Data Protection Policy

Natural Connection Sussex Forest School Data Protection Policy
At Natural Connection Forest School Provision we respect the privacy of both children and adults attending the sessions and the privacy of each individual, as well as the privacy of our staff. Our aim is to ensure that all those using and working at Natural Connection Sussex can do so with confidence that their personal data is being kept secure.
Our lead person for data protection is Hayley Cox. The lead person ensures that the group meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests.
Within the groups we respect confidentiality in the following ways:
We will only ever share information with a parent about their own child.
Information given by parents to forest school staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy).
Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared within the group, except with a designated Child Protection Officer and the manager.
Staff only discuss individual children for purposes of planning and group management.
Staff are made aware of the importance of confidentiality during their induction process.
Issues relating to the employment of staff, whether paid or voluntary, will remain confidential to those making personnel decisions.
All personal data is stored securely on paper in a lockable file / on a password protected computer / passcode-locked phone depending on how you submitted it to us.
Students on work placements and volunteers are informed of our Data Protection policy and are required to respect it.
Information that we keep.
The items of personal data that we keep about individuals are kept on file. The personal data consent form is reviewed annually to ensure that any new data is included. The data of past participants who no longer engage are deleted.
Children and parents: We hold only the information necessary to provide a childcare service for each child. This includes child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth. Once a child leaves our care we retain only the data required by statutory legislation and industry best practice, and for the prescribed periods of time. Electronic data that is no longer required is deleted and paper records are disposed of securely or returned to parents
Staff. We keep information about subcontractors who assist groups in order to meet HMRC requirements, and to comply with all other areas of employment legislation. We retain the information after a member of staff has left our service for the recommended period of time, then it is deleted or destroyed as necessary.
Sharing information with third parties.
We will only share child information with outside agencies on a need-to-know basis and with consent from parents, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (e.g. , Police, HMRC, etc.). If we decide to share information without parental consent, we will record this in the child’s file, clearly stating our reasons.
We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the children in our care.
Subject access requests.
Parents/carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves.
Staff and volunteers can ask to see any information that we keep about them.
We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
If our information is found to be incorrect or out of date, we will update it promptly.
If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).
We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.

This policy was adopted by: Natural Connection Sussex

To be reviewed: 20.05.19

Signed: Hayley Cox

Written in accordance with the Statutory Framework for the Early Years Foundation Stage (2017): Safeguarding and Welfare Requirements: Information and records [3.68 -3.71].