Data Protection Policy
Secure systems, limited access, and GDPR compliance protect sensitive family information while maintaining transparency and respecting rights.
Last Updated:
Your Privacy, Our Responsibility
KinderHeaven is committed to protecting the privacy and security of personal information in accordance with UK GDPR and the Data Protection Act 2018.
Information We Collect
About Your Child
Full name, date of birth, address
Medical information, allergies, dietary needs
Emergency contacts and authorized collectors
Development records and observations
Photographs and videos for learning journals
Attendance and funding records
About Parents/Guardians
Contact details (phone, email, address)
Employment details (for funded hours)
Emergency contact information
Payment and invoice records
Communication records
How We Use Information
Essential Operations
Providing appropriate care and education
Meeting dietary and medical needs
Contacting you in emergencies
Invoicing and financial administration
Complying with legal requirements
Safeguarding children's welfare
With Your Consent
Sharing photos in learning journals
Displaying photos in nursery
Sharing information with schools (transition)
Publishing anonymized case studies
Information Sharing
We Share Information With:
Ofsted (regulatory inspections)
Local authority (funded hours verification)
Schools (with consent for transition)
Healthcare professionals (with consent, for SEND support)
Emergency services (if child welfare requires)
Legal authorities (if safeguarding concerns arise)
We Never:
Sell or rent personal information
Share data with third parties for marketing
Transfer data outside the UK without safeguards
Keep information longer than necessary
Your Rights
You Have the Right To:
Access your child's records (within 40 days)
Request corrections to inaccurate information
Withdraw consent for photos/videos
Request deletion of data (with exceptions)
Object to certain processing
Lodge complaint with ICO
Data Security
We Protect Your Information By:
Secure, password-protected systems
Encrypted digital storage
Locked filing cabinets for paper records
Limited staff access (need-to-know basis)
Regular staff training on data protection
Secure disposal of outdated records
Retention Periods
Child records: 3 years after leaving
Accident/incident records: 21 years + 3 months
Safeguarding records: Until child is 25
Financial records: 6 years
Photos/videos: Deleted when consent withdrawn
Photography & Social Media
Nursery Use
Photos/videos for learning journals (with consent)
Display in nursery (with consent)
Never shared on social media without explicit permission
Children of staff/visitors never photographed without consent
Parent Guidelines
Do not post photos including other children on social media
Do not photograph during nursery events without permission
Respect all families' privacy preferences
Contact for Privacy Concerns Data Protection Officer: Sarah Mitchell
Email: shasan1807013@gmail.com
Your Privacy, Our Responsibility
KinderHeaven is committed to protecting the privacy and security of personal information in accordance with UK GDPR and the Data Protection Act 2018.
Information We Collect
About Your Child
Full name, date of birth, address
Medical information, allergies, dietary needs
Emergency contacts and authorized collectors
Development records and observations
Photographs and videos for learning journals
Attendance and funding records
About Parents/Guardians
Contact details (phone, email, address)
Employment details (for funded hours)
Emergency contact information
Payment and invoice records
Communication records
How We Use Information
Essential Operations
Providing appropriate care and education
Meeting dietary and medical needs
Contacting you in emergencies
Invoicing and financial administration
Complying with legal requirements
Safeguarding children's welfare
With Your Consent
Sharing photos in learning journals
Displaying photos in nursery
Sharing information with schools (transition)
Publishing anonymized case studies
Information Sharing
We Share Information With:
Ofsted (regulatory inspections)
Local authority (funded hours verification)
Schools (with consent for transition)
Healthcare professionals (with consent, for SEND support)
Emergency services (if child welfare requires)
Legal authorities (if safeguarding concerns arise)
We Never:
Sell or rent personal information
Share data with third parties for marketing
Transfer data outside the UK without safeguards
Keep information longer than necessary
Your Rights
You Have the Right To:
Access your child's records (within 40 days)
Request corrections to inaccurate information
Withdraw consent for photos/videos
Request deletion of data (with exceptions)
Object to certain processing
Lodge complaint with ICO
Data Security
We Protect Your Information By:
Secure, password-protected systems
Encrypted digital storage
Locked filing cabinets for paper records
Limited staff access (need-to-know basis)
Regular staff training on data protection
Secure disposal of outdated records
Retention Periods
Child records: 3 years after leaving
Accident/incident records: 21 years + 3 months
Safeguarding records: Until child is 25
Financial records: 6 years
Photos/videos: Deleted when consent withdrawn
Photography & Social Media
Nursery Use
Photos/videos for learning journals (with consent)
Display in nursery (with consent)
Never shared on social media without explicit permission
Children of staff/visitors never photographed without consent
Parent Guidelines
Do not post photos including other children on social media
Do not photograph during nursery events without permission
Respect all families' privacy preferences
Contact for Privacy Concerns Data Protection Officer: Sarah Mitchell
Email: shasan1807013@gmail.com