At Kidspace, we promise to keep your data safe and private and only use your personal information to manage your account and provide tailored care to your child.
Your privacy is protected by law and the General Data Protection Regulation (GDPR) which says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing outside of Kidspace. The law says we must have one of more of these reasons:
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
From time to time, we will need to contact you, via phone or email to provide you with nursery updates, share important information or send your monthly invoices.
We use child data:
We use parent or carer data:
We collect and use child information under GDPR Article 6, 1b, 1c and 1f, as well as Article 9, 2a and 2c.
Whilst the majority of child information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain child information to us or if you have a choice in this. Data will be collected via your registration form and parent contract, as well as through a selection of introduction forms when your child begins the nursery. You may also be asked to sign local authority forms, such as funding consent.
When registering your child, the majority of the information you provide about yourselves will be mandatory, although we may also ask for some voluntary information to help us care for your child. Data will be collected via your child’s registration form and parent contract, as well as through a selection of introduction forms when your child begins the nursery.
We hold child data for up to seven years from their start date with Kidspace, or two years from their last day.
Who we share child information with
We routinely share child information with:
We do not share information about our children with anyone without consent unless the law and our policies allow us to do so.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
Under data protection legislation, parents have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational records, contact your Nursery Manager or Nursery Data Protection Officer.
You also have the right to:
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Whilst a child or employee still attends Kidspace, the right may not be exercised, as the personal data is still necessary for the purpose for which we originally collected it for.
We will notify you if there was a breach of your personal information. If a security breach causes an unauthorised intrusion into our system that materially affects you or your information, then we will notify you as soon as possible and later report the action we took in response.
We work hard to keep your information safe and secure. We take reasonable and appropriate measures to protect personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information. We rely on Microsoft and Connect Childcare to safeguard the physical and technical security of your information, and we have documented and enforced controls to limit access to, and to protect your information.