I take confidentiality and privacy very seriously. All information regarding children and their families is treated with the utmost care and stored securely. Information will only be shared under the following circumstances:
- With explicit parental/carer consent.
- Where there is a child protection concern.
- When required by regulatory bodies such as Ofsted.

Parents are expected to respect any sensitive information they may learn about my family, my setting, or other families attending the setting.

This policy complies with the following legislation:
- Data Protection Act 2018
- Freedom of Information Act 2000
- General Data Protection Regulation (GDPR)

I am registered with the Information Commissioner’s Office and follow all relevant guidelines from Ofsted, the Department for Education, and the local authority.

To provide quality childcare services, I collect and store personal and special category data about children and their families. This includes:

- Emergency contact details
- GP contact information
- Consent forms

- Records of significant incidents and accidents
- Records of educational and developmental progress

This data is used to comply with statutory frameworks and to ensure the safety and well-being of children in my care.

All records, whether paper-based or digital, are stored securely:
- Digital records are kept on password-protected devices.
- Cloud storage from known, reputable companies

Firewall and antivirus software are in place to protect digital data.

Information may be shared with:

- My insurance company
- Other childcare providers attended by that child (with parent/carer consent)
- Local authorities (e.g., ECC or The Children’s Centre for funding or playgroups)
- Healthcare professionals in emergencies
- Government agencies for funding or assistance

- Ofsted during inspections

In cases of child protection, criminal investigations, or health and safety concerns, data may be shared without parental consent.

Parents/carers have the right to:
- Access records about their child within 30 days of request
- Request corrections to inaccurate data
- Be informed about how their data is used

Under GDPR, individuals have rights including access, rectification, erasure, restriction, data portability, objection, and rights related to automated decision-making.

Data is retained for the legally required period after a child leaves the setting. All data is disposed of securely and appropriately.

Any suspected data breaches will be investigated promptly. If data is accessed unlawfully:
- Affected parties will be informed immediately.
- It will be reported to the Information Commissioner’s Office within 72hrs. 

A record of the breach will be maintained.

I must notify Ofsted of any serious accidents, illnesses, injuries or the death of any child whilst in my care, and any action I may have taken, within 14 days of an incident occurring