Excel Child Care Services Ltd.
Why This Policy Exists
This privacy protection policy sets out the rules that all personal data collected, processed, stored, shared and disposed of on behalf of Excel Childcare Services is compliant with the obligations of the General Data Protection Regulation (GDPR).
This policy has been put in place to ensure Excel Childcare Services: – Complies with the requirements set out by GDPR – Protects the rights and privacy of any individual the company holds data on, including but not limited to; staff, contractors, parents and children – Reduces the risk of a data breach – Has a clear and consistent approach to the collection, storage and management of data
The General Data Protection Regulation (GDPR) has been in force since 25th May 2018. It applies to all organisations who offer services to monitor or process the personal data of subjects residing in the EU. Failure to comply with the GDPR can result in fines up to 4% of annual global turnover or €20 million.
Who controls personal information collected by Excel Childcare Services?
Excel Childcare Services (and through its related affiliates) is the data controller for the information collected about you.
In the United Kingdom, the data controller for information collected about you for Excel Childcare Services branded services is Excel Childcare Services (No. 04381726)
We have our registered office at:-
96 Forest Hill Road London SE22 0RS
Room Leaders are responsible for ensuring that data collected, handled and processed within their area of control is done so in line with the GDPR and this policy.
The Room Leaders will ensure:
- They inform the Manager of any personal data that is collected in the course of their work to ensure this is recorded on the Nursery Database
- Before any new software system is used, this is discussed with the Data Protection Officer and the Directors to ensure a Data Protection Impact Assessment is completed and it is recorded on the Software Register
- All third parties, contractors or suppliers that have access to Excel Childcare Services’ personal data are recorded on the Third-Party Register
Why does Excel Childcare Services collect personal information?
We limit the collection of personal information to what is necessary to provide you with high quality services, to support your specific needs and requests, and to meet our business needs in connection with the services. Below we have highlighted the reasons for the collection of your personal information:
- To respond adequately to your requests for services or information;
- To provide services to individuals, families and employers that includes child care and other dependent care, education (general, school and accredited education), wellbeing, work/life, and consulting;
- To provide a safe, healthy, and successful environment for those to
whom we provide services;
- To provide resource material/information regarding our services and areas of interest to our customers, such as parenting, child care, adult care, education, wellbeing, and work/life balance, among other things;
- To aid in the administration of our services to our customers;
- To administer first aid, emergency and other medical care, educational care when necessary;
- To comply with laws, and government regulations/standards;
- To support our business purposes and functions related to the services, such as education, training, curriculum, communication, administration, and record-keeping;
- To provide utilization reports and other information to employers offering our services to its workforce;
- To facilitate and process payments for the services;
- To fulfil tax, reporting, and other financial requirements and obligations;
- To administer employee payroll, benefits, tax/regulatory compliance and other record keeping and administration requirements; and
- To consider applications for employment and accredited education.
General Staff Guidelines:
All Excel Childcare Services employees are required to comply with the following guidelines to ensure all personal data held by the company is used, stored and managed in the most appropriate way possible:
- Data should only be collected on approved Excel Childcare Services documentation, approval from the Manager must be sought where additional personal data is collected
- Data should only be used for its original purpose and only by those who need it for their work
- Data concerning individuals must not be communicated to other persons or organisations unless required to do so by law or under an approved contract
- Care should be taken when sharing data that you have checked the identity of the individual and the organisation they are representing and you are confident they have a legitimate need for the information
- Take sensible precautions to ensure all personal data is kept secure. This should include locking computers when leaving a desk and making sure no personal data is left out in view of other people.
- Use strong and secure passwords when storing digital data and usernames and passwords should never be shared
- Data should be regularly reviewed and updated, and if found to be out of date or no longer required for its original purpose, it should be updated or deleted and disposed of.
- Employees should request help from the Manager if they are unsure of any aspect regarding data protection
- Documents containing personal data should be disposed of in line with the Retention and Disposal Guidance, with confidential waste bins being used before collection with our approved waste contractor. Documents that contain personal data should not be placed in general waste bins.
- Excel Childcare Services will provide training to all employees to help them understand their responsibilities when handling data
- Employees should ensure that the data held on Connect software is reviewed at least annually and updated
How do you consent to Excel Childcare Services’ use of your personal information?
