top of page

GDPR

Information Sharing & Data Protection Policy

Dottie Tots Limited needs to keep certain information about its employees, trustees, volunteers, members, clients and to satisfy its obligations to Ofsted and other regulatory bodies to enable it to monitor performance and achievements.

To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, Dottie Tots Limited must comply with the Data Protection Principles which are set out in the Data Protection Act 1998 (the Act)/ General Data Protection Regulations 2018 (GDPR).

​

This responsibility is not restricted to sensitive data but applies to all data, including name and address lists.

​

The Act establishes very high standards for the handling of personal information, thereby protecting individual rights to privacy. The act regulates how personal information is collected, handled, stored and used and applies equally to personal information held both electronically and on paper.

​

Dottie Tots Limited has notified the Information Commission that it holds personal data about individuals and consequently is registered under the Data Protection Act 1998. All persons dealing with personal data must, therefore, follow the principles of good information handling.

​

In summary, these state that personal data must be:

​

obtained and processed fairly and lawfully;

obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose; adequate, relevant and not excessive for that purpose;

accurate and kept up to date;

not be kept for longer than is necessary;

processed in accordance with the data subject's rights;

kept safe from unauthorised access, accidental loss or destruction;

not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

​

All Dottie Tots staff and volunteers who process or use any personal information must ensure that they follow these principles at all times. Access to information will only be to the extent required by the task being undertaken and will also be restricted to those persons recognised by management as requiring such access to information in the course of their duties and responsibilities. In the event of any breach of information security, no matter how minor, it must immediately be reported to management to enable appropriate investigation and, if necessary a review of the adequacy of existing information security measures.

​

In order to ensure that this happens, Dottie Tots Limited has adopted this Data Protection Policy. Any member of staff, trustee or volunteer, who considers that this policy has not been followed in respect of personal data about him or herself, should raise the matter with the Designated Data Controller initially. If the matter is not resolved it should be raised as a formal grievance.

​

Notification of Data Held and Processed:

All employees, volunteers, members, clients and other members of the public have the right to know:

​​

What information Dottie Tots Limited holds and processes about them and why;

How to gain access to it;

How to keep it up to date;

What Dottie Tots Limited is doing to comply with its obligations under the Act.

 

The Data Controller and the Designated Data Controllers:

Dottie Tots Limited is the Data Controller under the Act, and the organisation is therefore ultimately responsible for implementation. However, a Designated Data Controller will deal with day to day matters. Dottie Tots Limited Designated Data Controllers are the Management and Leadership Team.

​

Personal information is defined as any details relating to a living, identifiable individual. Within  Dottie Tot Limited this applies to employees, volunteers, members, clients and other members of the public such as job applicants and visitors. We need to ensure that information relating to all these people is treated correctly and with the appropriate degree of confidentiality.

​

Dottie Tots Limited holds Personal Information in respect of its employees, volunteers, members, clients and other members of the public. The information held may include an individual's name, postal, e-mail and other addresses, telephone numbers, subscription details, organisational roles and membership status.

​

Personal Information is kept in order to enable the Dottie Tots Limited to understand the history and activities of individuals or organisations within the voluntary and community sector. This is collected upon application for enrolment into the setting, employment, joining the committee and for other relevant purposes for the effective delivery of services to its members and clients.

​

Some Personal Information is defined as Sensitive Data and needs to be handled with special care (see below).

​

Processing of Personal Information:

All staff and volunteers who process or use any Personal Information are responsible for ensuring that:

​

Any Personal Information which they hold is kept securely; and

Personal Information is not disclosed either orally or in writing or otherwise to any unauthorised third party.

Staff and volunteers should note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases.

 

​Personal information should be:

kept in a locked filing cabinet; or

in a locked drawer; or

if it is computerised, be password protected; 

kept only on disk or memory stick which is itself kept securely.

​

Telephone Conversations and Meetings:

If personal information is collected by telephone, callers should be advised what that information will be used for and what their rights are according to the act.

​

Personal or confidential information should preferably not be discussed in public areas of Dottie Tots Limited work premises. Wherever possible, visitors should be escorted and not be permitted to wander about the premises on their own. If possible, visitors should subsequently be escorted out of the premises when the meeting is over. All staff should be aware of the difficulties of ensuring confidentiality in an open plan area and respect the confidential nature of any information inadvertently overheard. Any notes taken during or after an interview should be of relevance and appropriate. It is recommended that such notes are subsequently filed in a legible and coherent manner and that informal notes are retained for a short period (1 year), in a secure place, before being shredded.

​

Collecting Information:

Whenever information is collected about people, they should be informed why the information is being collected, who will be able to access it and to what purposes it will be put. The individual concerned must agree that he or she understands and gives permission for the declared processing to take place, or it must be necessary for the legitimate business of Dottie Tots Limited.

