This policy is intended to provide information about how we will use (or “process”) personal data about individuals including: its staff; its current, past and prospective children; and their parents, carers or guardians (referred to in this policy as “parents”).
This information is provided because Data Protection Law (General Data Protection Regulations May 2018) gives individuals rights to understand how their data is used. Staff and parents are all encouraged to read this Privacy Notice and understand our obligations to our entire community.
This Privacy Notice also applies in addition to our other relevant terms and conditions and policies, including:
Any contract between Saplings and its staff or the parents of children
Saplings policy on taking, storing and using images of children
Saplings data retention policy
Saplings safeguarding and health and safety policies, including as to how concerns or incidents are recorded
Anyone who works for, or acts on behalf of, the school (including staff, volunteers, governors and service providers) should also be aware of and comply with this Privacy Notice, which also provides further information about how personal data about those individuals will be used.
Responsibility for Data protection
Please contact Victoria Smith email@example.com 07393 858245 who will deal with all your requests and enquiries concerning the use of your personal data and endeavor to ensure that all personal data is processed in compliance with this policy and Data Protection Law.
The data collected includes:
Personal information (such as name, date of birth and address)
Characteristics (such as nationality and language)
Attendance information (such as daily registers)
Relevant medical information
Special educational needs information
Why we collect and use this information
To fulfil our duties and obligations under a contract with our staff and parents of children
To provide appropriate pastoral care
To assess the quality of our services
To comply with the law regarding data sharing
In addition, Saplings will on occasion need to process special category personal data (concerning health, ethnicity, religion) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including as regards safeguarding and employment, or from time to time by explicit consent where required. These reasons will include:
To safeguard childrens welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example for medical advice, for social protection, safeguarding, and cooperation with police or social services, for insurance purposes or to staff who need to be made aware of dietary or medical needs;
In connection with employment of its staff, for example DBS checks, welfars or pension plans
As part of our complaints, disciplinary or investigation process that involves such data, for example if there are SEN, health or safeguarding elements; or
For legal and regulatory purposes (for example child protection and health and safety) and to comply with our legal obligations and duties of care
How we collect data
Generally, we receive personal data from the individual directly (including, in the case of children, from their parents). This may be via a form, or simply in the ordinary course of interaction or communication (such as e mail or text).
However, in some cases personal data will be supplied by third parties (for example another childcare setting, the school or other professionals or authorities working with that individual).
We hold data for as long as you are registered with us. Some data for HMRC purposes, personnel records and incidents and attendance will need to be kept for a period of years, likely 3-5.
Who we share information with:
Schools that our children attend
Professional advisers (e.g lawyers and accountants)
From time to time, we may also share information with other third parties including the following:
The Police and law enforcement agencies
Courts, if ordered to do so
Social care and other external agencies
Why we share information
We do not share information about our children with anyone without consent unless the law and our policies allow us to do so. For the most part, personal data collected by Saplings will remain within Saplings, and will be processed by appropriate individuals only in accordance with access protocols.
However, a certain amount of any SEN and medically relevant information will need to be provided to staff more widely in the context of providing the necessary care and education that the pupil requires.
Staff and parents are reminded that Saplings is under duties imposed by law and statutory guidance to record or report incidents and concerns that arise or are reported to us, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This is likely to include file notes on personnel or safeguarding files, and in some cases referrals to relevant authorities such as the LADO or police.
Finally, in accordance with Data Protection Law, some of Saplings processing activity is carried out on its behalf by third parties, such as I systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.
Individuals have various rights under Data Protection Law to access and understand personal data about them held by Saplings, and in some cases ask for it to be erased or amended or have it transferred to others, or for us to stop processing it – but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Directors whose details are in this Privacy Notice.
We will endeavor to respond to any such written requests as soon as is reasonable practicable and in any event within statutory time limits (which is one month in the case of requests for access to information).
Data accuracy and security
We will endeavor to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify in writing the Director of any significant changes to important information, such as contact details, held about them.
An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law).
We will take appropriate technical and organizational steps to ensure the security of personal data about individuals, including policies around the used of technology and devices and access to systems. All staff will be made aware of this policy and their duties under Data Protection Law and receive relevant training.
We are registered with the Information Commissioner’s Office (ICO). If an individual believes that we have not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should utilise our complaints/grievance procedure and should also notify the Director whose details are stated in this Privacy Notice. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although they recommend that steps are taken to resolve the matter before involving the regulator.