We require your consent to be able to display the children’s pictures, work and images in the nursery in displays and on our database and this may have their names and identifiable information. We will be mindful of where we display this information and will remove them when the child leaves the nursery or after 6 months whichever is sooner.
What personally identifiable information does Excel Childcare Services collect?
The type of business relationship you have with Excel Childcare Services will determine the specific information we will need to collect from you.
- Information necessary to perform the service that you provide voluntarily when registering (whether by telephone, online or in person) or during the course of services. Depending on the type of service engaged, the information requested may include your personalized registration user name and password; payment and contact details; a dependent’s name, date of birth, gender, allergies, food restrictions, special needs, health information, and emergency contact details for doctors and alternative carers; or school transcripts, applications, registration and enrolment information.
- Utilization information, such as dates of service, type of service, user of service and reasons for service.
- Records created during the course of providing service to you or your dependents such as caretaker notes on the activities, behaviours, illnesses, medication, food, etc.; photographs; and other documentation records.
If you are prospective customer/parent, we will collect:
- Contact information that you provide voluntarily when requesting publications or other information via telephone, online or in person. Contact information may include your name, telephone/fax number, and email/mailing address.
If you are an employee, apprentice, student or applicant, we will collect:
- Typical information that you provide voluntarily via telephone, online or in person including your name, mailing/email addresses, telephone/fax number, employment history with job descriptions, education, references, affiliations and other relevant information for payroll, benefits and administration.
Personally Identifiable Data
Excel Childcare Services only collect, process and store personal data where we have a valid lawful basis to require it. We do the following to be transparent:
- Only use data for its original purpose, where we wish to use it for a different purpose, we will notify you of this and request your consent • Keep data in as few places as necessary
- Update our data regularly using annual declaration requests
- Provide you with any information we hold on you when we receive a Subject Data Request
- Where an individual contests the accuracy of personal data, Excel Childcare Services will restrict processing until the personal data has been confirmed and updated.
As a childcare company Excel Childcare Services collects, holds and processes a lot of children’s data. There is an increased need to protect children’s personal data because they are classed as vulnerable individuals.
Where a child is under the age of 16, consent for the processing of the child’s data is required from the child’s parent or guardian.
Additional care should be taken when handling or sharing children’s data to ensure that it is shared with only those that need to know the information.
Some data such as medical data will need to be shared with staff to ensure that any emergency medical care can be given when needed however this should not be shared with people outside the organisation unless there is a legal requirement to do this. Staff Data We collect, hold and process data on employees as part of our legal responsibilities and in order that we can support and manage them in their work.
Much personal data on employees is held on Connect Software and employees should ensure that they inform the manager and amend the information held on a regular basis
Sensitive Personal Data
Excel Childcare Services has recognised that special categories of personal data need to be processed as part of our business activities and this data need.
Where does Excel Childcare Services store personally identifiable information?
- Electronic Information: The information will remain on electronic storage data systems in this country.
- Governments, courts, law enforcement or regulatory agencies may be able to obtain disclosure of your information through applicable laws.
- Hardcopy Information: The hardcopy of personal information we collect will remain in a locked filing cabinet when not in use.
Who does Excel Childcare Services share personally identifiable information with?
- To our Employees: In order to meet our obligations as your employer, Excel Childcare Services will provide details of your use of the services, which may include your name, dates of use, reasons for use, and other available details. We will disclose only information relevant to the utilization of the services.
How can individuals access or update their personally identifiable information?
Excel Childcare Services is committed to collecting personal information that is accurate, complete, current and reliable for its intended use. If you would like to access or update your personal information or obtain copies of the information, the following steps can be taken by you:
For informal requests:
- If you have established an online user account with Excel Childcare Services, you may log onto your account to access and update your information.
- If you receive services from us, you may contact us (such as a nursery/centre where your child is enrolled). Excel Childcare Services may require you to make your request in writing to verify your identity.
- Alternatively, you may contact us as provided below.
