This policy is intended to provide information about how we will use (or “process”) personal data about individuals, including its staff; its current, past and prospective children; and their parents, carers or guardians (referred to in this policy as “parents”).

This information is provided because Data Protection Law (General Data Protection Regulations May 2018) gives individuals rights to understand how their data is used. Staff and parents are all encouraged to read this Privacy Notice and understand our obligations to our entire community.

​

This Privacy Notice also applies in addition to our other relevant terms and conditions and policies, including:

• Any contract between Saplings and its staff or the parents of children

• Saplings policy on taking, storing and using images of children

• Saplings data retention policy

• Saplings safeguarding and health and safety policies, including how concerns or incidents are recorded

Anyone who works for, or acts on behalf of, the school (including staff, volunteers, governors and service providers) should also be aware of and comply with this Privacy Notice, which also provides further information about how personal data about those individuals will be used.

​

Responsibility for Data protection

Please contact Saplings DirectorTara Taylor-Beardow admin@saplingsafterschoolclub.com 07393 858245 who will deal with all your requests and enquiries concerning the use of your personal data and endeavor to ensure that all personal data is processed in compliance with this policy and Data Protection Law.

The data collected includes:

• Personal information (such as name, date of birth and address)

• Personnel files

• Characteristics (such as nationality and language)

• Attendance information (such as daily registers)

• Relevant medical information

• Special educational needs information

​​

Why we collect and use this information

• To fulfil our duties and obligations under a contract with our staff and parents of children.

• To provide appropriate pastoral care

• To assess the quality of our services

• To comply with the law regarding data sharing

In addition, Saplings will, on occasion, need to process special category personal data (concerning health, ethnicity, religion) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including as regards safeguarding and employment, or from time to time by explicit consent where required. These reasons will include:

• To safeguard children's welfare and provide appropriate pastoral (and, where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example for medical advice, for social protection, safeguarding, and cooperation with police or social services, for insurance purposes or to staff who need to be made aware of dietary or medical needs;

• In connection with employment of its staff, for example, DBS checks, welfars or pension plans

• As part of our complaints, disciplinary or investigation process that involves such data, for example if there are SEN, health or safeguarding elements; or

• For legal and regulatory purposes (for example child protection and health and safety) and to comply with our legal obligations and duties of care

​​

How we collect data

Generally, we receive personal data from the individual directly (including, in the case of children, from their parents). This may be via a form, or simply in the ordinary course of interaction or communication (such as e mail or text).

However, in some cases personal data will be supplied by third parties (for example another childcare setting, the school or other professionals or authorities working with that individual).

​

Storing data

We hold data for as long as you are registered with us. Some data for HMRC purposes, personnel records and incidents and attendance will need to be kept for a period of usually between 3-5 years.

​

Who we share information with:

• Schools that our children attend

• Professional advisers (e.g. lawyers and accountants)

From time to time, we may also be obligated to share information with other third parties, including (but not limited to):

• The Police and law enforcement agencies

• Courts, iif ordered to do so

• Social care and other associated external agencies

• The Local Authority Designated Officer (LADO)

​

Why we share information

We do not share information about our families with anyone without a parent's consent. All data is stored, processed and accessed in line with current GDPR regulations, UK law, OFSTED and other statutory bodies. All data stored and collected will be processed by appropriate individuals only in accordance with secure access protocols.

SEN and medically relevant information will need to be provided to the relevant staff to ensure that we can provide a safe environment for all staff and children.

Staff and parents are reminded that Saplings operates under duties imposed by UK law and statutory guidance. This means that we are duty-bound to record or report certain incidents or concerns that arise whilst a child is within our care or are reported to us as concerns. This may mean that some cases, regardless of whether they are proven, need to be reported if they meet a certain threshold of seriousness in their nature or regularity. This is likely to include (but is not limited to) file notes on personnel, file notes on children, incident reports or safeguarding files. In some cases, referrals may need to be made to relevant authorities such as the Local Authority Designated Officer (LADO) or other affiliated organisations.

Finally, in accordance with current GDPR regulations (Data Protection Law), some of Saplings' processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.

​

Your rights

Individuals have various rights under GDPR regulation (Data Protection Law) to access and understand the personal data about them held by Saplings, and in some cases, ask for it to be erased or amended or have it transferred to others, or for us to stop processing it – but subject to certain exemptions and limitations.

Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Directors whose details are in this Privacy Notice.

Saplings will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time limits (which is one month in the case of requests for access to information).

​

Data accuracy and security

We will endeavor to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must notify the Director in writing of any significant changes to important and necessary information, such as contact details or medical information held about them, within seven working days. Saplings will not be held liable for any issues resulting from inaccurate information on file.

An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under GDPR regulations (Data Protection Law).

We will take all appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around the use of technology and devices and access to systems. All data is stored on password-protected devices. All staff will be made aware of this policy and their duties under GDPR regulations (Data Protection Law) and receive relevant training.

​

Complaints

We are registered with the Information Commissioner’s Office (ICO). If an individual believes that we have not complied with this policy or acted otherwise than in accordance with GDPR regulations (Data Protection Law), they should utilise our complaints/grievance procedure and should also notify the Director whose details are stated in this Privacy Notice. You can also make a referral or lodge a complaint with the Information Commissioner’s Office (ICO), although they recommend that steps are taken to resolve the matter before involving the regulator.