Data Protection Policy

In order to provide a service that supports you with your child’s sleep, Sleep Settling will have to request information from parents about their child and family, some of this will be personal data.  Sleep Settling will comply with current legislation and takes your privacy seriously.  In line with the GDPR (General Data Protection Regulation)  I will process any data according to the seven principles below.

  1. I must have a lawful reason for collecting personal data and must do it in a fair and transparent way.  I will be clear about what data I’m collecting and why.

  2. I must only use the data for the reason it is initially obtained.  This means that I may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.

  3. I must not collect any more data than is necessary.  I will only collect the data I need to hold in order to do the job for which I have collected the data.

  4. I will ensure that the data is accurate and ask parents to check this information throughout the period we are working together and confirm that the data held is still accurate.

  5. I will not keep data any longer than needed.  I must only keep the data for as long as is needed to complete the task it was collected for.

  6. I must protect the personal data I am responsible for ensuring that I, and anyone else charged with using the data processes and stores it securely.

  7. I will be accountable for the data.  This means that I will be able to show how I, and anyone else charged with using the data , processes and stores it securely.

Procedure – How will Sleep Settling follow the seven principles

  • I expect parents to keep private and confidential any sensitive information they may accidentally learn about my family, setting or the other children and families attending my setting, unless it is a child protection issue.

  • I will be asking parents for personal data about themselves and their child/ren in order to deliver a childcare service (see privacy policy).

Subject Access

Parents have the right to inspect records about their child at any time.  This will be provided without delay and no later than one month after the request, which should be made in writing.  I will ask parents to regularly check that the data is correct and update it where necessary.

Storage

  • I will keep all paper-based records about children and their families securely locked away in a filing cabinet and these will be destroyed once used for the appropriate purpose.

  • If I keep records relating to individual children on my computer, externally or in cloud storage such as Google Drive, including digital photos or videos, I will obtain parent’s permission.  I will store the information securely, for example , in password-protected files, to prevent viewing of the information by others with access to the computer.

  • Firewall and virus protection software are in place.

  • If I store any records using a digital solution, I will ensure I have carried out due diligence to ensure they are compliant with GDPR.

  • Once the support period has ended with each client any emails and cloud base storage will be deleted.

  • I will undertake a Data Audit Quarterly to ensure there is a lawful basis for holding any information.

Safe Disposal of Data

  • I am required by law to keep some data for some time after a family has finished their support period with me.  I have a review plan in place and ensure that any data is disposed of appropriately and securely.

Suspected Breach

  • If I expect data has been accessed unlawfully, I will inform the relevant parties immediately and report to the Information Commisioner’s Office within 72 hours.  I will keep a record of any data breach.

Information Sharing

  • I do not expect to share information with other childcare providers due to the nature of my role.

  • I will not share any information with anyone without parent’s consent unless there is a child protection concern.

Record Keeping

  • I will only share information if it is in a child’s best interests to do so.  For example in a medical emergency I will share medical information with a health care professional.  If I am worried about a child’s welfare I have a duty of care to follow the Local Safeguarding Children Board procedures and make a referral.  Where possible I will discuss concerns with you before making a referral.