Privacy Policy
This policy is an overview of:
The types of information we collect about you
How we collect and use it
Who we might share it with
The steps we’ll take to make sure it stays private and secure
Your rights to your information.
When we say ‘we’, we mean Fencebright Ltd as the ‘data controller’ for the information in this overview. This means we’re responsible for deciding how we can use your information.
We collect certain types of personal data such as names, addresses, emails, phone numbers.
We will refer to you as “The data subject”.
Why we need your data
We need to know your personal data or that of your child/children in order to be able to provide all of our services to you. We will not collect any personal data from you which we do not need.
All data is collected in order to provide these necessary services or sometimes for third party usage such as funding information for Hampshire County Council or Safeguarding information to provide to Services for Young Children.
How we collect your data
We collect information about you from different places including:
• directly from you
• from publicly available sources
• when we generate it ourselves
• from other organisations.
We’ll only collect your information in line with relevant regulations and law and this may relate to any of our services you currently use or have used in the past.
You’re responsible for making sure you give us accurate and up to date information and we are responsible for the safe and correct storage and retention of your data.
An overview of how we use your data
All the personal data we process is done so within the UK. For purposes of IT hosting and maintenance some third party applications are used, please see separate GDPR compliance notices in relation to Parenta/Abacus systems and Tapestry when you are asked to sign consent for the usage of these applications in relation to your data. Both applications state that they are GDPR compliant.
We use Google cloud platform services including the G suite, for emails and internal sharing of information on google drive documents/spreadsheets. Google offer a corresponding commitment to GDPR compliance available from 25th May 2018. We have a secure nursery email address and online portal which will be used to share any personal information with Services for Young Children such as 2 and 3 year funding information, EYPP and SEN. Referrals to Children’s Services are all completed using their online secure system by way of an online referral form for data collection.
No third parties have access to your data unless either the law allows them to do so or you have given your signed consent for us to do so.
We have a data regime in place to oversee the effective and secure processing of your personal data. More information can be found within our full company data protection policy.
How long will we store your data?
We are required under UK tax law to keep your basic personal data (Name, Address, Contact details) for a minimum of 6 years.
We have a legal duty to securely keep all safeguarding and accident records relating to children for 21 years.
We will keep all children’s and staff files and all planning/paperwork in between inspections as we are expected to do so by our governing body OFSTED.
Any photographs, endorsements, testimonials used in marketing materials will remain in use until such a time where consent for this is removed by the data subject.
After which time this data will be securely destroyed by our licensed secure/confidential waste carrier.
Who do we share your personal data with and why?
Sometimes we need to disclose your data to other people.
- Between our settings or to head office – due to transfers or complaints
- For a legal obligation – To protect the rights, property or safety of our staff, parents/families, children in our care or others.
- Under safeguarding – to the LADO – local authority designated safeguarding officer, other members of Children’s services (local authority) or the police or courts.
- For medical care or healthcare – such as but not limited to hospital consultants, paediatricians, health visitors, portage, speech and language therapists.
- Education or training providers
Insurers or legal professionals - For employees, Pension and Healthcare plan providers and payroll services.
Consent
For all data we collect and retain as specified for you or your child/ren as the data subject. You will be asked to give specific signed consent.
If at any point you believe that the information we process is incorrect, you can request to see this information (right of access) and have it corrected (right of rectification) or deleted (the right to be forgotten). In some cases such as the right to be forgotten, there will be data that we cannot permanently delete due to other laws such as but not limited to, the requirement to keep accident forms for 21 years.
If you wish to raise a complaint on how we have handled your personal data and any data breaches, you can contact us in the first instance to have the matter investigated.
Please email cornerstone.enquiries@gmail.com
If you are unsatisfied with our response or believe we are not acting within the law you can complain to the Information Commissioner’s office via their website at ico.org.uk