For subject access request under a Data Protection Act in the United Kingdom, Ireland or Netherlands:
You will need to complete the Excel Childcare Services’ Data Subject Request Form at the link below and send it (and the required payment) to the attention of Excel Childcare Services, Through 96 Forest Hill Road London SE22 0RS
How can individuals contact Excel Childcare Services?
- Mail: Email: [email protected]
Address: 96 Forest Hill Road London SE22 0RS
How does Excel Childcare Services protect your personal information?
Excel Childcare Services utilizes appropriate technical, administrative and physical safeguards to protect against the loss, unauthorized access, destruction, misuse, modification and improper disclosure of the personal information we collect in both physical and electronic format. We provide information security awareness training to our staff and conduct periodic quality assurance audits. However, no computer system or information can ever be fully protected against every possible hazard. As a result, Excel Childcare Services cannot guarantee the security and privacy of the information you provide to us.
What are the terms for you to use Excel Childcare Services websites?
- Passive Information Collection: As you navigate through the website, certain information can be passively collected (that is, gathered without your actively providing the information) using various technologies and means, such as Internet Protocol addresses, cookies, Internet tags, and navigational data collection.
- Internet Protocol (IP) Addresses: This site uses Internet Protocol (IP) addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-personally identifiable information, because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer). We use your IP address to diagnose problems with our server, report aggregate information, determine the fastest route for your computer to use in connecting to our site, and administer and improve the site.
- Cookies: Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow some control of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. The bullets and chart below explain further the cookies we use and why.
- “Session” cookies are temporary bits of information that are erased once you exit your Web browser window or otherwise turn your computer off. Session cookies are used to improve navigation on websites and to collect aggregate statistical information. This site uses session cookies.
- “Persistent” cookies are more permanent bits of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for a number of purposes, such as retrieving certain information you have previously provided (e.g., passwords), helping to determine what areas of the Website visitors find most valuable, and customizing the Web site based on your preferences. This site uses persistent cookies.
- “Internet tags” (also known as single-pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) are smaller than cookies and tell the website server information such as the IP address and browser type related to the visitor’s computer. This site uses Internet tags. Tags have been placed both on online advertisements that bring people to the site and on different pages of the site. These tags indicate how many times a page is opened and which information is consulted. We do not collect or seek personally identifiable information through these tags.
- “Navigational data” (“log files,” “server logs,” and “clickstream” data) are used for system management, to improve the content of the site, market research purposes, and to communicate information to visitors. This site uses navigational data.
- Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
“Account” means collectively the personal information and credentials used by Users to access Material and/or any communications System on the Web Site;
“Content” means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Web Site;
“Data” means collectively all information that you submit to the Web Site. This includes, but is not limited to, Account details and information submitted using any of our Services or Systems;
“Excel Childcare Services” means Excel Childcare Services, 96 Forest Hill Road London SE22 0RS
“Service” means collectively any online facilities, tools, services or information that Excel Childcare Services makes available through the Web Site either now or in the future;
“System” means any online communications infrastructure that Excel Childcare Services makes available through the Web Site either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
“User” / “Users” means any third party that accesses the Web Site (our website developers) and is not employed by Excel Childcare Services and acting in the course of their employment:
“Web Site” means the website that you are currently using (hhttp:www.excelchildcareservices.com) and any sub-domains of this site unless expressly excluded by their own terms and conditions.
- Data Collected
Without limitation, any of the following Data may be collected:•
The types of data documents that we may hold within our provision include:
- registration forms
- waiting lists
- children’s files
- DOB details
- Postal addresses/contact details
- Application forms/registration forms
- email addresses
- child protection/ safeguarding files and referrals
- SENCO referral details
- accident records
- medical records
- incident records
- learning journeys
- tracking sheets for a group/whole nursery
- computer systems (software packages)
- staff files/ performance records
- disciplinary records
- Curriculum Vitaes (CVs)
- Pay and Salary information
- supervision files
- bank details (staff and parents)
- DBS records
- allergies and medication information
- funding claims
- EYPP, DAF and Inclusion Fund lists
- staff meeting minutes
- contractors’ records
- emergency contacts list (children and staff)
- birth certificates (for funding purposes)
- Cookies (website only).
We may also hold data in a number of places:
- paper files
- computer files
- mobile phones
- portable IT (laptops, tablets, etc.)