​

Publication and Use of Dottie Tots Limited Information:

Dottie Tots Limited aims to make as much information public as is legally possible. In particular information about Dottie Tots Limited staff, trustees and members will be used in the following circumstances:

​

Dottie Tots Limited may obtain, hold, process, use and disclose information in connection with the administration, management and business activities of Dottie Tots Preschool & Nursery, including making and keeping lists of members and other relevant organisations.

​

Dottie Tots Limited may publish information about Dottie Tots Limited and its members including lists of members, by means of newsletters or other publications but with written consent.

​

Dottie Tots Limited may conform to any third party whether or not any person is a member of Dottie Tots Limited if deemed necessary i.e. in the case of Safeguarding or in the best interest of the child.

​

Dottie Tots Limited may provide approved organisations that have the legal right with lists of names and contact details of members or other relevant organisations only where the members or other relevant organisations have given their consent.

 

Photographs of key staff may be displayed at Dottie Tots Limited and placed on the website with their consent.

​

Dottie Tots Limited internal staff contact list will not be a public document and information such as mobile telephone numbers or home contact details will not be given out unless prior agreement has been secured with the staff member in question.

​

Any individual who has the good reason for wishing details in these lists or categories to remain confidential should contact the Designated Data Controller.

​

Sensitive Information:

Sensitive information is defined by the Act as that relating to ethnicity, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, criminal proceedings or convictions. The person about whom this data is being kept must give express consent to the processing of such data, except where the data processing is required by law for employment purposes or to protect the vital interests of the person or a third party.

​

Disposal of Confidential Material:

Sensitive material should be shredded. Particular care should be taken to delete information from computer hard drives if a machine is to be disposed of or passed on to another member of staff.

​

Staff Responsibilities:

All staff are responsible for checking that any information that they provide to Dottie Tots Limited in connection with their employment is accurate and up to date. Staff have the right to access any personal data that is being kept about them either on a computer or in manual filing systems Staff should be aware of and follow this policy, and seek further guidance where necessary.

​

Duty to Disclose Information:

There is a legal duty to disclose certain information, namely, information about: Child abuse, which will be disclosed to social services, or Drug trafficking, money laundering or acts of terrorism or treason, which will be disclosed to the police.

​

Retention of Data:

Dottie Tots Limited will keep some forms of information for longer than others. Because of storage problems, information about clients cannot be kept indefinitely, unless there are specific requests to do so. In general information about clients will be kept for a minimum of one year after they use the services, unless other bodies, such as funders, require Dottie Tots Limited to keep the information longer.

​

Dottie Tots Limited will also need to retain information about staff. In general, all information will be kept for six years after a member of staff leaves Dottie Tots Limited. Some information, however, will be kept for much longer, for example, if required by funders. This will include information necessary in respect of pensions, taxation, potential or current disputes or litigation regarding the employment, and information required for job references. A full list of information with retention times is available from the Designated Data Controller.

​

A statement about Data Protection will be displayed clearly within public spaces within Dottie Tots Limited's premises. A copy of the Data Protection Statement is contained in Appendix A.

​

DATA PROTECTION STATEMENT

​

Sharing information with others:

Sometimes we have to confirm or share information with other organisations. If we need to do this, we will make it clear to you on the forms you complete giving us the information. We will draw up an agreement with the organisation that we need to share the information with as appropriate. This is so that both sides understand why the information is being passed on, and what use can be made of it.  In some cases, a third party organisation, such as a funding body, may draw up the agreement.

 

Information quality:

We will make sure that the information about you is accurate and up to date when we collect or use it. You can help us with this by keeping us informed of any changes to the information we hold about you.

​

Information security:

We will keep information about you secure. We will protect your information against unauthorised change, damage, loss or theft.

 

Keeping information:

We will hold information about you only for as long as the law says. After this, we will dispose of it securely and properly.

​

Openness:

We will tell you what kinds of information we hold and what we do with it.

​

Access and correctness:

Whenever possible, we will let you see the information we hold about you and correct it if it is wrong.

​

In general:

We will comply with the Data Protection Act 1998/GDPR and any subsequent legislation on information handling and privacy.

We will do this through Dottie Tots Limited Data Protection Policy.

We will help you with any questions or problems that you may have with the Data Protection Act 1998, GDPR 2018, the Human Rights Act 1998 or the Freedom of Information Act 2000. If we cannot help you, we will give you advice on where to write to get the information you may need.

​

Our Commitment:

We will only collect information that is necessary for what we do. We will be fair in the way we collect information about you. We will tell you who we are and what we intend to do with the information about you. Where practicable, we will collect information directly from you. If we collect information about you from someone else, we will make sure you know that we have done this whenever possible.

​

​

bottom of page