top of page

Data Protection Policy

To provide a quality early years and childcare service and comply with legislation, we will need to request information from parents about their child and family. Some of this will be personal data.  

Woodlands take families’ privacy seriously, and in accordance with the General Data Protection Regulation (GDPR), we will process any personal data according to the seven principles below:

1. We must have a lawful reason for collecting personal data and must do it in a fair and transparent way. We will be clear about what data we are collecting, and why.

2. We must only use the data for the reason it is initially obtained. This means that we may not use a person’s data to market a product or service to them that is unconnected to the reasons for which they shared the data with me in the first place.

3 We must not collect any more data than is necessary. We will only collect the data we need to hold on to, to do the job for which we have collected the data for.

4. We will ensure that the data is accurate and ask parents to check annually and confirm that the data held is still accurate.

5. We will not keep data any longer than needed. We must only keep the data for as long as is needed to complete the tasks it was collected for. 

6. We must protect the personal data and we are responsible for ensuring that we or anyone else charged with using the data, processes and stores it securely.

7. We will be accountable for the data. This means that we will be able to show how we (and anyone working with me) are complying with the law.

We are registered with the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

We expect parents to keep any sensitive information they may accidentally learn about the other children and families attending our setting, private and confidential, unless it is a child protection issue.

We will ask parents for personal data about themselves and their child/ren to deliver a childcare service (see privacy notice). I am required to hold and use this personal data in order to comply with the statutory framework for the early years foundation stage, Ofsted, Department for Education and my local authority.

Subject access

Parents have the right to inspect records about their child at any time. This will be provided without delay and no later than one month after the request, either in writing or verbally to a member of staff. We will ask parents to regularly check that the data is correct and update it where necessary.  


We will keep all paper-based records about children and their families securely in a locked cabinet.

If we keep records relating to individual children on the settings computer, including digital photos or videos, we will obtain the parents’ permission. We will store the information securely, for example, using password-protection, to prevent viewing of the information by unauthorized personnel.


Information sharing

We are expected to share information with other childcare providers if a child also attends another setting.

Woodlands are also required to share information with Buckinghamshire County Council regarding the childcare and early years entitlements.

We will not share any information with anyone without parents’ consent unless there is a child protection concern.

Ofsted may require access to our records at any time.

Record keeping

We record all accidents / incidents E.g behavior in an accident book and will share these with parents so that together we can work to resolve any issues.

We will inform Ofsted, the local child protection agency and the Health and Safety Executive of any significant injuries, accidents or deaths as soon as possible.

We will only share information if it is in a child’s best interests to do so. For example, in a medical emergency we will share medical information with a healthcare professional. If we are worried about a child’s welfare. we have a duty of care to follow the Local Safeguarding Children’s Board procedures and make a referral. Where possible we will discuss concerns with you before making a referral.

Safe disposal of data

We are required by law to keep some data for some time after a child has left the setting. We have a review plan in place and ensure that any data is disposed of appropriately and securely. 

Suspected breach

If we suspect that data has been accessed unlawfully, I will inform the relevant parties immediately and report it to the Information Commissioner’s Office within 72 hours. We will keep a record of any data breach.   

Privacy Policy: Our Mission
bottom of page