top of page

General Data Protection Regulation

                                                                                                                GDPR Policy


Description of processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us to provide childcare, encourage and supervise educational play, to advertise our services, to maintain our own accounts and records and to support and manage our staff.


                                                                                                    GDPR Principles

GDPR condenses the Data Protection Principles into six areas, referred to as the Privacy Principles.

They are:

  1. You must have a lawful reason for collecting personal data and must do it in a fair and transparent way.

  2. You must only use the data for the reason it is initially obtained.

  3. You must not collect any more data than is necessary.

  4. It has to be accurate and there must be mechanisms in place to keep it up to date.

  5. You cannot keep it any longer than needed.

  6. You must protect the personal data.

These privacy principles are supported by a further principle – accountability.



Type/classes of information processed. We process information relevant to the above reasons/purposes.

This may include:

  • personal details

  • family details

  • GP contact details

  • lifestyle and social circumstances

  • digital images of the child’s progress

  • financial details

  • education and employment details

  • goods or services provided

  • We also process sensitive classes of information that may include:

  • physical or mental health details

  • racial or ethnic origin

  • religious or other beliefs


Who the information is processed about.

We process personal information about:

  • our employees

  • the children in our care

  • other professionals

  • advisers, complainants, enquirers

  • suppliers


Who the information may be shared with.

We sometimes need to share the personal information we process with the individual and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with, for one or more reasons. (Confidentiality and Child Protection Policy)


Where necessary or required we share information with:

  • family, associates and representatives of the person whose personal data we are processing

  • healthcare, social and welfare advisers or practitioners

  • business associates

  • financial organisations and professional advisers

  • credit reference agencies, debt collection and tracing agencies

  • education, educators and examining bodies

  • current, past or prospective employers

  • employment and recruitment agencies

  • schools

  • local and central government

  • persons making an enquiry or complaint

  • suppliers

  • service provider

       (Confidentiality and Child Protection Policy)

Reviewed August 2022

bottom of page