- website and social media
- website surveys (e.g. Survey Monkey).
2.1 demographic information such as postcode, preferences and interests.
The Nursery recognises that parents have a right to know that information they share with the Nursery will be regarded as confidential.
Parents will be informed about the circumstances, and reasons, when the Nursery is obliged to share information.
We are obliged to share confidential information without authorisation from the person who provided it or to whom it relates if it is in the public interest when:
- it is to prevent a crime from being committed or intervene where one may have been, or to prevent harm to a child or adult; or
- not sharing it could be worse than the outcome of having shared it.
The decision will not be made as an individual, but with the support and guidance of RUSUs Data Protection Lead, Early Education Authority (LEA) advisors without disclosing confidential information. Critical criteria for disclosing information is:
- Where there is evidence that a child is suffering, or is at risk of suffering, from significant harm.
- Where there is reasonable cause to believe that a child may be suffering, or at risk of suffering, significant harm.
- To prevent significant harm arising to children and young people or serious harm to adults, including the prevention, detection and prosecution of serious crime. Procedures Our procedure is based on the 7 golden rules for information sharing as set out in Information Sharing: Guidance for Practitioners and Managers (DCSF 2008).
- Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.
- Our policy and procedures on information sharing provide guidance to appropriate sharing of information with external agencies.
- Be open and honest. The Nursery will explain to families how, when and why information will be shared with them and with whom. The Nursery will seek consent to share information unless it puts the child at risk or undermines a criminal investigation.
The Nursery will aim to:
- Inform parents about our information sharing policy when their child starts in the Nursery and sign their contract in acceptance of this policy.
- have information about our Safeguarding Children and Child Protection policy; and
- have information about the circumstances when information will be shared with external agencies, for example, with regard to any special needs the child may have or transition to school.
- Seek advice, when there are doubts about possible significant harm to a child or others.
- Managers contact children’s social care or the Local Education Authority advisors for advice where they have doubts or are unsure.
- Share with consent where appropriate. Respect the wishes of children and parents not to consent to share confidential information. However, in the interests of the child, know when it is reasonable to override their wish.
- Guidelines for consent are part of this procedure.
- Consider the safety and welfare of the child when making a decision about sharing information – if there are concerns regarding ‘significant harm’ the child’s well-being and safety is paramount and always our first concern.
The Nursery will aim to:
- record concerns and discuss these with the Lead Safeguarding Practitioner (LSP). Record decisions made and the reasons why information will be shared and to whom; and
- Information shared should be accurate and up-to-date, necessary for the purpose it is being shared for, shared only with those who need to know and shared securely.
7. Reasons for decisions to share information, or not, are recorded. Consent Parents have a right to be informed that their consent to share information will be sought in most cases, as well as the kinds of circumstances when their consent may not be sought, or their refusal to give consent may be overridden.
We do this as follows:
- Our policies and procedures set out our responsibility regarding gaining consent to share information and when it may not be sought or overridden.
- Parents are asked to give written consent to share information about any additional needs their child may have or to pass on child development summaries, to the next provider/school.
- We consider the following questions when we need to share:
- Is there a legitimate purpose to sharing the information?
- Does the information enable the person to be identified?
- Is the information confidential? · If the information is confidential, does the Nursery have consent to share?
- Is there a statutory duty or court order to share information?
- If consent is refused, or there are good reasons not to seek consent, is there sufficient public interest to share information?
- If the decision is to share, is right information being shared in the right way?
- Has the decision been properly recorded?
Under the Protection of Freedoms Act 2012, the processing of personal data captured by CCTV systems (including images identifying individuals) is governed by the Data Protection Act and the Information Commissioner’s Office (ICO) has issued a code of practice on compliance with legal obligations under that Act. The use of CCTV by schools is covered by the Act, regardless of the number of cameras or how sophisticated the equipment is.
The school uses CCTV equipment to provide a safer, more secure environment for pupils and staff and to prevent bullying, vandalism and theft. Essentially it is used for:
- The prevention, investigation and detection of crime.
- The apprehension and prosecution of offenders (including the use of images as evidence in criminal proceedings).
- Safeguarding public, pupil and staff safety.
- Monitoring the security of the site.
