This policy applies to all personal data, regardless of whether it is in paper or electronic format.
The six principles of GDPR are that data is:
- Processed fairly, lawfully and in a transparent manner
- Used for specified, explicit and legitimate purposes
- Used in a way that is adequate, relevant and limited
- Accurate and kept up to date
- Kept no longer than necessary
- Processed in a manner that ensures appropriate security of the data
Under GDPR people will continue to have the right to a Freedom of Information request (FOI) – from bodies dealing with public money or a Subject Access Request (SAR) – anyone can request data from anyone else.
Dinotots Childcare’s policy meets the requirements of the GDPR and the expected provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for subject access requests.
How we maintain your privacy – The management and all our staff at Dinotots Childcare Ltd are committed to protecting your privacy when you are browsing our website or volunteering information electronically, verbally or in hard copy.
Please read the following statement which outlines how we protect your privacy and any information that you share with the nursery either through the website or in day to day communication with us.
Personal information and data – We collect the personal data that you provide to us on forms and electronic documents which you submit to us (including but not limited to registration, feedback, survey, and competition forms), and in emails which you send to us. The personal data we collect will in some instances be specifically used to respond to an enquiry raised by yourself, and, in other instances (as described above) are used to allow us to develop our site in a way that will enhance the on-line experience of the greatest number of users. We may also, from time to time, ask you for, or enable you to provide, additional information so that we can improve our service to you or make your visits to our site more rewarding. There will be no obligation on you to provide this information.
What we do with personal information – We do not sell, trade or rent your information to other parties unless we have first obtained your consent. If you do give us permission, we will only share information with organisations we have carefully selected and believe to be reputable. We may provide statistics about our customers; use patterns and related site information, but we will not supply any personal information. Your personal information will be used only for the purposes of communicating with you in relation to our services, for assessment and analysis to enable us to review, develop and improve the services we offer, or for any other purposes to which you have given your consent.
Where your personal data is held – Any information obtained via this web site or in day to day communication, will be confidentially held by us for up to 7 years dependent on the nature of the data. We take the normal precautions of backing up all electronic data so that any loss may be restored with minimal delay.
Browsing our web pages – You can access our web site without disclosing any of your personal data. We do maintain log files that allow us to record visitors’ use of the site. We analyse log file information from all our visitors, which we use to make changes to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information and they are not used to identify any individual patterns of use of the site.
Disclosing users’ personal data to third parties – We do not disclose your personal data to any third parties without your permission except insofar as you have consented to such disclosure or we are required to do so by law for information such as a court order, witness summons, or complaint from governmental authorities.
Links to another web site – Our web site contains links to other web sites. This privacy statement applies only to our web site, so you should always be aware when you are moving to another site and read the privacy statement of that site which collects personal information. We do not pass on any personal information you have given us to any other web site.
Contacting us – If you have any questions or concerns about our privacy statement and practices please contact us at the nursery on 01670 363650 or firstname.lastname@example.org.