University of Sunderland Childcare Provision Privacy Notice
Data Controller
Data Controller Name: University of Sunderland
Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473
Registered Address:
4th Floor Edinburgh Building,
City Campus
Chester Road
Sunderland
SR1 3SD
Department Responsible for processing: St Mary’s Childcare Centre
Contact email: childcare@sunderland.ac.uk
Overview
All Information that we collect is necessary in order to meet statutory requirements as an Early Years Setting registered with Ofsted and the Local Authority and meet the requirements of the EYFS.
Information that we collect, hold and share include:
- Personal Information such as name, date of birth and address
- Characteristics such as ethnicity, language, nationality, country of birth and funding eligibility
- Attendance Information such as sessions attended, absences and reasons for absence
- Relevant Medical or Sickness Information
- Special Educational Needs Information
- Assessment Information for children
- Birth Certificates and proof of identity for children
- Details of any accidents, incidents or injuries
- Relevant documentation for child protection and safeguarding
- Funding Information and details
- Photograph of child
Why we collect and use this information
We use children’s data:
- To support Children’s learning
- To monitor and report on their progress
- To provide appropriate pastoral care
- To assess the quality of our service
- To comply with the law regarding data sharing
- To comply with the requirements of EYFS and Ofsted
- To ensure children are eligible for funding
- To process fees
- To ensure children’s health, safety and well-being
- To monitor child progress through the recording of interactions
The lawful basis on which we use this information
We collect and use pupil information under the Statutory Framework for the Early Years Foundation Stage (given legal force by the Childcare Act 2006). Completing and signing the nursery registration form you are giving consent for us to process yours and your child’s personal data for the specific purposes of being part of the nursery setting. The processing of the information you have provided about yourself and your child is necessary for the contract you completed when registering.
Who we share Children’s information with
We routinely share information with:
- Our local authority, Sunderland City Council
- The Department for Education (DfE)
- Health Visitors and the local Community Nursery Nurse
- The Health Protection Agency/Unit in the event of a notifiable disease or Covid-19
- Social Workers/LADO
- The University of Sunderland’s Finance and Legal Department
- Multi Agency Professionals working with individual children
- Other providers where children attend
- Inclusion Teams
- Schools children attend after leaving us
- Local Authority SEND Officer
- Ofsted
Why we share Children’s information
We do not share information about children with anyone without consent unless the law and our policies require or allow us to do so. We will always seek your positive consent to share information if there is no legal basis to share.
Decisions on whether DfE release personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of the data requested and the arrangements in place to store and handle the data. To be granted access to pupil level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of data. For more information on how this sharing process works, please visit http://www.gov.uk/guidance/national-pupil-database-apply-for-a-data-extract.
For information on which third party organisations (and for which project) pupil level data has been approved to, please visit https://www.gov.uk/government/publications/national-pupil-database-requests-received.
If you require more information about how we and/or the DfE use this information please visit DfE’s website https://www.gov.uk/data-protection-how-we-collect-and-share-research-data.
Storing Children’s data
We hold and destroy information as following:
- Children’s details (Name/address/date of birth) 3 years from children leaving
- Daily Registers and hours of attendance 7 years from leaving.
- SEND information is signed over to the next provider within 1 month of a child leaving.
- EYFS Tracker data 3 years from leaving
- NEG Declaration forms for 6 years from leaving
- Accident, Sickness and Medication records 3 years from leaving
- Nappy changing and Sleeping records every 3 years
- Financial records 6 years from leaving
- Planning and Evaluation records every 3 years
- Safeguarding and child protection records are signed over to the next provider within 1 month of a child leaving
Your rights under GDPR
Under the General Data Protection Regulations, you have 8 fundamental rights as follows:
1. The right to be informed
The University is obliged to provide you with information on how we plan to process your data, we do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access
You as the data subject have a right to access the personal (and supplementary) information that we hold, you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification
If you find that we hold incorrect or incomplete data about you, then you have the right to request this information is rectified.
4. The right to erase
This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing
Under certain (defined) circumstances you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability
You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object
You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and purposes of scientific / historical research and statistics.
8. Rights in relation to automated decision making and profiling
You have the right to object to your data being used in automated decision making or profiling.
In the first instance we would ask that you contact the department within the University that is processing your personal information. The contact details for this department can be found in the first section of this notice.
If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email or by post. The email address for the Data Protection Officer is dataprotection@sunderland.ac.uk.
Should you still feel that you request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, this is the Information Commissioners Office, details of how to complain can be found at https://ico.org.uk/concerns/.