The role of the data controller is delegated to the Directors; they have the responsibility for the control of images and deciding how the CCTV system is used. The nursery is registered with the Information Commissioner’s Office, the registration includes the use of CCTV images and the purpose for which the images are used. The Directors with access to images are aware of the procedures that need to be followed when accessing the recorded images. All operators are made aware of their responsibilities under the CCTV Code of Practice. Access to recorded images is restricted to staff that need to have access in order to achieve the purpose of using the equipment. All employees are aware of the restrictions in relation to access to, and disclosure of, recorded images.
In areas where CCTV is used the school will ensure that there are prominent signs placed at both the entrance of the CCTV zone and within the controlled area. The signs will: · Be clearly visible and readable. · Be an appropriate size depending on context.
Image storage, viewing and retention
Recorded images will be stored in a way that ensures the integrity of the image and in a way that allows specific times and dates to be identified.
Access to live images is restricted to the CCTV operator unless the monitor displays a scene which is in plain sight from the monitored location.
Recorded images can only be viewed in a restricted area by approved staff.
The recorded images are viewed only when there is suspected criminal activity and not for routine monitoring of pupils, staff or visitors.
The nursery reserves the right to use images captured on CCTV where there is an activity that the nursery cannot be expected to ignore such as criminal activity, potential gross misconduct, or behaviour which puts others at risk. Images retained for evidential purposes will be retained in a locked area accessible by the system administrator only.
Where images are retained, the Director will ensure the reason for its retention is recorded, where it is kept, any use made of the images and finally when it is destroyed. Neither the Data Protection Act nor the Information and Records Management Society prescribes any specific minimum or maximum periods which apply to CCTV recorded images. The nursery ensures that images are not retained for longer than is necessary. Once the retention period has expired, the images are removed or erased routinely by the recorder.
Disclosure of the recorded images to third parties can only be authorised by the data controller. Disclosure will only be granted:
- If its release is fair to the individuals concerned.
- If there is an overriding legal obligation (e.g. information access rights).
- If it is consistent with the purpose for which the system was established. All requests for access or for disclosure are recorded. If access or disclosure is denied, the reason is documented.
NB: Disclosure may be authorised by law enforcement agencies, even if a system was not established to prevent or detect crime if withholding it would prejudice the prevention or detection of crime.
Subject access requests
Individuals whose images are recorded have a right to view images of themselves and, unless they agree otherwise, to be provided with a copy of the images. If the school receives a request under the Data Protection Act it will comply with requests within 40 calendar days of receiving the request.
The school may charge a fee for the provision of a copy of the images. If the school receives a request under the Freedom of Information Act it will comply with requests within 20 working days of receiving the request. As a general rule, if the viewer can identify any person other than, or in addition to, the person requesting access, it will be deemed personal data and its disclosure is unlikely as a Freedom of Information request. Those requesting access must provide enough detail to allow the operator to identify that they are the subject of the images, and for the operator to locate the images on the system.
Requests for access should be addressed to the data controller.
Refusal to disclose images may be appropriate where its release is:
- Likely to cause substantial and unwarranted damage to that individual.
- To prevent automated decisions from being taken in relation to that individual. Monitoring and evaluation The school undertakes regular audits to ensure that the use of CCTV continues to be justified. The audit includes a review of:
- Its stated purpose.
- The location.
- The images recorded.
- Storage length.
Collecting and Processing Personal Data Lawful Processing
Excel Childcare Services will only collect and process personal data when at least one of the following lawful processes apply:
A data subject has given consent to the processing on his/ her personal data
Processing is necessary for the performance of a contract
- Legal obligation:
Processing is necessary for compliance with a legal requirement
- Vital interests:
Processing is necessary to protect the vital interests of the data subject
- Legitimate interests:
Processing is necessary for the legitimate interests pursued by the data controller or third party unless there is a good reason to protect the individuals’ data which override those legitimate interests Excel Childcare Services makes automatic decisions on the processing and use of data where it is:
- Necessary for the entry into or performance of a contract
- Required to comply with the law
- Based on the individual’s explicit consent Processing Parent and Child Data All personal data regarding a parent, guardian, carer and child processed by Excel Childcare Services is mandatory in order to fulfil the requirements of the contract. Failure to provide this information will result in the child being declined a place at the nursery.
Processing Employee Data
All personal data regarding an employee processed by Excel Childcare Services is mandatory in order to fulfil the requirements of the contract. Failure to provide this information will result in the individual being unable to join Excel Childcare Services as an employee.
Where processing is based on consent, Excel Childcare Services shall demonstrate that the data subject has consented to the storage and processing of his/ her personal data. For the collection of personal data which relies on explicit consent, data subjects are given the opportunity to freely give their consent to us processing that data for the specified purpose. Some examples of where explicit consent (outside the terms and conditions of the contract) is required are detailed below:
- Consent for photographs
Excel Childcare Services recognises the taking of photographs is not compulsory for the fulfilment of a contract and is not required for legal reasons.
Considering this, parents are given the opportunity to give or withdraw their consent for photographs of their child to be taken, displayed or used in various ways by Excel Childcare Services.
This information is collected as part of the application pack.
- Consent for Marketing
Excel Childcare Services recognises individuals are required to give explicit consent to be contacted for marketing purposes. Parents are given the opportunity to freely give their consent to being contacted for marketing purposes. Consent is given in a granular manner to show clearly what is being agreed to.
This information is collected as part of the application pack.
Excel Childcare Services use Facebook and other social media outlets as a means to communicate positive messages about the organisation. They are updated with regular posts showing a selection of the activities for children, news and special offers.
This is carefully managed by the Excel Childcare Services Marketing team. All photographs of children used on the Excel Childcare Services Facebook page require parents’ consent before they are posted. Photos are not to be posted on this or any social media or internet sites without this consent.
The Manager will ensure that parents complete a consent form and that the appropriate permissions for the use of photographs have been given. The consent form should be updated at least once a year to ensure the parents are still happy for images to be used. We are not responsible for any social media groups which are detached from the company and have been set up by parents such as forum groups. Below are links to the privacy policies for the social media platforms used by Excel Childcare Services, you should familiarise yourself with these if you are using these forums to post information about Excel Childcare Services.
- Our Use of Data
3.1 Any personal Data you submit will be retained by Excel Childcare Services for as long as you use the Services and Systems provided on the Web Site. Data that you may submit through any communications System that we may provide may be retained for a longer period of up to 6 months.
3.3 All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998.
3.4 Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Web Site. Specifically, Data may be used by us for the following reasons:
3.4.1 internal record keeping;
3.4.2 improvement of our products/services;
3.4.3 transmission by email of promotional materials that may be of interest to you;
3.4.4 contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Web Site.
- Third Party Web Sites and Services
Excel Childcare Services does employ the services of other parties for dealing with matters that may include but are not limited to, payment handling, delivery of purchased items, search engine facilities, advertising and marketing. The providers of such services do not have access to certain personal Data provided by Users of this Web Site.
5. Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
- Changes of Business Ownership and Control
6.1 Excel Childcare Services may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
6.2 In the event that any Data submitted by Users will be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your Data deleted or withheld from the new owner or controller.
- Controlling Access to your Data
7.1 Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
7.1.1 use of Data for direct marketing purposes; and
7.1.2 sharing Data with third parties.
- Your Right to Withhold Information
8.1 You may access certain areas of the Web Site without providing any Data at all. However, to use all Services and Systems available on the Web Site you may be required to submit Account information or other Data.
- Accessing your own Data
9.1 You have the right to ask for a copy of your personal Data on payment of a small fee and after completing our application requesting form which you can get from the nursery at – 96 Forest Hill Road SE22 0RS
10.1 Data security is of great importance to Excel Childcare Services and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online.
All Excel Childcare Services employees who are aware that a data breach has occurred should report the breach to their manager and the Data Protection Officer.
The Data Protection Officer will then ensure that the breach is recorded.
Excel Childcare Services is required under the GDPR to notify the Information Commissioners Office of a high-risk data breach, where the breach is likely to result in a risk for the right and freedoms of the individual. Excel Childcare Services will report the breach within 72 hours of first becoming aware of the breach. Excel Childcare Services will also notify the individual concerned directly and advise them of what is being done to manage the risk.
- Changes to this Policy